The Defense Department has made it very clear: The commercial cloud is in its future. And now it's finally offered some clarity on how it's going to get there.
On March 7, top DOD officials from the Pentagon's Cloud Executive Steering Group presided over a well-attended industry day in Arlington, Va., to offer the department's vision for its Joint Enterprise Defense Infrastructure, or JEDI.
"This is not an IT project," said Air Force Brig. Gen. David Krumm, the deputy director for requirements for the Joint Chiefs of Staff. The goal of JEDI is to offer DOD a "global fabric" for military service members and DOD civilian employees that the Pentagon will use to make itself more efficient, effective and lethal. The vision, he said, is more a "global, resilient, secure" cloud environment that "enables warfighters" around the world, whether they are in the cockpit of an F-35, on a submarine deep in the ocean, in a platoon out on patrol or supporting a mission back in Washington, D.C.
Later in the day, the DOD issued a draft request for proposal for the contract, with feedback due March 21. DOD is being aggressive and aims to have a final solicitation in early May. The Pentagon then plans to issue the single award, indefinite-delivery, indefinite-quantity contract in September. DOD Chief Management Officer John Gibson later told reporters in a conference call late Wednesday afternoon that it would be fair to characterize the contract as being worth "billions" of dollars, since the contract can potentially last up to 10 years.
JEDI is designed to give the DOD greater access to commercial Infrastructure as a Service and Platform as a Service capabilities. Initially, nonclassified data will be covered by the JEDI program, but acting DOD CIO Essye Miller told reporters that "the intent is for it to cover all levels of data." She emphasized that DOD is at the beginning of its commercial cloud strategy. "Long term, it could go up to" Impact Level 5 data, but that it will "take some time and a couple of iterations" to get there.
JEDI Fits into Larger Cloud Context
At the industry day event, Miller noted she is responsible for 3.4 million users, 4 million endpoint devices and about 1,700 data centers. She also noted that the Pentagon has about 500 cloud initiatives.
A key goal of JEDI is to harden the defense surface of the DOD's IT systems, and to "standardize, simplify and secure" cloud services so that warfighters and operators can share data and be more efficient, without losing sight of the protections needed to secure sensitive data.
How will JEDI impact milCloud 2.0, which connects commercial cloud IaaS offerings to DOD networks, as well as other Pentagon cloud initiatives? Miller said on the conference call that the goal is for them to be "complementary" to one another. The DOD has hybrid cloud activities going today, primarily in on-premises environments. "This is our opportunity to maximize capability in off-premises" environments and take advantage of data analytics, artificial intelligence and "other capabilities where we need to grow."
Long term, Miller said, the DOD wants to "maximize the use of commercial" cloud capabilities, though right now there is high-value, sensitive data the Pentagon considers too critical to put in commercial clouds.
Timothy Van Name, deputy director of the Defense Digital Service, said the DOD is not expecting that all capabilities will be online "on day one," though it does want some unclassified data to be available right out of the gate. The goal is to have "secret level" IaaS and PaaS offerings under JEDI available within six months of the contract award and "top secret" within nine months.
DOD plans to have a full and open competition for the award and says that multiple cloud service providers could team up to get the single award. However, Van Name said awarding the JEDI contract to multiple bidders "would increase the complexity exponentially" and would raise the bar for the development, testing and ongoing maintenance of the platform. DOD would also introduce "considerable security risks" by creating "seams" between different cloud environments that are difficult to manage, he said.
Next Steps for JEDI Cloud Program
The Defense Digital Service is working on an in-house automated, self-service provisioning tool, which would allow users to provision cloud services, while still providing appropriate oversight for security, rules and billing, according to the JEDI cloud program manager Lt. Col. Kaight Meyers.
The tool will integrate with the winning bidder's system through modern application programming interfaces, she said.
The Pentagon has a notional timeline for how JEDI will proceed following the award. Streamlined security and infrastructure management, migration of core DOD services, data management and advanced analytics should all become available over the course of fiscal year 2019 (which starts in October). More sophisticated capabilities will be added in fiscal 2020.
Chris Lynch, the director of the Defense Digital Service, said JEDI is critical to allowing the Pentagon to meet warfighters' needs for greater access to information on demand.
"We have three goals for JEDI. We want to bend DOD around the commercial cloud, not the other way around. We want it here and out in austere environments. We will bring capabilities to the warfighter. We have failed if we do not do that," he said. "We must offer foundational blocks — those that give us the ability to experiment with new things we have yet to anticipate. We need compute, network, storage and security that gives us the ability to play."
Lynch emphasized that JEDI needs to be a full-service cloud offering. That provides better monitoring, identity services, failover service, scalability and the ability to use AI and machine learning. "It must be more than a data center," he said.