Why it’s Hard to Handle Classified Data - Cloud Fundamentals
Amazon Web Services has raised vehement objections to our Department of Defense awarding a $10 billion cloud computing contract to Microsoft instead of to AWS.
Deploying classified DoD applications and data in the Cloud isn’t nearly as simple as deploying unclassified applications.?Even sophisticated financial organizations such as Capital One have suffered embarrassing leaks of valuable information.?The Capital One leak “only” cost money; military leaks could cost soldiers’ lives and even a war.
This series of articles explores some of the difficulties any cloud vendor faces in handling a large, diverse, global load of classified DOD information.?It explains fundamentals of cloud architecture and then discusses issues with networking and basic computer architecture.?This will show why it’s hard for any cloud vendor to guarantee the data protection which DoD demands.
Cloud Basics
Amazon’s “Service-Oriented Architecture” (SOA) means that a program running on any computer can call a “service” running on another computer.?An order entry computer can call an address service for a list of potential shipping addresses, for example, and another service can worry about getting money to pay for the order.
Not having to worry about a customer’s list of past shipping addresses or about money makes the order entry program smaller and easier to maintain, which is an important reason for microservice architecture.?It also means that if the address computer or the money computer fall behind, another computer can be configured to do the same task as the overloaded service and the order program which calls these services won’t know.?SOA works best when all the computers are on the same network, can find each other through a process known as “service discovery,” and when a load balancer can route each service request to the least loaded service computer.
The calling program doesn’t care which computer performs a service so long as it gets the right answer.?Amazon’s SOA allows their order fulfillment system to add computers to perform any service if the computers assigned to that service fall behind and shut down computers when a service isn’t need as much.
Order fulfillment has huge spikes of activity on Black Friday and in the weeks before Christmas.?One way to deal with peaks is to spread out the Black Friday ordering period, but Mr. Bezos insists that AWS always be able to handle any load, no matter how big it gets.?That requires lots of computers and clever software to decide when to turn services on and off.
Automatic service management means that AWS does not need enough computers dedicated to each service to handle peak demand on that service.?Since any service can run on any computer, their peak load is determined by the total load of all services combined rather than being driven by individual peaks of each service.?Order processing doesn’t use the same mix of services that Amazon business processes such as human resources need.?AWS can shut down less critical services during peak and use the computers for order processing where the money is.
Cloud Bullet Points
The Amazon order processing and fulfillment system consists of:
·??????A great many small software services such as searching for products, add to a shopping cart, display the cart, get shipping addresses, get money, etc.?The smaller services are, the faster new ones can be spun up, hence the term “microservices.”
·??????Many computers, any of which can run any service.?They can add computers to a service when the service is overloaded and shut them off when the load drops.
领英推荐
·??????A sophisticated communications network which lets all these computers talk to each other efficiently.
·??????Extremely twinkle-toed load management software which notices when a service is about to be overloaded and spins up more computers to help.?Equally important, the load manger knows when to shut down a service to save money by making the computer available for something else.
The better job the load manager does and the more effectively the designers divided the application into independent services, the fewer computers Amazon needs to handle peak loads.
Regions
As Amazon grew, AWS split into more or less independent regions which are spread apart so that a problem in one region could not take down the entire AWS network.?Regions are split into separate availability zones as explained in https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html.
You can put your software and data into as many zones and regions as you need to achieve fast enough service to wherever your customers are located and you can make as many copies as you need to protect yourself against hardware failure.?The more copies of your software and data you need the more money Amazon makes, of course.
Why AWS
I pointed out to a potential client that Mr. Bezos cares more about his cloud than other CEOs do.?If Oracle’s cloud goes down, revenue drops, but they get money from people who use their databases.?Microsoft customers all over the world pay the Microsoft Tax whether the Microsoft cloud runs or not.?If Mr. Bezos’ cloud goes down, his revenue stops that very picosecond because all of his revenue comes either in what customers pay to use his cloud or in what he sells through his cloud.
He cares more because he makes all of his money with the same cloud services he offers AWS customers.?Not only that, Amazon uses AWS far harder any other AWS customer so his load exercises his cloud the most.
One might argue that Google income depends on their cloud because it drives advertising revenue.?That’s true, but instead of being born to facilitate e-commerce and commercial computing as AWS was, Google’s cloud was born to search the internet and count mouse clicks on ads.?Their cloud is very good at doing that, but that’s such a specialized form of computing that keeping it working well doesn’t keep the commercial part of their cloud operating well.
To summarize, a cloud consists of hundreds or thousands of computers which are connected by a very high-speed, efficient network. These computers also run extremely sophisticated load management software which runs small service programs as needed to handle the specific load at any particular time.?There’s an art to designing services so that they’re small, independent, reliable, and can be changed without affecting other services, but cloud resources are cheap enough that it isn’t necessary to optimize too much for most use cases.
The next articles will discuss the cloud in more detail to explain why it would be difficult for AWS to meet DoD security requirements.
Harvard Business School -Finance. MIT-Engineering. Director Level Political Appointee. Ret Navy Captain. Utilities Superintendent. Real Estate & Securities Investment. Strategic Consulting
5 年As a former Navy Captain and manager of the Puget Sound Engineering Planning office, I am overwhelmed at the flexibly Bill described fro the Amazon system. It also displays much of the flexibility that DARPA was looking for in developing the basic internet. MICROSOFT will need to start at ground zero to get the data needs met for an active Military Secure Comcmunication system. When these systems need to eventually tie into the terabyte per sec needs of integrated battle system management of F35's and task force protection, the Amazon structure looks appealing.