The Energy Department's Los Alamos National Laboratory was one of the first DOE labs to build and deploy an infrastructure-as-a-service cloud, which initially let researchers automatically request virtual servers on-demand.
The Infrastructure On-Demand private cloud, which debuted in 2010, became the model for Energy's YOURCloud, a self-service portal for infrastructure-as-a-service offerings across multiple cloud service providers — on premise, corporately provided, and through public clouds such as the Amazon Elastic Compute Cloud.
Today, many agencies are going to have some sort of on-premise infrastructure offering – based on the maturity of the agency and the sensitivity of data the agency is trusted to protect – as a predecessor to moving to a hybrid cloud environment, said Anil Karmel, president of C2 Labs, a cloud security and services company.
A hybrid cloud, which lets agencies run portions of their workloads on premise in private clouds and some workloads in commercial public clouds, is going to be the natural reality for many agencies going forward, said Karmel, a former deputy chief technology officer with the National Nuclear Security Administration, and the solutions architect who drove the implementation of the LANL Infrastructure On-Demand cloud. He later used lessons learned from that experience to help build DOE's YOURcloud.
"Virtualization is the foundation for moving to any infrastructure as a service offering," Karmel said. Virtualization allows a single physical server to run multiple guest operating systems as a way of making more efficient use of the hardware, which frees data center space and achieves greater IT operational and energy efficiencies.
Between 2006 and 2008, LANL created a virtual environment in which officials decommissioned 100 physical servers and deployed 300 virtual machines on 13 physical host servers. Through virtualization, LANL achieved $1.4 million in cost savings and another $1.4 million in cost avoidance. To achieve virtualization's benefits, agency's need capacity planning tools to measure resource utilization of systems at their data centers. Administrators can determine how much energy their facilities use and how much energy they would save if they implemented virtualization technology. LANL used Novell Recon to gather metrics on its systems and get a fix on the resultant virtualization platform.
From 30 days to 30 minutes
Nine years later, the vast majority of agencies have already taken that first step of virtualizing workloads and receiving the return on investment of virtualizing those workloads. "But I don't think many agencies have taken that workload and operationalized it into a fully, automated cloud offering," Karmel said. That is the next step in the journey that will allow these agencies to move into the hybrid cloud.
The need for agility, flexibility and transparency drove LANL's move toward an IaaS solution. Researchers wanted to quickly run workloads without waiting for the IT department to go through the provision process to get that workload up and running. "By implementing Infrastructure On-Demand back in 2010, we were able to take the average provisioning time from 30 days to 30 minutes," Karmel said.
Being able to run multiple workloads and letting researchers only pay for what they used for the time period in which they used it, gave the LANL officials flexibility in how to use mission dollars most effectively.Additionally,by moving to an IaaS private cloud, they were able to quantify the cost of their IT investments from an infrastructure standpoint and gain a better understanding of the number of virtual machines that were running across multiple virtual infrastructures.
ROI on the virtual environment was achieved in less than a year after implementation. The move to the automated IaaS environment took another year and half -- between 2009 and 2010 -- because Karmel's team had to invent capabilities that didn't exist at the time.
"There were no automation tools at the time to upgrade or make a cloud into a fully automated service. So everything we had to create, we had to create from scratch because there was nothing we could buy." For example, LANL officials used Microsoft SharePoint Server to develop a portal that would access a virtualization back end, such as VMware. SharePoint's workflow capabilities were used to automate the creation, deployment and management of an infrastructure-as-a-service model.
Automation tools cut migration times
Now, in 2015, there are many automation tools available on the market that allow organizations to install, configure and automate their existing virtualization offering. "There is no need to build your own cloud service portal or cloud broker, you can buy one from a vendor of your choice," Karmel explained.
Additionally, IaaS offerings have expanded over the years. The cloud service providers offer a lot more than virtual machines as a service now, said Coby Holloway, vice president and director of SAIC's Cloud Computing and Business Transformation Services.
"They are now offering firewalls, load balancers, dynamic IP addressing, a variety of different modes of security access, automation tools and additional [application programming interface] access into the environment that didn't exist years ago." Holloway said. Automation is one of the areas where agencies can get the quickest return on investment because it reduces the amount of work required to do common tasks in the data center, he noted.
The Federal Risk Authorization and Management Program (FedRAMP) also brings standardization in the area of security accreditation and certification that didn't exist a few years ago, giving agencies the assurance that cloud providers adhere to a baseline set of security requirements,
When it was launched, LANL's Infrastructure On-Demand consisted of a Web portal; Microsoft SharePoint software for workflow and communications; VMware VCloud Director, a Web-based user interface that consumed cloud resources and VMware vShield for managing policies.
"It really was an evolution starting with Los Alamos, with virtualization and then implementing cloud. Then scaling that offering into a secure, hybrid community cloud for the [Energy] department, said Karmel, which from a design and application point of view can be applied to multiple agencies.