DISA Cloud: RACE (IaaS) and Platform as a Service (PaaS)



Similar documents
Product Framework. Products must use a common suite of infrastructure Support Services

Cloud Computing and Enterprise Services

Virtualization and IaaS management

OpenShift. OpenShift platform features. Benefits Document. openshift. Feature Benefit OpenShift. Enterprise

Creating a Strong Security Infrastructure for Exposing JBoss Services

Cisco Integration Platform

How To Get The Most Out Of Redhat.Com

IBM WebSphere Enterprise Service Bus, Version 6.0.1

JBOSS ENTERPRISE SOA PLATFORM AND JBOSS ENTERPRISE DATA SERVICES PLATFORM VALUE PROPOSITION AND DIFFERENTIATION

RED HAT CLOUD SUITE FOR APPLICATIONS

Enterprise Services Strategic Objectives Building the Services Cloud Vision 2016

EMC IT S JOURNEY TO THE PRIVATE CLOUD: APPLICATIONS AND CLOUD EXPERIENCE

DIACAP Presentation. Presented by: Dennis Bailey. Date: July, 2007

owncloud Architecture Overview

owncloud Architecture Overview

What is it? What does it do? Benefits

Cisco Intelligent Automation for Cloud

RED HAT ENTERPRISE VIRTUALIZATION

Enterprise Computing and Cloud Initiatives: A Report Card

Cloud Management Platform

Assignment # 1 (Cloud Computing Security)

FISMA Cloud GovDataHosting Service Portfolio

PLATFORM-AS-A-SERVICE: ADOPTION, STRATEGY, PLANNING AND IMPLEMENTATION

ORACLE DATA SHEET KEY FEATURES AND BENEFITS ORACLE WEBLOGIC SERVER STANDARD EDITION

SERENA SOFTWARE Authors: Bill Weingarz, Pete Dohner, Kartik Raghavan, Amitav Chakravartty

Oracle Reference Architecture and Oracle Cloud

DevOps. Josh Preston Solutions Architect Stardate

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

Cloud Database Demystified to Deliver SaaS Customer Value

Dell and JBoss just work Inventory Management Clustering System on JBoss Enterprise Middleware

IBM Cloud Manager with OpenStack

An Alternative to the VMware Tax...

Managing your Red Hat Enterprise Linux guests with RHN Satellite

EMC IT AUTOMATES ENTERPRISE PLATFORM AS A SERVICE

JAMF Software Server Installation and Configuration Guide for OS X. Version 9.2

Successfully Deploying Globalized Applications Requires Application Delivery Controllers

JBoss. choice without compromise

RED HAT: UNLOCKING THE VALUE OF THE CLOUD

JAMF Software Server Installation and Configuration Guide for OS X. Version 9.0

JAMF Software Server Installation and Configuration Guide for Linux. Version 9.2

BEA AquaLogic Integrator Agile integration for the Enterprise Build, Connect, Re-use

CLOUDFORMS Open Hybrid Cloud

JBoss Enterprise Middleware

JBoss enterprise soa platform

VMware on VMware: Private Cloud Case Study Customer Presentation

The bridge to delivering digital applications across cloud, mobile and partner channels

Easy as 1-2-3: The Steps to XE. Mark Hoye Services Portfolio Consultant

Axway Validation Authority Suite

Oracle Cloud Update November 2, Eric Frank Oracle Sales Consultant. Copyright 2014 Oracle and/or its affiliates. All rights reserved.

Oracle Database Cloud Service Rick Greenwald, Director, Product Management, Database Cloud

Flora Muglia Azure Solution Sales Professional We are partners in learning. November 2015

BUILDING THE IXONOS ELASTIC CLOUD WITH RED HAT. Ixonos Plc

Planning, Provisioning and Deploying Enterprise Clouds with Oracle Enterprise Manager 12c Kevin Patterson, Principal Sales Consultant, Enterprise

APP DEVELOPMENT ON THE CLOUD MADE EASY WITH PAAS

HOL9449 Access Management: Secure web, mobile and cloud access

AppBoard TM 2.6. System Requirements. Technical Documentation. Version July 2015

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

WEBAPP PATTERN FOR APACHE TOMCAT - USER GUIDE

Business Alliance B.A.A.E.R. Managed services

Red Hat Cloud and Virtualization How to Sell. Karl Stevens Senior Solution Architect

Next Generation Now: Red Hat Enterprise Linux 6 Virtualization A Unique Cloud Approach. Jeff Ruby Channel Manager jruby@redhat.com

OnCommand Performance Manager 1.1

Ports, Protocols, and Services Management (PPSM)

JBoss Enterprise Middleware. The foundation of your open source middleware reference architecture

Migration Scenario: Migrating Backend Processing Pipeline to the AWS Cloud

QuickStart Guide for Managing Mobile Devices. Version 9.2

openshift enterprise whitepaper Gordon Haff

INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER

Cisco Application Networking Manager Version 2.0

StreamServe Persuasion SP5 StreamStudio

CHAPTER 8 CLOUD COMPUTING

TRANSFORM BIG DATA INTO ACTIONABLE INFORMATION

Cloud Services Catalog with Epsilon

Dimension Data Enabling the Journey to the Cloud

Migrating SaaS Applications to Windows Azure

VMUG - vcloud Air Deep Dive VMware Inc. All rights reserved.

SNOW LICENSE MANAGER (7.X)... 3

Building a Continuous Integration Pipeline with Docker

Private Cloud for WebSphere Virtual Enterprise Application Hosting

Private & Hybrid Cloud: Risk, Security and Audit. Scott Lowry, Hassan Javed VMware, Inc. March 2012

JAMF Software Server Installation and Configuration Guide for Linux. Version 9.0

EBA Procurement Procedure for the Supply of Website Services 2016: Annex 1 System Architecture Document SYSTEM ARCHITECTURE DOCUMENT

Build A private PaaS.

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

SOLUTION BRIEF Citrix Cloud Solutions Citrix Cloud Solution for Disaster Recovery

ESPDS Scalable and Secure Infrastructure

Managed Servers ASA Extract FY14

Business transformation with Hybrid Cloud

ManageEngine (division of ZOHO Corporation) Infrastructure Management Solution (IMS)

The Virtualization Practice

DARMADI KOMO: Hello, everyone. This is Darmadi Komo, senior technical product manager from SQL Server marketing.

Inside the Digital Commerce Engine. The architecture and deployment of the Elastic Path Digital Commerce Engine

Air Force SOA Enterprise Service Bus Study Using Business Process Management Workflow Orchestration for C4I Systems Integration

Transcription:

Defense Information Systems Agency A Combat Support Agency DISA Cloud: RACE (IaaS) and Platform as a Service (PaaS) John Robinson, Solutions Architect 7 Feb 2012

RACE Overview Infrastructure as a Service (IaaS) NIPRNet and SIPRNet Networks PKI Authenticated Access Control Test and Development environments Virtual Servers with Developer/ STIG settings Accelerated Path to Production Self-service Portal for Ordering and Project Management Fund with MIPR or Credit Card Virtual Servers Variable CPU/RAM/Storage 2

RACE P-T-P Solution Summary Path-to-Production Execution Process: The execution process is a re-engineered and optimized workflow Specified Entrance Criteria must be met to ensure compatibility with the process, such as standard ports A DISA CIO approved consolidated workflow. The new process still retains existing supporting systems and practices to minimize organizational change Governance and oversight built into processes and workflow emass: The Enterprise Mission Assurance Support Service (emass) is deployed to inject optimization: Provides an advanced workflow management tool, streamlining the C&A process for RACE Customers Supports inheritance of DIACAP controls from RACE computing environment Automates the distribution of select DIACAP artifacts Enhanced RACE Portal: A re-designed RACE portal is implemented providing the ability to purchase Development, Test, or production systems and request promotion of RACE environments, while following the P-T-P process flow Deploys pre-stig d, IAVA compliant VOEs for Development and Test operating environments 3

PaaS Overview A Combat Support Agency DISA s Platform as a Service (PaaS) is a transformational approach to delivering web application and service support under a commercial-style cloud services model to all of DoD Customers of this service will only be responsible for providing fully developed and tested code in compliance with the PaaS standards Sustainment of the PaaS service will rest solely upon DISA Currently operating under an IATT, with (I)ATO expected by March 2012 PaaS: Facilitates DoD s transition to a net-centric, service-oriented information environment Provides a robust set of features and SOA services to enrich the customer s application Provides secure standardized development test and production environments Enables application developers to write and deploy applications into a cloudbased platform with greater agility and effectiveness Implements a streamlined path to production process to speed the delivery of new mission capabilities 4

PaaS requirements are A Combat Support Agency converging The Navy has developed a portable platform service based on JBoss, and is interested in DISA providing a hosting environment Teaming with Army to develop a single PaaS (recent development) Accelerate delivery of.net capability in PaaS Accelerate Army datacenter consolidation and modernization efforts Teaming with USTRANSCOM to accelerate capability delivery (recent development) Implement Cloud Computing Platform as a Service (PaaS) is an initial capability of the DoD Cloud Computing Strategy and is in alignment with 5 near-term DoD IT Enterprise Strategy and Roadmap priorities DISA PaaS: Advancing the DoD Cloud. Secure. Reliable. Elastic 5

Web PaaS Framework A Combat Support Agency Dev Dev Platform Dev Toolkit Forge Tools End Users Test Test Platform Test Tools Forge Tools Server Java.NET Developers Presentation Visualization OWF Customer PaaS Customer Facing Services Access Control Service Technologies STS IdAM Infrastructure Red Hat Enterprise Linux / Windows 2008 Storage Network RDBMS NoSQL Data Store Service Integration Interfaces Attributes Owners Messaging Mediation Customer Operations Data Services Registry Develop Test Execute Operate Sync Monitoring Logging ESM HBSS Tenets Standards-based Maximize Open Source Software Vendor Neutrality Maximize Enterprise Services Portable Elastic and Scalable Customer Focused Features Continuity of Operations baked in Shared situational awareness Self-service Utility billing Rapid path to production Pre-integrated Enterprise Services Conforms to DOD security standards Type accredited Providing Higher Quality and Faster Services at a Lower Price 6

Active Entity Token Request / Response (HTTPS) OCSP Responder Service Consumption (HTTPS) HTTP HTTP HTTP App Server STS IdP HTTPS TLS Web PaaS vs Web PaaS-STS SSL Trust STS IdP/SP Identity Provider LDAPS HSM SSL LDAPS Attribute Store Attribute Store HSM Service Provider Enterprise Attribute Store Web PaaS-STS Provides execution environment for web apps and services Requires end-to-end, bi-directional digital cert authentication and SSL/TLS for all communications Uses Security Token Services (STS) for authorization Database PaaS-STS NCES Web PaaS Provides execution environment for web apps and services Integrates with NCES for enterprise SOA services Includes protocol mediation services to legacy data sources Active Entity IdAM OCSP Responder HTTPS HTTP App Server Messaging HTTPS Registry JMS JDBC PaaS Attributes Mediation Database Legacy Data Source 7

The Platform A Combat Support Agency PaaS Path to Production DISA s Web PaaS provides a cost effective and secure DoD enterprise capability for customers to develop, test, deploy, and manage the applications in a cloud environment. Customer s Code Customer s Code Customer s Code Customer s Code Run-time Engine Run-time Engine Run-time Engine Run-time Engine Browser App Developers Data Store Data Store Data Store Data Store WS Client Active Entities Operating System Physical Server Development Environment SVCS as a Service Jenkins as a Service Continuous Integration Tools Operating System Physical Server Operating System Physical Server Shared Services Test Environment IdAM Attributes Messaging Operating System Physical Server Dev Test Pre-Prod Prod Enterprise Services Registry ESM HBSS 8

How to get started with PaaS Download the PaaS SDK to start development PaaS SDK available under File Releases https://software.forge.mil/sf/projects/javapaas PaaS Dev environment in RACE available Mar 2012 Web PaaS Test environment available Mar 2012 To take advantage of this service, contact PaaS@disa.mil PaaS Team will be at the AFCEA conference today thru Thursday. Please let us know if you would like to schedule some time to discuss PaaS. 9

10

RACE Pricing A Combat Support Agency Base configuration includes: Base Storage (60GB system / 40GB data) 1 4 virtual CPUs 1 8 GB RAM Operating systems Linux Red Hat v5.x or 6.x * Windows 2003 32 or 64 bit Windows 2008 R2 64-bit Additional optional storage available up to 1 TB per server * RPMs for Apache, MySQL, Perl included but not installed Configurations CPU Mem Monthly Fee 1 virtual core / 1 GB virtual RAM 1 1 $ 467 1 virtual core / 2 GB virtual RAM 1 2 $ 519 1 virtual core / 3 GB virtual RAM 1 3 $ 804 1 virtual core / 4 GB virtual RAM 1 4 $ 1,557 2 virtual cores / 2 GB virtual RAM 2 2 $ 1,557 2 virtual cores / 3 GB virtual RAM 2 3 $ 1,790 2 virtual cores / 4 GB virtual RAM 2 4 $ 2,179 4 virtual cores / 4 GB virtual RAM 4 4 $ 2,838 4 virtual cores / 8 GB virtual RAM 4 8 $ 3,225 Optional Storage : 10 GB increments up to 1 TB total storage per server $1.759 per GB / month $ 17.59/ 10 GB/mo 11

PaaS Catalog A Combat Support Agency PaaS Connection Charge $ 1,277.11 PaaS Development and Test services Item Fee per Month Web PaaS Development - Java $ 324 Web PaaS Development -.NET $ 324 Web PaaS Test - Java $ 324 Web PaaS Test -.NET $ 324 Web PaaS Additional JVM / App $ 118 Web PaaS Test Server RACE rates Web PaaS Mediation Server RACE rates PaaS Services - Java and.net Item Fee per Month Small $ 1,306 2 core x 2 GB memory 2 core x 4 GB memory DB Medium $ 2,424 4 core x 4 GB memory 4 core x 8 GB memory DB Large $ 5,041 4 core x 8 GB memory 8 core x 16 GB memory DB Usage Fees Resource Unit Fee Content Delivery 1000 Transactions $ 0.10 Content Delivery - STS 1000 Transactions $ 0.19 Optional Add-on Services Item Fee per Month App Server Cluster Additional Small $ 512 Addtional Medium $ 512 Additional Large $ 1,281 High availability Small $ 1,306 Medium $ 2,424 Large $ 5,041 Pre-production Small $ 1,306 Medium $ 2,424 Large $ 5,041 Oracle 11g Database 2 cores $ 1,901 4 cores $ 3,802 8 cores $ 7,603 Microsoft SQLServer Enterprise 2008 2 cores $ 676 4 cores $ 1,352 8 cores $ 2,704 Protocol Mediation $ 539 Storage L1 Storage Prod - 1GB $ 30 R2 Storage COOP $ 30 ***Pricing should be used for planning purposes only. Subject to change due 12

The Pathway To Production offers RACE Customers a migration to production environments and an accelerated C&A process Virtual Operating Environment Migration The Path-to-Production allows users to migrate their Development (Zone B) environments to Limited User Testing (Zone A) environments When Limited User Testing is completed, the customers are able to seamlessly transition to a DECC production environment Accelerated C&A Process Execution Inheritance of the RACE cloud and DECC facility is leveraged to implement IA controls in the VOEs Virtual Operating Environments that are purchased from RACE are pre-hardened, and Developer Friendly Tools that facilitate automation and workflow management of the C&A process such as emass are implemented Environment Promotion to Test Environment Promotion to Production NIPRNet / GIG 13

Web PaaS Software List PaaS Component Purpose Solution Web Platform Run-time execution environment for web application and web services code JBoss Enterprise Platform Microsoft.NET Presentation Visualization engine for managing user interface layout Apache HTTP Server Microsoft IIS Ozone Widget Framework Security Token Web Service that issues security tokens. Converts Ping Federate a security token into a standard SAML 2.0 security Service token containing selected user identity attributes that is shared with web applications and services. Data Store Persistent data storage Oracle MySQL Enterprise Oracle Enterprise Server 11g Microsoft SQL Server 2008 Protocol Mediation Protocol mediation services to allow web applications and services to access legacy data sources using exposed services Talend ESB Service Integration Interfaces Integration web services to abstract underlying service technologies to avoid vendor lock-in Hibernate NCES clients Management Monitor health and status of web platform and data store, and provision new instances JBoss Operations Network MySQL Enterprise Manager 14

Standard Web PaaS Multitenancy Network Load Balancer and SSL Offload Customer 1 VIP Customer 2 VIP Customer 3 VIP Customer 4 VIP Cluster on the same physical server for performance, and on separate servers for high availability PaaS Customer Hosting Infrastructure Java Server PaaS Shared Services Customer 1 Customer 2 PKI JBoss EAP JBoss EAP JBoss EAP JBoss EAP JBoss EAP JBoss EAP STS NCES RHEL 6.1 Mediation SOA Services Database Server Customer 2 MySQL MySQL MySQL RHEL 6.1 MySQL MySQL JVM DB Additional capacity added on-demand based on preestablished thresholds 15

COOP Strategy Baked into service PaaS West Site PaaS East Site 24-hour RTO/RPO Supports MAC III and MAC II applications Web Server Web 1 Web 2 Web 3 Web 4 Web Server Web 1 Web 2 Web 3 Web 4 Dedicated JVM, & DB instances pre-provisioned at remote COOP site Server App 1 App 2 App 3 App 4 JVM 1 JVM 2 JVM 3 JVM 4 Server App 1 App 2 App 3 App 4 JVM 1 JVM 2 JVM 3 JVM 4 Customer data is replicated to slave DB at remote COOP site Database Server DB 1 DB 2 DB 3 DB 4 Data Replication Database Server DB 1 DB 2 DB 3 DB 4 Remote COOP site in standby mode Failover sequence is manual The global load balancer is updated to point to the COOP site DB1 Master DB2 Master DB3 Slave DB4 Slave Web JVM DB1 Slave DB2Slave DB3 Master DB4 Master Active, stand-by web server Active, stand-by JVM Slave database in stand-by, read-only mode 16

Fee Definitions One-time Connection Fee Recovers the core implementation charge for provisioning the hosting infrastructure, connectivity, DNS registration, and user account configuration Monthly Reoccurring Fixed Charge Recovers the cost for processing resources and licensing required to provision a PaaS instance. Transaction Charge Recovers the cost for the Shared Services infrastructure, management infrastructure, sustainment labor, and technology support and maintenance Transaction is defined as any HTTP(S) GET or HTTP(S) POST 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information