The Defense Information Systems Agency is ushering Defense Department organizations and users into the commercial cloud, including through issuing guidelines and standardizing security. The agency also has maintained its own classified in-house cloud solution, milCloud, but now even that capability soon will open to commercial administration.
A new request for proposals is expected by mid-June for a two-phase milCloud 2.0. The move will for the first time hand over the build-out and operation of DoD's high-security internal cloud to an industry provider. There are some stipulations, though — milCloud still will be operated on the DoD Information Network, or DoDIN, behind DISA's security walls, and provide services to internal DoD users.
The idea is to get the most bang for the taxpayer's buck while still providing a service commercial entities can't, due to high-security classifications of the data involved.
"Cloud is not the savior for everything. There is always going to be the need for traditional hosting in a DOD data center," John Hale, chief of DISA's cloud portfolio, said at the AFCEA Defensive Cyber Operations Symposium in Washington in April. "There are certain workloads that just do not fit well in a virtualized or cloud model" such as nuclear command and control, he noted.
But for less-sensitive data, a commercial cloud solution that operates within DoD boundaries adds to an arsenal of cloud options, giving military users more flexibility for storing and hosting data and content.
"Every time a mission partner comes to us and says 'I have this workload,' our job is to sit down with them, go through the requirements, and find them the best solutions that fit their needs. It may be off-premise commercial cloud, it may be on-premise commercial cloud, it may be traditional hosting — or it may be a mix, depending on what the particular mission needs are," Hale said. "By leveraging cloud capability, both commercial on-premise and off-premise capability, we can bring significant savings to the department and we can also provide a new, agile functionality to our mission partners going forward."
At press time, aAn RFP package for milCloud 2 Phase 1 is expected June 6, according to a pre-solicitation notice posted May 20 to FedBizOpps.gov.
"The purpose of the m2P1 acquisition is to bring commercial infrastructure services into DoD facilities, connected to DoD networks in a private deployment model for use by the DoD community," the notice stated. "The contractor will also provide workload transition engineering services to support the movement of workloads onto this service infrastructure."
According to DISA, Phase 1 will this year bring industry into a few of DISA’s data centers, starting occur this year.
"The objective is to figure out the business model side of hosting DoD workload with an on-premise private cloud," the DISA website states. "Phase II involves providing capability on the classified and unclassified networks, involving more data centers and more workload. Phase II will be informed by Phase I, and it will be a longer term effort. Services provided by the commercial service provider will be acquired through DISA's Service Catalog. In other words, mission partners will still purchase computing and cloud services from DISA; DISA will then purchase the services from the commercial provider."
