U.S. government takes on the cloud
The U.S. government's recent cloud "request for quotations" offers insight into what's required. It looks a lot like hosting with some APIs.
The U.S. government's recently released cloud computing request for quotations (RFQ) offers some interesting insight into what the government wants from cloud services.
One of the big takeaways from the RFQ is the reminder of how immature the market and usage of the cloud really is. The GSA is basically asking for hosting, with the ability to use APIs that manipulate data and services. They do have the right vision for how the cloud can change infrastructure, but they aren't quite there yet.
While there are a growing number of cloud service providers, few can meet the full set of requirements the RFQ outlines. For example bothAmazon Web Services and GoGrid claim to meet the GSA's 99.95 percent service up-time requirement, but do so via service credits if they experience downtime.
The obvious vendor candidates like IBM, EDS, and Sun might be able to meet the networking and infrastructure requirements, but don't have offerings that address cloud storage and interaction functions--essentially the APIs that cloud services rely on.
Generally speaking, most data center providers don't have the ability to address the functional specifications for cloud functions--i.e. PUT, GET, DELETE, etc. that move and manage data in a scalable manner, one of the main promises of the cloud.
In theory, the government requirements are not terribly overreaching, nor should they be that difficult to obtain. The provider closest to being able to satisfy the demands is Amazon.com.
However, Amazon EC2 and S3 introduce issues that the government is likely not interested in dealing with. For example, I don't see the GSA wanting to run their virtual machines or data multi-tenanted with AMIs that are not from a trusted source.
This of course is counter to Amazon's setup wherein users can upload AMIs freely with no certification or security check. The odds of contamination are minimal, but risk is risk.
Whether it's Infrastructure-as-a-Service (IaaS) or just hosting is not really the issue. The important aspect is that the government is looking for ways to better leverage technology and make data available and reusable across multiple divisions. How this all gets implemented is probably less interesting that the fact that it looks like it will really happen.
Follow me on Twitter @daveofdoom.