During the shift from on-premises base infrastructure to public and private clouds, many individual DoD cloud offerings have developed. Each new iteration of cloud brings additional benefits and capabilities to address previous challenges. This trend is likely to continue as subsequent Cloud Service Providers (CSPs) create new technologies and accredit those service offerings for use within DoD. The continued addition of new public and private clouds for use in DoD brings many benefits, including:
- Robust selection of best-in-class cloud services
- New contract and procurement methods to aid in adoption
- Increase price competition and avoid single-cloud lock-in
- Improved resiliency and availability in remote operating locations
- Competition-driven innovation of future warfighting capabilities
However, the growth of cloud offerings also introduces more challenges for joint warfighting efforts. Onboarding new clouds often requires a complete procurement cycle and repetition of work already done by government and industry partners. Once the new clouds are available for use in DoD, they are typically siloed from existing enclaves, making day 2 operations much more costly.
Siloed clouds result in duplicate management efforts that share minimal collaboration of people, tools, or ideas between cloud environments. Over time, this practice scales poorly because each separately managed cloud requires the same administrative burden and does not gain the benefit of economies of scale. Siloed IT operations also greatly hinder the migration of mission applications between clouds because they can require a detailed app rationalization process, including application refactoring and updates to Risk Management Framework (RMF) documentation. The net result is siloed mission apps become static, failing to adapt to changes over time and incapable of mission interoperability.
To overcome these challenges, the Joint Warfighting Cloud Capability (JWCC) requires a centralized management platform that can manage multiple public CSPs, as well as existing DoD clouds, and provide a single point of access for commanders to easily manage their mission environments. As shown in Figure 1, the JWCC cloud management control plane is key to managing the existing on-base infrastructure, standalone clouds, and new public CSPs in an efficient manner that maximizes compatibility and interoperability between the different operating environments in DoD today.
The cloud management control plane has 6 pillars for management success:
- Contract management – Includes streamlined, consistent, software-driven evaluation methods used by Government contracting officials to manage multiple cloud vendors and/or system integrators. Cost tracking and optimization are also provided.
- Assessments of Future CSPs – An efficient method to evaluate a common set of security, technical, and contractual requirements that, when met, enable additional CSPs, OEMs, and integrators to offer services on the JWCC portal.
- Onboarding – Enables new providers to offer services in the JWCC service catalog and allows JWCC consumers the self-service ability to join JWCC and use those services.
- Migration – Non-disruptive importing of mission applications into JWCC public and private cloud service providers that is accomplished through consistent infrastructure, consistent operations practices, and consistent security.
- Operations – Common toolset and skillset for managing the public and private cloud environments within DoD, as well as ensuring security compliance and secure network operations.
- Compliance Monitoring – Automated scanning and remediation tools that maintain secure baselines and enforce compliance across all cloud environments.
Figure 1 – Maximize the Benefit of Multi-Cloud Environments with a Cloud Management Platform
Centralizing the management and control of JWCC and existing clouds optimizes the DISA many-cloud environment to gain the benefits of true, seamless multi-cloud operations.. VMware is uniquely positioned to enable this capability due to the widely adopted vSphere hypervisor platform that is used throughout DISA enterprise data centers, private clouds, at the tactical edge, and in public cloud providers. DoD can only ensure a centralized management and distributed control mechanism through a common platform capable of managing the hybrid multi-cloud on all CSPs as well as within DoD data and operations centers and at the tactical edge. VMware provides a comprehensive solution that is equally capable of managing workloads on AWS, Azure, Oracle, Google, IBM within the private cloud and tactical edge.
VMware’s cloud management platform, vRealize Suite, provides a consistent approach to each private or public cloud, through a common interface that leverages the current DoD workforce skills used daily. VMware’s CMP extends across all major cloud providers and manages them just like DoD’s on-premises data centers.
Figure 2 – Centrally Manage Infrastructure from the Edge to the Public Cloud
VMware’s CMP provides the following capabilities:
- Provisioning and Orchestration – Deploy templates or standard configurations using a self-service portal, or automatically trigger deployments based on events or approvals.
- Service Catalog – Use customizable cloud templates to deploy standardized configurations to multiple cloud regions and notify administrators upon completion.
- Monitoring and Analytics – Monitor multiple CSPs with customizable dashboards, reporting capabilities, and projections for cost, resource utilization, and security events.
- Inventory Classification – Discover resources across clouds and categorize them with customizable tags; allowing resources to be inventoried, grouped, and searched.
- Cost Management and Resource Optimization – Create pricing rate cards and define pricing policies for individual tenants, use side-by-side cost comparisons when deploying to a CSP, and receive cost optimization recommendations to streamline current builds.
- Identity Management – Allows federated identity with Microsoft Active Directory (AD) or other identity providers to achieve Single Sign On (SSO) with granular role-based access control (RBAC) and account provisioning across clouds.
- Security Compliance – Scan cloud endpoints against industry benchmarks or compliance types, with the option to automatically remediate vulnerabilities.
- Extensibility through APIs and SDKs – Leverage automation tools to make representational state transfer (REST) application programming interface (API) calls to the CMP which can execute commands across multiple clouds.
Gartner ranks VMware with the highest ability to execute among all cloud management platforms. In the 2021 Gartner Market Guide for Cloud Management Platforms, Gartner writes:
“VMware has the broadest set of cloud management products in the industry available as both on-premises and SaaS offerings… Enterprises that are heavily invested in VMware infrastructure, whether deployed in the data center or on VMware-based public clouds such as VMware Cloud on AWS, should evaluate the VMware Cloud Management product set.”
If you are a VMware partner, Cloud Service Provider, or DoD customer and would like to know more about how VMware can support JWCC and the tactical edge, contact us at firstname.lastname@example.org. VMware product specialists, architects, and engineers are available to meet with your team to have a deep dive technology discussion or whiteboarding session. Similarly, VMware Pursuit and Capture team members are available to discuss teaming agreements or bid arrangements upon request. We look forward to working with your team.