DISA maps out milCloud 2.0

DISA maps out milCloud 2.0

Building upon the success of milCloud, the on-premise cloud solution managed and operated by the Defense Information Systems Agency, the Defense Department is making plans for milCloud 2.0.

That second iteration won’t be built or maintained by DOD, according to John Hale, DISA’s cloud portfolio chief.  “We will bring a commercial provider into the [DOD Information Networks, also known as the DODIN] to provide services internally to the Department of Defense,” he said.

Part of cloud’s appeal is its cost saving potential, an immensely important component in the era of sequestration.  “By leveraging cloud capability -- both commercial on-premise and off-premise -- we can bring significant savings to the department, and we can also provide a new, agile functionality to our mission partners going forward,” Hale told the audience at the AFCEA Defensive Cyber Operations Symposium last month.

However, even milCloud 2.0  is not the solution for every program. “There is always going to be the need for traditional hosting in a DOD data center,” he said. Certain workloads, such as nuclear command and control, “just do not fit well in a virtualized or cloud model.”

milCloud 2.0 will also affect mission partners as they’ll be billed based upon consumption of capabilities as opposed to a flat rate they pay each month for milCloud 1.0.  While Hale expects mission partners will welcome the change, he said his job is to help partners find them the best solutions for their needs. “It may be off-premise commercial cloud, it may be on-premise commercial cloud, it may be traditional hosting, or it may be a mix, depending on what the particular mission needs are,” he said. 

Cloud technology also offers benefits for the Mission Partner Environment that supports international combat operations, humanitarian and disaster relief work and cooperative security activities. The cloud technology for that environment “is going to have to be commercial based.  We’re not going to be able to do this at, say, a U.S.-only based system,” DOD CIO Terry Halvorsen told Congress in March.

DISA’s plans in the short term include the delivery and enhancement of milCloud 1.0 capabilities to ease mission partner migration. The agency expects to increase automation, develop and deliver cloud access points, revise and evolve DOD's Cloud Computing Security Requirements Guide and provide a clearer path for commercial cloud service providers through the provisional authorizations process. 

Hale said milCloud 2.0 will be delivered in two phases.  Commercial providers will first be brought into DISA data centers to determine a business model for hosting DOD workloads with an on-premise private cloud.  Phase II will include providing capability on classified and unclassified networks.  DISA’s long-term plans include evolving the cloud access points into the Secure Cloud Computing Architecture for securing mission applications on commercial cloud services and continuing to improve DOD’s security posture while simultaneously reducing operating costs.

Halvorsen told lawmakers that he hopes for an almost complete cloud environment in five years with private clouds within segments of DOD, private clouds that are just inside DOD, private clouds comprising DOD and other components of the federal government and hybrid public clouds.    

About the Author

Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.

inside gcn

  • data architecture (Quardia/Shutterstock.com)

    AI adoption: Don't ignore the fundamentals

Reader Comments

Wed, Jun 22, 2016 IT Reformer Washington DC

DISA has struggled for two decades in its attempts to embrace commercial Cloud going back to DII COE, NECC, and other failed variants, costing nearly a half a billion, as well its its reputation across the services. The common threads are; 1) Over reliance on its traditional FFRDC/SETA contractors who are vested in the status quo. 2) Inability or unwillingness to leverage the expertise and insights of non-defense IT communities of practice, SDOs and NGOs that are much more representative of commercial Cloud innovations and best practices. The 2016 NDAA called out the FFRDC's OCI issues providing both oversight and engineering services for the same programs. As they have a controlling function in OSD ATL and DOD CIO, the same contractor by law should be barred from doing system engineering or development. Other failure patterns include Army RedDisk, DI2E, and Navy Tactical Cloud.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group