Several years ago the Defense Department’s chief information officer asked each of the services and the Defense Information Systems Agency to conduct cloud readiness reviews. The goal was to determine which applications were cloud ready today, which could be moved to the cloud with minor changes and which applications should stay in on-premise data centers.
DISA ran the readiness reviews for the Fourth Estate agencies as well as the combatant commands. This analysis set the table for how the Defense Department is taking advantage of cloud services, and more specifically the MilCloud 2.0 offering.
“Of the workloads that we did the original review on, I would say probably about 65% of them were actually cloud ready or cloud viable type applications,” said John Hale, the chief of cloud services at DISA, during Federal News Network’s DoD Cloud Exchange. “Out of the ones that were not cloud ready or cloud viable, they were kind of split between ‘they should be left in place’ and ‘they should be moved to an enterprise data center.’ We’ve been working both prongs of that, from a DoD CIO and a DISA perspective of helping mission partners move their applications to either enterprise data center, or to a commercial cloud provider.”
Many of those applications have moved to the cloud already, and the pandemic created a bigger desire for software-as-a-service instances.
Hale said since 2017 when DISA outsourced MilCloud to GDIT, DoD has moved 4,500 workloads from 89 different mission partners to the commercial cloud platform.
“We are keeping track on an application-by-application layer, but I wouldn’t necessarily say we’re keeping track from a percentage perspective. As a cloud advocate, I believe 100% of applications should be in the cloud. But I’m a realist, so I know we’re not going to be there. But if it was up to me, everything would run in the cloud,” he said. “I think what we’ve seen is a shift toward cloud smart. Out of the 65% or so applications that were originally identified, I would probably say we’re about 40% to 50% there of getting all those applications migrated. There have been some limiting factors as far as why we haven’t migrated certain applications, mostly dealing with contracts, and the availability of various providers. But I think we’re moving along at a very good pace. Is it the pace that we originally wanted? No, I think we were supposed to be much further long at this point. But we’re moving along.”
Strong push toward SaaS
He said while initially MilCloud 2.0 focus on infrastructure-as-a-service, military services and agencies are taking more advantage of SaaS.
“When we originally launched, there was a lot of focus on simply providing virtual infrastructure for various mission partners so that they could get out of their traditional data centers. They could ultimately end up with a cost savings by shuttering legacy data centers,” Hale said. “Over the last couple of years, and really, I think over the last probably 18 months, there’s been a really strong push toward software-as-a-service, which goes up the stack a little bit, specifically in the world of office automation and traditional commodity-type IT services that you would see from vendors.”
Part of the reason for the increased move to SaaS is because mission owners are getting more comfortable with this approach to cloud computing. They are recognizing the ability that by putting applications on MilCloud 2.0, employees can focus on their mission and less on the infrastructure.
“If you can find a capability, a core software service, let’s just say something like help desk management, that’s one less thing that you have to take care of on a day-to-day basis and deal with the cyber hygiene. It lets you just simply pay by the seat,” Hale said. “There’s a lot of desire to basically let professionals manage the cyber hygiene and the day-to-day care and feeding of your applications.”
While the services and defense agencies have both gotten smarter about how they are moving to the cloud and have responded to the urgency of the pandemic to take more advantage of SaaS, Hale said DISA still sees a lot of “lifting-and-shifting” of apps from on-premise data centers to the cloud.
“There hasn’t been a whole lot of focus on new development for cloud native applications, which is where I think most of us saw the progression of cloud computing within the department going,” he said. “I still see us going in that direction, but it’s part of their lifecycle as they mature, and they get rewritten or rebuilt or replaced, I believe all our new applications and new development will be done cloud natively.”
Correcting past mistakes
Hale added that even though lift-and-shift is less than optimal, it means the services and defense agencies are beginning to take advantage of commercial cloud service. At same time, however, he said DoD has to stop making the same mistakes that many have made over the last decade.
“A lot of our legacy applications that we have moved into the cloud environment are not standalone applications. They’re part of a larger ecosystem of applications for a particular mission partner. When you move part of those, but you don’t move all of them, you end up with a lot of communication back and forth between legacy applications in the cloud, which just adds to the complexity of troubleshooting issues when something doesn’t work right,” he said. “What we tell mission partners today is if you’re going to move an application into the commercial cloud, you need to move all of the supporting applications into the commercial cloud also. And that’s going to minimize your impact. It’s going to make things much more resilient if you do that. It’s a bigger pill to swallow, but what you’re going to end up with is better quality of service in the end.”
DISA and its vendor partner GDIT have spent much of the past year trying to provide more quality services, including the soon-to-launch classified instance of MilCloud 2.0 and the transition to VMWare’s virtualization software that happened in 2020. Additionally, earlier in 2021 MilCloud 2.0 added access to Amazon Web Services at the highest unclassified level—known as Impact Level 5.
Cloud for SIPRNet coming soon
Hale said DISA and GDIT will start testing the classified instance in May, with the expectation that it will go live in June of 2021. That will let military services and defense agencies run native cloud capabilities on the SIPRnet.
“A lot of mission partners run the same applications in their IL5 environment as they do in their IL6 environment. So a lot of applications have the same pedigree, whether it’s running on the NIPRnet or SIPRnet systems. Some of the systems on NIPRnet, which have not migrated into the cloud because there’s no commercial cloud environment,” he said. “They don’t want to test an application and build it, and then have to have it run in two completely disparate environments, commercial cloud on unclassified and traditional hosting on the classified systems. Once we get the commercial cloud capabilities available across the board on separate environment, I think we’ll also see some traditional applications on the unclassified environment move to MilCloud 2.0 because now they’ll have a common environment where they can build their application on the unclassified side, move it to the unclassified cloud, and then also move it to the classified cloud in order to meet mission needs.”
Hale said this means the systems are more resilient and will better serve the warfighter.