DISA sees private cloud as catalyst for enterprise services

The Defense Information Systems Agency’s vision for enhanced communication and collaboration across the Defense Department calls for a private cloud of enterprise services that DISA planners hope will vastly improve the department’s operations and mission effectiveness, in addition to creating efficiencies and cost savings.

“Our initial look at moving to cloud computing would be to look at a private cloud,” said Defense Department CIO Teri Takai in April testimony before the House Armed Services Committee's Emerging Threats and Capabilities Subcommittee. “We are looking at the way we would standardize our infrastructure so that we utilize an organization like DISA, which has several large computing centers today, and actually could be able to bring in implementations from the services and to get the cost effectiveness.”

Related coverage:

Army makes plans to phase out AKO

First on DISA’s enterprise services target list is DOD’s environment of disparate, loosely connected e-mail systems that hinder network-centric operations and cross-organizational collaboration.

DISA breaks ground with Army e-mail

Earlier this year, the Army began migrating its Microsoft Exchange 2003 and 2007 e-mail users to an Exchange 2010 service managed by DISA. The migration will cover 1.4 million unclassified network mailboxes and 200,000 secret network mailboxes scheduled for completion by the end of December. As of early June, about 62,000 Army users had migrated to the DISA-provided enterprise e-mail service.

One of the major benefits being touted about enterprise e-mail service is that it is designed to enable Army users to access e-mail from any DOD location and to collaborate with any Army user worldwide via a Global Address List and enterprise calendar sharing. Currently, many Army users are limited by the fact that they are unable to share calendars or find contact information for Army e-mail users at other locations. Ultimately, the objective of this enterprise e-mail initiative is for all of DOD to use the same service, enabling collaboration across the department’s more than 3.9 million users.

“There’s a real hidden jewel with a DISA service called Identity Synchronization Service, which is based on Microsoft products,” said Dan Craytor, chief architect at Microsoft. “IDSS provides the Global Address List for enterprise -e-mail of all DOD users, not just Army. That service eventually will be able to be used across other applications in the future as well, not just e-mail, enabling a huge amount of collaboration.”

The primary role of Microsoft in the Army’s enterprise e-mail migration has been from an architecture perspective, ensuring that the two core services — identity and enterprise Exchange mail services — are structured correctly from an architectural standpoint at the DISA level.

Craytor said DISA and the Army asked Microsoft for a new capability within Outlook to support the way that their architecture is designed. This feature allows Common Access Card (CAC) holders to authenticate directly from Outlook to the Exchange server instead of going through the operating system. This is what enabled DISA to be able to create an enterprise e-mail service while still having the Army maintain client operating systems and Outlook and client applications, he said.

Other enhancements provided by the enterprise e-mail migration include storage, whereby Army users will grow their mailboxes to 4G in size.

“The mailbox size for the Army enterprise e-mail users is significantly greater than what they currently have,” said John Howard, director of enterprise users at DISA. “The mailbox is actually 512M per user and then they have up to 4G of archived storage, enough storage to address the shortcomings that they have right now.”

Challenges and setbacks

Given the size, scope and complexity of migrating all Army e-mail users to an enterprise service managed by DISA, challenges and setbacks were inevitable.

“When you start putting all of DOD into one Global Address List, there are some challenges you have to work through to resolve,” Craytor said. “When you get a magnitude number of people that large, there aren’t really any other organizations globally that have those challenges to resolve.”

The Army’s enterprise e-mail system has experienced outages during the migration to DISA-managed servers during the past few months. A May posting on the Army CIO blog website complained about the widespread problem of outages being experienced in the field by users.

“At the time of this writing, 16 May 2011, 13:05 CDT, this site has been without connectivity to DISA e-mail servers for nearly 5 hours,” according to the posting. “Unfortunately, this is not an isolated incident, but something we now must accept as the norm. Over the last 4 weeks, we have suffered major outages nearly every other day on average, resulting in intermittent or no connectivity for a period of at least 3 hours per instance.”

In a May 19 response, Army CIO and DISA staff agreed that the outage issue can be frustrating and provided the following confirmation of the May 16 outage: “At approximately 10 a.m. EDT on Monday (May 16), the Enterprise E-mail system experienced a complete outage for approximately 90 minutes to all users being served from Oklahoma City DECC. That's just too long and we ‘get it.’ We have isolated the problem and have put measures in place to ensure it does not occur again.… Bottom line is we know extensive outages are unsatisfactory and are working continuously to prevent them.”

Microsoft officials are quick to defend the company’s Exchange products.

“We know the architecture can support it, because we do that today in our data centers for our enterprise cloud customers,” said Susie Adams, Microsoft Federal chief technology officer. “We know the products scale — Exchange 2007 and now 2010. It’s just a matter of actually running them with best practices, policies and procedures.”

“Everybody thinks that the cloud will solve all their problems — that they’re going to move to the cloud and all the issues they had before are going to magically disappear,” she added. “You really have to clean up your own house, your own Active Directory, and make sure mailboxes are ready to be migrated. There’s a lot of pre-work that needs to be done before you can on-board your users to a cloud environment.”

The workload required to clean house is extensive. The Army’s Active Directory environment for the Unclassified but Sensitive IP Router Network, for instance, consists of 15 approved “forests” supporting about 300 service sites and 950,000 users around the world.

In a May conference call with reporters, Army Deputy CIO Mike Krieger said: “We’ve made a lot of refinements, and Microsoft and the service center had to do some patches.” But Adams insists that these patches are “just the nature of the software game” and any system that is stood up requires patches as a matter of course. “Is it the perfect private cloud? Probably not. But, it’s a very good start in that direction,” she said.

The Army’s enterprise e-mail leverages service-owned Microsoft software licenses and the private DOD cloud provided by DISA. However, as DISA officials point out, moving forward with its cloud initiatives, the Defense Department will have to find better ways of doing business with Microsoft and other software companies.

“At the cloud level, software licensing agreements are problematic,” said Alfred Rivera, DISA’s director of computing services. “With respect to a cloud, you want to have flexibility to grow. The way we do software in the department is we buy licenses and set capabilities that hinder us. We want to get away from the idea of having to buy a finite set of licenses or capabilities. The software vendors need to change their mantra as we move toward this cloud capability.”

Microsoft’s Adams and Craytor declined to comment on the licensing agreements with the Army and DISA. However, DISA’s Howard said: “We’re going to consolidate what we’ve got with Microsoft Exchange and then a few years from now we’ll do a DOD-wide competition for the technology.”

Data consolidation efforts

The Army spends more than $400 million annually in operating costs to sustain the plethora of stovepiped, organization-specific e-mail systems spread across the service. Fewer system administrators and servers are at the heart of the efficiencies to be gained by Army enterprise e-mail.

“We don’t need to have all through the department people that know how to set up e-mail systems,” Howard said. “What we need the Army to do is tanks, guns and fighting on the battlefield, and leave information technology to the people that are experts on that. By dividing up the work that way, you increase efficiencies.”

Toward that end, instead of relying on local e-mail servers at each camp, post and station, the Army will use e-mail services from the DISA private cloud. In May, Krieger told a press conference that consolidation has allowed the Army to host its e-mail operations in just nine of DISA’s Defense Enterprise Computing Centers, as compared to the 20 e-mail servers alone that are required to support Fort Belvoir, Va.

“What DISA is providing is going to free up resources in existing Army data centers across the world to help them realize huge cost savings,” Adams said. However, he added that “the most difficult thing is trying to determine how you measure those cost savings.”

As Exchange servers are retired, the Army plans to reduce the number of the service’s data centers by 75 percent by 2015. According to an Army business case, enterprise e-mail will result in significant efficiencies beginning in fiscal 2012 that will start to generate annual savings exceeding $100 million in fiscal 2013.

“We don’t know how they came up with the $100 million per year in savings,” Adams said. “In general, it’s all about consolidation and optimization. When you talk about moving to a cloud or hosted service, you’re centralizing a number of functions that would have been decentralized, and you realize a number of savings very quickly.”

Nevertheless, DISA’s plan to migrate the entire Army to an enterprise e-mail system by the end of December is facing opposition on Capitol Hill.

In the fiscal 2012 National Defense Authorization Bill, the House Armed Services Committee's Emerging Threats and Capabilities Subcommittee severely limited funds for the migration of Army enterprise e-mail services, slashing 98 percent of funding until the Army submits a report that includes the original business case analysis supporting the decision to transition to DISA enterprise e-mail services and an analysis of alternatives that were considered. House authorizers also instructed the Army to provide life cycle and sustainment costs for the Army migration to DISA’s enterprise e-mail.

The subcommittee’s concerns are not surprising given that the Army did an about-face when the service first considered moving to an enterprise e-mail system.

“The Army initially started a plan to go to an enterprise solution and their intent actually, to be honest with you, was to go out with a request for proposals to see if vendors could come and do this for them more effectively,” Rivera said. “Then they came to DISA and asked us if we were to have the opportunity to do this for the Army as part of a build-out of an enterprise e-mail solution how would we do it? Once we worked it out with an engineering and design team and gave them a price, they clearly saw that as an advantage to them, and they decided to go with the DISA solution.”

Although the bill must still pass the House and Senate to become law, if the subcommittee has its way, the Army would only receive $1.7 million of the $85.4 million requested in the fiscal 2012 budget. The service declined to comment on the House Armed Services Committee subcommittee’s authorization language regarding the Army enterprise e-mail migration or it potential impact on the program. “We do not comment on pending legislation,” said Margaret McBride, a spokeswoman for the Army CIO.

SharePoint is next

The ultimate success of the Army e-mail initiative has a lot riding on it, not just for the service but for DISA as well. E-mail is just the first of the enterprise services being implemented by the agency. In addition to enterprise e-mail, Microsoft is also working with DISA to move the company’s SharePoint collaboration platform into DISA’s private cloud.

“SharePoint enterprise services is something that DISA is working on for deployment now,” Microsoft’s Craytor said. “We’ve been working with DISA for some time on the architecture of that, and they will offer that as a service very soon.”

“SharePoint is the obvious next solution because it’s a collaboration tool that people use on a daily basis,” Adams said.

DISA already has DOD customers lined up for enterprise SharePoint.

“It’s proven that we can do a SharePoint implementation, especially in the standard architecture we have done some small instances of that, and by default, it’s the next opportunity for us,” Rivera said. “The Army has said that they are very interested in migrating to an enterprise SharePoint solution. The Air Force similarly has that same requirement. The Combatant Commands have also requested we make SharePoint the next priority.”

DISA’s Howard said the agency is also considering enterprise-level records management and storage solutions, among others. However, for now, DISA is keeping its eye on the ball.

“The bottom line is right now our focus and our energy is on making sure enterprise e-mail becomes a successful implementation in the cloud on behalf of the Army as well as the Department of Defense,” Rivera said.