Web Platform as a Service (PaaS) Web Platform as a Service (PaaS)

A Combat Support Agency

Defense Information Systems Agency

17 August 2011

A Combat Support Agency

DISA Cloud ServicesDISA Cloud ServicesCloud Service ModelsCloud Service Models

Platform Service Definition

Software as a Service (SaaS)

Platform as a Service(PaaS)

Physical infrastructure is abstracted to provide computing, storage, and networking as a service, avoiding the expense and need for dedicated systems

Physical infrastructure is abstracted to provide computing, storage, and networking as a service, avoiding the expense and need for dedicated systems

Application platform or middleware as a service on which custom applications and services can be deployed.

Application platform or middleware as a service on which custom applications and services can be deployed.

End-user application is delivered as a service instead of on-site software installations. Platform and infrastructure are abstracted.

End-user application is delivered as a service instead of on-site software installations. Platform and infrastructure are abstracted.

E-Mail

PaaS (Web)

RACE

Forge.Mil

From NIST: The capability provided by PaaS to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications

Infrastructure as a Service(IaaS)

On-demand self-service On-demand self-service

Broad network access

Broad network access

Resource pooling Resource pooling

Rapid elasticity Rapid elasticity

Measured Service Measured Service

A Combat Support Agency

3

Platform BenefitsPlatform Benefits

• Standardized development, test, and production environments with pre-integrated services allowing developer to focus on business logic– Remove IT infrastructure burden from developers

• Reduce development costs (H/W, S/W, administration)• No lab infrastructure startup issues• Allow developers to focus on application development• No waste of resources due to over provisioning

• Fast and inexpensive path to production • Dynamic resource allocation

– Scale applications when necessary– No waste of resources due to over provisioning

• Shared situational awareness for platform services• Utility-based billing

A Combat Support Agency

4

Air Force Air Force Platform Hosting ModelPlatform Hosting Model

• DISA provides Hardware, Basic and Database infrastructure & support

• ITIL based operations model

• Runtime Environment and Shared Services defined by DISA

• Initial capability includes DISA infrastructure plus adoption of ELS authentication

• Follow-on capability adds jointly confirmed shared services

• Custom hosting for unique applications that leverage IaaS and shared services

• Customer builds and delivers Custom Code for DISA to execute in Runtime Environment

• DISA provides path-to-production lifecycle services

Customer Responsibility

DISA Enhanced Services to Air Force

AF/DISA Shared Responsibility

DISA Standard Services

ERP PlatformWeb Platform CustomHosting

Infrastructure Services (IaaS)-Database Support

-Basic Support-Servers, Storage, Network, Facilities

Shared Services

Security Services (ELS / Direct Access )

Custom Code Delivery

Runtime Environment (.Net/Java)

Program Configuration

Operations Support Services

Data Exposure Services

On-boarding

Operations Model

Customer Unique SolutionRuntime

Environment (ERP App)

Development / Integration / Test Services

SDDP/Governance

A Combat Support Agency

5

PaaS DecompositionPaaS Decomposition

Dev

Infrastructure

Network

Storage

Red Hat Enterprise Linux / Windows 2008

DISA’s Platform as a Service (PaaS)

Customer Facing Services

Service Technologies

Ops

STS

LDAP

Apache

IIS

Oracle

TransformPBAC

Messaging

OWF

MySQL

Sync

Test

Presentation AccessControl

DataStore

DataServices

DevToolkit

DevPlatform

ForgeTools

TestTools

TestPlatform

ForgeTools

ServiceCatalog

ServiceLevel Mgmt

SharedSituationalAwareness

UtilityBilling

PaaS PaaS-STS

JBoss

WebPlatform

.NET

Enterprise Services

Messaging MetadataRegistry

ServiceRegistry

IdAM Monitoring

A Combat Support Agency

6

PaaS ApproachPaaS Approach• Two Platform as a Service (PaaS) Offerings

– General purpose cloud platform model – Secure Token Service (STS) to support Air Force Enterprise Level Security (ELS)

• Elastic, Self-service, Utility Pricing, Rapid Deployment• JBoss Enterprise Application Platform for Java Web Apps / Services

PaaS• DoD adoptable cloud platform• Standard dev / test / production

– Java / .NET

• DoD access controls• Virtual OE• Leverage Enterprise Services

– Registries, Security, Messaging…

• Elastic CPU / Memory resources• Exposure Services

Self-service PortalDevelopment / Integration / Test Environments

Open Source Software + COTS Infrastructure Technologies

PaaS-STS• Required for new AF applications• Standard dev / test / production

• Java / .NET

• Air Force ELS Access Controls

• Physical OE

• Dedicated Metadata Environment

• Elastic CPU / Memory resources

• Exposure Services

Op

era

tion

s /

Sh

are

d S

itua

tion

al A

wa

ren

ess

Rap

id P

ath

to P

rodu

ctio

n

A Combat Support AgencyJava Platform ArchitectureJava Platform Architecture

7

Network

Storage

Physical OE (4 x 6-core sockets, 256GB Mem)

Redhat Enterprise Linux

JBoss Enterprise Application Platform

Azul Zing JRE

JVM (1GB Heap)

CustomerApp

JVM (1GB Heap)

CustomerApp

JVM (1GB Heap)

CustomerApp

JVM (1GB Heap)

CustomerApp

JVM (1GB Heap)

CustomerApp

Maximize PaaS Customers for Resource Efficiencies

Dynamic Elasticity through Memory Insurance Pool 7

A Combat Support Agency

PaaS Path To ProductionPaaS Path To Production

8Rapid, standard, self-service capabilities

– Standardized platform from development through production

– More controlled than commercial for safe, secure cloud services

– Meets DoD standards for secure computing

– Smooth path to production with security validation

– Enterprise Portal will provide access to all services

– Orchestration tools will support more mature cloud services

– Location independent capabilities

Developer Toolkit

Shared Dev / Test Servicesfor Application Development

Test Tools

RuntimeEngine

PlatformInfrastructure

Shared SOA Services

SharedSituationalAwareness

ITILOps Model

SID

Develop Test Execute Operate

Self-ServicePortal

DynamicElasticity

Pa a S

Platform Infrastructure

Self-ServicePortal

Platform Infrastructure

A Combat Support Agency

9

PaaS Feature OverviewPaaS Feature Overview

Industry competitive capabilities with strong security and faster acquisition

A Combat Support Agency

10

Type Accreditation for PaaSType Accreditation for PaaS

Goal: Significantly reduce C&A timeline• Concept grounded on principal of reciprocity between

developed applications and DISA’s platform execution environment

• Accreditation authorities for the PaaS platform (DISA) and the developed web services and applications (Customer) will reciprocate on acceptance of each others accreditation work

• Approach– CSD will develop a DIACAP package for type accreditation of

the PaaS execution environment – The customer’s development, testing and fielding process will

need to ensure rigor for application code (above the line system)

– Acceptance of above the line and below the line IA work will be reciprocal

A Combat Support Agency

11

PaaS RoadmapPaaS Roadmap

Funding Acquired

Java Platform

IIS/ .NET

180 SAMLs / Sec

MDE v1.8

New STS Solution

JBoss Platform

Ozone Widget Framework

WebLogic Platform

Secure Token Services

IdAM

Data Store

Data Services

.Net Web PlatformOracle DB Oracle DB

SID

Web Services Monitoring

Log Monitoring / Reporting

Development Environment

Test Environment

MDE v1.7

Integration Services Environment

1666 SAMLs / Sec

OST / SID

Data Store

Legacy Exposure Services

Data Synchronization

Incident Mgmt Info Sharing

Price Model Complete

Upgrade STS Solution

1 Dec 2011(IOC)

1 Apr 2012(FOC)

1 Sep 2011

Legacy Exposure Services

Self-service Catalog

Service Registry

Auto-provisioning

Thales HSM

SA Dashboards

SA Widgets

JBoss Platform

A Combat Support AgencyHow do we get started?How do we get started?

• Web PaaS will be available 3 Qtr FY12• Contact Air Force CME group to become an early

adopter and take advantage of this service• Email AFCME@disa.mil

12