Senior Army leaders have already laid out firm, prescriptive timetables for commanders to shut down hundreds of government-owned data centers over the next two years. Now the service has a one-stop contract vehicle specific to the task, and using it is not optional.
The Army’s program executive office for enterprise information systems (PEO-EIS) awarded 50 vendors spots on the new ACCENT contract earlier this month, certifying that they meet the service’s baseline requirements for cloud computing and the technical services needed to migrate Army applications from legacy data centers to modern cloud architectures.
The basic ordering agreements those vendors hold are no guarantee of future work for any individual company, but they’re now the only authorized contract vehicle within the Army for buying commercial cloud services. ACCENT’s transition services are optional, but the Army wanted to make them available within the same contract so that commands can modernize their applications at the same time they’re carrying out their data center consolidation mandates.
“It supports both Army and DoD guidance to pursue commercial cloud as a primary rehosting target,” Johanna Curry, project officer for the Army Data Center Consolidation Plan said in an interview. “Rather than require application owners to move multiple times before they get to what would be an enduring data center, they can go directly to commercial cloud.”
First though, the Army wants its organizations to consult with the Army Application Migration Business Office (AAMBO), a group of independent experts the service stood up within PEO-EIS to handle technical assessments on applications in order to help determine whether they need to be modified before they’re ready to move to a commercial environment and what security controls need to be applied.
“So for example, they would say, ‘You need to be able to host in an impact level four or five cloud service offering.’ Then the application owner would issue a request for proposals describing the kind of services they need,” Curry said. “Rather than targeting specific ACCENT vendors, they would get proposals back that are appropriate for that application.”
Curry said Army application owners had already issued several RFPs since the new contract became available.
All of the ACCENT vendors were required to get certifications under the government’s FedRAMP program, and at least some of them have received provisional authorizations to handle data at up to what the Defense Department characterizes as impact level five — the most sensitive category of unclassified data. For the time being, the Army will use a cloud access point (CAP) run by the Defense Information Systems Agency in order to meet a DoD requirement that sensitive data receive extra screening as it makes its way in and out of commercial networks, though the Army is considering building a CAP of its own.
None of the existing vendors are qualified to handle secret data — impact level six — but ACCENT includes “on ramps” that could let other companies join the contract if a firm were to achieve that DoD certification in the future.
The Army decided to structure ACCENT using basic ordering agreements rather than as a more typical indefinite delivery-indefinite quantity contract because the BOA structure gives the government more flexibility to buy services that aren’t firmly defined or priced, Curry said.
“It allowed us to balance known baseline security requirements and service levels with enough flexibility for a mission owner to fit the needs of their organizations,” she said. “For example, if you have a need for specific transition services, there’s enough flexibility in there to be able to do that and also define the specific security impact level you need in your target environment.”
Most of the Army’s large enterprise applications are broken down into four “mission areas,” each of which has leaders who are charged with rationalizing their portfolios of systems and coming up with transition plans by early June.
That requirement was one element of a highly-detailed 88-page directive the Army issued in December, telling commanders precisely which of the service’s 1,200 data centers must be closed in order to reach an overall 60 percent reduction by the end of 2018. By 2025, the Army intends to operate only 10 of its own data centers — four in the continental U.S. and six overseas — the rest of its applications are meant to be housed in commercial facilities or DISA data centers.