FAA Cloud Computing Strategy



Similar documents
FAA Cloud Computing Strategy

Customer Experience Strategy and Implementation

Federal Aviation Administration

STATE OF MARYLAND 2017 INFORMATION TECHNOLOGY MASTER PLAN (ITMP) Department of Information Technology David Garcia; State CIO

Vermont Enterprise Architecture Framework (VEAF) Identity & Access Management (IAM) Abridged Strategy Level 0

Data Governance Implementation

How To Improve The Performance Of Anatm

Overview. FedRAMP CONOPS

Employing ITSM in Value Added Service Provisioning

Value to the Mission. FEA Practice Guidance. Federal Enterprise Architecture Program Management Office, OMB

Next Generation Air Transportation System Enterprise Architecture, Software, Safety, and Human Factors Review An Interim Report

DEPARTMENT AGENCY STATEMENT OF OBJECTIVES FOR CLOUD MIGRATION SERVICES: INVENTORY, APPLICATION MAPPING, AND MIGRATION PLANNING MONTH YYYY TEMPLATE

U.S. DEPARTMENT OF TRANSPORTATION FEDERAL AVIATION ADMINISTRATION. Air Traffic Organization Policy

December 8, Security Authorization of Information Systems in Cloud Computing Environments

Process Assessment and Improvement Approach

Chicago Center Fire Contingency Planning and Security Review

Cloud Computing and SOA from Enterprise Perspective. Yan Zhao, PhD ArchiTech Consulting LLC Oct.

Process-Based Business Transformation. Todd Lohr, Practice Director

Data Governance Implementation

5 FAM 670 INFORMATION TECHNOLOGY (IT) PERFORMANCE MEASURES FOR PROJECT MANAGEMENT

Profile. Business solutions with a difference

What to Look for When Selecting a Master Data Management Solution

Five best practices for deploying a successful service-oriented architecture

The Key to a Successful KM Project

Information Resource Management Directive USAP Information Security Architecture

ENTERPRISE COMPUTING ENVIRONMENT. Creating connections THROUGH SERVICE & WORKFORCE EXCELLENCE

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into

Data Governance. Unlocking Value and Controlling Risk. Data Governance.

Sytorus Information Security Assessment Overview

WHY DO I NEED A PROGRAM MANAGEMENT OFFICE (AND HOW DO I GET ONE)?

U.S. Department of Education Federal Student Aid

Operational Risk Management - The Next Frontier The Risk Management Association (RMA)

Aligning IT with Business Goals through Strategic Planning

OPTIMUS SBR. Optimizing Results with Business Intelligence Governance CHOICE TOOLS. PRECISION AIM. BOLD ATTITUDE.

U.S. Department of the Treasury. Treasury IT Performance Measures Guide

Director of Asset Management and Repairs

EMC PERSPECTIVE. Information Management Shared Services Framework

Journey to Cloud 10 Questions

Whitepaper Data Governance Roadmap for IT Executives Valeh Nazemoff

ANALYTICS & CHANGE KEYS TO BUILDING BUY-IN

ClOP CHAPTER Departmental Information Technology Governance Policy TABLE OF CONTENTS. Section 39.1

U.S. DEPARTMENT OF TRANSPORTATION FEDERAL AVIATION ADMINISTRATION. Air Traffic Organization Policy

Enterprise Data Governance

STATEMENT OF. Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration

How To Save Money On A Data Center

Your asset is your business. The more challenging the economy, the more valuable the asset becomes. Decisions are magnified. Risk is amplified.

Federal Enterprise Architecture Framework

IBM Software A Journey to Adaptive MDM

The Art of Architecture Transformation. Copyright 2012, Oracle and/or its affiliates. All rights reserved.

IT Service Management. The Role of Service Request Management

GOVERNMENT USE OF MOBILE TECHNOLOGY

Open Group SOA Governance. San Diego 2009

Concept of Operations for Line of Business Initiatives

Module 6 Essentials of Enterprise Architecture Tools

Cisco Unified Computing. Optimization Service

Managing Change Using Enterprise Architecture

DevOps: The Key to Delivering High Quality Application Services Faster

Vermont Enterprise Architecture Framework (VEAF) Master Data Management (MDM) Abridged Strategy Level 0

To All Users: Air Traffic Organization Safety and Technical Training

Drive to the top. The journey, lessons, and standards of global business services. kpmg.com

STATEMENT OF. Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration

Advanced Topics for TOGAF Integrated Management Framework

How To Use Cloud Computing For Federal Agencies

Application Overhaul. Key Initiative Overview

Cisco Unified Communications and Collaboration technology is changing the way we go about the business of the University.

Douglas County School District. Information Technology. Strategic Plan

U.S. Department of Education Federal Student Aid

2007 & 2008 Dennis L. Bolles and Darrel G. Hubbard 1

The Information Management Center of Excellence: A Pragmatic Approach

Migrating and consolidating even the simplest of data

Essentials to Building a Winning Business Case for Tax Technology

The following is intended to outline our general product direction. It is intended for informational purposes only, and may not be incorporated into

PPM V2.0 Frequently Asked Questions (FAQs) U.S. Department of Housing and Urban Development

Enterprise Architecture (Re)Charter Template

Practice Overview. REQUIREMENTS DEFINITION Issue Date: <mm/dd/yyyy> Revision Date: <mm/dd/yyyy>

Information Technology Services Project Management Office Operations Guide

FSIS DIRECTIVE

Navigating the NIST Cybersecurity Framework

STAND THE. Data Center Optimization. Q&A with an Industry Leader

Big Data and Big Data Governance

Revised October 2013

IT-CNP, Inc. Capability Statement

Cloud Services The Path Forward. Mr. Stan Kaczmarczyk Acting Director - Strategic Solutions and Security Services FAS/ ITS, GSA

Enabling Citizen-Centered Electronic Government FEA PMO Action Plan

Cisco Virtual Desktop Infrastructure Strategy Service

Successful Outsourcing of Data Warehouse Support

Service-Oriented Architecture Maturity Self-Assessment Report. by Hewlett-Packard Company. Developed for Shrinivas Yawalkar Yawalkar of CTS

Begin Your BI Journey

Transcription:

FAA Cloud Computing Strategy By Eric Carlson, TASC System Engineer Alex Reyes, TASC Senior System Engineer Ahmad Usmani, FAA Manager of Enterprise Programs 1 The Need Cloud computing provides a new way of acquiring and delivering computing resources (infrastructure, platform, and software). Organizations around the world are under intense pressure to accelerate innovation and optimize Information Technology (IT) costs. Senior leaders are being asked to find ways to do more with less. Government agencies, the aviation industry, and the Federal Aviation Administration (FAA) are no exception. In the IT arena, critical pain points include escalating operations and maintenance costs, underutilized infrastructure, and inability to satisfy business agility demands. To address these issues in the Federal Government, the Office of Management and Budget (OMB) developed the 25 Point Plan to Reform Federal Information Technology Management and as part of the plan, established the Cloud First policy that requires Federal agencies to evaluate and consider a safe, secure and reliable cloud computing option before making new investments. It is in this context that OMB asked the FAA to develop an FAA-wide cloud computing strategy. Approach and Challenges In response to the OMB directive, the FAA assembled a small team to develop an appropriate Cloud Computing strategy relevant to its two major domains: the National Airspace System (NAS) and the non-nas. The team adopted an approach that consists of the following activities: Identify stakeholders, direction, and purpose of strategy Identify benefits to the FAA Identify risks to the FAA Articulate a vision, assuming all risks could be overcome and funding made available when required Define goals to support and enable the vision These steps are not sequential and were performed iteratively in collaboration with the stakeholders. The initial challenge was to define the intent, scope, level of technical detail for the strategy document, and align these with OMB s goals and expectations. The team identified as a priority the need to communicate cloud computing possibilities and potential impacts of this technology to the mission and goals of the Agency. Their approach was to meet with key stakeholders to help each organization understand how cloud computing could be utilized within the agency, and get feedback from the stakeholders on their views of possibilities and any concerns that would hold them back from utilizing this technology. The team identified stakeholders across FAA organizations including finance, procurement, and multiple IT groups and organizations. These are shown in Figure 1. Interactions with various stakeholders helped to identify the key questions to be answered by the FAA Cloud Computing Strategy, which included: benefits, risks and www.atca.org Winter 2012 The Journal of Air Traffic Control 15

challenges, goals/vision/intent, and ideas for enabling cloud computing. The team, in collaboration with business and IT stakeholders, decided the FAA Cloud Computing Strategy should define and communicate a unified FAA s direction and strategy on cloud computing, and serve as a communication vehicle within the Agency and with external organizations, but not define, prescribe or constrain any particular technical design approach, plan, or solution. With a clear idea on direction, purpose and scope, the strategy team collected information and developed specific concepts to define the FAA s strategy. The team confirmed that any cloud computing capability identified to support the NAS environment which today meets extremely high safety, security, and reliability requirements must not introduce unnecessary levels of risk to the NAS environment. Based on potential risks from cloud computing, the team determined that the cloud computing technology adoption by the FAA would be a risk-based approach supported by solid engineering that balances requirements, schedule, and cost. The team also determined that the strategy requires a comprehensive approach and should follow the process identified in Figure 2. Figure 1. Key FAA Stakeholders Identified Senior Managers/ Execu,ves ATO PMO Security Key Organiza,ons Enterprise Architecture Data Centers/ Infra- structure NextGen Chief Scien,st Figure 2. FAA strategy requires a comprehensive approach that balances key NAS requirements. Governance Ac0vate, Migrate and Operate Service Strategy Security IT Planning Select Cloud Service Provider FAA Cloud Compu0ng Approach Cloud Compu0ng Assessments Enterprise Architecture AMS Lifecycle Define Cloud Service Requirements Business Plan Development Training/ Communica,ons 16 The Journal of Air Traffic Control Winter 2012 Volume 55 No. 1

The circled arrows in the middle of the figure represent the cloud computing service lifecycle, from strategy and service conception, to the activation, migration, and operation of the cloud services. The small clouds around the circle identify the technical and management practices and disciplines to be revised including Governance, IT Planning, Acquisition Management System (AMS), Organizational, Enterprise Architecture (EA), and Security to enable the cloud service lifecycle. The team analyzed each one of these practices and disciplines to identify necessary changes to enable cloud services. For instance, acquisition practices need to support cloud services, EA needs to incorporate cloud elements into the target architecture, and security approaches need to incorporate protection specific to cloud computing security risks. The AMS Lifecycle is the FAA s Acquisition Management Process; it also must be adapted to support cloud computing. It needs to both support the FAA s acquisition of cloud computing capability as well as support offering that capability as Government Furnished Capability (GFC) to future FAA development contractors. Another challenge for the team was to capture and incorporate NAS and non-nas requirements for cloud computing. The FAA s NAS and non-nas systems have different imperatives, objectives, and characteristics and are represented by two different enterprise architectures. The NAS is characterized primarily by real-time, safety-critical operations, and it is supported by a restricted Federal Telecommunications (FTI) network. The non-nas supports regulatory and administrative functions; it is characterized by non-safety critical support functions and operates on the FTI Mission Support Network. Given these differences, the team determined that, at a tactical level, the FAA would likely need two different implementation and execution approaches aligned with one unified FAA Cloud Computing Strategy that would properly address different criticality and sensitivity levels of NAS and non-nas systems. The FAA Cloud Computing Strategy Using the approach described, the team developed the FAA Cloud Computing Strategy. The next paragraphs describe benefits, risks, vision, goals, and implementation approach captured by the team in the FAA Cloud Computing Strategy document. It s Never Too Early to Start Get involved today! ATCA s Young Aviation Professionals knowledge. exposure. relationships. www.atca.org/youngprofessionals www.atca.org Winter 2012 The Journal of Air Traffic Control 17

The FAA s Cloud Computing vision is to: Identify and migrate suitable IT services to a cloud computing environment to reduce costs and increase IT provisioning speed, while ensuring that FAA Air Traffic Control and Management systems maintain their current high levels of safety, security, reliability, and performance. The FAA s strategy on cloud computing establishes five foundational Agency goals to enable the vision and capture potential benefits: Goal 1: Adopt an FAA-wide approach to cloud computing. Define and adopt a comprehensive approach to identify, evaluate, select, migrate, and operate cloud services Goal 2: Define and develop an FAA Cloud Computing Architecture and integrate it into the FAA s Enterprise Architecture (EA). The FAA EA will be expanded to incorporate cloud computing architectural elements as required Goal 3: Develop a cloud computing program implementation strategy. The FAA will ensure that all relevant processes and policies support cloud computing program adoption as required Goal 4: Increase the efficiency of current and future IT investments. Ensure that potential benefits are captured and measured throughout the FAA lifecycle Goal 5: Manage technical and management risks and support FAA transition to cloud services The FAA s cloud computing vision and goals are illustrated in Figure 3. The team also identified key success factors for the implementation of the strategy, shown in Table 1. Table 1. Key Success Factors FAA-wide scope, owned, driven and supported by senior FAA executives; an FAA-wide perspective to take advantage of economies of scale, avoid the creation of IT silos Implementation that has measurable value, is practical, and demonstrates value and benefits including cost efficiency early in the cloud adoption and migration process Incremental implementation to manage risk Collaboration across FAA organizations and programs. The adoption of cloud services has the potential to impact all elements of the FAA organization including those with responsibility in systems engineering, the AMS life cycle, enterprise architecture, information security, software development, and program management Figure 3. Identify and migrate suitable IT services to a cloud computing environment while ensuring Air Traffic Communication (ATC) and Air Traffic Management (ATM) systems maintain their current high levels of safety, security, and performance. FAA Cloud Computing Vision Cloud Computing Approach 1 2 Select, Evaluate, Manage Services Program Implementation Strategy 3 4 AMS Lifecycle, Governance, Processes, Policies 5 Require Enable Cloud Computing Architecture Integrate into EA: Target Architecture, Roadmap, Technology, Standards Increase IT Investments Efficiency Cloud Value, Cost: Evaluate, Optimize, Measure Manage Risks, Support Cloud Transition Technical Risks: Security, Network Performance and Capacity Management Risks: Change Resistance, Organizational Readiness (Communications, Training) Federal and Internal Compliance (OMB, NIST, FedRAMP, FAA, etc.) 18 The Journal of Air Traffic Control Winter 2012 Volume 55 No. 1

Figure 4. Cloud Computing Suitability Tool and interaction with stakeholders Interview Senior Management Organization s Drivers Organization s Structure Interview Lower Levels Lower Level Mission Lower Level Values Model Inputs Influences Rating Removes Lower levels that shouldn t go to cloud Run Model Verify Model Results Present Results to Customer Lessons Learned Developing the FAA s cloud computing strategy leads us to several recommendations for others who may face a similar challenge: Focus the strategy on the mission and goals of the organization. Measure the impact of benefits and risks to support and enable organization s mission and goals. Any technology adoption is probably not worth it if it presents a disproportionate level of risk to the organization Define the purpose, scope, and audience of the strategy early on. It will drive the content and requisite level of technical and management detail. Use a holistic and comprehensive approach that is open to all parts of the organization. Set realistic expectations. Despite the hype and compelling potential opportunities, cloud computing is still evolving and maturing there are critical risks to evaluate and analyze. Look beyond the obvious cost benefits for impacts to the organization, as a whole. Initial benefits on cloud computing are focused on cost savings, rapid provisioning of IT services, flexibility, and scalability, but there are also additional potential benefits that can support and enable interconnected operations, information sharing, data analytics, mobile and wireless technologies, and more. Cloud Computing Assessment Tool To determine the suitability of a program, system or component for a cloud environment, the team developed a Cloud Computing Suitability Tool to produce a quantifiable deter- www.atca.org Winter 2012 The Journal of Air Traffic Control 19

Figure 5. Comprehensive analysis across programs and organizations (horizontal), and across environments and components (vertical) Program/Organization N Program/Organization 2 Program/Organization 1 Operational Environment Testing Environment Development Environment Training Environment Comprehensive Analysis and Assessment NAS Cloud Computing Implementation Recommendations mination of cloud computing readiness based on a number of weighted factors. The tool is designed to be part of an interactive process with the stakeholders to identify the systems, components or environments that would benefit moving to a cloud computing environment. Interviews with senior leaders and managers will provide the strategic context to calibrate the tool s ratings and define scope based on potential risks and impacts to Agency mission and goals. For instance, a system may be excluded if senior leaders or managers determine that cloud adoption represents too much risk to the Agency or it does not comply with existing rules and regulations. Interviews with individual programs and organizations will perform a more granular level assessment including individual systems, components and environments as required. A cloud computing solution, for example, might not be suitable in its entirety for an organization unit or program but might be suitable for its sub-systems, components or smaller environments. In summary, the tool is not intended to provide a binary yes or no cloud determination. Instead, it supports the overarching risk-based process to determine cloud technology adoption. Next Steps With the recent approval of the FAA Cloud Computing Strategy by FAA senior leadership, the FAA is now in the process of executing the strategy. The team has started conducting a cloud computing assessment across the NAS to identify opportunities for the application of cloud computing. The assessment of the NAS is taking place with both a horizontal (across programs and organizations) and vertical (across IT environments and components) comprehensive assessment of opportunities across the Agency including infrastructure, platform, and software services. Programs are being assessed for cloud computing application at each stage of the FAA acquisition life cycle. This approach is illustrated in Figure 5. The team is developing a concept of operations document to describe the proposed target state and relevant requirement elements to enable the target state incorporating cloud technologies in the NAS. Additionally, the team recognizes the importance of education and they will facilitate communication and knowledge-sharing sessions to ensure cloud computing benefits and opportunities are understood by all NAS program managers and stakeholders. The FAA Cloud Computing Strategy can be found under Cloud Computing in the Documents section of the SWIM Website at http://www.faa.gov/nextgen/swim Reference 1 Co-authorship by an FAA employee does not imply an endorsement direct or implicit by the FAA of the information contained in this article. 20 The Journal of Air Traffic Control Winter 2012 Volume 55 No. 1