Department of Defense
High Performance Computing Modernization Program

This Cloud Computing article contains 7 topics:

  1. What is Cloud Computing?
  2. Secure Cloud Computing
  3. Cloud Service Providers that support Internet Protocol version 6 (IPv6)
  4. Open Source Cloud Computing Platforms
  5. United States Government (USG) Requirements for IPv6
  6. Cloud Computing available under General Service Administration (GSA) contracts
  7. Department of Defense (DoD) Cloud Computing

In addition, the SDN Lessons Learned, Training, and Testing article in the SDN Knowledge Base section provides some lessons learned while deploying cloud computing using IPv6-enabled Software Defined Networking virtualization technology. (Search for lessons with "cloud" in the title.) 

1. What is Cloud Computing?

The definition of computing has been slowly evolving for centuries. The concept of cloud computing has been rapidly evolving ever since it first appeared in 1996 or so. Since “cloud computing” is an even vaguer concept than “computing”, it is not realistic to expect a comprehensive description.

Many attempts have been made to describe the concept anyway. Here are some examples: The National Institute of Standards and Technology (NIST) offered a terse technical description in 2011. A company called phoenixNAP offered a broader, less-technical description with examples in 2018. Wikipedia, The Free Encyclopedia, currently offers an even longer description including a history of cloud computing and a list of some similar concepts.

Cloud computing resources are variously called

private
public,
community
hybrid, or
multi cloud.

Cloud computing illustrates one of the most powerful forces in technology today: virtualization. An application accessing data residing in a cloud does not need to know:

- the physical storage media the data resides on (solid-state disc, mechanical disc, tape, or compact disc),
- the network protocol being used to access the data (IPv6 or IPv4) (when access occurs remotely), or
- the physical location of the storage media (in the next room, on the other side of the world, or even not on this planet).

2. Secure Cloud Computing

An informal overview of several of the concerns that must be addressed to achieve and maintain data security in cloud computing are described in this article.

Cloud Access Security Brokers (CASBs) support for IPv6 is discussed in this article.

Guidance about secure deployment of clouds may be found here:

  1. Cloud Security Alliance Security Guidance for Critical Areas of Focus in Cloud Computing version 4.0 document,
  2. NIST Guidelines on Security and Privacy in Public Cloud Computing Special Publication (SP) 800-144, Dec, 2011
  3. NIST Zero Trust Architecture (ZTA) SP 800-207, Aug, 2020
  4. National Security Agency Mitigating Cloud Vulnerabilities, January 2020.

3. Cloud Service Providers that support IPv6

it is important that clouds be accessible via IPv6, as this article explains. There are many lists of cloud service providers and the services that these providers offer varies widely, but few of these lists specifically include providers that are accessible via IPv6, as do the lists available herehere and here. Since those lists were published, some of the cloud service providers in the United States that have added or expanded their support for IPv6 include:

  1. Amazon Web Services (AWS) added support (migrating to IPv6 and restrictions on IPv6 addressing in Virtual Private Clouds (VPCs) are described here),
  2. Google Cloud Platform added support,
  3. Microsoft Azure Virtual Network expanded its IPv6 support,
  4. Oracle Cloud Services added support for selected services, and
  5. VMware vSphere added IPv6 support. 

In China, Alibaba has announced IPv6 support for their Alibaba Cloud.

Content and applications that natively support IPv4-only access may (or may not) become dual stack (IPv6 in addition to legacy IPv4) accessible when hosted by a cloud service provider that supports IPv6. Verify that content and applications that natively support IPv4-only will become dual stack accessible. Verify the additional cost for IPv6 support (if any). Verify that connectivity via IPv6 to the cloud service provider’s locations is available from the geographic locations included in your IPv6 deployment effort.

If IPv4-only content and applications will not become dual stack accessible, then you might want to consider using one of the other services or products described in the Content and Applications Delivery over IPv6 article in the Frequently Asked Questions (FAQ) section. This article from Nephos6 suggests some additional cloud service acquisition considerations.

4. Open Source Cloud Computing Platforms

There are numerous open source cloud computing platforms and more are being announced all the time. As was the case with cloud service providers, the services these platforms offer varies widely. Some of the open source platforms that support IPv6 include:

  1. Abiquo: Support for IPv6 described in this article.
  2. Apache Cloudstack: Support for IPv6 is described in this article.
  3. Cloud Foundry: Support for IPv6 is described in this article.
  4. Linode: Support for IPv6 is described in this article.
  5. OpenStack: In January, 2011, the OpenStack consortium announced that the next release of Compute, Image Services, and Object Storage modules included support for IPv6. This article provides an introduction to the software architecture and modules in OpenStack. The 2013 Havana release of OpenStack is described in an article. This document and this article describe what it takes to run the 2015 OpenStack Kilo release on IPv6. This document describes running the OpenStack Newton Oct 2016 release (and subsequent releases in that series) on IPv6. This document describes deploying IPv6-only tenants with OpenStack, while this document describes deploying IPv6 with Provider Networks.
  6. Red Hat OpenShift: In May, 2018, IPv6 support was added to the OpenShift support roadmap. Configuring IPv6 Networking for the OpenShift Overcloud is documented here.

5. USG Requirements for IPv6

The requirements of the Federal Acquisition Regulations as amended in Dec, 2009 (as described in the IPv6 Boiler Plate Acquisitions Language article in the Deployment section) always apply. Requirements were included in early documents of the Cloud Security Alliance (CSA) -- for example, this Sept 2012 SecaaS Implementation Guidance, Network Security document.

Information about the Federal government’s security assessment, authorization, and monitoring of cloud vendors may be found on GSA’s Federal Risk and Authorization Management Program (FedRAMP) website. Among other documents available (see this listing) on the FedRAMP website is an Agency Cloud Procurement Best Practices guide (also called "Creating Effective Cloud Computing Contracts"). 

Guidance about secure deployments of clouds may be found here:

  1. Defense Information Systems Agency (DISA) Information Assurance Support Environment (IASE) DoD Cloud Computing Security website,
  2. Department of Homeland Security Cloud Security Guidance version 0.2 document, and more recently in the Cloud Interface Reference Architecture documents (see the IPv6 and Trusted Internet Connections article for details),
  3. Federal CIO Council (CIOC) Information Security and Identity Management Committee (ISIMC) Guidelines for the Secure Use of Cloud Computing by Federal Departments and Agencies V0.41 (draft)

IPv6 support may not always be an explicit requirement in recent government documents such as the Federal Cloud Computing Strategy, June, 2019, also called “Cloud Smart”, but it is required.

6. Cloud Computing available under GSA contracts

In October, 2010, the United States (US) General Services Administration (GSA) awarded 11 vendors spots on the first government-wide contract for cloud computing. The initial ordering period has ended for these blanket purchase agreements for infrastructure-as-a-service (IaaS), which included cloud storage, virtual machines and web hosting services with support for IPv6. Details for currently available cloud acquisition vehicles are available on the GSA website. More information about cloud computing was available on the Cloud.CIO.gov website [material from that website was archived March, 2015, and is available here for reference]. A Best Business Practices for US Government (USG) Cloud Adoption guide is available on the GSA website.

Also available from the 18F office of GSA’s Technology Transformation Services for use by Federal Agencies is the platform-as-a-service cloud.gov, which is built on top of the open source Cloud Foundry cloud computing platform mentioned below. Cloud.gov policy for IPv6 support is documented on the Compliance page: IPv6, HTTPS, DNSSEC, and Certificates.

7. DoD Cloud Computing

Some websites and documents that provide policy and guidance for cloud computing use and several platforms for use by DoD and its departments and agencies are listed below.

Websites and Documents

  1. The Army Cloud Plan, Sep, 2020
  2. US DoD Enterprise Cloud website
  3. Defense Information Systems Agency (DISA) Information Assurance Support Environment (IASE) DoD Cloud Computing Security website,
  4. DoD Secure Cloud Computing Architecture (SCCA) Functional Requirements, Jan, 2017
  5. DoD Cloud Strategy, Dec, 2018
  6. DoD Cloud Computing Acquisition Guidebook, Defense Acquisition University, Nov, 2019
  7. DoD Use of Commercial Cloud Computing Capabilities and Services, Institute for Defense Analyses (IDA), Nov, 2015

Platforms

  1. milCloud 2.0 contract by General Dynamics Information Technology (GDIT)
  2. Defense Enterprise Office Solutions (DEOS)
  3. Cloud One
  4. Joint Enterprise Defense Infrastructure (JEDI) Cloud Request For Proposals (RFP) was announced in July, 2018. [Network access to this document can be erratic – you may have to try more than once.] In July, 2019, the Information Technology-Acquisition Advisory Council (IT-AAC) released DoD Cloud Adoption, a report on the JEDI RFP for download. In April, 2020, the DoD Office of Inspector General (OIG) released DODIG-020-079, a report on the status of the procurement. In July, 2021, the DoD cancelled the JEDI Cloud solicitation. It will instead accept multiple proposals under a Joint Warfighter Cloud Capability (JWCC) solicitation, resulting in one or possibly more contract awards.

 


Top