Security, mobility and social networking are driving a new vision within the National Nuclear Security Administration (NNSA) that’s led the department to embrace cloud computing.
This fall, the component within the Department of Energy that is responsible for the security and reliability of the nation’s stockpile of nuclear weapons will begin rolling out a major component of its new Network Vision – YourCloud.
That’s right. A federal agency component with responsibility for safeguarding some of the nation’s most sensitive national security secrets is moving its IT infrastructure to the cloud. And it is doing so with complete confidence in the new efficiencies and security that it says the cloud will offer.
Responding to the federal government’s Cloud First policy as well as the continued pressure to use dwindling tax dollars more efficiently and effectively, the NNSA is embarking upon what Travis Howerton, the agency’s chief technology officer, referred to as the NNSA’s Virtual Workforce for the 21stCentury, “where work is something you do not somewhere you go.”
For the NNSA, that means a fundamental shift in how IT services are delivered to its 40,000 active users spread across the country.
“The old network was really a 1950s-centric architecture where everybody was firewalled off and email and telephone was the only way we could communicate,” said Howerton. “We are leapfrogging to a very modern, ultra-secure environment over a new wide area network called the One NNSA Network. And everybody is connected to a secure resource we call YourCloud, which is an Infrastructure as a Service (IaaS) offering based on the Los Alamos National Lab on-demand capability. We are re-platforming it to a cloud services broker where we can speed up the back-end IT infrastructure deployment process from months to minutes and be able to broker workloads across a secure hybrid cloud model.”
With an initial operating capability for the YourCloud initiative scheduled for this fall, followed closely by the One NNSA Network, Howerton said the final step in the current three-pronged modernization strategy will come in the spring of 2013, when something called the OneVoice capability is introduced.
Powered by YourCloud over the One NNSA network, “One Voice will be a unified communications capability that will connect everything together, including messaging, e-mail, and Web conferencing, with rich presence federated to a business-focused and internally hosted social network capability so that we have a way to connect scientist to scientist and researcher to researcher in a way that was never possible before,” said Howerton.
Of course, all of this raises obvious questions about how secure will the new architecture be. Anil Karmel, the operations and management CTO at NNSA, said that security was always a top priority when the architecture planning and design process started and that many innovative security protections have been “baked in” to the new cloud-based system.
“The security piece and making it work in the cloud environment is not a trivial task,” acknowledged Karmel. But, he added, if done right the cloud paradigm can actually improve security. “By baking in control where virtual desktops cannot talk to virtual desktops, you limit the attackers attack surface,” he said. “It ensures that if a virtual desktop is compromised that it cannot go take over a server. And defining clear rules about where and when a particular desktop can communicate are things that can only be accomplished in the cloud paradigm.”
In essence, the new cloud computing architecture will leverage continuous monitoring and the ability to quarantine any virtual machine that may have been compromised.
And that type of agility in security is not lost on Karmel in terms of the business process improvements that are likely to follow as well. “We can deliver services cheaper and improve our security along the way,” he said. “And we’re doing this with current year dollars. We’re re-prioritizing work. We’re not requesting more money to do this,” said Karmel. And we’re delivering new capabilities in 90 day cycles of innovation,” he said, characterizing that as “a path and a pace that is staggering for government.”
According to Karmel, the average cycle time to procure a server, rack it and stack it, install an operating system and get it over to a customer was running 30 days on average. “Now, through the infrastructure on-demand cloud service broker you can provision that workload in 30 minutes, fully automated with no intervention.”
YourCloud (FALL 2012)
- Expedites the procurement, installation and configuration time of a server from 30-90 days to 30 minutes.
- Transitions to an expense model for data centers/servers.
- Leverages the General Services Administration FedRAMP IaaS contract vehicle to protect future IT budgets.
OneNNSA Network (Winter 2012)
- Establishes point-to-point Virtual Private Network for network edge between all the site locations and the Federal cloud.
- Lays a secure, solid foundation for future enterprise solutions.
- Provides a flexible, agile architecture to provide information security.
- Enables work from anywhere across Nuclear Security Enterprise.
OneVoice (Spring 2013)
- Provides a unified communications stack allowing Web and desktop video conferencing, instant messaging, voice and email from one unified client.
- Supports President Obama’s Nov. 8 Executive Order to implement agency-wide collaboration tools reducing costs.
- Offers one of the first ever government social networks.
This story was edited at 5:08 p.m. to correct an error in the following quote:
“By baking in control where virtual desktops cannot talk to virtual desktops, you limit the attackers attack surface,” he said. “It ensures that if a virtual desktop is compromised that it cannot go take over a server. And defining clear rules about where and when a particular desktop can communicate are things that can only be accomplished in the cloud paradigm.”