DoD Cloud Computing: Commercial Cloud Service Provider (CSP

DoD Cloud Computing:
Commercial Cloud Service Provider
(CSP) Integration Models
Request For Information (RFI)
1 October 2014
Prepared for:
Chief Technology Officer
Defense Information Systems Agency
Defense Information Systems Agency’s (DISA) Cloud Service Provider (CSP)
Request for Information (RFI)
Notice Type: Sources Sought
Response Date: November 3, 2014
Classification Code: Information technology services, including telecommunications services
NAICS Code: 541712, 541512
Purpose: DISA is assessing the marketplace’s ability to provide cloud ecosystems and services
in two integration models that place vendor cloud services on DoD networks for use by the DoD
community and mission partners. This RFI gathers information on the viability of these two
models to support preparation and planning for a possible RFP.
Background: DISA is exploring several possible ways to integrate commercial cloud services
with DoD networks, each with its own planning, technical, and contracting considerations. Each
method has different levels of Government and vendor responsibility, technical interface
points, and subsequent project planning, though logically they may all be considered by the
NIST definition as implementing a “private” cloud deployment , with the single tenant being the
DoD community and mission partners. The RFI focuses on two models for providing
contemporary commercial cloud ecosystem services to the Department.
The first model, entitled the Data Center Leasing Model (DCLM), allows the vendor to lease
rack space or floor space in DoD data centers and place their software and hardware on the
DoD premise. The model enables a select number of market-leading cloud ecosystem vendors
to be allocated discrete floor/rack space inside DoD facilities (e.g., DoD Core Data Centers
(CDCs)) After sufficient security scrutiny and accreditation, the vendors reside inside the CDC
and offer contemporary cloud ecosystem services to the DoD community
In the second model, the On-Premise Container Model (OPCM), integration with the vendor
occurs at a shipping container boundary. The container is brought to a DoD premise, where it
resides under the physical protections of the local facility. Many of the considerations in this
model are analogous to the data center model (e.g., power, cooling), though the containerized
IT resources provide an inherent physical boundary and most likely reside in close proximity to
the data center they support, drawing key services, such as redundant power and network
connections, from that data center.
This RFI poses questions in the context of these two models. These models are being
considered as possible alternatives in providing cloud ecosystems and services to the DoD
community.
The prime contractor in all DoD commercial cloud contracts must retain direct operational
configuration and control of the environment; therefore RFI responses should only be from
sources who retain direct operational configuration and control of the environment.
Security: Since the two integration models either reside in, or adjacent to, the DoD data
centers, both models are being considered for Cloud Security Model (CSM)
September 2014
Commercial CSP Integration Models
|1|
(http://iase.disa.mil/cloud_security/Pages/index.aspx)Levels 5 and 6 data and workloads. Both
integration models exist within the network perimeter of the DoD networks, and both models
require compliance with NETOPs and continuous monitoring tool suites. The two models have
the additional feature of being on a DoD premise.
Initial Service Focus: The initial foundational services that are of highest interest in this RFI are
infrastructure services such as:
•
•
•
•
Workload/Virtual Machine (VM) management services – being able to start, stop,
preserve and restore workloads.
Object storage – being able to create, update, read, and delete objects and files.
Block storage – binary level storage to support workloads and VMs.
Other support services – assorted integrated services in the ecosystem that support the
primary services above, such as networking, identity, billing, and resource management
services.
The vendor ecosystem may have services beyond those listed above, but must include core
services to address VM workloads and storage.
Size and Scale: The exact size and scale of the IT infrastructure required is not known at this
time. Consequently, the following table with notional planning values is used for discussion in
the questions below.
Small Configuration
10K VMs
Medium
Configuration
50K VMs
Large Configuration
200K VMs
Disclaimer: The government does not intend to award a contract on the basis of this RFI or
otherwise pay for information received in response to the RFI. This RFI is issued for information
and planning purposes only and does not constitute a solicitation. All information received in
response to the RFI that is marked Proprietary will be handled accordingly. The Government
shall not be liable for or suffer any consequential damages for any proprietary information not
properly identified. Proprietary information will be safeguarded in accordance with the
applicable Government regulations. Responses to the RFI will not be returned nor will the
Government confirm receipt of the RFI response. Whatever information is provided in
response to this RFI will be used to access tradeoffs and alternatives available for determining
how to proceed in the acquisition process. In accordance with FAR 15.201(e), responses to this
RFI are not offers and cannot be accepted by the Government to form a binding contract.
Questions:
For each section below, please only respond to the questions if your firm has an offering
compatible with that particular integration model. You may respond to one, or both of the
integration models. Please answer the general questions in all cases.
1.0 Questions Regarding the Data Center Leasing Model (DCLM)
September 2014
Commercial CSP Integration Models
|2|
1.1 Does your firm have a cloud ecosystem or cloud services that will work effectively in
this model (e.g., hardware and software loaded into racks in DoD data centers)? If yes,
please summarize the cloud ecosystem or services and how they could be offered in this
model and answer the remaining questions in this section. A notional rack/floor space
layout plan may be provided.
1.2 Would your firm respond to an RFP structured to use this model?
1.3 Would your firm prefer to provide its own hardware racks for the solution in the DoD
facility, or should the government provide the racks? Does your solution require nonstandard racks?
1.4 For planning purposes the government needs to understand the space requirements of
your solution. At a given DoD data center how much rack/floor space would your solution
require to run effectively for the size configurations listed above?
1.5 For planning purposes the government needs to understand the power requirements of
your cloud solution. This will determine any special electrical requirements for the DoD
facility. Please define the power draw required for your solution for the size configurations
listed above. If you propose to provide the equipment racks for the ecosystem, please
describe any physical electrical interfaces for those racks.
1.6 For planning purposes the government needs to understand the cooling requirements
of your solution. Please define the heat generated/handled per rack (this will determine
the cooling solutions that are appropriate – e.g., ambient air, water cooled etc.) Are there
any unusual cooling requirements driven by the hardware density of your solution? Does
your solution require cooling beyond ambient air solutions?
1.7 Please define the preferred integration to heat monitoring status applications. (e.g.,
Will the vendor equipment integrate to the real-time status monitoring for heat in the
facility?)
1.8 What is the preferred method of network integration for your solution? Does your
solution provide a single point of network integration? Please explain your preferred
approach.
1.9 Please describe how often your firm would typically update their cloud services
software, and the nature of these updates. (e.g., bug fixes, new services etc.)
1.10 Please describe how often your firm would typically need access to the facility floor
space for maintenance, equipment repair, and refresh. How often would hardware updates
be expected? What rate of hardware failure replacements should be expected? Please
describe the number of personnel who would be performing this task.
1.11 Please describe the differences in your solution for CSM Level 5 and Level 6 workloads.
For example, please describe differences in proposed hardware, floor space requirements,
and power/cooling requirements.
2.0 Questions Regarding the On-Premise Container Model (OPCM)
September 2014
Commercial CSP Integration Models
|3|
2.1 Does your firm have a cloud ecosystem or cloud services that will work effectively in this
model (e.g., provided in your containers, placed adjacent to DoD data centers)? If yes,
please summarize the cloud ecosystem or services and how they could be offered in this
model and answer the remaining questions in this section. A notional container layout plan
may be provided.
2.2 Would your firm respond to an RFP structured to use this model?
2.3 For planning purposes the government needs to understand the space requirements of
your solution. At a given DoD data center how much space would your containerized
solution require to run effectively for the size configurations listed above? How many
containers would be used and what are their dimensions? What facility services are
required for your containerized solution? What is the preferred underlayment for your
container? Do containers stack? If so, how many containers can be stacked?
2.4 What is the preferred environment for the container? Can they be placed outside,
exposed to the weather, or do they require a roofed facility? Are there any other physical
or environmental requirements for the containers? Do you have different containers for
different climates (i.e. Alaska vs Texas)?
2.5 For planning purposes the government needs to understand the power requirements of
your solution for the size configurations listed above. This will determine any special
electrical requirements for the DoD facility. Please define the power draw required for your
containerized solution. Please describe the physical power connection to the container.
2.6 For planning purposes the government needs to understand the cooling requirements
of your solution for the size configurations listed above. Does your solution provide the
hardware system for cooling your container(s)? If so, what are the key government facility
requirements for supporting your cooling solution, such as space and power requirements
for the cooling system. If not, please define the government facility support required to
cool your containers.
2.7 Please define the preferred integration to heat monitoring status applications. (e.g.,
Will the vendor equipment integrate to the real-time status monitoring for heat in the
facility?
2.8 What is the preferred method of network integration for your containerized solution?
Does your solution provide a single point of network integration? What does the
government need to provide? Please explain your preferred approach.
2.9 Please describe how often your firm would typically update their cloud services
software, and the nature of these updates (e.g., bug fixes, new services etc.)
2.10 Please describe how often your firm would typically need access to the container for
maintenance, equipment repair, and refresh. How often would hardware updates be
expected? What rate of hardware failure replacements should be expected? Please
describe the number of personnel who would be performing this task.
2.11 The physical container will be an extension of the data center floor, which is a
protected space. Please describe the physical security mechanisms for the container.
September 2014
Commercial CSP Integration Models
|4|
3.0 General Questions
3.1 Please define the required number of physical data center locations that best matches
the design of your solution. For example, some cloud vendors have solutions that are
designed for implementation in 2 or 3 physical locations in order to provide backup,
recovery, and continuity of operations (COOP). Please describe any assumptions or
constraints on the placement of these data centers, such as the distance between them.
3.2 Please describe a preferred pricing structure for your solution. Do not provide pricing
information in this RFI response.
3.3 Please provide any insights on how the Government could best employ the two onpremise models above to offer cloud ecosystems and services to the DoD community. Do
you have lessons learned in working with these models? Or suggestions on best practices
regarding how the models should be structured?
3.4 If you have a preferred on-site model that is not described in this RFI, please describe it.
Please note that other efforts are already exploring off-premise cloud computing use.
Submission Instructions: Responses should include the business name and address; and the
name of company representative and their business title. The responses should follow these
page restrictions: 5 pages maximum of overview material, followed by 15 pages maximum per
integration model, 5 pages maximum for the general questions; for a total maximum of 40
pages.
Responses shall address the requirements and questions posed above in the Question
subsection. Responses to this RFI are due NLT November 3, 2014, at 5:00 PM Eastern Daylight
Time (EDT). Send responses directly to the Contracting Officer, Mr. Scott Stewart, at
[email protected]. Technical questions should be directed to Ms. Ruth Shearer at
[email protected] or telephone (301) 225-9490. Proprietary information and trade
secrets, if any, must be clearly marked on all materials. All information received that is marked
“Proprietary” will be handled accordingly. Be advised that all submissions become Government
property and will not be returned. All personnel reviewing responses will have signed nondisclosure agreements and understand their responsibility for proper use and protection from
unauthorized disclosure of proprietary information as described 41 USC 423. The Government
is not liable for any damages incurred if proprietary information is not properly identified. The
government is not requesting proposals with this document, nor will the government pay for
any preparation costs in connection with this RFI.
Contracting Office Address: Defense Information Systems Agency (DISA), Acquisition
Directorate, DITCO-Scott, 2300 East Drive Bldg 3600, Scott AFB, IL, 62225-5406
September 2014
Commercial CSP Integration Models
|5|

Download Report