Jan 09 2019

ICE Makes Headway on Its Cloud Migration

The DHS component is more than halfway through its shift to the cloud more than a year into the effort.

U.S. Immigration and Customs Enforcement may be focused on activity around land borders, but the agency also has its head in the cloud. 

ICE, a component of the Department of Homeland Security, is more than halfway done with its migration to the cloud, following a push that started in the summer of 2017. The agency’s cloud migration is part of a wider push within DHS to adopt a multicloud strategy, something being promoted by DHS CIO John Zangardi. 

By June 2020, Federal News Network reports, DHS’ Data Center 1 (DC 1) and Data Center 2 (DC 2) contracts will both expire. DC 1 is located in Stennis, Miss., and is still a primary hub of agency data traffic. DHS has met the Office of Management and Budget’s mandate to close six of its large tiered data centers, but must still close an additional 19 nontiered data systems before October 2020.

“What ICE said was, ‘Well, instead of moving 125 environments from one zone of the data center and putting our entire customer base through that terrible process of outages and downtime and troubleshooting … we said, ‘We’re just going to go to the cloud,’” ICE CTO David Larrimore said in December at Digital Government Institute’s cloud computing conference, according to Federal News Network

“It’s working, and we couldn’t have done it if we didn’t spend two years figuring out what does the cloud mean to us.”

MORE FROM FEDTECH: Find out how the Cloud Smart strategy could lead to more CASB use. 

ICE Puts the Pedal to the Metal on Cloud Migration

Since the summer of 2017, ICE has shifted 45 of 75 production systems to the cloud, and over the course of a four-month period it quadrupled the number of servers it has in the cloud, from about 300 to 1,200. Larimore says ICE has completed more than 60 percent of the cloud migration.

“We’re all-in,” he said. “We’ve instituted moratoriums on development. We’ve got all the timelines, we’ve got daily stand-up [meetings],” as well as metrics and dashboards.

ICE has adopted a hybrid cloud model, keeping some of its most sensitive data and applications on its own data centers while adopting commercial cloud tools. “As long as your agency [or] your component is still dependent upon a private network, you will always be hybrid,” Larrimore said, according to Federal News Network. “There is no chance that you can be all in the cloud.”

MORE FROM FEDTECH: Discover where cloud.gov is headed in 2019. 

ICE Encounters Latency Issues with Cloud

While ICE has moved the majority of its workloads to the cloud, users still face network latency issues, Larrimore says, especially when they pull data from the Stennis data center and other locations. 

“It really becomes a physics problem, where when you start to separate and leverage these cloud services, you’re now separating the data and now you’re adding latency to your system and your application,” he said, according to Federal News Network. 

“If you’re Customs and Border Protection or TSA Secure Flight, that makes a huge difference. As long as that is a known problem, you’re always going to have trouble adopting a hybrid cloud environment,” he added. “Knowing that latency is out there, you’re always going to have that problem.”

DHS has spent the past 15 years making sure agency employees can get very rapid access to the Stennis data center, Larrimore said, but “nobody spent a lot time talking about the cloud.” Now, he said, DHS is trying to ensure that its data center can communicate with apps in the cloud. 

“When you’re at your desk trying to access the cloud, the first thing that little packet does is it goes to the data center in Stennis, Mississippi,” before connecting to the cloud. “We have to fundamentally change that. And that’s a trust problem in the federal government.”

PhonlamaiPhoto/Getty Images

aaa 1