Server-huggers aren't the only ones wary of the lure of cloud computing. Software vendors also seem reluctant to hitch onto this latest trend.
Earlier this week, Doug Bourgeois, director of the Interior Department's National Business Center, talked about how NBC is ramping up a set of infrastructure services for other agencies to use. He spoke as part of a cloud-computing panel at the Virtualization, Cloud Computing and Green IT Summit, held by the 1105 Government Information Group, publishers of GCN.
The idea is that NBC can offer other agencies such infrastructure at a lower cost and with all the necessary government security compliance already in place, largely because it had already built out much of the infrastructure in the process of delivering its own services. But in the course of ramping up the center's offering, Bourgeois did come across one stumbling block: Software licensing.
NBC plans to offer infrastructure service on a pay-as-you-go basis (at least, initially, in monthly increments). But much of the software needed to supply this infrastructure-as-a-service — server software, databases, and such -- can only be procured via old-fashioned enterprise licenses. This means all the software that NBC might use must be purchased beforehand.
"The traditional enterprise license agreement that software providers want to bring to the table requires the service provider to outlay the money up front for the entire enterprise license, and then you have the ability to provision those licenses as clients accessing your system," Bourgeois said in a subsequent interview with GCN. "That just doesn't work in a cloud model. The service providers are taking all the risk and paying up front" for services that may or may not be actually used.
This is especially problematic, Bourgeois explained, insofar as the projected use of NBC's cloud services, being not only a new service but a new type of service, can vary wildly. And because much of the cost-savings is based on a shared-usage model, charging full price for each copy of a program that might be used, and/or for every customer that might use that program, would cut into the cost-savings that cloud computing could bring about.
Oddly enough, hardware vendors seem to have come to terms with the pay-as-you-go route. For its own cloud services, the Defense Information Systems Agency hammered out an agreement with Hewlett-Packard and Sun Microsystems wherein each company would outfit DISA with fleets of servers within the agency's data centers, but only charge for those servers that were actually used. NBC struck a similar deal with its own vendors.
Yet many software companies seem loathe to offer a similar deal, Bourgeois said, adding that NBC is currently talking with a number vendors to see if any deals can be worked out.
Bourgeois didn't name the vendors he was speaking with, though we queried a few of the biggest enterprise software companies — including Microsoft, Oracle, Red Hat, RightNow Technologies -- to find out if they offer any sort of usage-based licensing, or if they would be willing to do so. Thus far, one company has responded to our recent request: customer relationship management software provider RightNow Technologies (We'll keep you updated with their responses from the other companies).
RightNow currently does not offer usage-based pricing, but is open to the idea, said Kevin Paschuck, the company's vice president of public sector operations. In fact, the company already is in discussion with DISA on establishing a monthly payment based on actual consumption.
"Our typical contract aligns with the industry standard of an annual commitment with the opportunity to tune up or down the licenses at the end of the contract based on amount used," Paschuck said in an e-mail. "However, we are open to monthly usage based contracts."
True, vendors have long padded their bottom lines with the inherent inefficiencies of government IT purchasing — by making small but expensive sales to branch agencies, or by selling more seats on agency-wide enterprise licenses than ever get used. From behind the procurement officer's desk, a bounty of cost-savings can be glimpsed. But to be fair, it is obvious why some software companies may be reluctant to go to a usage-based pricing model. Software sales are what keeps software companies in business. It is a core asset. Duh! You can't return a partially-eaten half smoke to Ben's Chili Bowl and expect an incremental refund of some sort.
As with transparency efforts stifling frank vendor-agency talk, usage-based pricing could ultimately spur some serious fiscal introspection on the part of vendors. And rethinking how a company's primary source revenue would be regenerated under a cloud model is not a task to be undertaken lightly. Add into this muddy mathematics the fact that many software companies, such as Microsoft or RightNow, are ramping up or already have their own software-as-a-cloud offerings, thereby making a government service cloud provider a potential competitor, in addition to being a potential customer. In short, asking for a new type of pricing is a big request.
Still, the current reluctance could problematic for nascent government cloud offerings. "The standard license agreement puts too much risk on the service provider," Bourgeois said.
Posted on Oct 09, 2009 at 7:05 PM1 comments
We all had a chuckle in the newsroom over the Serena Williams poisoned search attack that didn’t work. Unsuspecting users searching for news or videos of the Serena Williams meltdown were, in some cases, directed to a malware site that infected users’ computers.
More on this topic from GCN:
Video of Serena Williams' outburst could go viral—literally
But when the site was investigated by Symantec, the malicious file was found to be corrupt and did not run. A lucky break for those who went to the site, but as our security ace Bill Jackson put it, “you can’t always count on incompetent hackers to protect your computer.”
But apparently, you can pretty much count on unsuspecting users to damage a computer. Here are some news reports on recent attacks that relied on social engineering to trick users into trouble. (Not to worry: we’re sending you to the news reports, not the malicious links.)
Darkreading.com picked up word that the recently deceased actor Patrick Swayze (star of Dirty Dancing) may also be suspect of poisoned search attacks.
And right on the heels came a similar attack on people searching for information on the California wildfires and the September 11 anniversary.
It’s not just fringe sites that are hosts to viruses. Recently NYTimes readers got ambushed by fake ads for antivirus software.
Meanwhile, on Facebook, users were alerted to the need for a “removal kit” to clean up an embedded virus on a Facebook application. Turns out the removal kit is the malfarious culprit, according to Computerworld.
Makes you wonder what it takes to get a geek to bite on a viral hook. Any other lines floating around out there?
Posted on Sep 15, 2009 at 7:05 PM1 comments
Over the past decade, the Defense Department, and federal agencies in general, have embraced the idea of using commercial-off-the-shelf (COTS) software whenever possible. Why build when it's less expensive to buy? Why reinvent the wheel?
But the DOD is undertaking a number of initiatives that seem to be questioning this assumption.
Defense Information Systems Agency, for instance, has just released as open source a suite of applications built in-house, many of which had no commercial equivalents, noted Richard Nelson, DISA's chief of personnel systems support branch at the Manpower, Personnel and Security Directorate.
Nelson spoke earlier this month in a presentation in Washington in which he introduced this collection of 50 DISA-built office applications called the Open Source Corporate Management System (OSCMIS). The agency is releasing these apps in hopes that other agencies will reuse and modify them.
DISA had to build these applications for a number of reasons, Nelson noted. In some cases, no commercial applications existed in the marketplace that could do the tasks needed. In other cases, software was available, though it was too expensive. Or the software did something similar to what DISA needed, but the agency would need to modify its processes to meet the workflow of the software. Or, lastly, commercial software providers or software-development-focused contractors told DISA that the software the agency sought just couldn’t be built at all, Nelson said.
"That happened twice, with major products," Nelson said of the last case. "So we built them anyway."
By releasing the OSCMIS as open source, DISA hopes to take advantage of many of the same benefits that COTS software enjoys — especially how the cost of development can be spread out among all those users willing to make modifications to the programs to suit their own needs. In March, DISA awarded the Open Source Software Institute (OSSI) a cooperative research and development agreement to help release OSCMIS for broader use. OSSI holds the copyright and offers OSCMIS under version 3 of the Open Source License.
One such tool in the suite is the Flash-based Personnel Dashboard, which summarizes how DISA deploys its workforce. The software shows how many personnel each office has, their gender and ages, as well as each person's qualifications. Users can drill down to find details on the qualifications of each employee. As the employee's certifications come close to expiration, the software generates e-mail messages that are sent to the person and that person's supervisor. Unlike commercial human-resources software, this program takes into account the agency's manpower allotments and doesn’t have an equivalent in the private sector.
Another application in the suite summarizes the acquisition workforce. The software tallies the exact number of qualified project managers, contracting officer representatives and other pertinent personnel with in each office and across the agency as a whole. "The acquisition vendors told us this could not be built. The acquisition community told us it could not be built," Nelson said.
DISA's Balanced Scorecard is another application in the package that has no commercial counterpart. The program shows DISA directors how the agency is hitting each of its strategic measures and initiatives. Originally, this program the agency had put out a request for proposal to have this software developed by an outside party. One vendor responded that it would undertake the project for $750,000 and that it would take a year of development time, but could offer no guarantee that the application would be completed. Two members of Nelson's team built a prototype of the software in six weeks, Nelson said.
In yet another case, commercial software was available, but couldn't do everything that DISA needed the software to do. DISA already had built several pieces of its Learning Management System, when DISA had found the money for a commercial application. The agency picked one of the five commercial products that the Office of Personal Management recommends for the task, for about $1 million. The commercial product, however, didn’t do many of the tasks that DISA's own software did, so the agency went back to finishing its own LMS system.
The LMS handles all aspects of management personnel training. One component, the Online Training System, has a course catalog with all the programs that DISA offers. Users can select by title or category. It shows the times the courses are being offered as well as how full each class is. Once a person selects a class, the person's supervisor automatically gets an approval request. "It's an automatic workflow system, nothing ever gets lost," Nelson said.
DISA is not alone in looking outside the COTS/government-off-the-shelf world of software procurement. At the O’Reilly/TechWeb Gov 2.0 conference, held last week in Washington, Army chief information officer Lt. Gen. Jeff Sorenson announced that it would be running a new competition called Apps for the Army that would look to volunteer warfighters to put together new tools that the service could use. DISA's Forge.mil would serve as the development center for the contest.
This contest was inspired by the ad-hoc development that has already taken place in the field, Sorenson said. In many cases, personnel have modified existing systems to better meet their needs. "We have given these systems that we have developed to the warfighters, and now they are using them in ways we never though about," he said.
The contest would be based off of an earlier effort conducted by the District of Columbia, called Apps for Democracy, as well as a contest conducted by the Sunlight Foundation for federal applications, called Apps for America.
Gen. Nicholas Justice, Program Executive Officer, Command, Control and Communications-Tactical, Army, added at the Gov 2.0 conference that the key to greater internal development of capabilities is to identify those points of the infrastructure that can be expanded by the end-users.
One such project along these lines is the Tactical Ground Reporting System (TIGR), being developed by the Defense Advanced Research Projects Agency. TIGR uses online maps and wiki software to allow ground troops to collect and share information among each other.
“If I can get my soldiers, noncommissioned officers and warrant officers to create new applications that solve problems for me, then I'm not having to go into the Pentagon to fight the budget battle to get more money, and I can deliver more capabilities to the warfighter," Justice said.
Posted on Sep 14, 2009 at 7:05 PM0 comments