Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
Air Force turning to a service-oriented approach for IT applications
Friday - 12/13/2013, 4:45am EST
As part of the service's consolidation and centralization of IT governance under the authority of its chief information officer, the Air Force is instead implementing a service-oriented model for IT infrastructure that the entire Air Force will use.
The Air Force is trying to abandon an era during which systems and networks tended to grow up according to their own rules, each with their own models for security, operations and sustainment.
The service busily has been building a common baseline of technology standards for all systems to use as it gradually moves toward a DoDwide IT architecture, the future Joint Information Environment.
The next step is to implement a model for individual applications to use that common, commodity-based infrastructure. The Air Force calls it the Service Development and Delivery Process (SDDP), which it has been developing for the past three years as a way to bring new capabilities online more quickly and at lower cost.
To help implement the process, the Air Force created a new managed services office (MSO), which will design and operate the infrastructure so that program managers don't have to.
"The MSO will vet infrastructure service providers against those established baseline requirements, and working as part of an integrated program office team, it will deliver the capacity, storage, platform and other common services to support application development, integration and production," said Brig. Gen. Kimberly Crider, the mobilization assistant in the Air Force CIO's office. "We are looking for capabilities to be developed and delivered as a service. Mission application owners will plan and program for the infrastructure that they need, and they will pay for the services that they use."
Six step process
In the SDDP model, officials in the Air Force's various mission areas will have to think ahead about how they'll integrate their applications into the security and other common services the Air Force will offer before they start building an IT solution, Crider told an audience at AFCEA Northern Virginia's annual Air Force IT Day Wednesday in Vienna, Va.
But she said it also will force them to think about whether they need to build something new in the first place, or whether they can leverage or reuse capabilities the Air Force already owns and operates elsewhere in the enterprise.
"It's a six-step process, and it starts with functional mission owners asking themselves, 'What am I trying to do? What's the problem I'm trying to solve in my functional community?'" she said. "It forces the functional community, before they start zeroing in on a particular IT solution, to stop for a minute and think about what problem they're trying to solve, and what the doctrine, training, organizational and other institutional issues are implicated in solving that problem. But if they get to the point where they decide they need a new IT solution, they've now got to have a good set of bounded user requirements about what this functional capability needs to do. That gets to a common problem. We've got to have good requirements."
From there, Crider said, SDDP will have enforcement mechanisms that make sure new applications can effectively interoperate in the shared environment before they're allowed to tap into the new infrastructure.
"We have to make sure that the application coming in won't perturb the operational baseline, and as that application performs its mission, the infrastructure environment will support it though other integrated apps and it can get to all the data that it needs," she said. "What a concept: We can think through all of that up front, and build that out in a coordinated effort across development, test and production. That's what SDDP is in a nutshell."
As a practical and operational matter, the Air Force can't eliminate the tens of thousands of older applications that don't conform with its new common technology baseline. So, many of those legacy technologies will stay in place while the Air Force moves to a more standards-based IT ecosystem.
Commercial cloud a possibility
Crider said she believes the owners of those applications will have a strong incentive to at least begin modifying them so they can take advantage of the shared infrastructure.
"Many of them will remain in their current state," she said. "But many of them, working with their program executive offices, will look at the business case for migrating those applications into the commoditized, centrally-provided infrastructure environment. Because once they get there, their process for updates and releases should be much more streamlined, they'll be able to inherit information assurance controls from the enterprise, and they'll be able to more rapidly control functional capability, and they'll be able to achieve their missions at a higher level of effectiveness at a much lower overall cost. It's about new, it's about legacy, and it's about bringing everybody to a common destination."
The Air Force, however, does not intend for all of its future IT infrastructure to be government owned-and-operated.
Lt. Gen. Michael Basla, the Air Force CIO, said some applications will be better served by commercially-hosted cloud environments. He said his service hopes to have a way for Air Force officials to easily purchase cloud services that meet DoD security standards very soon.
"We're going to have an organic capability, probably through (the Defense Information Systems Agency)," he said. "I'm going to tell our functionals, 'Don't build your own infrastructure. That's where you deploy to.'"