Defense Agencies Turn to Multicloud Strategy

So far, 55 task orders have been awarded under JWCC, totaling $721 million. The effort marks just one instance of a shift by Defense and the Intelligence Community away from a single-cloud approach to embrace the multicloud model.

The National Security Agency will soon complete its cloud migration, lifting a Big Data analysis platform from its in-house cloud to AWS and HPE. The Intelligence Community uses the same cloud vendors as JWCC (plus IBM) in its Commercial Cloud Enterprise.

Ultimately, the move to multicloud comes down to giving IT leaders the power to access the right resources for the right projects, says Korie Seville, senior technical adviser for Joint Operations and Plans Directorate (J9) hosting and compute within the Defense Information Systems Agency. DISA is managing the JWCC effort.

“We don’t want to have to tell people, ‘This is all we’ve got for you, so you’re stuck with it,’” Seville says. “Instead, we’ve created a model that allows warfighters to dictate their own destiny.”

DISCOVER: The DOD is providing access to data all over the world.

The Benefits and Challenges of a Multicloud Model

A multicloud model can bring significant benefits as well as some challenges, says Lee Sustar, a principal analyst at Forrester. A multicloud approach mitigates the risks associated with relying on a single vendor while allowing organizations to place workloads in the environment that will optimize performance. But it also introduces new concerns, he says, including management complexity and higher costs.

“There’s no way around that. Cloud providers increasingly offer multicloud capabilities but typically do so in ways that position themselves at the center of multicloud management. Multicloud management tools from third parties have not had much success, and cloud customers are cobbling together solutions on their own,” Sustar says.

DevSecOps and automation pipelines are “the key to management” for the DOD’s multicloud model, Seville says.

“We’re starting to abstract the management layer a bit and defining our environment as code,” he says. “Running automation from a central source creates repeatable processes across all platforms, which we basically treat as a commodity.”

Defense agencies still find themselves in the early stages of migrating resources to multicloud models, Lamb says.

“Just getting into the cloud is the first step, but that doesn’t mean you really know how to use it,” he says. “We’re sharing best practices for logging, and we’re looking at the financial operations. We’re putting out guidance to make sure that folks are spinning down resources when they’re not in use and that they’re using the cloud effectively and efficiently.”

The bulk of Defense applications are legacy systems, but Lamb notes that the move to the cloud will force modernization.

“Even after that initial lift and shift, applications have to be modernized,” he says. “Cloud-native software is different from legacy software. To use the cloud efficiently, transform your code, make it more modular, use scheduling algorithms and break things into microservices.”

DIVE DEEPER: Cloud adoption is evolving, what does this mean for your agency?

Tailoring Cloud Solutions to DOD Requirements

The Pentagon has signaled the potential for an updated JWCC, but the first large multicloud effort has already shown that commercial cloud vendors can tailor solutions to Defense requirements.

“Cloud service providers have had to adjust some of their offerings to meet the department’s needs,” Seville says. “One of the biggest examples of that is tactical edge capabilities. The department asked for large-scale computing that can operate in a disconnected state, and that’s not what their normal business model called for previously. The vendors have had to work with us, hand in hand, to get a solution that meets the warfighter’s needs.”

“We have created something pretty incredible: a really good, two-way partnership between industry and the department to get this right,” Seville adds. “We’re not all of the way there yet, but the precedent has been set that we absolutely can work together to find a solution that makes the most sense on both sides of the table. We now have a pipeline that gives us the ability to deliver cloud services to the warfighter in a variety of form factors, everything from hyperscale cloud services to the tactical edge.”

The department can also work with vendors to ensure offerings meet strict Defense cybersecurity requirements, Lamb says, adding that the multicloud move has accelerated the department’s shift away from outdated waterfall development processes into more agile workflows. Over time, Lamb expects early lessons will pay off in the form of applications that are fully optimized for a multicloud environment.

“We’re making sure that the service branches are sharing content with each other — trying to take the best practices and leverage them,” Lamb says. “We want to build applications that leverage the best parts of Azure, the best parts of AWS, the best parts of Google, Oracle and future cloud service providers, to build applications that are more flexible. That’s where we see things going.”

MORE FROM FED TECH: Backup and recovery best practices.

Maximizing Cloud Efficiencies

Along with redundancy and failover capabilities, one of the chief advantages of a multicloud model is the ability to move workloads to the best possible environment. That’s often easier said than done, Sustar says.

“Users who embrace multicloud environments are increasingly focused on using the right cloud for the right workload at the right cost,” Sustar says. “That’s hard to do completely, as it isn’t practical to change clouds for near-term price fluctuations. But it makes sense if customers can separate their core infrastructure services needs from higher-priced service, such as managed AI, which typically have more dependencies on a cloud provider’s infrastructure and raise the risk of vendor lock-in.”

Within DOD, Lamb says, the decision on where to host resources is left largely to individual service branches, with the hope that IT leaders take advantage of the best of each cloud environment.

“We’re seeing service branches becoming centers of excellence for programs that are trying to migrate,” he says.

Seville says he thinks of public cloud resources as three major tiers. In the tactical edge tier, warfighters access local, disconnected compute resources that eventually upload to a cloud environment. In the operational edge tier, applications run fully in the public cloud but in closer physical proximity to the warfighter to support performance demands. The strategic tier supports large-scale environments.

“The benefit of having all of these cloud providers comes down to options and distribution capabilities,” Seville says. “Warfighters can take advantage of the locations and services and capabilities of four different providers, and pick and choose what they need.”