The space agency is currently using three different kinds of cloud environments: the private AWS GovCloud for protected data and information that falls under International Traffic in Arms Regulations (ITAR); internal networks, which run in GovCloud or on hybrid virtual private clouds; and the AWS public cloud, which hosts the majority of the agency's apps and web services.

Approximately 15 percent of NASA's applications and websites are hosted in private clouds, with the rest in public or hybrid environments, according to Roopangi Kadakia, web services executive in NASA's CIO Office.

See More: Federal approaches to public cloud services

"The entire NASA engineering network was moved over, which was a pretty big infrastructure, as well as tiny little applications," she said.

Since getting started in spring 2013, NASA has migrated almost 160 applications to the cloud — most of which are in a public or hybrid environment. Another 40 apps were consolidated, archived or decommissioned in the process.

NASA also maintains a huge web presence, with more than 250,000 pages, 1.4 million assets in its content management system and more than 3 terabytes of information under the NASA.gov domain alone. During streaming events, the site can get upwards of 150,000 simultaneous users at a time.

"If it wasn't in the cloud — if we were moving into a data center — there's no way we would have been able to do that," Kadakia said. "If you had to build that with actual hardware, the cost would have been crazy and it wouldn't have met the timeline."

Kadakia said she expected the migration of the .gov domain to take as long as 10 months. NASA and integrators at InfoZen were able to do it in 13 weeks.

"This is a flagship for the entire government," said Raj Ananthanpillai, InfoZen chairman, president and CEO. "Every agency is calling them and then calling us, as well, saying, 'Hey, how did you guys do these things.'"

[ID=70287616]Getting started

During the initial planning, NASA's strategy was reminiscent of an adage made popular by Mahatma Gandhi: Live as if you were to die tomorrow; learn as if you were to live forever.

"In the cloud, you really have to strategically think about what your future needs are but you build for what you need right now," Kadakia said, noting a primary benefit of cloud is the ability to adapt quickly to future needs.

She suggested agencies start by outlining their strategic goals.

"What are the outcomes you're really looking for? Is it just cost savings?" she said, pointing out that initial migrations costs are often high, particularly for legacy systems.

Savings should be one of the goals (see below) but not the primary impetus. Other factors like consolidating data centers, providing a place for infrastructure- and device-agnostic development and creating an agile environment can be more concrete starting places.

"Start with what you're most comfortable with," Kadakia advised. "If your risk threshold isn't very high, I wouldn't start with financial services, for instance."

She also stressed the importance of knowing your requirements before getting started – whether you need public, private or hybrid cloud; what kind of security is needed; what level of resources are needed.

"But don't try to know everything," she warned. "Perfection will lead you nowhere."

A big part of that is finding an industry partner.

Ananthanpillai warned against going straight to a cloud service provider and suggested instead starting with a broker who can help review all the options.

"They want to sell you whatever they have," he said. "You want to go to an integrator like us that can scout the market, scout the requirements that they're looking for and say, these are the pieces that can go in a public cloud without any issue and these are the pieces … that should go in a private cloud."

Working with an independent broker can ensure an agency gets exactly what it needs while also keeping costs down.

Cost savings

Once the migration was complete, NASA saw an immediate 40 percent drop in operations and maintenance costs, according to Kadakia. By 2014, Web Services was able to cut OCIO O&M costs by an additional 25 percent, mostly through savings on IT labor.

"We do a lot more automated patch management, alerting, monitoring and spinning up and spinning down of instances, which were very difficult to do" in the past, Kadakia said. "A lot of our new O&M savings are really about labor cost savings, which is exactly what I wanted to see. One of the best reasons to move to the cloud is to do more with less."

The migration itself was costly, Kadakia said, though the initial O&M savings more than covered the expense, providing an immediate return on investment.

The ability to use only as much infrastructure as needed at any given time has also made the agency more cost-conscious in general, she said, providing a much needed cultural shift at a time when budgets are going downward.

[ID=70287442]Security in public cloud

Cost reduction helped with the cultural issues around cloud migration, however security was still a major roadblock to getting agency buy-in. The idea of using non-dedicated infrastructure to host federal data was unsettling for some.

"Other than the NASA Engineering Network that could potentially hold ITAR data, we felt very comfortable with our entire plan for protecting that data because of the way they had architected their system from the very beginning," Kadakia said. "Others weren't as confident."

InfoZen was able to assuage some of those doubts by providing an added layer of monitoring.

Security "really has not been an issue for us other than getting past people's own perception of how secure these infrastructures really are," said Chet Hayes, InfoZen CTO. "In conjunction with the security Amazon provides, we actually provide continuous monitoring security-as-a-service as part of our offering for NASA."

This provides a "much more robust" security posture than NASA had previously, Hayes pointed out, as it layers InfoZen, Amazon and NASA's internal security services.

More to be done

The next step for NASA is figuring out how to securely share appropriate (and only appropriate) information with non-credentialed contractors.

"If I'm working with the University of Colorado building a portion of some system, how do I share that?" Kadakia said. Once some technical kinks are worked out, "That will be a big value-add that we could provide. And we're providing that at a cost that is very competitive with commercial entities."

About Aaron Boyd

Aaron Boyd is an awarding-winning journalist currently serving as editor of Federal Times — a Washington, D.C. institution covering federal workforce and contracting for more than 50 years — and Fifth Domain — a news and information hub focused on cybersecurity and cyberwar from a civilian, military and international perspective.

Share:
In Other News
Load More