Cloud IT Services customer presentation v4 1 by 60e8i5O5


									                                                U.S. General Services Administration

   Integrated Technology Services

               Cloud Computing &

General Services Administration
Federal Acquisition Service
Integrated Technology Services

                                  May 2, 2011
Integrated Technology Services

 $20 billion in potential federal cloud computing spend

                    $ 80 Billion               $ 20 Billion

                  Total IT Spending            Potential
                                             Spending on

   Source: OMB, Federal Cloud Computing Strategy, February 8, 2011   2
Integrated Technology Services

   What is Cloud Computing?
      Key Features
      Benefits
      Myths
      Why Do Agencies Need Cloud Computing?
   GSA’s Cloud Computing Offerings
      Today’s Offerings and Future Offerings
      GSA Infrastructure-as-a-Service (IaaS) BPA
      Addressing Agency Concerns
      Ordering off of the IaaS BPA
      Why use GSA
   Points of Contact

                            Click here for video
    Integrated Technology Services

       Cloud computing delivers needed value

     Essential Characteristic                                   Customer Value
           On-demand Self-Service                               Self Service Portal

            Broad Network Access                                Available to all devices/locations

               Resource Pooling                                 Efficient Use of Resources

                 Rapid Elasticity                               Scale Up or Down On Demand & DR/COOP

               Measured Service                                 Pay only for what you use

       Source: Proprietary
GSA Confidential andNIST, DRAFT   Special Publication 800-145
Integrated Technology Services

 Agencies benefit in cost, technology and mission
 Cloud computing services present several economic and operational
 advantages over traditional premise-based IT architectures:
                 Reduce IT capital spending
                  Pay only for what you use
                  Shift IT costs from expenditures to actual usage
                  Significantly reduces lifecycle sustainment cost

                 Increase flexibility and speed in IT implementations
                  Scale up and down to meet immediate demands
  Technology      Real time deployment capabilities
                  Improve COOP and disaster recovery operation capabilities

                 Efficient use of resources
                  Allocate resources to mission-critical activities as IT requirements
                     are reduced
                  Aligning to OMB practices
                  Responding in a timely manner to federal mandates and agency
Integrated Technology Services

 Separating fact from myth about cloud computing
 A number of myths abound in the marketplace due to a lack of clarity on
 definition, misinformation and unfounded concerns

                   MYTH                                   FACT
  • Cloud can be anything                  • Cloud IT services must include the 5
                                             key attributes
  • Public clouds are not secure and       • Off-the –shelf security terms are
    agencies can’t control security          often negotiable
    requirements                           • Agencies can choose what to push
                                             to the cloud.
  • Agencies will lose control of their    • Agencies can enforce strict SLAs
    data                                     and prohibit data mining/monetizing
  • Moving to cloud is difficult           • Agencies can move application-by-
                                             application in a phased fashion

  GSA cloud experts can work with you to understand the facts about
      cloud and to help you define your agency’s requirements
Integrated Technology Services

 External and internal drivers push cloud adoption
 A number of external and internal drivers necessitate the adoption of
 cloud computing across the Federal government.

          External Drivers                                   Internal Drivers

  Federal budget deficit                           Lack of resources
  Data Center consolidation                        Distraction from mission focus
  Increasing Fed CIO and OMB                       Complexities of managing large IT
   scrutiny of large IT projects                     projects
  “Cloud First” policy                             Slow IT deployment time
  Fed CIO IT Reform agenda - 3          Cloud      Challenging IT asset management
   applications to the Cloud by 2013   Computing    Difficult in sharing data
  Executive Order 13514 -                          Need to reduce IT maintenance
   Sustainability                                    and capital costs
  Open Government Initiative                       Need to reduce energy use and
  Comprehensive National                            costs
   Cybersecurity Initiative                         Lack of collaboration solutions
                                                    Push for teleworking capabilities

Integrated Technology Services

 GSA provides multiple ways to buy cloud services

      ITS Office of                                            ITS helps government
                                    Schedule 70                execute its core
      Optimization                Fair and reasonable          mission by making IT
                                  prices for IT products
    Good for Government            and services, often         acquisitions:
       Programs, like                 through BPA’s
       For Software                                             Faster
                                                                Cheaper
         Networx                       GWACs
    Your one-stop shop for      Comprehensive and flexible
                                    contracts that provide
                                                                Easier
   solutions, including cloud     virtually any IT services,
        hosting options.         including combinations of
                                  cloud and other services

             Assisted Acquisition Services                                            8
Integrated Technology Services

Using an existing GSA contract saves time and money
                                       Based on a statistical
                                        analysis of 745 full
                                        and open contracts
                                        from FY05 thru FY10

                                       77% of vendors
                                        awarded via full and
                                        open multi agency
                                        contracts were
                                        already available on
                                        and within scope of
                                        existing GSA contracts

                                       Purchasing cloud
                                        services through an
                                        existing contract is
                                        faster and less costly

   Source: Input                                                 9
Integrated Technology Services

 GSA Cloud IT Services

  Infrastructure-as-a-Service (IaaS)

  Software-as-a-Service (SaaS) Email

  Ancillary Services (i.e. Fedramp)

BPA holders may be solicited, quotes may be
received, a winning vendor may be selected,
 and ordering activities can select a winner
    contingent upon a GSA issued ATO.

Integrated Technology Services

 Lot 1: Cloud Storage
 Provides scalable, redundant, dynamic web-based storage and provides users with
 the ability to procure and use data and file storage capabilities remotely via the
 internet. Provides file and object data storage capabilities on-demand, dynamically
 scalable per request and via the internet.

  Cloud Storage CLINS                                Example Applications
  Each CLIN includes tiered monthly pricing options  Data Recovery and Backup -
  measured in gigabytes per month                     Remote backup and restore
      1. Web addressable storage                      for both in-house and cloud
      2. Bandwidth for data transfer in               systems
      3. Bandwidth for data transfer out             Data Archive - Archive data
                                                      sets to the cloud
  Cloud Storage Use Case
   The State of Michigan, through its “MiCloud” program, is piloting a cloud storage
    solution as part of its strategic investment in virtualization technologies.
   The consumption expectations for the first year are 250 terabytes of data at a
    cost 90% lower than today’s lowest cost storage tier.

Integrated Technology Services

 Lot 2: Virtual Machines
 Provides scalable, redundant, dynamic computing capabilities or virtual machines.
 Allows users to procure and provision computing services or virtual machine instances
 online via the internet
  Virtual Machines CLINS                                        Example Applications

  Each CLIN includes tiered hourly & monthly pricing options       High compute application support -
                                                                    Spin up VMs as required based on
  Includes ten CLINs for virtual machine services, including:       load
   Persistent or non-persistent storage                           Test Environments - Use VM
   Windows, Linux or Solaris (or equivalent) OS                    image to test applications
   Block storage
   Bandwidth for data transfer in and out
   Supplemental disk space
  Cloud Storage Use Case

     Recently, NASA’s Jet Propulsion Laboratory (JPL) used its own servers to process 180,000
      images of Saturn. After 15 days of non-stop processing, the job was still not complete.
     JPL decided to move the processing of the images to the cloud, provisioning 60 servers (virtual
      machines) in the cloud to execute the task.
     The task was complete in 5 hours, at a cost of $200.
  Source: “NASA lab: Cloud is safe for mission-critical data.” Government Computer News.
           Dec. 15, 2010                                                                                 12
Integrated Technology Services

 Lot 3: Web Hosting
 Provides Web application hosting services in the cloud enabling scalable, redundant,
 dynamic web hosting services. Allows government users to procure and provision Web
 hosting services online via the internet. Allows users to securely load applications and
 data onto the provider’s service remotely from the Internet. Configuration is enabled via
 a Web browser over the internet
  Web Hosting CLINS                                              Example Applications
  Each CLIN includes tiered monthly pricing options                 Web Hosting – host internet and
                                                                     intranet application leveraging
  Includes five CLINs for web hosting services
                                                                     the elasticity of cloud
   Bundles of Windows, Linux or Solaris (or equivalent) OS
   Optional databases
   Windows IIS web server software, Apache PHP stack,
       or Apache TomCat stack
   Supplemental disk space
   Supplemental bandwidth in and out
  Web Hosting Use Case
     CFPB recently switched to a cloud computing infrastructure to host its new, primary public facing
      web site, as well as four other already existing sites.
     The elasticity of the cloud allows CFBP to handle spikes in site traffic during tax season.
  Source: “Treasury Sites Move to Cloud.” Information Week Government. January 10, 2011
Integrated Technology Services

                     12 Awardees across 3 Lots:
           •Cloud Storage • Virtual Machines •Web Hosting

Integrated Technology Services

Access leading players and technology through IaaS BPA
                Vendor          Cloud Storage   Virtual Machines   Web Hosting    Teaming Partner(s)
                                                                                 Amazon Web Services,
 Apptis, Inc.                        X                 X
 AT&T                                X                 X                         No Teaming Arrangement
                                                                                  Carpathia Hosting Inc.,
 Autonomic Resources                                   X
                                                                                      Enomaly, Dell
 Carahsoft                                             X                          Carpathia Hosting, Inc.

 CGI Federal Inc.                                      X               X         No Teaming Arrangement
                                                                                  XO Communications,
 Computer Literacy World             X                 X               X
                                                                                    Electrosoft, SNS
 Computer Technology
                                     X                 X               X              SoftLayer, Inc.
                                                                                   Horizon Data Center
 Eyak Tech LLC                       X                 X               X
 General Dynamics Information
                                                       X                          Carpathia Hosting, Inc.

 Insight Public Sector               X                                                  Microsoft

 Savvis Federal Systems                                X               X         No Teaming Arrangement

 Verizon Federal Inc.                                  X                         No Teaming Arrangement
Integrated Technology Services

GSA addresses cloud concerns & evolving agency needs

                    • Commoditized pricing via
  Ease of Use       • Place task orders off of BPAs
                    • Use of GSA-created SOW templates and Ordering Guide
    Security        • Products and services certified at the FISMA Moderate Impact Data level
                    • Retain data ownership and prohibition of data mining or monetizing
     Control        • 99.95% availability requirement
                    • Trouble tickets and order management capabilities
                    • GSA will monitor cloud services (e.g. security)
  Compliance        • Vendors required to adapt to changing regulations and requirements
                    • Address CIO and OMB mandates and EO 13514
                    • Built-in interoperability (e.g. Web services and requirements)
 Interoperability   • Maintain their active directory outside of the cloud
                    •   Decreased time-to-market to deploy or implement IT solutions
                    •   Simplified IT maintenance
  Productivity      •   Allows key resources to focus on mission-critical activities
                    •   Self-provision services as needed

Integrated Technology Services

 eBuy - 7 steps to ordering from the IaaS BPA
  Determine   Prepare    Prepare        Issue
                                                     Evaluate   Award     Administrate
   Scope       SOW        RFQ            RFQ

                               GSA Acquisition Support

   Step 1: Scope Determination
    • Establish Requirements of the Ordering Activity
    • Determine if the requirement is within scope of the IaaS BPA
    • Ordering Activities shall solicit all BPA holders for desired Lot
    • Estimate the Value of the Order
    • Samples and Templates
   Step 2: Prepare Statement of Work (SOW)
     • Period of performance
     • Technical Requirements
     • Deliverables

Integrated Technology Services

 eBuy - 7 steps to ordering from the IaaS BPA (cont’d)
  Determine   Prepare   Prepare        Issue
                                                    Evaluate   Award   Administrate
   Scope       SoW       RFQ            RFQ

                              GSA Acquisition Support

   Step 3: Prepare the Request for Quote (RFQ)
   Step 4: Issue the RFQ
     – With GSA’s eBuy application, users can easily send RFQs directly
       to the BPA holders electronically
     – Ordering Activities shall solicit all BPA holders for desired Lot
   Step 5: Evaluation of Submissions
   Step 6: Award
   Step 7: Task Order Administration

Integrated Technology Services

 Research and order through GSA e-Tools

       Information portal
      Use GSA’s electronic RFQ tool to post your RFQ
       with SOW on-line
      Cloud storefront – limited to purchases through
       purchase card only that do not require a SOW

Integrated Technology Services makes ordering easy is the ONLY customer-oriented cloud-only storefront

                                                   One-stop shop for cloud
                                                    IT services
                                                   Cross-compare cloud
                                                    products and services
                                                   Streamlines acquisition
                                                   Currently offers SaaS
                                                    solutions and Social
                                                    Media options
                                                   Coming Soon
                                                     • IaaS Solutions
                                                     • SOW/SOO templates
                                                     • Ordering Guides
Integrated Technology Services

 GSA delivers value in procuring cloud services
   GSA is strategically committed to cloud – 25 pts
   Cloud services are available for purchase today via
    existing GSA contracts
   Cloud services for infrastructure and email through
    GSA vehicles are less costly and easier to use than
    other procurements
   Products and services on IaaS BPA will be certified at
    the FISMA Moderate Impact Data level
   Additional services available
     • Migration Services on Schedule 70
     • Assisted Acquisition Services
Integrated Technology Services

GSA IaaS Cloud Computing A&A Process
                                                                                                         7 Assess Security Controls (RMF#4)
                                                                                                               Assessor Security Assessment Report (SAR)
                                                                                                                       53A Test Procedures (53ATP)
                                                                                                                  E-Authentication Risk Assessment (E-RA)
1                  Deliverables                       4      ISSO to Vendor (CSP) Feedback                          Penetration test (PT) based upon ATP
                                                                                                                   Operating System Scan Reports (OSSR)
    ISSO issues security templates to Vendor (CSP)             ISSO review/approval of baseline SSP                    Web App Scan Reports (WASR)
    ISSO issues GSA Assessment Test Procedures                 ISSO review/approval of CIS & CTWT                      Database Scan Reports (DBSR)
                                                                                                                        Referenced Documents (RD)
                                                               ISSO originates high level SSP review
                                                                                                               CSP draft Plan of Actions & Milestones (POA&M)
                                                            ISSO obtains ISSM approval of baseline SSP
2 Categorize Information System (RMF#1)
                                                               ISSO obtains approval of CIS & CTWT
       ISSO completes FIPS 199 categorization                                                            8      ISSO to Vendor8(CSP) Feedback
                                                                                                                      ISSO review/approval of SAR
                                                      5     Implement Security Controls (RMF#3)
                                                                                                                ISSO review/approval of drafted POA&M
3 Select Security Controls (RMF#2)                           CSP updates Systems Security Plan (SSP)
                                                                                                                 ISSO originates detailed SAR evaluation
        CSP drafts Systems Security Plan (SSP)                CSP drafts Assessment Test Plan (ATP)
             Contingency Plan with BIA (SSP)                                                                       ISSO obtains ISSM approval of SAR
            Contingency Plan test Report (CP)                                                                 ISSO obtains ISSM approval of drafted POA&M
        E-Authentication Risk Assessment (E-RA)
             Privacy Impact Statement (PIA)           6     ISSO to Vendor (CSP) Feedback                           ISSO enters POA&M into Quickr
                 Rules of Behavior (RoB)
                                                              ISSO review/approval of updated SSP
        Inter-connection Service Agreement (ISA)
     CSP Control Implementation Summary (CIS)                 ISSO review/approval of drafted ATP
                                                                                                         9 Authorize Information Systems (RMF#5)
     CSP Control Tailoring Workbook Template (CTWT)            ISSO updates high level SSP review
                                                                                                                ISSO completes Package Review Checklist
                                                           ISSO obtains ISSM approval of updated SSP
                                                                                                                  ISSO routes completed package to AO
                                                           ISSO obtains ISSM approval of drafted ATP
                                                                                                                          Distribute signed ATO
                                                          ISSO authorizes independent assessment audit

                                                                                                         10    Monitor Security Controls (RMF#6)                22
Integrated Technology Services

 Frequently Asked Questions 1 and 2
 Question #1
 Is an ATO required before an order is placed?
 Yes, but
 • BPA holders may be solicited,
 • quotes may be received, and
 • a winning vendor may be selected, contingent upon a GSA issued ATO.
 Question #2
 What assistance is available for the GSA IaaS BPA?
 •   IaaS Calculator to create an Independent Government Cost Estimate
 •   Ordering Guide
 •   Statement of Objectives (SOO) Template
 •   Assisted Acquisition Services (AAS)
Integrated Technology Services

Frequently Asked Question 3 and 4
Question #3
What vehicles exist for ordering activities to acquire Cloud Computing Services?
Virtually any cloud service that an agency needs is already available on existing
GSA contracts. GSA IT contracts come in three broad categories and all have
cloud services.
• Networx: for when bandwidth or related services are already being purchased
• Government Wide Acquisition Contracts: for services with the greatest
   flexibility and ability or desire to conduct lengthier evaluations
• Schedule 70: for desired services that are standardized and known
Question #4
Who maintains (O&M) for Systems built upon the provider's IaaS?
Dependent on your requirements and the Lots selected, either your existing
application team or the provider can conducted these services.                      24
Integrated Technology Services

 Frequently Asked Questions 5 and 6
 Question #5
 How does an agency procure services required to implement and utilize cloud
 All BPA holders are Schedule 70 holders and can provide Professional Services
 in addition to the IaaS CLIN’s. This can be conducted on a single solicitation
 released to IaaS awardees.
 Question #6
 How does an ordering activity determine its costs for Cloud Computing Services
 under this BPA?
 GSA’s Cloud Computing PMO has developed a calculator to aid ordering
 activities in producing an IGCE for BPA-related components. Additionally,
 agencies pay for only service usage since no funds are obligated under this
 BPA.                                                                             25
Integrated Technology Services

 Frequently Asked Questions 7 and 8
 Question #7
 Can the "color" of money (charge codes) be tracked in the proposed IaaS
 Yes, all providers are required to maintain online billing portals tracking system
 utilization to each of the CLIN.
 Question #8
 Are ordering activities restricted to eBuy to issue and IaaS RFQ?
 No. BPA users may issue an RFQ electronically either through eBuy or directly
 to the vendors listed in Section 3 of the IaaS ordering guide.

Integrated Technology Services

 GSA Cloud IT Services

  Infrastructure-as-a-Service (IaaS)

  Software-as-a-Service (SaaS) Email

  Ancillary Services (i.e. Fedramp)

Integrated Technology Services

 SaaS eMail procurement is structured into five key lots

   Vendors must bid on at least 1 sub-lot in Lot 1 as well as
   Lots 4 and 5 to be eligible for award

Integrated Technology Services

 GSA Cloud IT Services

  Infrastructure-as-a-Service (IaaS)

  Software-as-a-Service (SaaS) Email

  Ancillary Services (i.e. Fedramp)

   Integrated Technology Services
                                                                Problem: Independent agency risk
                                                                management has inefficiencies
                                                                          Federal Agencies
Federal Risk & Authorization Management Program

 Unified Government-wide Risk Management Program
 • Provides joint security authorization and continuous
 • Agencies participate by leveraging the results for covered
   products                                                                Cloud Providers
 • Agencies retain their responsibility and authority to        Solution: Unified risk management
   ensure their security needs are met in the use of systems    eliminates inefficiencies

 Vendor Benefits
 • Government-wide authorization and security compliance
   cost reduction
 Agency Benefits
 • Cost savings through reduced duplication
 • Rapid acquisition
 • Increased security assurance                                            Cloud Providers
Integrated Technology Services

 For more information about GSA Cloud Services:

  Marcelo Olascoaga - IaaS Service Line Manager
  (703) 306-6653


To top