wfedstaff | April 18, 2015 3:25 am
When the Defense Department first started its data center consolidation push four years ago, the approach was relatively straightforward: First, count the data centers, then close as many as possible. DoD says it is now applying a more nuanced strategy that focuses more on spending than sheer numbers.
When DoD joined the governmentwide consolidation drive, even tallying up the military’s overall data center inventory turned out to be a harder task than the Pentagon first imagined: After about a year of counting, 786 were on the books. There were 2,100 “data centers” on the list by the time DoD revised its definitions to include smaller rooms and closets, and it eventually quit counting. Previous plans called for DoD to consolidate most of those into a fixed number of large government-owned “core data centers” and shutter most of the rest.
Now though, even the term “data center” has fallen out of favor. Terry Halvorsen, DoD’s new chief information officer, wants the department to focus on finding the most cost- efficient way to facilitate what he terms “data distribution” via a blend of government-owned facilities and commercial cloud providers.
“One of the most recent things we’ve done is to refocus our internal metrics to focus on dollars and performance rather than numbers of servers and data centers. I really want to focus the discussion on how data gets distributed, what’s the right number of distribution nodes, how I drive costs down and where does the government needs to be in that business versus where we let industry do it,” he said in a quarterly conference call with reporters Wednesday. “That is progressing. It hasn’t progressed as quickly as I’d like it to, but it’s very complex, and it’s also complicated by the fact that most of the military services’ existing data centers have contractual arrangements today that we also have to work through.”
Insight by GitLab: During this webinar executives from the State Department, U.S. Securities and Exchange Commission, U.S. Patent and Trademark Office and GitLab will discuss how institutionalizing a DevSecOps approach to software development is a journey that must bring together the technology and business sides to change an organization’s culture.
Fewer apps equals fewer data centers
One thing that hasn’t changed about the Pentagon’s approach to data centers is that application rationalization will play an important part. Previous guidance has told the military services and Defense agencies to eliminate redundant and outdated applications, since more apps generally require more IT infrastructure.
But Halvorsen said his office needs to be more specific, including by telling DoD organizations to cluster their application inventories into categories and then justify their existence.
“Let’s take logistics as an example. We have a lot of logistics applications and I think we always will,” he said. “But we will probably be asking the services, ‘If you have applications that do these certain logistics functions, why do you need that many? And what’s your business case for that?'”
On the other hand, Halvorsen suggested the department will not be obsessed with reducing its number of applications just for the sake of reducing applications. At least in the short term, he said the department sees a bigger payoff potential in consolidating the backend databases those apps rely on, especially if several of them host mostly-identical but out-of-sync datasets.
DoD partially proved out that concept last year, when the offices of the CIO and the deputy chief management officer began consolidating their own databases — an effort officials said could save $10 million-and-$20 million per year if extended throughout the military.
“All of this is data-centric,” Halvorsen said. “If you can collapse the number of places you’re storing the very same data element, you can save a lot of money. If I can put those data elements in a better data distribution model — i.e. cloud, maybe — I could reduce the support structures even if I didn’t initially reduce the actual number of apps. Once I’ve reduced the support structures and cleaned up the data, even the people who are doing this in industry would say that’s a better way to do your app rationalization.”
Even as the department tries to reduce its own data footprint, it’s also exploring new approaches to move its data to commercial environments in ways that might allow for the construction of privately-owned and operated data processing facilities on DoD’s overabundant real estate.
New way to leverage commercial cloud
Halvorsen previously has floated the prospect of letting private providers set up their own data centers on military bases. Those facilities, the theory goes, would let DoD leverage commercial cloud technologies to host its own sensitive data, any security concerns could be alleviated by the fact that the servers themselves are guarded by a large amount of firepower, and costs could be lowered further through arrangements in which the commercial provider leased server space to other security-conscious customers, like the banking industry.
Such public-private agreements are off-limits without specific authorization from Congress, but Halvorsen said Wednesday that his office has already received several proposals from cloud providers who are intrigued by the idea.
“I’m not going to share the details yet, but the proposals look very attractive on the basis of cost,” he said. “We will now walk through them in a way that’s almost like a war game. Part of the war game will include discussions with the lawyers about what issues it implicates for current law, whether the assumptions in the proposals for cost and timelines hold. At the end of that, my guess is we’ll probably go out with a (request for information) followed by some type of research and development-type pilot around this operation.”
Halvorsen said he hopes to issue a formal request for information to industry by this summer to create that sort of operation — but stressed to reporters his envisioned timeline is merely a goal.
In the meantime, the department has plenty of work ahead of it to speed up its adoption of cloud for more mundane levels of information.
In January, the department hosted its first cloud industry day to explain new security rules for cloud computing, some of which streamlined the security requirements commercial companies must meet to host unclassified DoD data and partially aligned the department’s rules with the governmentwide Federal Risk Authorization Management Program (FedRAMP) standards.
But questions about how Defense components will actually procure cloud services from industry are still abundant within DoD’s own requirements and acquisition communities, and within industry.
“What we heard back after the industry day is, ‘You don’t know what you’re talking about. You don’t know how to go to market on this thing.’ And they’re probably right,” Dave DeVries, DoD’s principal deputy CIO told an AFCEA conference late last month. “Because in the federal space, buying cloud is not like buying a weapons system. Two years ago, everybody was rushing to the cloud — industry was, the military was, the whole government was. We didn’t know what it was, but we were going there. Today, I think we’re smarter.”
To help clarify the government’s view of what cloud is, is not, and how to buy it, the DoD CIO’s office will convene a government-only conference for defense procurement officials on March 26. Another cloud conference, open to any interested parties, is tentatively planned for April.