Forge.mil, a Defense Information Systems Agency-managed application, became the first Department of Defense application with a production environment hosted in the milCloud 2.0 infrastructure-as-a-service offering Dec. 20.
The lifecycle application tool is one of 53 agency-owned applications DISA is in the process of migrating to milCloud 2.0 as part of the DoD Chief Information Officer’s (CIO) mandate to reduce the department's data center footprint and streamline cybersecurity infrastructure.
The agency is taking a “DISA first” approach to the migrations, with the intention of streamlining the processes and sharing lessons learned with other organizations.
“We have lots of lessons learned, which we are sharing with the ‘fourth estate’ and we’re working closely with the DoD CIO to do that,” said Caroline Bean, milCloud 2.0 program manager. DoD’s ‘fourth estate’ is comprised of the headquarters, agencies, and activities that do not fall under the military departments.
Bean said there are more than 1,100 workloads in milCloud 2.0; most of them are in various stages of building and testing.
Forge.mil Program Manager Pascale Francis said overall, the migration process was “straightforward,” but acknowledged there was an opportunity to share lessons learned.
“We’ve been trailblazing a lot of this effort, and as a consequence, we’ve had to sort of do some of these steps over again, but we’re using our team’s experience to help DISA nail down the most efficient way to do a lot of this,” she said.
Virtualized applications versus application rationalization
Forge.mil migrated from DISA’s milCloud 1.0 service, the hosting service the application has used for its production environment since 2016.
MilCloud 1.0 applications have been easier to migrate into milCloud 2.0 because they are already virtualized, said Bean.
“Forge didn’t have to go through a lot of application rationalization because we are already in milCloud 1.0,” said Forge.mil Lead Engineer Dr. Benjamin Willett. “We did a machine ‘lift and shift,’ a direct copy from one to the other.”
Willett said the virtual machine copy and build-out for Forge.mil took two weeks.
“Applications that haven’t been virtualized will have a harder time moving into milCloud 2.0. There may be more engineering work that needs be done to make that happen,” Bean said.
A pioneering effort
Forge.mil is not only the first application with a production environment in milCloud 2.0, it is the first to use the DISA-provided cloud-security service provider (CSSP) solution and the first to go through the accreditation process. While the full migration process for Forge.mil took about six months from accreditation to migration, the milCloud 2.0 program office will apply the lessons learned from this pioneering effort to make the process more efficient for future applications.
“We’re using DISA’s CSSP, specifically the Virtual Data Security Stack (VDSS) component, because it enables us to maintain the same level of cybersecurity we had in the DISA Computing Center and milCloud 1.0+. Because Forge.mil is Cloud Impact Level 5, and because we need to ensure the security posture of our platform for our users, VDSS was the obvious choice,” said Willett.
He stressed the importance of having the right players in the discussion.
“The technical exchange meetings are pivotal. They are where all the magic happens and all the information gets exchanged. You should have everybody at that meeting … All the way from the senior program manager through cybersecurity, all the way down to the system administrators on the data center floor,” he said.
“The migration and accreditation processes for those coming after Forge.mil should be shorter,” said Bean. “We know a lot more and we’re a lot smarter than when we first started.”
The milCloud 2.0 Program Management Office is working to improve the migration timeline by providing automated tools for application migration in the milCloud 2.0 environment and working with the DISA authorizing official to streamline accreditation process.
Bean said the milCloud 2.0 program office has received “mostly positive feedback” regarding the service’s utility billing, and resulting cost savings, from those who are building and testing in the environment.
“At the end of the day, this is about the warfighter,” she said.
The way ahead
The milCloud 2.0 Program Management Office continues to press forward with migrating DISA applications and cloud-ready fourth estate applications, documenting lessons learned and improving processes along the way.
A DoD CIO and DISA team conducted application and system assessments for 18 fourth estate agencies, and identified those that would achieve efficiencies by migrating to an enterprise-level hosting environment. A DoD CIO directive issued Nov. 20 requires those application/system owners to develop and submit a detailed migration plan to the DoD CIO and DISA by Jan. 18.
Per the directive, all migrations and application/system decommissioning must be complete by Dec. 31, 2020.
“DISA is here to assist,” said Bean. “We are providing dedicated migration and engineering support to help with the move to milCloud 2.0. We’re doing everything we can to make it as seamless and easy as possible for all of the application owners to move and really take advantage of the environment we’ve put in place.”