Cloud Services Trends:
From Pure IaaS to IaaS+PaaS
Enterprise Platform with the Benefits of Cloud
Pete Nuwayser
Deloitte Consulting LLP
2 December 2015
Agenda
A Quick Level Set
Pure IaaS at a DoD Client
Why Platform-as-a-Service?
PaaS Options
IaaS + PaaS: A Few Things to Explore
Q&A
About me
Specialist Master at Deloitte Consulting LLP since 2009
Federal Technology Strategy & Architecture – Cloud Focus
Different Hats:
•
Cloud Engineering and Delivery Lead
•
Advisor on FedRAMP and Cloud ATO Strategy
•
Plumber
Active AWS SA and Security+ Certifications
Former Certified Linux Engineer (Red Hat and SUSE)
Interested in DevOps Culture and Tools
- 4 -
Pet eN uw ay s er -I aaS _and_P aaS -20 15 11 03 -v 1. ppt xIaaS
Infrastructure-as-a-Service
A Quick Level Set
PaaS
Platform-as-a-Service
A&A
Authorization & Accreditation
CSP
Cloud Service Provider
Infrastructure
as a Service
(IaaS)
Platform
as a Service
(PaaS)
You Manage
CSP Manages
Customer Data
Application
Platform
OS
Network
Compute
Storage
Physical Security
Geo Diversity
Customer Data
Application
Platform
OS
Network
Compute
Storage
Physical Security
Geo Diversity
IDAM
IDAM
- 5 -
Pet eN uw ay s er -I aaS _and_P aaS -20 15 11 03 -v 1. ppt xDoD-wide Cloud Services Brokerage and Cloud Access Point
Delivering Pure IaaS at a DoD Client
Established Cloud Access Point for DoD
consumption of commercial Cloud Service Providers
Support for Public and Sensitive data on
AWS East/West and GovCloud (DISA CSM ATO Levels 2, 4, and 5)
Established and operate Cloud Services
Brokerage PMO to provide CSP contract
support, CRM, BFM, project management, engineering and implementation services, and tier-3 support
Quick Facts
Pure Infrastructure-as-a-Service
Most migrations are public websites or
sensitive “lift-and-shift” applications
May require a minor amount of
re-architecting to leverage cloud capabilities, e.g. scale-out
Refactoring is limited to infrastructure
components
System owners install and harden
application components themselves (or prepare offline and import)
- 6 -
Pet eN uw ay s er -I aaS _and_P aaS -20 15 11 03 -v 1. ppt xDoD Commercial Cloud History
2010 2011 2012 2013 2014 2015 Do D & C lient P ol ic y Client Datacenter Consolidation (Winter)
Client DCC Task Force (Spring) DoD Client Commercial Cloud Initiative Kick-off FedRAMP and NIST Cloud (Fall)
DoD Cloud Strategy / DISA ECSB Standup (Summer) NIST Cloud Computing Security Reference Architecture(Spring) Supplemental Guidance for the DoD Acquisition & Use of Commercial Cloud Services (Fall)
Client Task Force Cloud Charter (Winter)
DoD Updated Guidance on the Acquisition & Use of Commercial Cloud Computing Services (Fall) DoD Cloud Computing SRG Update (Winter) D oD C lient C om m er c ial C loud A c c om pl is hm ent s DoD Client IATO for Public DoD Client Commercial Service Brokerage, including AWS-GSS Standup Client ATO (AWS-GSS-P) Version 1.0 Client ATO for Public Client IATT for Sensitive
Client GIG Waiver Submission
BCA Approved
Presentation to DISN Flag Panel
Presentation to DSAWG First Client Public Site Live Second Public Site Live Third Public Site Live DoD Pilots (Level 3-5) Kick-off First Sensitive Site AWS Contract Awarded
- 7 -
Pet eN uw ay s er -I aaS _and_P aaS -20 15 11 03 -v 1. ppt xTwo Use Cases Related to Cost Estimation and Management
Why Platform-as-a-Service?
Consolidate
Languages,
Frameworks,
and Databases
An agency can establish a PaaS capability that provides their developers with common platform components via self-service.
• Developers would choose and consume only the language, database, and other services they need for each project, such as PHP and MySQL.
• A simple rationalization activity would help identify the right catalog of platform services to offer, while less commonly-used items could be tagged for reduced licensing terms or sunset.
Automate
Integration and
Delivery of
Software
Updates
An agency can establish software build and test automation as an enterprise capability, enabling more frequent integration and delivery across IT and the mission.
• Updates could be made daily instead of weekly, bi-weekly, or monthly.
• Cost savings from reduction of manual steps and increased development productivity. • Increased mission responsiveness.
Just as IaaS reduces the overall server footprint,
PaaS reduces application platform development costs by consolidating components,
reducing license costs, and automating test & build processes.
- 8 -
Pet eN uw ay s er -I aaS _and_P aaS -20 15 11 03 -v 1. ppt xA DevOps-ish View
Platform-as-a-Service: Options
Approach
Overview
Self-Supported A collection of tools that provide various functions, such as Continuous Integration, Continuous Delivery, Source Control Management, System Configuration Management, Image Management, or Containers You choose and accredit the components you want and where you will run them
You install and integrate with your choice of languages, frameworks, and infrastructure providers You manage scalability, security, self-service, server provisioning, cloud automation, and resource
pools
Public PaaS Commercial Cloud Service Providers that provide a collection of tools or a complete developer-focused end-to-end service.
You choose the languages, frameworks, databases, and other components you need (possibly on a per-project basis)
You secure and accredit it (with some help from FedRAMP)
Enterprise PaaS A multi-tier assembly line product that delivers development and integration capabilities with built-in scalability and self-service. Some products support containers.
You choose based on support for your languages and frameworks (Java, .NET, etc.) You deploy it on-prem, off-prem, or both
You manage security and resource pools You accredit it
IaaS + PaaS: A Few Things To Explore
Determine how PaaS would support the mission or business.
Look for impact on existing development or IT operating models.
Leverage IaaS to pilot PaaS capabilities.
When looking at system configuration management tools, find out if they also
support IaaS (compute, networking, storage, IdAM, services).
Example: Ansible and AWS.
If exploring Public or Enterprise PaaS providers, start with those that are
already provisionally authorized under FedRAMP, and dig into the details to
find out what the specific PaaS offerings are.
Copyright © 2015 Deloitte Development LLC. All rights reserved. About Deloitte
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see www.deloitte.com/about for a detailed description of DTTL and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.
This publication contains general information only and Deloitte is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this publication.