You are here: Home » Cloud computing » US govt RFI lays out vision for cloud sector

US govt RFI lays out vision for cloud sector

Tony Chan | May 15, 2009 | 1 Comment

The actual Request for Information document from the US Federal government for providers of “Infrastructure as a Service” is now available online. Courtesy of this post by Enomaly’s Reuven Cohen – one of the people behind the Open Cloud Manifesto, you can now download the Word document here.

While Cohen’s focuses in understandably on Question 5 of the RFI, which concerns interoperability and portability of applications between cloud services, the document lays out its vision of what a cloud is, as well as expectations of what it needs to be if it wants to service a large organization like the US government.

As such, cloud providers should take a close look at the document as it shows some of the assumptions, and probably some misconceptions, that the US government, represented by the issuer of the RFI, the GSA Office of the Chief Information Officer (OCIO), in concert with the IT Infrastructure Line of Business (ITI LoB), have on cloud computing.

According to the document, cloud computing is defined as “a pay-per-use model for enabling available, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”

It assumes that clouds are on-demand self-services providing ubiquitous network access for different categories of devices (mobile phones, laptops and PDAs), which is pretty consistent with industry practices today.

But it also assumes location independent resource pooling, another common model in today’s cloud offerings, which is described by the authors of the document as “the customer generally has no control or knowledge over the exact location of the provided resources.” Now, how would the US government feel if it had no idea where their data is stored?

Another assumption is rapid elasticity, described as “to the consumer, the capabilities available for rent often appear to be infinite and can be purchased in any quantity at any time.” While cloud providers might project this capability, there are often limits to resources – as discussed in our discussion with Rackspace’s CTO John Engates.

Lastly, it also describes clouds as pay per use, which is available in most cases, but is often the most expensive option in cloud subscriptions – as a recent McKinsey report found.

When you get into the actual RFI questions, there are further areas that should raise some eyebrows in the cloud computing space.

SLA
One of the topics in the first question is SLAs, including descriptions on past performance. As McKinsey points out, clouds SLA currently do not match the five/six 9s that is offered in dedicated data centre environments. And yes, some have even failed – and for hours and even days at a time.

In question two, the RFI goes on to ask for details on redundancy, including both computing resources in the cloud and network bandwidth. “What is your mitigation strategy in case of potential network outages, bandwidth shortages, or spikes in service demand?” the RFI asked. As far as I understand current cloud services, there is very little provision for backing up services. Clouds are centralized pool of resources – essentially a very big data centre with software for dynamic provisioning – it is the quintessential “single-point-of-failure” if there ever was one.

Fortunately, this is changing, with clouds now being deployed over multiple facilities, and platforms such as Windows Azure now supporting something called geolocation – the ability for cloud subscribers to select between different facilities on the same cloud.

SECURITY?
All these questions indicate that the US government is at least investigating the possibility of adopting public cloud services – as many of these issues would not arise under a private, dedicated cloud scenario.

Obviously, one of the top issues is security. In this area, the RFI is asking cloud providers to “guarantee that data will remain within the continental US” and show how they do it, along with the usual range of security mechanisms for preventing unauthorized access, intrusion detection and prevention, user authentication and so on.

Another interesting tidbit from the RFI is support for IPv6, which presumably it is looking for.

Getting back to Cohen’s original post, interoperability is also given a prominent place in the RFI. Among the topics in this question is the ability to go ‘cloud-to-cloud’, multi-cloud deployment scenarios, as well as asking for an explanation of application portability, i.e. exit strategy for applications. The document also asks respondents to describe “how do you prevent vendor lock in.” While, these area covers many of the topics discussed in the Open Cloud Manifesto, finding a systematic solution in the market is another story. There are solutions out there for porting between clouds, but an industry-wide standard for such practices is still some ways in the future.

CLOUD CHALLENGE
All this should be ample food for thought for cloud providers. Based on the assumptions and questions from the document, it is clear that the cloud industry has a lot to do in order to live up to the expectations of the RFI.

So what happens now? Either the US government will realize that cloud computing as described in its assumption just might not work on a government level and that it might have to built its own private cloud infrastructure – perhaps like Japan’s Kasumigaseki Cloud initiative. Or, the cloud computing sector will step up to the plate and align their service quality, deployment model and pricing to match what could presumably be the biggest cloud user in the world.

Either way, the US government is providing a clear vision of where clouds need to be if they want to make it to the big leagues of enterprise computing.