How the Defense Department's MilCloud 2.0 Effort is Evolving
The number of workloads in milCloud 2.0 doubled despite some defense agencies missing migration deadlines.
Some defense support agencies missed the deadline to complete migrating workloads to the Defense Department’s on-premise, cloud-based infrastructure services offering, according to a Defense Information Systems Agency official.
Per a 2018 memo, Defense agencies and DOD field activities, known as the DAFAs, were required to migrate all workloads to milCloud 2.0 by the end of the fourth quarter of fiscal year 2020. John Hale, DISA’s Cloud Portfolio office chief, told Nextgov in an email some DAFAs were granted extensions from the DOD chief information office to complete migrations and that DISA is continuing to work with these agencies on migration. While DISA declined to provide details regarding why extensions were needed and which components received extensions, Hale said the number of workloads migrating to milCloud 2.0 continues to grow as a suite of changes comes to the platform.
As of Feb. 1, DOD migrated 1,288 virtual servers to the milCloud 2.0 platform across 71 varied entities and programs, Hale said. DISA is currently in “various stages of planning, preparation and migration for over 38 additional DoD entities and programs,” he added.
Even with the missed DAFA deadline, migration moved along in 2020: The number of workloads migrated to milCloud 2.0 doubled last year compared to 2019, Jim Matney, General Dynamics Information Technology vice president and general manager for DISA and enterprise services, told Nextgov in a recent interview. GDIT’s cloud infrastructure supports the milCloud 2.0 platform. MilCloud 1.0 was originally launched by DISA in 2013. CSRA won the milCloud 2.0 Phase 1 contract in 2017; it was subsequently acquired by GDIT.
Moving forward, several updates to milCloud 2.0 could make it a more attractive migration destination for defense agencies, according to Matney and Hale. At the end of January, GDIT finalized an update to its hypervisor, switching to virtualization software from VMware. Matney said part of the reason GDIT moved to VMWare is because that’s what many government customers already use inside their own data centers.
“When we're looking at being able to migrate applications into the cloud, that's huge,” Matney said. “That's a significant benefit that will make it where it's easy for them—they're not having to learn a new environment just to get their application into the cloud.”
Speed is meant to be one of milCloud’s main selling points. Because the contract doesn’t require task orders or contract actions for customers to migrate—just money to pay for the service—customers can begin spinning up servers in milCloud 2.0 in as little as 48 hours, Matney said.
“When you're looking at the speed of it, you're taking an environment that the people are currently operating, sustaining that application today, [if] it's already inside a VMware environment, they're able to essentially move that into a like environment inside of milCloud in a lot simpler fashion and easier fashion than if they were to have to convert it, to actually adapt it to a new or a different virtualization platform,” Matney said.
Over the next two to three months, GDIT will convert the applications that are already hosted in milCloud to the new VMware environment. That effort requires coordination with the customers and some upskilling so that personnel maintaining applications are able to learn the new environment. The conversion also requires testing to ensure applications run properly using VMware.
Another major milCloud 2.0 change came shortly after the VMware shift. On Feb.1, GDIT announced Amazon Web Services capabilities would become available through the milCloud 2.0 contract. This allows customers to “take advantage of the latest technology and innovate more quickly with artificial intelligence, machine learning, cyber sensing, and other emerging capabilities,” according to a press release.
While milCloud 2.0 already provided a fit-for-purpose, on-premise cloud, AWS now adds a general purpose, off-premise cloud service option on the same contract. Matney said this directly supports DOD’s Cloud Strategy. The strategy calls for both general and fit-for-purpose through a multicloud, multivendor approach. The impact of AWS on the program remains to be seen—Hale said AWS officially came online Feb. 5.
“We offer the infrastructure-as-a-service,” Matney said. “We don't have the [software-as-a-service] offerings or any of the platform-as-a-service offerings available within our cloud offerings to date, but AWS does. So the additional capabilities that AWS has and their cloud offerings, their services, is what we wanted to be able to provide the warfighters.”
One update that both Hale and Matney expect to catalyze migration is the move to a higher impact level. MilCloud 2.0 started as an Impact Level 4 and 5 cloud environment, which covers controlled unclassified information and national security systems. Officials in 2018 said they anticipated IL6, which covers classified workloads, to be available by early 2019. But testing for IL6 is now set to begin mid-March, according to Matney.
When testing is done, which Matney estimates will happen by summer 2021, the milCloud portfolio will be completed, and the workloads that require an IL6 environment will be able to move over.
“With the addition of the IL6 environment and the modernization of the hypervisor within the milCloud 2.0 environment we are able to meet more of our mission partner's requirements,” Hale said. “MilCloud 2.0 has successfully automated cloud business processes to support ease of use and procurement of cloud through the contract. This procurement model allows DoD mission partners to acquire cloud services within hours of their initial order.”
Progress on milCloud 2.0 comes amidst several other major DOD cloud developments. At the end of January, DISA consolidated control of the Cloud Computing Program Office, a move which Matney said GDIT “100%” supports.
“Having this cloud program office actually moved into DISA, especially with the enterprise-level services that DISA is responsible for executing, I think it was a good move,” Matney said.
Some of the enterprise-level projects housed under the CCPO are facing challenges as of late: the Pentagon recently hinted it may be forced to drop the Joint Enterprise Defense Infrastructure contract, which it re-awarded to Microsoft in September after a bid protest from Amazon Web Services.
The re-award process did not quell the concerns from AWS, which continued its lawsuit. A decision from the court regarding motions from DOD and Microsoft to dismiss portions of AWS’s protest alleging improper political interference with the award process is expected to drop at any time. DOD also confirmed to Nextgov in an email the reports that Oracle filed a writ of certiorari with the Supreme Court on Jan. 29 reviving its pre-award JEDI protest.
And the DOD's Office of the Director, Operational Test and Evaluation recently raised cybersecurity and cyber survivability concerns for DOD Digital Modernization Strategy programs. DOT&E called in its annual report for 2020 for an update to the Test and Evaluation Master Plan for the Defense Enterprise Office Solutions contract. GDIT also holds the DEOS contract, which will provide enterprisewide business cloud capabilities via Microsoft Office 365, after it secured a re-award in October. Another contractor, Perspecta, filed multiple bid protests over DEOS.
Editor's note: This story was updated to clarify that a federal judge is expected to make a decision on a motion filed by DOD and Microsoft in the JEDI court case.