Cloud IT Services customer presentation v4 1 by 60e8i5O5

VIEWS: 8 PAGES: 31

									                                                U.S. General Services Administration



   Integrated Technology Services


               Cloud Computing &
           Infrastructure-as-a-Service
                    Overview

General Services Administration
Federal Acquisition Service
Integrated Technology Services

                                  May 2, 2011
Integrated Technology Services

 $20 billion in potential federal cloud computing spend

                    $ 80 Billion               $ 20 Billion




                  Total IT Spending            Potential
                                             Spending on
                                                Cloud
                                              Computing

   Source: OMB, Federal Cloud Computing Strategy, February 8, 2011   2
Integrated Technology Services

 Contents
   What is Cloud Computing?
      Key Features
      Benefits
      Myths
      Why Do Agencies Need Cloud Computing?
   GSA’s Cloud Computing Offerings
      Today’s Offerings and Future Offerings
      GSA Infrastructure-as-a-Service (IaaS) BPA
      Addressing Agency Concerns
      Ordering off of the IaaS BPA
      Why use GSA
   Points of Contact

                            Click here for video
                                                    3
    Integrated Technology Services

       Cloud computing delivers needed value

     Essential Characteristic                                   Customer Value
           On-demand Self-Service                               Self Service Portal


            Broad Network Access                                Available to all devices/locations


               Resource Pooling                                 Efficient Use of Resources


                 Rapid Elasticity                               Scale Up or Down On Demand & DR/COOP


               Measured Service                                 Pay only for what you use



       Source: Proprietary
GSA Confidential andNIST, DRAFT   Special Publication 800-145
                                                                                                       4
Integrated Technology Services

 Agencies benefit in cost, technology and mission
 Cloud computing services present several economic and operational
 advantages over traditional premise-based IT architectures:
                 Reduce IT capital spending
                  Pay only for what you use
      Cost
                  Shift IT costs from expenditures to actual usage
                  Significantly reduces lifecycle sustainment cost

                 Increase flexibility and speed in IT implementations
                  Scale up and down to meet immediate demands
  Technology      Real time deployment capabilities
                  Improve COOP and disaster recovery operation capabilities

                 Efficient use of resources
                  Allocate resources to mission-critical activities as IT requirements
                     are reduced
    Mission
                  Aligning to OMB practices
                  Responding in a timely manner to federal mandates and agency
                     requirements
                                                                                          5
Integrated Technology Services

 Separating fact from myth about cloud computing
 A number of myths abound in the marketplace due to a lack of clarity on
 definition, misinformation and unfounded concerns

                   MYTH                                   FACT
  • Cloud can be anything                  • Cloud IT services must include the 5
                                             key attributes
  • Public clouds are not secure and       • Off-the –shelf security terms are
    agencies can’t control security          often negotiable
    requirements                           • Agencies can choose what to push
                                             to the cloud.
  • Agencies will lose control of their    • Agencies can enforce strict SLAs
    data                                     and prohibit data mining/monetizing
  • Moving to cloud is difficult           • Agencies can move application-by-
                                             application in a phased fashion

  GSA cloud experts can work with you to understand the facts about
      cloud and to help you define your agency’s requirements
                                                                                    6
Integrated Technology Services

 External and internal drivers push cloud adoption
 A number of external and internal drivers necessitate the adoption of
 cloud computing across the Federal government.

          External Drivers                                   Internal Drivers

  Federal budget deficit                           Lack of resources
  Data Center consolidation                        Distraction from mission focus
  Increasing Fed CIO and OMB                       Complexities of managing large IT
   scrutiny of large IT projects                     projects
  “Cloud First” policy                             Slow IT deployment time
  Fed CIO IT Reform agenda - 3          Cloud      Challenging IT asset management
   applications to the Cloud by 2013   Computing    Difficult in sharing data
  Executive Order 13514 -                          Need to reduce IT maintenance
   Sustainability                                    and capital costs
  Open Government Initiative                       Need to reduce energy use and
  Comprehensive National                            costs
   Cybersecurity Initiative                         Lack of collaboration solutions
                                                    Push for teleworking capabilities

                                                                                         7
Integrated Technology Services

 GSA provides multiple ways to buy cloud services


      ITS Office of                                            ITS helps government
                                    Schedule 70                execute its core
     Infrastructure
      Optimization                Fair and reasonable          mission by making IT
                                  prices for IT products
    Good for Government            and services, often         acquisitions:
       Programs, like                 through BPA’s
       SMARTBUY,
       For Software                                             Faster
                            GSA
                                                                Cheaper
         Networx                       GWACs
    Your one-stop shop for      Comprehensive and flexible
                                    contracts that provide
                                                                Easier
     telecommunications
   solutions, including cloud     virtually any IT services,
        hosting options.         including combinations of
                                  cloud and other services



             Assisted Acquisition Services                                            8
Integrated Technology Services

Using an existing GSA contract saves time and money
                                       Based on a statistical
                                        analysis of 745 full
                                        and open contracts
                                        from FY05 thru FY10

                                       77% of vendors
                                        awarded via full and
                                        open multi agency
                                        contracts were
                                        already available on
                                        and within scope of
                                        existing GSA contracts

                                       Purchasing cloud
                                        services through an
                                        existing contract is
                                        faster and less costly

   Source: Input                                                 9
Integrated Technology Services

 GSA Cloud IT Services


  Infrastructure-as-a-Service (IaaS)

  Software-as-a-Service (SaaS) Email

  Ancillary Services (i.e. Fedramp)




BPA holders may be solicited, quotes may be
received, a winning vendor may be selected,
 and ordering activities can select a winner
    contingent upon a GSA issued ATO.


                                               10
Integrated Technology Services

 Lot 1: Cloud Storage
 Provides scalable, redundant, dynamic web-based storage and provides users with
 the ability to procure and use data and file storage capabilities remotely via the
 internet. Provides file and object data storage capabilities on-demand, dynamically
 scalable per request and via the internet.

  Cloud Storage CLINS                                Example Applications
  Each CLIN includes tiered monthly pricing options  Data Recovery and Backup -
  measured in gigabytes per month                     Remote backup and restore
      1. Web addressable storage                      for both in-house and cloud
      2. Bandwidth for data transfer in               systems
      3. Bandwidth for data transfer out             Data Archive - Archive data
                                                      sets to the cloud
  Cloud Storage Use Case
   The State of Michigan, through its “MiCloud” program, is piloting a cloud storage
    solution as part of its strategic investment in virtualization technologies.
   The consumption expectations for the first year are 250 terabytes of data at a
    cost 90% lower than today’s lowest cost storage tier.

                                                                                        11
Integrated Technology Services

 Lot 2: Virtual Machines
 Provides scalable, redundant, dynamic computing capabilities or virtual machines.
 Allows users to procure and provision computing services or virtual machine instances
 online via the internet
  Virtual Machines CLINS                                        Example Applications

  Each CLIN includes tiered hourly & monthly pricing options       High compute application support -
                                                                    Spin up VMs as required based on
  Includes ten CLINs for virtual machine services, including:       load
   Persistent or non-persistent storage                           Test Environments - Use VM
   Windows, Linux or Solaris (or equivalent) OS                    image to test applications
   Block storage
   Bandwidth for data transfer in and out
   Supplemental disk space
  Cloud Storage Use Case

     Recently, NASA’s Jet Propulsion Laboratory (JPL) used its own servers to process 180,000
      images of Saturn. After 15 days of non-stop processing, the job was still not complete.
     JPL decided to move the processing of the images to the cloud, provisioning 60 servers (virtual
      machines) in the cloud to execute the task.
     The task was complete in 5 hours, at a cost of $200.
  Source: “NASA lab: Cloud is safe for mission-critical data.” Government Computer News.
           Dec. 15, 2010                                                                                 12
Integrated Technology Services

 Lot 3: Web Hosting
 Provides Web application hosting services in the cloud enabling scalable, redundant,
 dynamic web hosting services. Allows government users to procure and provision Web
 hosting services online via the internet. Allows users to securely load applications and
 data onto the provider’s service remotely from the Internet. Configuration is enabled via
 a Web browser over the internet
  Web Hosting CLINS                                              Example Applications
  Each CLIN includes tiered monthly pricing options                 Web Hosting – host internet and
                                                                     intranet application leveraging
  Includes five CLINs for web hosting services
                                                                     the elasticity of cloud
   Bundles of Windows, Linux or Solaris (or equivalent) OS
   Optional databases
   Windows IIS web server software, Apache PHP stack,
       or Apache TomCat stack
   Supplemental disk space
   Supplemental bandwidth in and out
  Web Hosting Use Case
     CFPB recently switched to a cloud computing infrastructure to host its new, primary public facing
      web site, as well as four other already existing sites.
     The elasticity of the cloud allows CFBP to handle spikes in site traffic during tax season.
  Source: “Treasury Sites Move to Cloud.” Information Week Government. January 10, 2011
                                                                                                          13
Integrated Technology Services

                     12 Awardees across 3 Lots:
           •Cloud Storage • Virtual Machines •Web Hosting




                                                            14
Integrated Technology Services

Access leading players and technology through IaaS BPA
                Vendor          Cloud Storage   Virtual Machines   Web Hosting    Teaming Partner(s)
                                                                                 Amazon Web Services,
 Apptis, Inc.                        X                 X
                                                                                        LLC
 AT&T                                X                 X                         No Teaming Arrangement
                                                                                  Carpathia Hosting Inc.,
 Autonomic Resources                                   X
                                                                                      Enomaly, Dell
 Carahsoft                                             X                          Carpathia Hosting, Inc.

 CGI Federal Inc.                                      X               X         No Teaming Arrangement
                                                                                  XO Communications,
 Computer Literacy World             X                 X               X
                                                                                    Electrosoft, SNS
 Computer Technology
                                     X                 X               X              SoftLayer, Inc.
 Consultants
                                                                                   Horizon Data Center
 Eyak Tech LLC                       X                 X               X
                                                                                        Solutions
 General Dynamics Information
                                                       X                          Carpathia Hosting, Inc.
 Technology

 Insight Public Sector               X                                                  Microsoft

 Savvis Federal Systems                                X               X         No Teaming Arrangement

 Verizon Federal Inc.                                  X                         No Teaming Arrangement
                                                                                                            15
Integrated Technology Services

GSA addresses cloud concerns & evolving agency needs

                    • Commoditized pricing via Apps.gov
  Ease of Use       • Place task orders off of BPAs
                    • Use of GSA-created SOW templates and Ordering Guide
    Security        • Products and services certified at the FISMA Moderate Impact Data level
                    • Retain data ownership and prohibition of data mining or monetizing
     Control        • 99.95% availability requirement
                    • Trouble tickets and order management capabilities
                    • GSA will monitor cloud services (e.g. security)
  Compliance        • Vendors required to adapt to changing regulations and requirements
                    • Address CIO and OMB mandates and EO 13514
                    • Built-in interoperability (e.g. Web services and requirements)
 Interoperability   • Maintain their active directory outside of the cloud
                    •   Decreased time-to-market to deploy or implement IT solutions
                    •   Simplified IT maintenance
  Productivity      •   Allows key resources to focus on mission-critical activities
                    •   Self-provision services as needed

                                                                                                16
Integrated Technology Services

 eBuy - 7 steps to ordering from the IaaS BPA
  Determine   Prepare    Prepare        Issue
                                                     Evaluate   Award     Administrate
   Scope       SOW        RFQ            RFQ

                               GSA Acquisition Support

   Step 1: Scope Determination
    • Establish Requirements of the Ordering Activity
    • Determine if the requirement is within scope of the IaaS BPA
    • Ordering Activities shall solicit all BPA holders for desired Lot
    • Estimate the Value of the Order
    • Samples and Templates
   Step 2: Prepare Statement of Work (SOW)
     • Period of performance
     • Technical Requirements
     • Deliverables

                                                                                         17
Integrated Technology Services

 eBuy - 7 steps to ordering from the IaaS BPA (cont’d)
  Determine   Prepare   Prepare        Issue
                                                    Evaluate   Award   Administrate
   Scope       SoW       RFQ            RFQ

                              GSA Acquisition Support



   Step 3: Prepare the Request for Quote (RFQ)
   Step 4: Issue the RFQ
     – With GSA’s eBuy application, users can easily send RFQs directly
       to the BPA holders electronically
     – Ordering Activities shall solicit all BPA holders for desired Lot
   Step 5: Evaluation of Submissions
   Step 6: Award
   Step 7: Task Order Administration


                                                                                      18
Integrated Technology Services

 Research and order through GSA e-Tools


   Info.apps.gov
       Information portal
   ebuy.gsa.gov
      Use GSA’s electronic RFQ tool to post your RFQ
       with SOW on-line
   apps.gov
      Cloud storefront – limited to purchases through
       purchase card only that do not require a SOW


                                                         19
Integrated Technology Services

 apps.gov makes ordering easy
 Apps.gov is the ONLY customer-oriented cloud-only storefront

                                                   One-stop shop for cloud
                                                    IT services
                                                   Cross-compare cloud
                                                    products and services
                                                   Streamlines acquisition
                                                    process
                                                   Currently offers SaaS
                                                    solutions and Social
                                                    Media options
                                                   Coming Soon
                                                     • IaaS Solutions
                                                     • SOW/SOO templates
                                                     • Ordering Guides
                                                                          20
Integrated Technology Services

 GSA delivers value in procuring cloud services
   GSA is strategically committed to cloud – 25 pts
   Cloud services are available for purchase today via
    existing GSA contracts
   Cloud services for infrastructure and email through
    GSA vehicles are less costly and easier to use than
    other procurements
   Products and services on IaaS BPA will be certified at
    the FISMA Moderate Impact Data level
   Additional services available
     • Migration Services on Schedule 70
     • Assisted Acquisition Services
                                                             21
Integrated Technology Services

GSA IaaS Cloud Computing A&A Process
                                                                                                         7 Assess Security Controls (RMF#4)
                                                                                                               Assessor Security Assessment Report (SAR)
                                                                                                                       53A Test Procedures (53ATP)
                                                                                                                  E-Authentication Risk Assessment (E-RA)
1                  Deliverables                       4      ISSO to Vendor (CSP) Feedback                          Penetration test (PT) based upon ATP
                                                                                                                   Operating System Scan Reports (OSSR)
    ISSO issues security templates to Vendor (CSP)             ISSO review/approval of baseline SSP                    Web App Scan Reports (WASR)
    ISSO issues GSA Assessment Test Procedures                 ISSO review/approval of CIS & CTWT                      Database Scan Reports (DBSR)
                                                                                                                        Referenced Documents (RD)
                                                               ISSO originates high level SSP review
                                                                                                               CSP draft Plan of Actions & Milestones (POA&M)
                                                            ISSO obtains ISSM approval of baseline SSP
2 Categorize Information System (RMF#1)
                                                               ISSO obtains approval of CIS & CTWT
       ISSO completes FIPS 199 categorization                                                            8      ISSO to Vendor8(CSP) Feedback
                                                                                                                      ISSO review/approval of SAR
                                                      5     Implement Security Controls (RMF#3)
                                                                                                                ISSO review/approval of drafted POA&M
3 Select Security Controls (RMF#2)                           CSP updates Systems Security Plan (SSP)
                                                                                                                 ISSO originates detailed SAR evaluation
        CSP drafts Systems Security Plan (SSP)                CSP drafts Assessment Test Plan (ATP)
             Contingency Plan with BIA (SSP)                                                                       ISSO obtains ISSM approval of SAR
            Contingency Plan test Report (CP)                                                                 ISSO obtains ISSM approval of drafted POA&M
        E-Authentication Risk Assessment (E-RA)
             Privacy Impact Statement (PIA)           6     ISSO to Vendor (CSP) Feedback                           ISSO enters POA&M into Quickr
                 Rules of Behavior (RoB)
                                                              ISSO review/approval of updated SSP
        Inter-connection Service Agreement (ISA)
     CSP Control Implementation Summary (CIS)                 ISSO review/approval of drafted ATP
                                                                                                         9 Authorize Information Systems (RMF#5)
     CSP Control Tailoring Workbook Template (CTWT)            ISSO updates high level SSP review
                                                                                                                ISSO completes Package Review Checklist
                                                           ISSO obtains ISSM approval of updated SSP
                                                                                                                  ISSO routes completed package to AO
                                                           ISSO obtains ISSM approval of drafted ATP
                                                                                                                          Distribute signed ATO
                                                          ISSO authorizes independent assessment audit


                                                                                                         10    Monitor Security Controls (RMF#6)                22
Integrated Technology Services

 Frequently Asked Questions 1 and 2
 Question #1
 Is an ATO required before an order is placed?
 Answer
 Yes, but
 • BPA holders may be solicited,
 • quotes may be received, and
 • a winning vendor may be selected, contingent upon a GSA issued ATO.
 Question #2
 What assistance is available for the GSA IaaS BPA?
 Answer
 •   IaaS Calculator to create an Independent Government Cost Estimate
 •   Ordering Guide
 •   Statement of Objectives (SOO) Template
 •   Assisted Acquisition Services (AAS)
                                                                         23
Integrated Technology Services

Frequently Asked Question 3 and 4
Question #3
What vehicles exist for ordering activities to acquire Cloud Computing Services?
Answer
Virtually any cloud service that an agency needs is already available on existing
GSA contracts. GSA IT contracts come in three broad categories and all have
cloud services.
• Networx: for when bandwidth or related services are already being purchased
• Government Wide Acquisition Contracts: for services with the greatest
   flexibility and ability or desire to conduct lengthier evaluations
• Schedule 70: for desired services that are standardized and known
Question #4
Who maintains (O&M) for Systems built upon the provider's IaaS?
Answer
Dependent on your requirements and the Lots selected, either your existing
application team or the provider can conducted these services.                      24
Integrated Technology Services

 Frequently Asked Questions 5 and 6
 Question #5
 How does an agency procure services required to implement and utilize cloud
 services?
 Answer
 All BPA holders are Schedule 70 holders and can provide Professional Services
 in addition to the IaaS CLIN’s. This can be conducted on a single solicitation
 released to IaaS awardees.
 Question #6
 How does an ordering activity determine its costs for Cloud Computing Services
 under this BPA?
 Answer
 GSA’s Cloud Computing PMO has developed a calculator to aid ordering
 activities in producing an IGCE for BPA-related components. Additionally,
 agencies pay for only service usage since no funds are obligated under this
 BPA.                                                                             25
Integrated Technology Services

 Frequently Asked Questions 7 and 8
 Question #7
 Can the "color" of money (charge codes) be tracked in the proposed IaaS
 solutions?
 Answer
 Yes, all providers are required to maintain online billing portals tracking system
 utilization to each of the CLIN.
 Question #8
 Are ordering activities restricted to eBuy to issue and IaaS RFQ?
 Answer
 No. BPA users may issue an RFQ electronically either through eBuy or directly
 to the vendors listed in Section 3 of the IaaS ordering guide.



                                                                                      26
Integrated Technology Services

 GSA Cloud IT Services


  Infrastructure-as-a-Service (IaaS)

  Software-as-a-Service (SaaS) Email

  Ancillary Services (i.e. Fedramp)




                                        27
Integrated Technology Services

 SaaS eMail procurement is structured into five key lots




   Vendors must bid on at least 1 sub-lot in Lot 1 as well as
   Lots 4 and 5 to be eligible for award



                                                                28
Integrated Technology Services

 GSA Cloud IT Services


  Infrastructure-as-a-Service (IaaS)

  Software-as-a-Service (SaaS) Email

  Ancillary Services (i.e. Fedramp)




                                        29
   Integrated Technology Services
                                                                Problem: Independent agency risk
                                                                management has inefficiencies
FedRAMP
                                                                          Federal Agencies
Federal Risk & Authorization Management Program

 Unified Government-wide Risk Management Program
 • Provides joint security authorization and continuous
   monitoring
 • Agencies participate by leveraging the results for covered
   products                                                                Cloud Providers
 • Agencies retain their responsibility and authority to        Solution: Unified risk management
   ensure their security needs are met in the use of systems    eliminates inefficiencies


 Vendor Benefits
 • Government-wide authorization and security compliance
   cost reduction
 Agency Benefits
 • Cost savings through reduced duplication
 • Rapid acquisition
 • Increased security assurance                                            Cloud Providers
                                                                                                    30
Integrated Technology Services

 For more information about GSA Cloud Services:


  Marcelo Olascoaga - IaaS Service Line Manager
  marcelo.olascoaga@gsa.gov
  (703) 306-6653


  www.gsa.gov/itsolutions
  www.info.apps.gov




                                                  31

								
To top