Sei sulla pagina 1di 23

Cloud Computing Initiative: May 6, 2009 Summit Briefing Book

Prepared by Cloud Computing PMO Wednesday, May 13, 2009

Please note this report contains procurement sensitive information

Please note this report contains procurement sensitive information

TABLE OF CONTENTS

1 2 3 4 5

Opening Comments by Vivek Kundra...................................2 NIST Cloud Computing Definition Discussion........................2 Benefits of Cloud Computing................................................3 Top 5 Issues for Vendors......................................................3 Domain Specific Discussion Topics.......................................4 5.1 Certification & Accreditation of the Cloud.....................4 5.2 Pricing..........................................................................4 5.3 Standards.....................................................................4 5.4 Accessibility/ID Management........................................5 5.5 Data Security................................................................5 5.6 Data Portability/Interoperability....................................6 5.7 Application Development and Portability......................6 5.8 Acquisition/Procurement...............................................7 6 Other Discussion Areas........................................................8 7 Overall Findings Cloud Computing PMO.............................9 8 Statements, Questions and Answers .................................10 9 Action Items.......................................................................12 9.1 Overall Model, Architecture, and Definition................12 9.2 Process Considerations Security, Acquisition, Business Case............12 9.3 Testbed/Sandbox........................................................13 9.4 Market Research........................................................13 9.5 Communications.........................................................13 9.6 Ongoing Collaboration................................................13 9.7 Administrative............................................................13 10 Appendix A Deployment Model Matrix...........................14 11 Appendix B Hybrid Cloud Concept Model.......................15 12 Appendix C Cloud Computing Definition........................16 12.1 Definition..................................................................16 12.2 Key Characteristics:..................................................16 12.3 Delivery Models........................................................17 12.4 Deployment Models..................................................17 12.5 References...............................................................18 13 Appendix D Summit Attendees......................................18 13.1 Attendee List - Morning Session................................18 13.2 Attendee List Afternoon Session............................20

Opening Comments by Vivek Kundra


o We are looking to leverage technology to move the Government forward. o What can the government do to move forward with cloud technologies and to increase innovations while also maintaining a secure environment? o Challenges and issues include: FISMA Policy Privacy IT Security (for sensitive information). Legal obstacles need to verify legal restrictions exist o Goals of cloud computing initiative include: Leveraging innovations Rationalize spending

2 NIST Cloud Computing Definition Discussion


o The inclusion of location independence was questioned. Joyent has clients that require disclosure of location information It is technically possible to provide location information Location can be specified for a private cloud It might be beneficial to specify location because of disaster recovery, IT security concerns. Is there a regulation that prevents government data from being located outside CONUS? Result: The definition of location independence needs to be reexamined since it was not meant to indicate unconstrained or unknown location. o Regulatory issues are independent of technology o Multi-tenancy is missing o Recommendation: Do not narrow the definition too much at this time otherwise it might stifle innovation. o Recommendation: Address Security in the definition o The inclusion of pay per use in the NIST definition was challenged Could be mentioned as a characteristic Some vendors charge by the hour but are looking to move towards annual contracts The pricing model depends on the quality and quantity of services consumed The cost model is completely irrelevant to the definition of cloud computing 2

The cloud is based on elasticity therefore, there needs to be elasticity in the way the Government pays for it. It was also noted that: Pay per Use was included by NIST because it serves as a feedback loop if people arent paying for a service then it exists unnecessarily. Pay per Use can be a way to meter consumption Recommendation: Replace pay per use with metered method to charge for use. o Location Independence Recommendation: Change this phrase to location aware o Recommendation: The ability of the cloud to respond to changing requirements over time should be included.

3 Benefits of Cloud Computing


o Reduced Cost o Improved Efficiency rapid deployment of services Noted that according to McKinsey average server utilization rates now are at 6-7% Noted that even in the cloud, server utilization should not be too high since the flexibility to scale up (as necessary) is key. o Provides capability for short term test and evaluation o Potential for increased security in certain scenarios o Enables change: Allows people to try new tools. If they dont like it, they can get rid of them easily o Allows Federal Agencies to concentrate on their core mission o Ease of Access o Innovation o Always run on the latest platform no legacy systems o Non-stop computing o Can result in reduction in capital and operating expenses 4

Top 5 Issues for Vendors


o Security issues need to be resolved with each individual provider o Modification to several contracting/purchase vehicles to facilitate the purchase of cloud services o Long lead times for Federal opportunities. o Cost models are aggressive, but may not have an accurate cost model o Improve notification of federal opportunities so that they are easier to find for vendor community.

Domain Specific Discussion Topics

5.1 Certification & Accreditation of the Cloud


o Risk management is key rather than risk avoidance o C&A does not fit virtualization and fits cloud computing less o Current C&A processes and standards differ from agency to agency thereby resulting in too many security controls that need to be met. o The cloud could be built to meet any standards (and is ready for C&A). Its the administrative and process requirements that are expensive. They need to be standardized. o Note: The FBI had to bend the rules of virtualization because needed to know which box was being C&Aed o Fixed audits are not responsive to virtualization o Google is ready to have apps C&Aed on their environment o Would Pre-certified models for each tier work? Overall the answer was yes, but Microsoft cautioned that this would work for certain workloads but would not work everywhere because of different attributes. o Recommendation: Create a Service Catalogue of Cloud Computing Service Providers and their C&A level/status o The enterprise cloud can address privacy, records management, and identity management

5.2 Pricing
o The tiered model also works for pricing more security, less standardization higher costs o Microsoft is exploring a pricing model that allows for meeting demands (elastic) within a rigid government budget. o Government may be willing to trade some cost benefits for cost predictability o Pricing models can be developed to meet customer needs o The types of applications deployed on the cloud may require different pricing models o Pricing models may have to be developed for large and small uses of cloud services

5.3 Standards
o Redefining standards could be useful because it would force businesses/vendors to adopt them. o Too early to impose most standards may limit innovation.

o Standardization on APIs and Storage is recommended for now. The Government could use its purchasing power to drive standardization. o Standards should be designed for common items to ensure portability. o NIST wants to be a catalyst for industry to work together. o There is a trade association of cloud computing vendors who are working to advocate for the use of cloud computing solutions and working on standards. o Cloud solutions need to be based on open standards o Need database standards in the near future. For now, databases will remain where they are but in the future they will be front ended with the cloud. o Standardization should not be placed on developers but on architectures. o Should have portability built in. o There are two types of standards: Where you interact with the cloud and how cloud providers interact with each other. o Consider application layer messaging/communications standards. Think about the middle o Move to platform independent languages o Items such as web app services and databases should be standardized because there is no massive innovation at the operating level,

5.4 Accessibility/ID Management


o It is a myth that authentication/ID management does not exist in the cloud. Joyent provides these services to the 65,000+ users at Japan Postal Savings o ID Management/authentication is at the application level and not the overall cloud o Section 508 Compliance is not an issue there is no difference from 508 compliant requirements in the existing computing environment. o Section 508 Compliance needs to be built in programmatically. There are tools that can facilitate this.

5.5 Data Security


o In some instances, DoD requires that only cleared personnel can touch their data. o Some data security requirements might be based on interpretation of policies o Data can be encrypted. Therefore public clouds can be used. Executables should remain on private clouds. o Data encryption should used for data in transit and data at rest. o The Government should leverage a large footprint of infrastructure and move security to the application layer. 5

o The Cloud can make apps and data more secure because standardized processes and procedures are in place. . o Note: A lot of Government data is not encrypted now so if we deploy a cloud that requires encryption, then overall security will be improved. o Encryption is key o Access rights can be pre-defined at the application level. o Customers can encrypt data themselves. Sun/Oracle have tools that perform encryption on the fly (before data is sent into the cloud). o Health Information/HIPPA Compliance There are customers that store health records in the cloud. Point decisions need to be taken. o Access security can be role-based o Separation of duties is easier to ensure in a cloud environment

5.6 Data Portability/Interoperability


o The Government needs data portability/interoperability enabling data to be moved between clouds. The Government also needs to move data across domains and between clouds. o Requires an effective exit strategy (removing data from the cloud). o Recommendation: For portability, write to a web stack instead of an operating system. o Recommendation: To prevent vendor lock-in, do not embrace any vendors individual APIs. This allows elasticity. It was noted that some degree of vendor lock-in is a reality just as today when customers commit to a particular solution. o Vendor lock-in is caused when vendors offer additional services that are linked to applications. o Salesforce Uses open web standards and integrates widely. Integration is a false issue. o It was noted when Coghead went out of business, its customers had their data returned to them but they lost their applications. Applications cannot be moved. 5.7 Application Development and Portability o Question: There are developers that develop stove piped systems on their own to meet specific business needs, which might be susceptible to security vulnerabilities. Would the cloud make this better or worse? Better because all networking would be locked down. Would programmatically ensure that only approved infrastructure is used. Can be containerized so that they can mess themselves up but not others. o Portability 6

Application development in the cloud forces applications to become portable. Agencies should be able to reuse C&Ad resources from another cloud. Clouds should be developed at a agency level in a development/test environment and then be moved over into the Federal Cloud.

5.8 Acquisition/Procurement o Knowledge and understanding of the FAR is limited o Use of cloud computing services should be encouraged in the acquisition process o Recommendation: OMB should ask agencies to identify applications/services that are candidates for deployment in the cloud. This would facilitate capital planning and investment in cloud computing. o The number and complexity of existing contract vehicles is cumbersome. Consider a Cloud Computing-specific GWAC. o Need a procurement process around cloud that incentivizes reuse o DISA has innovative contracting models: i.e. Have a CLIN for racking a blade and a CLIN for renting the blade per month. Can scale up or down as needed on a monthly basis.

Other Discussion Areas


Cloud Interoperability o The state of cloud interoperability is weak. o Coding to a platform makes vendor lock-in more likely. Private Clouds Outsourced or Insourced? o Mostly outsourced o Vendors provide DISA with turnkey services inside their data center and within their security architecture. Follow a Tiered Model o Break-up security classification from public to private o In a tiered model it is possible to operate in a constrained location and to operate within those constraints. Programmatic Addressability of Resource Allocation o Addressability by software is key because manual/human intervention increases costs o Manual vs. automatic resource allocation/addressability might be solved by market forces. Records Management o Could be made easier because Cloud Computing would provide uniform applications that result in uniformity of records management processes all complying to the same standards. Business Model: o Note: Key thing to remember is that cloud computing does not mean infinite resources. Need to think in terms of cloud units (bandwidth, SLAs, storage) o One possible contract model a baseline commitment and usage is priced for a period of time. This is reviewed regularly. Planning is done through estimation. o Demand should be aggregated from the Federal side. How to sell Cloud Computing to Non-Technical People o Provide them with a simple example of virtualization current server utilization rates vs. consolidation and increased utilization o Focus on the business value o Show small successes Service Level Agreements o The higher the service level the higher the cost o Can be defined according to availability, confidentiality, and integrity o Business process SLAs (such as who would handle eDiscovery requests and how) are more complex to determine. o Should include incentives and penalties

Overall Findings Cloud Computing PMO

These findings were made by the Cloud Computing PMO as a result of their research and analysis before the summit but supported by the discussion that occurred at the event. o While cost reduction will be the primary stated benefit for agencies adopting services, there are a variety of other benefits that can be cited depending upon the type of implementation (Benefits were cited in Section 3 of this document). o There is not an industry-wide standard for pricing, vendors are still tailoring pricing on different offerings. However, pricing will likely be influenced by the following: volume, SLAs, storage, requested service levels, additional services (software, development, etc.), and customization of offerings. o A Federal Certification and Accreditation process that could reduce the burden on vendors and agencies to do C&A activities in each implementation would facilitate the acquisition of cloud services, improve the ability of agencies to adopt these services, and reduce associated costs. o A tiered structure can offer an easy way to think about separating security risks, however, it does not have to completely define how agencies make use of cloud computing service providers. For example, a Public Cloud offering, can still potentially meet sensitive data security requirements. One should not assume that sensitive data must necessarily exist only in a Private Cloud environment. o The Federal government will likely have to drive efforts around cloud to cloud interoperability as industry does not have an overwhelming motive to do so on their own, their business models understandably largely center on vendor lock-in. o The largest stumbling block for effective adoption of cloud computing services are the governments budgetary, acquisition/procurement, and security certification processes. o The government needs to develop use cases and specific requirements around desired functionality in order for industry to align its offerings for government use. o Aggregation of demand across agency lines is vital, but whats most important is how that aggregation and resulting procurement and implementation is handled. o A common testbed environment should be created to test and pilot different architectures and service offerings, reducing the

need for agencies to develop separate siloed test environments across the Federal community. o The government should develop policy around the portability of data and the ability to exercise an exit strategy for both data and applications. 8

Statements, Questions and Answers

The statements were made by participants during the discussion. The Questions and Answers were part of the group discussion and are not official responses. o Anything you can get from a system now, you can get from the cloud o Consider not having private clouds since cloud providers should be trusted o Question: In a cloud environment, do we want to risk exposing one agency to another that doesnt follow the same security rules: Answer: This is a choice between private vs public clouds or public vs private administrative storage. Its important to manage the risk and not the implementation. o Question: What about the need to plug in single purpose machines Answer: This is not an issue it is common to Fortune 100 companies. o If you want to move to a cloud over time, stop paying attention to operating systems and concentrate on web stacks. o The cloud should provide a collaborative environment where people can try application development. o Demand aggregation is a key issue. o Grassroots adoption should be the model. o Tier services are the way to address security and interoperability concerns o Cloud environment allows better control of poor coding o Any tool that is operational now such as 508 compliance tools can be operational in a cloud o Risks should be fully defined and transparent. Better understanding allows for better mitigation o Companies must also provide approaches to meet COOP requirements. o Each Federal agency should NOT set up their own cloud would not realize efficiencies of sharing resources o Recommendation: Government should develop ways to aggregate demands to get economies of scale (aggregation is a given, how demand is aggregated is whats important) o Risk avoidance is a major obstacle to effective cloud computing deployment o Vendors would like to see the Governments requirements for cloud computing.

10

o The overall view is that the Government will not use public clouds but will put up private clouds. o Virtualization should be mandated. o Applications need to be portable and to be able to fail gracefully. This is enabled through built in redundancy. o Many deployments are private which give the customer 60-70% of the benefits of cloud computing. The only difference is the capital expense. o Cloud Computing is a technical, architecture, and governance refresh. o At DoD, and some other agencies, the CIO does not have the authority to tell someone at the program level to move their application to a virtual machine. o DISA has a hard network perimeter so everything is naturally protected. There is nothing equivalent to this on the Federal Civilian side.

11

Action Items

Ownership of action items is still being determined but the Cloud Computing PMO has already initiated activity on several of the items and will coordinate with the Cloud Computing Working Group to identify an action plan.

9.1 Overall Model, Architecture, and Definition


Develop a matrix that places cloud deployment models in an axis against other elements, such as: Security Levels/Requirements Cost Risk SLAs Service Types o Update NIST Definition as necessary Reexamine the inclusion/description of pay per use in the NIST definition. Consider replacing with metered Review the description of vendor independence in the NIST definition of cloud computing. Consider replacing location independence with location aware in the cloud computing definition. Do not narrow the definition too much at this time otherwise it might stifle innovation.
o

Address Security in the definition The ability of the cloud to respond to changing requirements over time should be included. o Consider standardization on common items such as APIs, Storage 9.2 Process Considerations Security, Acquisition,

Business Case
o Pursue standardization of Certification and Accreditation processes/requirements per tier. o Examine the possibility of establishing a Cloud Computing-specific GWAC o The Vendor Community should submit success stories highlighting cost savings/improved performance through ACT/IAC 12

9.3 Testbed/Sandbox
Examine establishing a portal of tools (application development/testing/etc) like a sandbox environment - for use by Federal Agencies o Examine the possibility of establishing a development and test cloud where Government developers can perform application development
o

9.4 Market Research


o Identify where clouds exist in the Federal Government (can be leveraged for lessons learned or reuse). o Collect success stories from across the government to illustrate examples of cloud computing or X as a Service. o The Cloud Computing Working Group will continue its market research o Define which use cases the Government is trying to solve through cloud computing. This will drive industry. o Examine how financial service companies have deployed cloud computing solutions because of data security/privacy, varied demand, and continuity of operations requirements. o Look into Eucalyptus (a cloud computing vendor that was not on the invite list) o Create a Service Catalogue of Cloud Computing Service Providers and their C&A level/status

9.5 Communications
o Consider issuing a mandate, or other note from OMB, encouraging the move towards cloud computing. Most vendors felt that without a mandate, and incentives, agencies would hesitate to make a transition to cloud computing

9.6 Ongoing Collaboration


o Examine the need for a follow up meetings on Standards Acquisition o Establish a cross agency working group from CIO, CFO and CAO councils to address cloud computing

9.7 Administrative
o Post Cloud Computing Summit Questions online through ACT/IAC o Post NIST definition

13

10

Appendix A Deployment Model Matrix

Private Cloud: The cloud infrastructure is owned or leased by a single organization and is operated solely for that organization. Community Cloud: (The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g. mission, security requirements, policy, and compliance considerations) Hybrid Cloud: The cloud infrastructure is a composition of two or more clouds (internal, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g. cloud bursting) Public Cloud: Cloud infrastructure is owned by an organization selling cloud services to the general public or to a large industry group)
C m o m u it n y Cou l d

P iv r a teC loud

Hb y ri dC loud

Inra t u t r O n r h M d l f s r c u e w e s ip o e (O n rs ipof Ph s a in s c re we h y ic l fra tru tu s c a fa ilitie , n tw ,, c m u a ds ra e u h s c s e ork o p te n to g )


Service provider owned Government ow ned Third Party Vendor ow ned

XX

XXX

XXX

Inra t u t r L c t n f s r c u e o a io O -P m e(In rn l or b h dth fire a n re is te a e in e w ll) O re is (e te a or ou id th fire a ff-P m e x rn l ts e e w ll) O e aio sM d l pr t n o e (re p n ib p rtyfor a p in th s c rityc n s o s le a p ly g e e u o trols , p tc in , e ) a h g tc S rv eP v e O e te e ic ro id r p ra d G v rn e t O e te o e m n p ra d T irdP rtyV n o O e te h a e d r p ra d G vr ac Mdl o en n e o e (R s on ib p rtyfo e s rin c m lia c to e p s le a r nu g o p n e p lic sa ds n a s e ) o ie n ta d rd , tc S rv eP v e e ic ro id r G v rn e t o e mn T irdP rtyV n o h a edr D t S c r yL v l aa e u it e e Lw o Mod ra e te H h ig Cs Mdl ot o e U fron C p l e p n itu p t a ita x e d re O g gs p or c s n oin u p t o t D m n b s dS rv efe e a d a e e ic e T et d p y im o e lo Im e ia m d te Midte rm L n te o g rm A c s ib a dC n u e B c e s le n o s m d y A m Ue d in s rs T s dC s m rs m lo e s C tra tors ru te on u e (E p y e , on c ) Pu licC n u e (A th riz dtoc s m s rv e b t n le a ap rt b o s m rs u o e on u e e ic s u ot g lly a of th o a iz tion ov rn e t) e rg n a /G e m n S rv eT p s e ic y e C e E g g m n S rv e itiz n n a e e t e ic s S oftw re s -S rv e(S a ) a -a -a e ic a S Pla rm s -S rv e(P a ) tfo -a -s e ic a S In s c re s -S rv e(Ia S fra tru tu -a -a e ic a ) T d ra ition l h tin S rv e a os g e ic s

X X

X X

X X

XXX

XXX

XXX

XXX

XXX

XX

XX

X X

X X

XX X

XX

XX

XX

XXXXX

XXXX

XXXX

XXXX

XX

Pb u li cC o l u d

14

11

Appendix B Hybrid Cloud Concept Model

15

12

Appendix C Cloud Computing Definition

12.1 Definition
Cloud computing is a pay-per-use model for enabling available, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is comprised of five key characteristics, three delivery models, and four deployment models.

12.2 Key Characteristics:


On-demand self-service. A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed without requiring human interaction with each service's provider. Ubiquitous network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs). Location independent resource pooling. The provider's computing resources are pooled to serve all consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. The customer generally has no control or knowledge over the exact location of the provided resources. Examples of resources include storage, processing, memory, network bandwidth, and virtual machines. Rapid elasticity. Capabilities can be rapidly and elastically provisioned to quickly scale up and rapidly released to quickly scale down. To the consumer, the capabilities available for rent often appear to be infinite and can be purchased in any quantity at any time. Pay per use. Capabilities are charged using a metered, fee-for-service, or advertising based billing model to promote optimization of resource use. Examples are measuring the storage, bandwidth, and computing resources consumed and charging for the number of active user accounts per month. Clouds within an organization accrue cost between business units and may or may not use actual currency. Note: Cloud software takes full advantage of the cloud paradigm by being service oriented with a focus on statelessness, low coupling, modularity, and semantic interoperability.

16

12.3 Delivery Models


Cloud Software as a Service (SaaS). The capability provided to the consumer is to use the provider's applications running on a cloud infrastructure and accessible from various client devices through a thin client interface such as a Web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. Cloud Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created applications using programming languages and tools supported by the provider (e.g., java, python, .Net). The consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, or storage, but the consumer has control over the deployed applications and possibly application hosting environment configurations. Cloud Infrastructure as a Service (IaaS). The capability provided to the consumer is to rent processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly select networking components (e.g., firewalls, load balancers).

12.4 Deployment Models


Private cloud. The cloud infrastructure is owned or leased by a single organization and is operated solely for that organization. Community cloud. The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). Public cloud. The cloud infrastructure is owned by an organization selling cloud services to the general public or to a large industry group. Hybrid cloud. The cloud infrastructure is a composition of two or more clouds (internal, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting). Each deployment model instance has one of two types: internal or external. Internal clouds reside within an organizations network security perimeter and external clouds reside outside the same perimeter. Note 1: Cloud computing is still an evolving paradigm. Its definitions, use cases, underlying technologies, issues, risks, and benefits will be refined in a spirited debate by the public and private sectors. These definitions, attributes, and characteristics will evolve and change over time.

17

Note 2: The cloud computing industry represents a large ecosystem of many models, vendors, and market niches. This definition attempts to encompass all of the various cloud approaches.

12.5 References
The source of this working definition is the National Institute of Standards and Technology (NIST) Information Technology Laboratory (ITL). The final version is to be published in the upcoming NIST Special Publication on Cloud Computing and Security.

13
13.1
Susie Adams Microsoft Ken Allen ACT-IAC Rod Boothby Joyent Michael Bradshaw Google Doug Brown NetSuite Dan Burton Salesforce.com Reuven Cohen Enomaly

Appendix D Summit Attendees


Attendee List - Morning Session
Enki Tim Grance National Institute of Standards and Technology Margie Graves Department of Homeland Security Jerry Horton Department of Agriculture Michael Howell Office of Management and Budget Dave Hurry National Security Agency Vivek Kundra Office of Management and Budget Carmen Lannacone Smithsonian Institute Katie Lewin General Services Administration Sarah Lindenau ACT-IAC Bill Lucchini Intuit Peter Mell

Casey Coleman General Services Administration Michael Crandell RightScale John DeVoe Salesforce.com Martha Dorris General Services Administration Dave Durkee

18

National Institute of Standards and Technology Dave Mihalchik Google Carl "CJ" Moses Amazon Web Services Kshemendra Paul Office of Management and Budget Charles Piercy National Archives and Records Administration Megan Price ACT-IAC Richard Reiner Enomaly Daniel Risacher Department of Defense Mark Ryland Microsoft Steve Schmidt Amazon Web Services Paul Sforza Department of Treasury John Shea Department of Defense Carl Staton Department of Energy Pat Stingley Department of the Interior George Strawn National Science Foundation Pete Tseronis Department of Energy William Turnbull Department of Energy Jeremy Warren Department of Justice

Gary Washington Office of Management and Budget Philip Wenger Office of Management and Budget Thomas Wiesner Department of Labor Steve Wright Department of Labor David Young Joyent

19

13.2 Attendee List Afternoon Session Ken Allen ACT-IAC Bert Armijo 3Tera Jere Carroll Dell Bill Coleman Cassatt Corporation Casey Coleman General Services Administration John DiCarlo Sun Microsystems Martha Dorris General Services Administration Seth Finkel ServerVault Rick Fleming Hewlett Packard Tim Grance National Institute Technology of Standards and Harel Kodesh EMC Vivek Kundra Office of Management and Budget Carmen Lannacone Smithsonian Institute Katie Lewin General Services Administration Sarah Lindenau ACT-IAC Harris Loeser GoGrid Pat Matthews RackSpace Peter Mell National Institute of Standards and Technology Michael Moomaw IBM Forrest Norrod Dell Kshemendra Paul Office of Management and Budget Timothy Pavlik IBM Matt Pfeil RackSpace Charles Piercy National Archives and Records Administration Michael Howell Office of Management and Budget Dave Hurry National Security Agency Shannon King EMC John Pozadzides Layered Tech Megan Price ACT-IAC Daniel Risacher Department of Defense

Margie Graves Department of Homeland Security Bruce Hart Terremark Jerry Horton Department of Agriculture

Akamai Technologies Dave Ryan Hewlett Packard Paul Sforza Department of Treasury John Shea Department of Defense Carl Staton Department of Energy Pat Stingley Department of the Interior George Strawn National Science Foundation John Summers Akamai Technologies Pete Tseronis Department of Energy William Turnbull Department of Energy Robbie Vann-Adibe 3Tera Bill Vass Sun Microsystems Jeremy Warren Department of Justice Gary Washington Office of Management and Budget Philip Wenger Office of Management and Budget Thomas Wiesner Department of Labor Annie Williams Terremark Steve Wright Department of Labor David Yoon

Potrebbero piacerti anche