Tim Rudolph, CTO, Air Force Life Cycle Management Center. ()
Tim Rudolph is the chief architect/chief technology officer for the Air Force Life Cycle Management Center, Hanscom Air Force Base, Mass. In addition, he is the chief architect and CTO for Program Executive Office C3I & Networks, and the Secretary of the Air Force-appointed Department of Defense Next Generation Air Transportation System chief architect. He spoke with C4ISR & Networks Editor Barry Rosenberg about cloud computing, a new business model for IT operations and collaboration with DISA.
(Editorís note: Rudolph will be the guest speaker at an AFCEA NOVA luncheon on Jan. 17, at 11:30 a.m. at the Sheraton Premiere at Tysons Corner, Va.)
What will you be talking about at your AFCEA NOVA luncheon address?
RUDOLPH: How the Air Force and the DoD as a whole can better leverage cloud technology to reduce IT costs. A lot of us, including CTOs in particular, think of IT as the end game. In reality, it is not. It is just an enabler for the warfighter. We owe it to both the warfighter and the taxpayer to have systems with the minimal cost, and which are most useful, efficient and effective in terms of life cycle, timing and getting information directly to the operator.
How do you view cloud computing as a way to accomplish your goals in cost reduction, collaboration, etc.?
RUDOLPH: There has been somewhat of a convergence with the greater department looking at the joint information environment, the taxpayer benefit and the Air Force ability to resource IT from a shared resource perspective, looking back at delivery and support capabilities versus support systems and applications.
To the extent that we can do consolidation and to the extent that we can move new application development to shared and commoditized infrastructure, we will be able to better support the resources put into applications for the warfighter by reducing unique infrastructure for every application. We will also increase the ability to certify and accredit because we will be type-accrediting infrastructure. We will be able to get a better economy of scale, and probably most importantly we will be able to do IT with IT people, to the extent that the Air Force is not formally in the [business of] managing clouds. We are looking at managed services.
The Air Force and the greater military do not need a core competency in cloud computing.
RUDOLPH: Correct. If we look at the advantages of them as a service, whether that is infrastructure as a service, platform as a service, even looking forward to software as a service, there is a definite benefit not only to the color and type of money we use to resource those capabilities, but in many ways we are finding the efficiencies and the ability to use elasticity so we are not over-provisioning, which historically we have done. We are not building future legacy data centers; we are actually leveraging the capacity of the broad industrial base.
And weíre able to do that in a way that not only makes it easier for our application developers to rapidly turn applications, but also in a way that fundamentally is more secure. When you look at the financial marketplace from an IT perspective, for example, capabilities requiring security and performance are not necessarily only defense centric. The economy and our national defense run on the back of IT in terms of traditional perspective of command, control, communications, intelligence and battle management.
What additional security requirements beyond FedRAMP do you expect the military to require for cloud computing?
RUDOLPH: To a large extent, even with our current topology of data centers and networks, having a high degree of security and a large base of operators to make sure that security posture is as strong as possible, it is interesting to see how much commercial IT is looking at the issues but potentially in different ways. For privacy data and other restrictive data, we definitely try to keep it on premise within a secure network.
At the same time, some industrial approaches look at basically scattering data to the extent that it is encrypted and cannot be put back together again, even if you could crack the encryption, because the distribution mechanisms of the cloud really allow wide-spanning distribution across different grids, [while at the same time] keeping that continuity of operations data and the ability to be both resilient and to rapidly reconstitute information to support capabilities.
Air Force IT groups have undergone major reorganization in the last couple years, which has led to the operating under a different business model than they did before. Can you explain that?
RUDOLPH: The PEOs in the Air Force have reorganized to some extent in that there is an infrastructure PEO versus the capability PEOs that will use the infrastructure. The business model is moving from application development with a specific infrastructure to the more common shared infrastructure. The other services are also doing that in different forms across their application portfolios. Particularly here at Hanscom, our business model would include a managed service office that works closely with DISA and looks at the skill sets and the hosting capability of commercial providers to effectively offer back, with a limited number of infrastructure platforms, that service to the users indirectly through the acquisition process to host, consolidate and migrate those applications to common and commoditized infrastructure.
But we are still on that journey. We are still learning best practices of the commercial marketplace. We are learning how to change our culture, which says: ďIf I canít see it and itís not next to me on the computer, and if I canít hear whirring in the background and it is not using utility bills, then it cannot really be true.Ē That isnít unique to the military. That has been a major transition for all users of the cloud. But we are behind the power curve to get there. Actually, the budget situation is forcing us to be smart in this regard by looking at how we can best utilize that commoditized infrastructure as a service, versus building it and maintaining it.
In that regard, I would think that technical issues are taking a back seat.
RUDOLPH: A great deal of the activity is planning. I would have to say as a technology person/engineer type, most of my challenges are not technical. They are business modeling, changing that planning ó strategic and more immediate to certain application migrations ó to leverage this partnership we have with DISA and to plan with very limited resources how to move forward to the new business model. It really cascades down to schedules, cost, performance ó typical acquisition issues.
In addition, the Air Force CIO is taking on some additional responsibilities, more akin to a commercial CIO. That transformation is important as well.
Yes, just recently Air Force leadership said it was giving CIO Lt. Gen. Michael Basla more oversight over the serviceís IT spending. What is the difference between a military CIO and a commercial CIO? What powers and abilities do they each have?
RUDOLPH: The difference is, in our case, the portfolio associated with IT from a policy perspective is clearly in the CIO swim lane, but the resources within that portfolio are not necessarily consolidated under him. Already some of the common buying of IT equipment across the geographic commands and numbered Air Forces has additional scrutiny to optimize the spend associated with that information technology.
However, how we set up the mechanisms for a platform as a service isnít necessarily in his portfolio to manage yet. That is coming, and we do have a very good shared governance process that supports that but it is a work in progress with culture, transition and migration.
You mentioned DISA, and it is clear that the Air Force has moved in the direction of partnering with DISA on developing enterprise capabilities, which isnít something that was necessarily true a year ago. The Air Force was more in the camp of the Navy, which was taking a go-it-alone approach to enterprise, as opposed to the Army, which has embraced DISA enterprise initiatives. Now, the Air Force seems to be more comfortable following DISAís lead. Is that a correct characterization?
RUDOLPH: I think it is a fair characterization. We fall between the Navy approach and the Army approach. I will give credit to the Navy for looking at solutions that are very cost effective and commercially focused. At the same time, I look favorably at the Army because by having that close collaboration, they are often able to help shape what is offered by DISA and where the Joint Information Environment is going.
I think there is also a level of frustration because of the additional controls above and beyond FedRAMP and what the vast majority of the federal government is required to support. We are trying to resolve this through cooperation and collaboration. The DISA cloud broker model is directed by policy through the DoD CIO. How that actually works is not necessarily fully thought out. DISA is a data center and effectively a cloud provider. It brings up an issue: Is a cloud broker going to broker to itself? And, of course, we want it to be as open and cost effective as possible.
You are not the first person to raise that concern.
RUDOLPH: I would not think so. Because we want a level of security and the connections to the Global Information Grid are provided through DISA, we understand how hard it is sometimes, both in cost and in time, to extend that network beyond its current boundaries. There is some thought that says it should be extended for most of the applications we would manage in the cloud. Figuring out what that best balance is is one of the challenges. Again, we are trying to work closely with DISA to not only look at how they can take advantage of the commercial skill sets for IT, but how they can take advantage of the elasticity and hosting for workloads that expand beyond what is in the data centers today.