During the first few years of the federal government’s effort to shut down expensive and underutilized data centers, the Army chalked up some early wins: more than 400 have been closed since 2010. But progress has slowed significantly in the last two years, so top officials are about to get a lot more prescriptive.
A directive prepared by the Army CIO’s office and expected to be signed by Army Secretary Eric Fanning in the coming days contains enclosures telling installation managers exactly which data centers must be closed, and when. Officials felt the directive approach was needed because under updated OMB and DoD guidance, the Army has only two years to eliminate another 350 data centers from its current inventory of about 1,200.
Atilla Bognar, the chief of the Army Data Center Consolidation Plan (ADDCP) division in the Army chief information officer’s office, said in 2015, Army commands only managed to close 71 data centers out of a previously-planned 130 for that year. The target for 2016 was 140 data centers, but only 20 have been closed so far.
“We’re really slipping, and I think the reason is pretty simple: prior to 2015, we’d gotten all the low hanging fruit — all the data centers nobody wanted anyway,” he told AFCEA’s annual TechNet conference in Augusta, Georgia. “Now we’re down to the ones that people really want to hug and hold onto. Not only that, but most of the centers we’ve closed have been small ones — five servers or less. We haven’t hit the heavy brick-and-mortar facilities, and again, you can imagine why.”
The forthcoming directive will lay out a new roadmap with the ultimate objective of getting the Army almost entirely out of the business of running its own data centers by 2025.
One reason officials see that as a desirable outcome is that most Army-run data facilities are incredibly inefficient: on average, only about 30 percent of their space and computing capacity is actually being used, and up to 80 percent of the applications they’re running are at low-enough security classifications that they could be moved elsewhere without without undue risk.
The first phase of the current roadmap, now underway, aims to comply with a Defense Department mandate to cut DoD’s overall data center inventory by 60 percent before 2018 and to cut the number of Installation Processing Nodes (IPNs) — data centers that handle genuinely-local IT tasks — to just one on each base. Some large bases currently have dozens of those.
Even if the Army succeeds in that task, it’ll still be left with about 200 IPNs, so the second phase seeks to shrink those to about 40 in the 2019-2021 timeframe. That will be helped by the fact that DoD is currently rolling out more bandwidth to connect its bases via multiprotocol label switching (MPLS) and centralizing its security via Joint Regional Security Stacks, making it less important that any particular piece of data is housed on any given base.
Those 40-or-so large centers would be further whittled down in the third phase, which envisions four Army Enterprise Data Centers (AEDCs) by 2025.
Army IT officials believe the current data center consolidation edict has a stronger chance of being carried out, compared with the various policy memos issued up until this point.
This time around, officials determined the strategy needed to be articulated in a formal directive from the Army secretary. Previous memoranda were sometimes interpreted as mere suggestions: Several large commands still have not built the difficult tasks of rationalizing their applications and closing data centers into their five-year budget plans. The directive will also set up a governance council made up of generals and senior executives to ensure the new schedule is followed.
“The Migration Implementation Review Council (MIRC) ensures that the Army will comply with data center consolidation, it will track all of the tasks in the directive, the implementation schedules and timelines, and make sure we don’t regress from that,” Bognar said. “Ultimately, the council reports to the Senior Resource Group, which reports to the secretary of the Army. So there’s some serious governance here to make sure we don’t deviate.”
The Army’s data center closure plans are highly dependent on making sure it finds suitable homes for the data and applications now housed within the facilities it wants its local commanders to shutter. And on that front, Bognar acknowledged the Army has not done as well as it should have.
“A case in point is the commercial cloud. It’s out there, we want to go there,” he said. “We have issues with security constraints we’re still trying to work through, but we’re getting very, very close, and that will help trigger a massive movement out of these data centers. But in fairness to the mission owners, we, the Army, have not provided enough alternatives to these legacy data centers.”
The forthcoming Army Enterprise Data Centers (AEDCs) are meant to partially address that shortcoming. Although the long-term consolidation plan doesn’t require their use until a decade from now, the Army has already started work to make them available for early adopters, and is planning to place them at Fort Bragg, North Carolina, Fort Knox, Kentucky, Fort Carson, Colorado and Redstone Arsenal, Alabama.
To help with the overall problem of migrating legacy data and applications to the cloud, the Army has set up a specialized division within its program executive office for enterprise information systems (PEO-EIS). Its role is mostly advisory — only an application’s mission owner can make the call as to whether an IT system should move to, for example, the Defense Information Systems Agency’s MilCloud service, a commercial hosting provider or an Army enterprise data center.
“The selection of the target environment is up to the mission owner. They’re the funding organization, but we will let them know which environments are eligible to host those applications,” said Johanna Curry, the project officer for the Army Application Migration Business Office (AAMBO). “We have a team of systems and application engineers and cloud experts that can provide really good advice to a mission owner to let them know what their options are.”
Over the long term, the Army sees relatively little need to handle its IT services within the confines of its own bases. It plans to issue a contract by the end of September to pilot a contractor-operated cloud service on the physical premises of Redstone Arsenal, but Bognar said data centers such as those would serve a fairly narrow function: housing and processing highly-sensitive data, at what DOD’s cloud security requirements guide defines as Impact Level 6.
“We’re going to see if we can do a contractor-owned, contractor-operated model on Army premises, because that means we don’t have to use a cloud access point and we already have all of our common services in place there,” Bognar said.