Cloud for the Military - Projects, Promise

© 2015 IBM Corporation

Cloud for the military . . . . projects & promise

V2, 8 Jun 15

John Palfreyman, IBM

© 2015 IBM Corporation 2

1.  Cloud Clarified 2.  US Air Force Mission Oriented Cloud Architecture 3.  US Army Logistics Activity 4.  National Oceanographic & Atmospheric Administration 5.  Looking Forward

Agenda


Cloud Clarified

Baselining Terminology


NIST Definition of Cloud


. . . as a Service

Networking

Storage

Servers

Virtualization

O/S

Middleware

Runtime

Data

Applications

Traditional

Networking

Storage

Servers

Virtualization

O/S

Middleware

Runtime

Data

Applications

Platform as a Service

Networking

Storage

Servers

Virtualization

O/S

Middleware

Runtime

Data

Applications

Software as a Service

Networking

Storage

Servers

Virtualization

Middleware

Runtime

Data

Applications

Infrastructure as a Service

O/S

Vendor Manages in Cloud Client Manages


Where & Who?

On Premises Off Premises

Client Operates

Most Secure Highest Cost (Unlikely)

Contractor Operates Secure (with cleared staff) Lower Cost

Less Secure Lowest Cost


Public, Private or Both (Hybrid)?

Most sensitive workloads behind firewall

Everything connected to you, but remote

Optimised economics &

agility

Seamless experience, regardless of choice /

combination


Military promise of Cloud . . .

Mission System provisioning Weeks Minutes

Event-based Scalability Fixed Elastic

Workload Runtime Location Static Movable

Service access Administered Self-service

Standardization Complex Reuse/share

Metering/billing Fixed cost Variable cost

Server/storage utilization 10–20% 70–90%

Return of Investment Years Months

Increasing Mission Agility

Reducing costs

On-demand, event-based access to mission services that can react to changing events


USAF Mission Oriented Cloud Architecture

Tackling SECURITY head on


Why?

"Our goal is to demonstrate how cloud computing can be a tool to enable our Air Force to manage, monitor and secure the information flowing through our network. We examined the expertise of IBM's commercial performance in cloud computing and asked them to develop an architecture that could lead to improved performance within the Air Force environment to improve all operational, analytical and security capabilities.” Lieutenant General William Lord, Chief Information Officer and Chief, Warfighting Integration, for the U.S. Air Force.

!  Advanced cyber security and analytics capable of protecting sensitive data

!  Designed with real time processing of sensors, monitors and devices

!  Cloud architecture to reduce response time to cyber threats

!  Mission prioritized workload & capacity management


How?

Dash-boarding, Visualizing and Reporting

Stored Data & Threat Profiles Streaming Threats

Real-time Security Software

+

10-40-100 Gb/S

100% packet Inspection

Real-time Analytics

Massive (pbyte) Scale Analytics Engine

!  Advanced Analytics - detecting and reacting to abnormal patterns

!  Deep Packet Inspection - analyze data flows within the cloud

!  Resilience - reconfigure cloud networks and resources

!  Virtual server protection - situational awareness of vulnerabilities and attacks

!  Autonomic Defense – at machine speed with chip level responsiveness


What (benefit)?

!  Security Intelligence approach (Analytics on masses of data)

!  Enhanced security, policy management and compliance management

!  Real collaboration (IBM – USAF) !  Cloud security possible using standard

commercial software


US Army Logistics Activity (LOGSA)

Hybrid cloud for the military


Why?

Logistics Support Activity (LOGSA) !  Acquire, Manage, Equip & Sustain US Army materiel !  Data Collection, Organising, Storing Delivering !  Logistics Information Warehouse Drivers !  Save Money !  Interoperate !  Broaden Analytics Capability


How?

!  Started as Data Centre Consolidation !  Comprehensive Pre-Transition Audit !  Three Phases

1.  On boarding 2.  Transition to Managed Services 3.  Solution Modernisation

!  Analytics & Optimisation


[1] Discovering “Real” As-Is

Firewall

Solaris Servers

Trusted User

EMC SAN

Other LOGSA Customers

IETM Customers

Basic Services

IETM Servers

Fiber Channel

Network

USPV

SAN

Tape

NAS

Non-VM Servers

Network

V-Block In

com

plet

e E

TL

Fiber Channel

Non-ERP Databases

Non-ERP Files

ERP Databases

• Poor VM processes & mgmt

• Data Warehouse in disarray

• Excessive applications

• Disjointed SAN architecture

• Maxed-out SAN frames

• Thousands of patches not applied over previous decade

Por

tal

Dat

abas

es

Old

OS

VM

s

Act

ive

Dire

ctor

y

• Numerous access mechanisms

• Badly outdated equipment

SFTP & Custom

Interfaces

Multiple DB

Interfaces Web Portal SSO, E-mail

Server Minimal SOA Multiple Client

Interfaces


[2] . . . to Managed Services

• Migrate to Unified SAN • Massive upgrade/patch fix

• Modernize equipment • Improve VM processes/mgmt • Resolve License/Lease issues • Reduce number of databases

• Modeled, doctrine-aligned Business Processes

Firewall

Solaris Servers

Trusted User

EMC SAN

LOGSA Customers

IETM Customers

SVC IETM Servers

Fiber Channel

USPV

Non-VM Servers

ILDP Server

Network

V-Block In

foS

pher

e E

TL &

ISD

Fiber Channel

Non-ERP Databases

Non-ERP Files

ERP Databases

Por

tal

Uni

fy

Dat

abas

es

Sol

aris

V

MS

Linu

x V

Ms

SFTP / LOGFERS

LOGTRANS, LOGETL,

ILAP, LIW-F

Web Portal, E-mail Server

Client SOA Interfaces

Tape

Network

Act

ive

Dire

ctor

y

XIV SAN

Substantial repairs New/major updates

LIW-1 Forward

ALEG Business Glossary

NAS


What (benefit)?

!  Half the Cost of the previous unmanaged solution !  Transitioned to Managed Services in 181 days !  Applied over 10,000 patches !  Demonstrated Rapid Recovery from unplanned outages !  Building scalable, Cloud-ready Army Logistics SOA


National Oceanic and Atmospheric Administration

Open Innovation in Action!


NOAA Why?

!  Collects 20TB data / day –  Doppler radars –  weather satellites –  buoy networks and stations, –  real-time weather stations –  ships and aircraft

!  Demand for quality weather information !  New business model - “Drive economic growth and business

innovation” Secretary Pritzker


How?

!  Open up weather data to IBM & Partners !  Creates NOAA “data lake” in Cloud !  Applies analytics, offers service to Consumer !  Leveraging Open Standards based BlueMix

Platform – Partner Interoperability !  Cooperative Research & Development

(CRADA)


What (benefit)?

!  More VALUE to consumer !  From delayed, summary information . . !  . . to full data, low latency !  Efficiencies through scale up / down !  Iterative, exploratory approach


Looking Forward

Cloud – Promising Future!


!  Emerging high value cloud workloads generate business insights by linking data from Systems of Record and Systems of Engagement at cloud scale

!  “Flat” data centers can efficiently host such workloads with varying memory, network and storage requirements

!  As sensitive workloads and data migrate to the cloud, security and compliance are becoming paramount

Industry Transformation

DevOps, Agility

Capex Reduction

Cloud Evolution

Cloud 1.0 Cloud 2.0

Cloud 3.0

Data originates in Cloud


IBM BlueMix Overview

!  Open Standards based Cloud Platform !  Mobile & application developers access to software [1]

–  Integration –  Security –  Business functions –  Advanced, exploratory elements

!  EASE of application development !  Immediate use of Web Service !  Ideal vehicle for Open Innovation

[1] from IBM & partners


Adaptive, Contextual Security

Reactive, Defense in Depth

Static, Perimeter Controls

Cloud 1.0 Cloud 2.0

Cloud evolution – security point of view

Challenge 1 Challenge 2 Challenge 3

Fragmented and complex security controls

Sophisticated threats and attackers

Increased attack surface due to agile and composable systems

Attackers exploit platform shifts to launch new attacks on high value workloads and data

Cloud 3.0


Monitor and Distill

Correlate and Predict

Adapt and Pre-empt

Correlate events

Predict risk

Business impact

Defense strategies

Risk Prediction and Defense Planning From forensic to predictive security by building contextual models of access to value at risk

Active

In-device

Near Field

Passive

Multi-level monitoring and big data analytics 360 view of device, user, data, application and process

Adapt network architecture, access protocols, and privileges in a way that increases attacker workload

Controls Management Agents Active Adaptive and optimized response

Less intrusive More controls

Less

intru

sive

Mor

e vi

sibi

lity

IBM is uniquely positioned to provide the most secure Systems of Insight with adaptive, contextual security

Security 3.0


1.  Cloud (economy, agility, interoperability) ideal for military 2.  Security is HARD but commercial software can solve 3.  Projects may be complex, incremental – but huge savings accrue 4.  Open Innovation – releasing value from data - happening 5.  Open Standards Cloud platforms underpin real innovation 6.  Security must evolve with Cloud usage

Summary


Questions?

John Palfreyman, IBM [email protected]


Screen Shots from Demonstration




Technology

Cloud for the Military - Projects, Promise