Using Hybrid Clouds

The Major Benefits of Using a Public Cloud for the State

  • —Turns acquiring resources into a variable per unit cost acquisition proposition: i.e., like acquiring utility services
  • Gives the State the flexibility of acquiring resource as and when needed
  • Provides ability to scale the resources, both up and down very quickly in response to business needs
  • Eliminates the need for capital expenditures
  • —Dramatically reduce the time for acquisition and provisioning of resource
  • —Reduces prices by taking advantage of the size and scale

From these benefits that public Clouds offer, the last one, i.e., leveraging the size and scale through consolidation to reduce costs, is really the only one available through private Clouds. Costs can also be prohibitive to build flexibility, scalability, and agility into ta private Cloud.

An additional reason why organizations have been using private Clouds is for security. As the security tools in the public Clouds have matured, the State will be hard pressed to justify private Cloud based on security or governance compliance. For example, AWS now has a very rich security tool, provisions, and certifications. Even the U.S. intelligence and the DoD communities have set up initiatives to migrate away from private Cloud and take full advantage of public Cloud, of course, after implementing proper security governance and compliance.

In reality, it is not a question of one or the other: a Hybrid Cloud solution is the most common approach organizations are using. There are applications and solutions that need to be kept on local infrastructure on a private Cloud. There are times when a distributed model works better.

Cloud computing, by definition, turns IT services into a fast-food environment. Not everything fits this style of IT service design and delivery. Not everything requires speed of deployment or rapid scaling up or down. Not every IT service benefits from runtime automation. Some services are unique and run the same way, day in and day out, for years (and will struggle if the underlying service keeps changing). Some services require significant and unique enterprise differentiation and customization.

Bottom line: Enterprise IT can learn from Cloud computing, and private Cloud, when applied to the right services (that cannot be deployed to a public Cloud provider), can drive the organization to more efficient and effective standards.

In the Federal Government, a distributed model is widely used where the databases and secure data are kept on- premise, while the front end distribution layers are moved to the Cloud. The Government is using multiple solutions to connect the private/on premise compute environment to the public cloud. Some agencies are using DirectConnect services where Cloud providers have direct fiber connectivity to the Cloud from a local data center. For example, Equinix has AWS cross connects available in its DC2 data center in Ashburn, VA. Agencies and/or larger organizations use dark fiber or rent fiber strands in existing fiber loops to bring the direct connectivity to their existing data centers located elsewhere. Some agencies deploy their own equipment cages within the Equinix Government apportioned areas and connect their equipment to the Cloud securely and privately via DirectConnect at 1Gbps to 10Gbps speeds.

The Department of Homeland Security has issues a Trusted Internet Connections (TIC) Initiative. Goals of this initiative are to optimize and standardize the security of individual external network connections currently in use by Federal agencies, including connections to the Internet. The initiative will improve the Federal Government’s security posture and incident response capability through the reduction and consolidation of external connections and provide enhanced monitoring and situational awareness of external network connections.

TIC Strategic Components as Outlined by DHS

  1. Reduce and consolidate external access points across the Federal enterprise
  2. Manage the security requirements for Network and Security Operations Centers (NOC/SOC)
  3. Establish a compliance program to monitor department and agency adherence to TIC policy

The TIC v2.0 Reference Architecture Applies to:

  • —Agencies designated as TIC Access Providers (TICAPs); these agencies have built
  • Commercial carriers designated as Managed Trusted IP Service (MTIPS) providers
  • All federal executive civilian agencies procuring Networx MTIPS or using TICAP services

6 Milestones Established by DHS

—  #1: Inventory the external connections for your agency

—  #2: Determine your agency’s capability to meet the TIC critical technical capabilities

—  #3: Develop a plan to reduce and consolidate your agency’s external connections through approved access points and a plan to implement
the TIC critical capabilities at your agency

—  #4: Acquire telecommunications connectivity through the Networx Contract

—  #5: Implement the plan to reduce and consolidate your agency’s external connections through approved access points and the plan to meet the
TIC critical capabilities at your agency

—  #6: Collaborate with DHS to measure and validate your compliance with the TIC Initiative

We highly recommend that State look at this strategy of connectivity and adopt it while building their hybrid Cloud Solution around AWS.