NATO is venturing into the cloud.
“We believe the cloud is an emerging technology that will help us in the near future, and we’re looking at a number of cloud-related issues,” said Johan Goossens, head of NATO’s Allied Command Transformation Technology & Human Factors Branch. ACT is working with IBM to pilot a private cloud at the Headquarters of the Supreme Allied Commander Transformation in Norfolk, Va.
There are two main goals: to make ACT’s data centers more cost-effective and to increase interoperability and data sharing among its 28 member nations. Goossens said that with dwindling budgets, data center costs are a major concern. He added that the member nations, which have agreed to conduct a study on clouds, all have their own private infrastructures, but “if we can consolidate some of this, we can improve the interoperability between the data centers.”
The pilot installation will take place in January and will last through the second quarter. It will consolidate three data centers located in the United States into the on-premises cloud in Norfolk. The data centers are heterogeneous and contain a host of different systems. That’s one of the reasons ACT is working with IBM on this, because its cloud supports heterogeneous environments.
Goossens said ACT is also considering using off-premises clouds for some applications, but data stored on a public cloud won’t include classified or confidential information. “We [the member nations] have to share information to solve 9/11-type scenarios, but we also have to protect ourselves enough so that WikiLeaks incidents don’t occur,” he pointed out. “It’s a balancing act, and we’re looking at all our options.”
But ACT has to deal with more than technology and security challenges. “We also have policy challenges,” Goossens said. “Our policies would have to change in order for us to outsource to a public cloud. The nations have not yet agreed to use clouds; they’ve just agreed to let us conduct the study. They have supported us in terms of conducting the experiment and then reporting back to them.”
Goossens said the pilot will host ACT internal data, but, once the study concludes, ACT will make recommendations for the next cycle, which is likely to include external data as well.
Another goal of this pilot program is an educational one. Since NATO’s member nations are independent, they typically adopt technologies differently. One of the purposes of the study is to inform the nations about cloud best practices and guide them to be more similar in their technology choices than they have been. “We hope we can guide the nations toward a more homogeneous cloud deployment,” Goossens said.
The pilot has a cost-effectiveness component, and one of the key parts of that involves the ratio of support personnel to the number of servers. The ratio is still very high, according to Goossens, who said the goal is to get it closer to the industry standard in order to bring costs down. He added that the personnel savings are likely to generate the greatest cost savings.
As a way of achieving that goal, ACT’s private cloud will be completely virtualized, using technologies from VMware, Microsoft and the open-source Xen environment—technologies already in use by the member nations. To manage these diverse technologies, “IBM offered to write tools for cloud management in this heterogeneous environment,” Goossens said.
Security is obviously another major issue for ACT. “Given the nature of our organization, information security is always at the top of the [priority] list,” he said, “so we will be looking at the security aspects of cloud technologies quite seriously. We obviously want to avoid a WikiLeak type of issue, but, in the end, I think that was a human problem rather than an electronic problem, so that will be dealt with separately.”
Goossens pointed out that such security problems are not just a concern of government. The private sector, especially in the finance and health care industries, has similar worries. He said that the cloud pilot will look at the policy, training and organizational pieces that play such an important role in security.
“We also will address cultural issues,” he added. “We need to figure out how to educate people better so they use these technologies smarter. We have to adjust our processes so people don’t inadvertently make these mistakes. We have to train them, and we have to have safeguards.
“All these things will be looked at. It isn’t just ‘Let’s get a cloud in a box.’ We think the human aspect is far more challenging than the technology aspect. If we invest in training, we may solve some of these problems. At ACT, training is one of the key components we’re looking at.
“We don’t look at technology as a silver bullet anymore. It has to be used in conjunction with new processes and training. That’s how you benefit from these technologies.”