Navigating the Intelligence Community’s Cloud Evolution
A Journey to Multicloud Success with Red Hat OpenShift Container Platform Plus.
From IC Insider Red Hat
By Julien Rossboon, Application Platform Sales Specialist
This article covers the history and current status of the cloud capabilities and the Intelligence Community (IC). This history leads to an unprecedented opportunity in the community to bypass the growing pains of the multicloud within the industry and move towards today’s solutions. The C2E’s upcoming expansion of cloud options within private environments will help the IC deliver its mission and achieve value by being able to move to the proven solutions in use today. RedHat Openshift Container Platform Plus provides a solution to help provide the value of the multicloud to all agencies, enabling the ability to develop once and deliver to any platform from each cloud, on-premise, and the edge at the need of the mission. To learn more about these capabilities, register for our webinar on 11/29 or visit us at red.ht/icn where you’ll find a new multicloud whitepaper for the IC.
History of Cloud and the IC
The IC has a challenge in its ability to take advantage of the solutions the world is investing in for modern IT and decision-making solutions. Before the cloud, the community was able to mirror the capabilities but fell short of the value provided by public cloud solutions. The award of C2S in 2013 provided the semblance of the public cloud capability but fell well short of the full capabilities, even of the AWS cloud itself. The rest of the world adopted the best of what was available with any and every solution that drove business value and moved their interests forward. In the meantime, the IC wrote monolithic contracts that parodied the ideas being pushed in the enterprise, commercial, telecom, and entertainment industries. This led to the adoption of the concepts but not the value of the cloud.
Let’s take a moment to recognize the value of the cloud to the world. Amazon essentially created it to take advantage of the practically unlimited resources they had to buy to handle the peak order season of the US Christmas season and realizing that they could others to pay for that capacity during the off-season and then use that profit to increase their resources to handle the next peak season. Essentially, it gave them a hyperscale of computing, storage, and communications capabilities that was searingly unlimited. One monetized we had what we so affectionately call the cloud.
Overnight, the biggest conferences to go to went from Data Center conferences to Cloud conferences. This dynamic shift in our IT world increased in pace and adoption as fast as we first adopted databases in the 70s to drive business and in the IC to further our missions. The difference for the IC is that the barrier to adoption for the cloud was an unlimited demand and offsetting costs that drove the change in the first place. Unfortunately the IC did not have a centralized compute capability sized for overall peak demand but many different solutions, also sized for peak demand.
The IC did what it always does and threw money at it, but for the first time, instead of getting the capabilities to accomplish the mission we found ourselves with a parity of the value set that made the cloud a reality in the first place. In my opinion, this was one of the fundamental failings in the community in understanding what the cloud is and how it provides value. We should have focused on using the extreme amount of computing to deliver a custom-built cloud that utilized the excess and scope across the IC to build a unique capability similar to Amazon when it started rather than try to outsource a unique capability that was never meant to but bought lock, stock, and barrel.
As with most things, that was not the approach taken, and we asked for a custom version, albeit far less capable, to reach our mission needs. This led to the adoption of AWS instances for the intelligence community. This restricted environment offered far superior flexibility than legacy data center capabilities but did not capture the flexibility, choice, and capability of the public cloud capabilities. Over the next five years, it was not only the only option. Still, it was mandated as the only course of action for many, if not all, newly delivered capabilities where connected operations were available.
This worked to help the IC adopt many COTS solutions built outside the community and further the mission in a way never seen. Although this solution did not capture the original value of what the cloud brought to the world, it did massively allow for new abilities to deliver faster, better, and cheaper than the traditional approaches before its delivery, moving the IC into the Dev/Ops world the rest of the planet was enjoying. As time passed, one cloud’s approaches and lock-in limitations reared their ugly head. Many of the naysayers used this to say I told you so, but ultimately, everyone agrees the value of the cloud has moved the community forward in solving mission problems.
The current opportunity for multicloud
In 2019, the community recognized many limitations and watched what worked in the industry, telecom, and enterprise communities. It realized it needed the multi-cloud capabilities of the world. This led to the award and upcoming availability of multiple clouds to the IC community. Having, for the first time, an opportunity of choice to select the best solution is a new challenge.
As the community makes this change to take advantage of this critical capability, the focus should always remain on delivering the mission to ensure our global superiority. This is a monumental step forward, allowing the community to do what commercial enterprises have been using to maximize profits and invest back into these solutions. As the community gets the capability later in the delivery cycle, it should use those lessons learned from large enterprises and leap forward to doing what works, not just fumbling through as the world did in the growing pains of adopting the cloud.
The world has seen early adopters, startups, and slow-to-adopt companies succeed and fail at the ability to adopt the multi-cloud. From the success of companies like Netflix to the pull out of financial institutions. Very few failures I am familiar with are associated with a lack of capability. Still, more of a lack of choice once migrated, leading to immense cost overruns and an inability to support their on-premise needs from the cloud. The IC should take this fantastic opportunity to look at what is working and what is not to emulate the successes and avoid the failures.
The most successful and pervasive standards in the IT and delivery environments that enable flexibility and choice is automation and containerization. This fundamental building block of the world’s technological solution is introducing flexibility and security only dreamed about when the cloud was introduced. These paradigms are helping the leading Fortune 500 companies achieve efficiencies that the intelligence community needs to thwart our adversaries’ plans.
Already being adopted across the community with multiple enterprise-wide offerings, containers are the ideal solution for enabling the multi/hybrid cloud that will ultimately be critical to relieving any number of mission needs. The ability to write code anywhere and deliver anywhere opens many options for the community we have not seen before. The open-source community is driving the container solutions and has rallied behind the Kubernetes container management solution.
Kubernetes has grown exponentially since its inception, providing parity of capabilities of proprietary offerings. This is proven as all cloud providers can take advantage of their proprietary versions of Kubernetes container delivery options. This standard is driving the development and delivery of new services at an unprecedented rate.
To deliver Kubernetes at scale and solve the global technology sector’s technological and security problems, a management and operational platform is critical in achieving success. A robust, secure platform for development and operations is critical to achieving the business value of increasing productivity with the same resources as before. This platform solution takes standard container solutions to scale and across clouds and on-prem solutions to achieve real solutions to deliver solutions anywhere.
This journey, identified above, is what the IC has the opportunity to take advantage of as they now adopt the multi/hybrid cloud. Using a containerization strategy can allow for dev/sec/ops capability, driving the highest success in the IT world. This, delivered through an open-source platform that delivers security and enterprise-level management tools, can rapidly allow the intelligence community to leapfrog the challenges the early cloud adopters faced and take the lead in capabilities in the Data Center era of the early 2000s.
In addition to achieving the value of the cloud and on-premise capabilities that an open-source container platform solution provides, it also insulates against the churn of FAR mandates. Using an open standard that runs on any cloud ensures that the solution being delivered continues to work at the contract end while allowing flexibility of choice across the available cloud providers. Eventually, even allowing the community to move workloads as needed to both meet the mission and drive the cloud computing providers to compete I providing the same low-cost options of the free market.
Although cost and FAR compliance are essential, the mission will always remain paramount to our community. I have never met an intelligence community member from analysts, project managers, acquisition professionals, sales executives, or senior staff who doesn’t care deeply about driving our critical missions forward to save lives and protect our country’s interests. This is the fundamental core of our IC supporting members. In that vein, this multicloud reaching all parts of our missions is critical. Whether that mission is helping with the latest global conflict or emergency relief efforts after natural disasters. Whatever the mission and associated limitations (physical, resource, or communications), delivering the needed information and decision capabilities to our members is paramount to success.
The Kubernetes platform developed by the open source community and enhanced by corporate and government investment provides the capability to help deliver on the diverse mission needs of the community. This solution, built by the world’s needs, provides a leading solution to allowing development once and deployment anywhere to help drive business or mission solutions to where they are needed. Whether that is AI on the manufacturing floor, the algorithm identifying the right offering for a customer to drive purchases, or a critical mission parameter to save lives in the field. A robust container platform accelerates solutions for use where they are needed. Whether driven to save costs to keep critical personnel funded or to deliver a new capability rapidly.
OpenShift Container Platform Plus
Red Hat believes the open-source community has the solution to help drive the capabilities to allow the IC to achieve the strategic goals of the ODNI. Combined with modern DevSecOps capabilities, our tools can allow the IC to achieve the current state of multicloud, bypassing years of discovery and development by the rest of the IT industry. By moving straight to the modern multi-cloud model through OpenShift and Ansible automation platforms, the community is poised to accelerate new deliveries and adopt the next generation of cloud computing.
Red Hat’s Kubernetes platform, Red Hat OpenShift Container Platform Plus, meets intelligence agencies’ stringent requirements and provides the solution to reach the multicloud realized value from non-restricted environments. Already being enabled by key agencies, this platform helps realize the value of all aspects of the resources available to the community.
Red Hat OCP meets the community’s rigorous requirements for security, scalability, and ease of management. It multiplies the impact of the multicloud strategy by enabling agencies to deliver the mission anywhere, anytime, the right way, at the right scale. With this platform, the intelligence can:
- Deploy applications on any approved location: the classified clouds In the C2E contract, your agency’s data center, and edge devices.
- Automatically scale the number of container copies based on current demand (option)
- Enforce agency security controls throughout the container lifecycle.
- Strengthen security with:
- Visibility into application usage
- Context-based risk profiling
- Container runtime detection of security threats
- Control over which sets of application elements (pods) can communicate, limiting the spread of malware
- Control over the software supply chain to make sure the code used in application development is trusted
- Container scanning with Red Hat Advanced Cluster Security (ACS) for Kubernetes
The cryptographic components of Red Hat OpenShift are FIPS 140 certified, and the Defense Information Systems Agency (DISA) has released Secure Technical Implementation Guidelines (STIG). See the latest certifications here.
- Provide software-defined storage for containers. Red Hat OpenShift Data Foundation helps teams develop and deploy applications quickly and efficiently across clouds, Data Centers, and edge OCP-managed capabilities
- Red Hat OpenShift Dev Spaces uses Kubernetes and containers to provide developers and other IT team members with a consistent, secure, and zero-configuration development environment. The experience is as fast and familiar as an integrated development environment (IDE) on your laptop.
- Use other tools that support the multicloud strategy without having to worry about compatibility and integration. Red Hat OpenShift Container Platform Plus works out-of-the-box with the other Red Hat technologies listed in the sidebar, “Companion tools.”
- Manage all clusters (anywhere) and applications from a single console. Red Hat Advanced Cluster Management for Kubernetes provides enterprise-class management tools that work with every platform in the C2E contract.
- Deploy packaged containers in a standardized way through Ansible Automation Platform installation packages to implement OCP even when connectivity is not an option.
Julien Rossboon is an Application Platform Specialist within the Red Hat Public Sector team specializing in developing and planning multi-cloud solutions. He has worked alongside Federal Agencies and Enterprise leaders to help develop and deliver solutions to enable next generation capabilities across the Multi-Cloud. Julien comes from a technical background with over 20 years of helping IT organizations deliver mission support effectively and lately in using OpenShift to help our customers achieve that same success.
About Red Hat
Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered approach to deliver reliable and high-performing Linux, hybrid cloud, container, and Kubernetes technologies. Red Hat helps customers develop cloud-native applications, integrate existing and new IT applications, and automate and manage complex environments. A trusted adviser to the Fortune 500, Red Hat provides award-winning support, training, and consulting services that bring the benefits of open innovation to any industry. Red Hat is a connective hub in a global network of enterprises, partners, and communities, helping organizations grow, transform, and prepare for the digital future.
About IC Insiders
IC Insiders is a special sponsored feature that provides deep-dive analysis, interviews with IC leaders, perspective from industry experts, and more. Learn how your company can become an IC Insider.