Now that the Pentagon’s Joint Enterprise Defense Infrastructure (JEDI) contract has been delayed, it’s possible that government IT vendors may be faced with responding to the two largest cloud computing contracts in the department’s history in the span of one month. And between the two multibillion-dollar contracts, there will be only two winners.
The department previously planned to issue its final request for proposals for JEDI by mid-May, and officials declined to offer an updated prediction for precisely when the RFP will be ready.
But the separate Defense Enterprise Office Solutions contract, which aims to move all of the military’s email and office productivity systems to a single commercial cloud service, is scheduled for a final RFP sometime in June, following multiple delays of its own.
After having issued two draft RFPs, the Defense Information Systems Agency said it is working on responding to one more round of industry questions. The answers are expected to be released within the next several days. Once the final solicitation is issued, the agency wants vendors to submit their final bids for DEOS about 45 days later.
Brian Hermann, DISA’s portfolio manager for unified capabilities, said the department wants to move fairly quickly. The award, worth up to $8.2 billion, will be in place for up to 10 years, but DISA wants to start migrating the department’s first users – about 1.5 million of them – within 18 months.
“The department is anxious to do this because it better aligns our resources,” he said at AFCEA’s recent Defensive Cyber Operations Symposium. “It ensures that we understand what we’re spending on these kinds of capabilities as well, and that’s a level of visibility that we haven’t had in the department, frankly.”
One big contract for interoperability
The scope of the contract is enormous. Its planning began more than two years ago as the follow-on to DoD’s existing Defense Enterprise Email service, but it has since expanded to become the successor to at least three other DISA IT projects.
The agency wants the winning vendor to provide not just email, but a full office suite, online meeting and collaboration tools, content management software, and eventually, an IP-based replacement for DoD’s secure voice and video teleconferencing systems. Hermann said DoD believes the entire project needs to be handled under a single contract award for interoperability reasons, so that personnel from across the department can effectively collaborate with one another.
“In the areas of chat, we have some standards. In the areas of web conferencing, we typically don’t have true standards, because it’s done in a proprietary way from vendor to vendor to vendor,” he said. “If we put this capability out there as technology-agnostic and award it to many different companies, we could end up with a tower of Babel, where the organization actually can’t communicate with each other. So this is going to be transformational. It means that everybody has access on their devices, whether it’s a mobile device, a desktop, a tablet, what have you, they’re going to have that capability.”
DISA also wants to help the military services and agencies get out of the business of running their own IT infrastructure for day-to-day business functions. So the contract will ask the vendor to provide all the necessary technology elements of DEOS via a single, integrated software-as-a-service offering.
“We want this as a turnkey service for the Department of Defense so that there are no fingers being pointed at whose problem might be causing some kind of a performance issue when we get this in place,” he said. “They provide the entire capability, and they’re not dependent upon another infrastructure provider.”
DISA will offer DEOS as a “tiered” service, and the first Defense customers expected to migrate to it will be the ones that currently use DISA’s Enterprise Email offering, including its largest customer, the Army. That’s partly because those organizations have already gone through the process of reorienting their networks to get their email services from an off-site cloud environment.
But the Air Force is conducting similar work right now, as it transitions the email services that were previously handled base-by-base to its own software-as-a-service contract for enterprise email and collaboration, called Cloud Hosted Enterprise Services.
Hermann said the Air Force’s CHES project is serving as a pilot for the broader DEOS project.
“We are frankly happy that that piloting activity is going on,” he said. “We’ve learned a tremendous amount from it about making sure that we can connect well to the software as a service provided from a commercial vendor – that we can secure it, we can integrate it with our infrastructure. And frankly, we’re happy that they’re going base to base so that when they’re done, they will have a homogenous group of folks that we can move over to [DEOS].”
The winning vendor will need to be able to offer services up to the secret level, meaning it will need to earn a DISA authorization up to what DoD refers to as “impact level 6” in its cloud security requirements guide. That’s something only one vendor – Amazon Web Services – has done so far.
In most cases, DoD wants the winning company to store and process data in its own, “off-premises” commercial facilities. But there are some exceptions, like data centers that will need to serve overseas military bases.
“If we need to have sites that are in non-U.S. territories, we believe that those need to be hosted from a government location,” Hermann said. “And it’s really a data sovereignty issue to make sure that no other country can access the data that we have in this service. Between the content management, the identity information and so on, there’s a lot of data here that that’s fairly sensitive to the Department of Defense.”
But overseas locations are scheduled for later phases of the contract, which is planned to have a base period of five years, with five additional one-year option periods. First, the department plans to test the system with its first batch of one and a half million users in the continental United States.
“At the same time we’re doing that, we’re going to be working on the next phases of the capability that include how we provide these kinds of services to the tactical users that are in a connectivity-challenged environment,” Hermann said. “Software-as-a-service from a cloud doesn’t work well if you don’t have connectivity to the cloud, so there’s some kind of a stack that needs to be out there to provide those services and that eventually has some reachback capability to the enterprise service. There’s a lot of things that we want in this area, but we recognize that frankly, this is not the sweet spot for what commercial industry does. So we want to demonstrate how that can be done in the future while we’re doing the low hanging fruit of attacking the large quantity of users on our legacy services.”