Cloud Computing using IPv6

This Cloud Computing using IPv6 article contains 7 topics:

  1. What is Cloud Computing?
  2. Secure Cloud Computing
  3. Cloud Service Providers that support Internet Protocol version 6(IPv6)
  4. Open Source Cloud Computing Platforms
  5. United States Government (USG) IPv6 Cloud Policy and Guidance
  6. Cloud Computing available under General Service Administration (GSA) contracts
  7. Department of Defense (DoD) Cloud Computing

In addition, the SDN Lessons Learned, Training, and Testing article in the SDN Knowledge Base section provides some lessons learned while deploying cloud computing. Look for lessons learned with "cloud" in the title. 

1. What is Cloud Computing?

The definition of computing has been slowly evolving for centuries. The concept of cloud computing has been rapidly evolving ever since it first appeared in 1996 or so. Since “cloud computing” is an even vaguer concept than “computing”, it is not realistic to expect a comprehensive description.

Many attempts have been made to describe the concept anyway. Here are some examples: The National Institute of Standards and Technology (NIST) offered an early terse technical description in 2011 and has since published several documents related to cloud computing.  A company called ZDNET offered a broader, less-technical description with examples in 2022. Wikipedia, The Free Encyclopedia, offers an even longer description including a history of cloud computing and related concepts.

Cloud computing resources (often referred to as cloud native) are services and applications that are built specifically for use in a cloud computing environment. Cloud computing resources are variously called:

private
public,
hybrid,
multi-cloud (also called multicloud or multi),
and several other variations.

Cloud computing illustrates one of the most powerful forces in technology today: virtualization. An application accessing data residing in a cloud does not need to know:

- the physical storage media the data resides on (solid-state disc, mechanical disc, tape, or compact disc),
- the network protocol being used to access the data (IPv6 or IPv4) (when access occurs remotely), or
- the physical location of the storage media (in the next room, on the other side of the world, or even not on this planet).

2. Secure Cloud Computing

An informal overview of several of the technical concerns that must be addressed to achieve and maintain data security in cloud computing are described in this article, while an informal overview of several management concerns that must be addressed to achieve and maintain security are described in this article. Some approaches to maintaining technical security in the cloud include:

  1. Cloud Access Security Brokers (CASBs) support for IPv6 is described in this article,
  2. The Cloud Security Posture Management (CSPM) concept is discussed in this article, while several CSPM tools are described in this article, and
  3. Security Service Edge (SSE) is defined and discussed in this article.

Note: The CSPM concept discussed in item (2) above is quite different than the NIST cybersecurity program (CSP) concept discussed in this article.

Guidance about secure deployment of clouds may be found here:

  1. Cloud Security Alliance publications,
  2. The Cybersecurity and Infrastructure Security Agency (CISA) concept Cloud Security Technical Reference Architecture version 2.0, June, 2022 and Trusted Internet Connections 3.0: TIC Core Guidance Volume 3: Security Capabilities Catalog version 2.0, Oct, 2021
  3. NIST Cloud Computing Related Publications, ongoing
  4. NIST Zero Trust Publications, ongoing
  5. National Security Agency (NSA) Mitigating Cloud Vulnerabilities, January 2020
  6. Five CISA and NSA Cybersecurity Information Sheets on Cloud Security Best Practices, March, 2024.

3. Cloud Service Providers that support IPv6

it is important that clouds be accessible via IPv6, as this article explains. There are many lists of cloud service providers and the services that these providers offer varies widely. These are some early lists that specifically did include providers accessible via IPv6: herehere and here published in 2015. Since those lists were published, most cloud service providers have added support for or expanded their support of IPv6.

Leading cloud service providers typically support hyperscale computing, and this article explains why.

Content and applications that only support IPv4 access may (or may not) become dual stack (IPv6 in addition to legacy IPv4) accessible when hosted by a cloud service provider that supports IPv6. Verify that content and applications that natively support IPv4-only will become dual stack accessible. Verify the additional cost for IPv6 support (if any). Verify that connectivity via IPv6 to the cloud service provider’s locations is available from the geographic locations included in your IPv6 deployment effort.

If IPv4-only content and applications will not become dual stack accessible, then you might want to consider using one of the other services or products described in the Content and Applications Delivery over IPv6 article in the IPv6 and IoT Frequently Asked Questions (FAQ) section. As was the case with cloud service providers, the services these platforms offer varies widely.

4. Open Source Cloud Computing Platforms

There are many, many open source cloud computing platforms and more are being announced all the time. This article lists several of them. As was the case with cloud service providers, the services these platforms offer varies widely.

5. USG IPv6 Cloud Policy and Guidance

The requirements of the Federal Acquisition Regulations as amended in Dec, 2009 (as described in the IPv6 Boiler Plate Acquisitions Language article in the Deployment section) always apply.

Information about the Federal government’s security assessment, authorization, and monitoring of cloud vendors may be found on GSA’s FedRAMP website. Among other documents available on the FedRAMP website (see this listing) is an Agency Cloud Procurement Best Practices guide (also called "Creating Effective Cloud Computing Contracts for the Federal Government"). 

Policy and guidance about secure deployments of clouds may be found here:

  1. CISA Secure Cloud Business Applications (SCuBA) Project documents, ongoing
  2. Defense Information Systems Agency (DISA) Information Assurance Support Environment (IASE) DoD Cloud Computing Security website,
  3. Department of Homeland Security (DHS) Cloud Security Guidance version 0.2 document, and more recently in the Cloud Interface Reference Architecture documents (see the IPv6 and Trusted Internet Connections article for details),
  4. Federal CIO Council (CIOC) Information Security and Identity Management Committee (ISIMC) Guidelines for the Secure Use of Cloud Computing by Federal Departments and Agencies V0.41, July, 2011

IPv6 support may not always be an explicit requirement in recent government documents such as the Federal Cloud Computing Strategy, June, 2019, also called “Cloud Smart”, but it is required.

6. Cloud Computing available under GSA contracts

In October, 2010, the United States (US) General Services Administration (GSA) awarded 11 vendors spots on the first government-wide contract for cloud computing. The initial ordering period has ended for these blanket purchase agreements for infrastructure-as-a-service (IaaS), which included cloud storage, virtual machines and web hosting services with support for IPv6. Details for currently available cloud acquisition vehicles are available on the GSA website. More information about federal cloud computing is available on the Cloud.CIO.gov website. A Best Business Practices for US Government (USG) Cloud Adoption guide is available on the GSA website.

Also available from the 18F office of GSA’s Technology Transformation Services for use by Federal Agencies is the platform-as-a-service Cloud.gov, which is built on top of the open source Cloud Foundry cloud computing platform. Support for IPv6 by Cloud.gov is documented on its Compliance page: IPv6, HTTPS, DNSSEC, and Certificates. Gaining access to cloud.gov is documented on its Access page: Get access to cloud.gov.

7. DoD Cloud Computing

Some websites and documents that provide policy and guidance for cloud computing use and several platforms for use by DoD and its departments and agencies are listed below.

Websites and Documents

  1. The Army Cloud Plan, Oct, 2022
  2. US DoD Enterprise Cloud website
  3. Defense Information Systems Agency (DISA) Information Assurance Support Environment (IASE) DoD Cloud Computing Security website,
  4. DoD Secure Cloud Computing Architecture (SCCA) Functional Requirements, Jan, 2017
  5. DoD Cloud Strategy, Dec, 2018
  6. DoD Cloud Computing Acquisition Guidebook, Defense Acquisition University, Nov, 2019
  7. DoD Use of Commercial Cloud Computing Capabilities and Services, Institute for Defense Analyses (IDA), Nov, 2015
  8. DoD and Air Force Continue to Define Joint Command and Control Efforts, Government Accountability Office (GAO), Jan, 2023
  9. Audit of the DoD’s Compliance with Security Requirements When Using Commercial Cloud Services, DODIG‑2023‑052, DoD Office of Inspector General, Feb, 2023

Platforms

  1. Defense Enterprise Office Solutions (DEOS)
  2. Cloud One by Air Force
  3. DoD Cloud Native Access Point (CNAP) Reference Design (RD), July, 2021, built using a DoD Enterprise Development, Security, and Operations (DevSecOps) RD, Mar, 2021, to access any of the Cloud Native Computing Foundation (CNCF) certified Kubernetes implementations, as described in this article.
  4. Joint Warfighting Cloud Capability (JWCC) multi-vendor Indefinite-Delivery, Indefinite-Quantity (IDIQ) contract managed by the Hosting and Compute Center (HAC).