Data & Analytics

Florida Agency for State Technology. Jason M. Allison, State CIO and Executive Director

Florida Agency for State Technology 4050 Esplanade Way Tallahassee, FL Tel: Rick Scott, Governor Jason M. Allison, State CIO and Executive Director January 15, 2016 The Honorable
of 20
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Florida Agency for State Technology 4050 Esplanade Way Tallahassee, FL Tel: Rick Scott, Governor Jason M. Allison, State CIO and Executive Director January 15, 2016 The Honorable Rick Scott, Governor State of Florida The Capitol 400 South Monroe Street Tallahassee, Florida The Honorable Andy Gardiner, President Florida Senate 409 The Capitol 404 South Monroe Street Tallahassee, Florida The Honorable Steve Crisafulli, Speaker Florida House of Representatives 420 The Capitol 402 South Monroe Street Tallahassee, Florida Dear Governor Scott, President Gardiner, and Speaker Crisafulli: Specific Appropriation 2920A of Chapter , Laws of Florida, requires the Agency for State Technology (AST) to contract with a third party consulting firm to conduct a study on the cloud readiness of certain applications hosted at the State Data Center. Proviso language requires the submission of a final report to the Governor, President of the Senate, and Speaker of the House of Representatives no later than January 15, The vendor completed the Cloud Readiness Study and provided findings to AST. AST analyzed the vendor s findings and provides recommendations for the management of state government applications in a manner that promotes orderly transition to cloud vendor environments in conformance with security and privacy requirements. If you have any questions or require any additional information, please contact Kristina Wiggins, by phone at (850) or by at Sincerely, Jason M. Allison State Chief Information Officer and Executive Director Agency for State Technology State of Florida, Agency for State Technology Cloud Readiness Assessment Executive Summary The Agency for State Technology's (AST) Cloud Readiness Study conducted by the consultancy firm Grant Thornton LLP analyzed the readiness of certain applications for a cloud migration. Based on the criteria for cloud readiness established by the Legislature in proviso language associated with Specific Appropriation 2920A of Chapter , Laws of Florida, there are no applications located in the State Data Center that may be categorized within that criteria as cloud ready. The consultants applied the legislative requirements to an assessment framework and studied 931 total applications for cloud readiness. Although the assessment did not identify any cloud ready applications, the methodologies and tools used to execute the assessment provided a repeatable framework for cloud readiness determinations that will aid AST in both future planning as well as the establishment of technology standards required by Chapter 282, Florida Statutes. Background Proviso language associated with Specific Appropriation 2920A of Chapter , Laws of Florida, directed AST to contract with a third party consulting firm to complete a study on the cloud readiness of certain applications housed at the State Data Center. A preliminary report, and then a final report (the study), is due to the Governor, President of the Senate, and Speaker of the House of Representatives, no later than December 1, 2015, and January 15, 2016, respectively. Specifically, the following proviso language was included: From the funds in Specific Appropriation 2920A, $2,500,000 of recurring funds from the Working Capital Trust Fund is provided to the Agency for State Technology to provide cloud computing services and $750,000 of nonrecurring general revenue funds is provided for the Agency for State Technology to contract with a third party consulting firm to complete in consultation with the State Data Center and the applicable state agency customers: (1) an assessment of the applications currently hosted at the State Data Center and (2) an implementation plan as described below. The scope of the assessment shall be limited to non-production applications residing on equipment over five years old that, with limited to no modifications, could be moved to an external service provider cloud solution. The assessment shall at a minimum include: (1) an analysis of each application s business need and criticality, baseline performance, technical architecture, and any potential risk associated with moving the application to an external service provider cloud solution; (2) a cost benefit analysis verifying that an external service provider cloud solution reduces data center costs while maintaining the same or improved levels of service; and (3) identification of the applicable federal and state security and privacy requirements that must be met. The assessment shall take into consideration the data and results of the study referenced in proviso associated with Specific Appropriation 1953A of chapter , Laws of Florida, and the operational assessment referenced in section 39 of chapter , Laws of Florida. The third party consulting firm shall also provide a detailed implementation plan that describes: (1) the process and criteria for migrating the cloud-ready applications to an external service provider cloud solution that complies with all applicable federal and state security and privacy requirements; (2) a recommended approach for migrating the cloud-ready applications production environments to an external service provider cloud solution; and (3) a recommended approach and associated costs, to include any transition costs, for addressing the applications that are not currently cloud-ready. The Agency for State Technology must submit a preliminary report of the results of the application assessment and implementation plan to the President of the Senate, the Speaker of the House of Representatives, and the Executive Office of the Governor s Office of Policy and Budget by December 1, 2015, and a final report by January 15, Based upon the final report of the application assessment, the Agency for State Technology may: (1) begin the migration of cloud-ready applications at the State Data Center to an external service provider cloud solution that complies with all applicable federal and state security and privacy requirements; and (2) continue providing computing services for applications that are not currently cloud-ready. The Agency for State Technology may put forth budget amendments pursuant to the provisions of chapter 216, Florida Statutes, to realign any part of the $2,500,000 of recurring funds from the Working Capital Trust Fund between appropriation categories in the State Data Center budget entity. In order to execute the assessment required by the proviso, AST issued a Request for Quote (RFQ) via the Information Technology Consulting (Project Area 1 Analysis & Design) state-term contract and the Management Consulting state-term contract. Four vendor responses were received: Grant Thornton LLP, KPMG LLP, Mainline Information Systems, and Aptuity Solutions. Letters of no bid were received from EMC and Gartner Consulting. Following an evaluation by three senior AST technical managers, Grant Thornton LLP was selected as the consultancy firm to execute the assessment. A purchase order was issued on August 27, 2015, via the Management Consulting state-term contract. Application Assessment - Process and Framework Summary One of the primary goals of the application assessment is to determine which applications currently housed in the State Data Center are capable of being moved to a third-party, infrastructure-as-a-service (IaaS) cloud solution. The assessment was conducted within the framework directed in proviso. The framework provided a clear definition of the assessment scope as well as the requirements for determining each application s cloud-readiness. The assessment process followed the sequential steps defined within the proviso framework. Once scope compliance requirements were determined, the process followed the assessment steps identified below. Applications were eliminated from consideration at the first assessment step where the application failed to achieve compliance. There were no in-scope applications that made it to the cost-benefit analysis step; all were eliminated before reaching that point. 1. Scope Limited to applications on hardware greater than five years old, located in the State Data Center, and with non-production environments. 2. Cloud Readiness Assessment a. Privacy/Security Requirements Can the application meet all applicable privacy/security requirements in a cloud solution? January 15, 2016 Page 2 of 7 b. Technical Architecture Is the application designed in a way that a cloud solution is available? Based on the application s architecture, what amount of modification is necessary to enable cloud readiness? c. Performance If moved to a cloud solution, will the application perform with equal or better performance? d. Cost-Benefit Analysis Does moving the application to a cloud solution result in a cost savings to the state? As directed by proviso, the consultants began by analyzing the disaster recovery study completed by Excipio Consulting to identify the initial population of applications for assessment. This study, completed in 2013, identified the disaster recovery needs and business criticality for 936 applications. Grant Thornton LLP began surveying agencies to obtain more information about these known applications and to discover any applications that were not identified by Excipio. Multiple iterations of the survey were necessary, with responses required from the application administrators, programming teams, application owners, desktop administrators, and the Chief Information Officer of each agency. These surveys formed the basis for determining applications that were in-scope and provided general information to begin classifying applications within the assessment framework. Through analysis of the surveys, and in consultation with the State Data Center, the consultants identified applications running on hardware that is newer than five years old. Additionally, the surveys provided agency security and privacy requirements associated with the applications. Criminal Justice Information Services (CJIS) applications were eliminated from further consideration because a cloud solution for applications that process, transmit or store CJIS data has not been approved by the Florida Department of Law Enforcement (FDLE). Following the survey analysis, remaining applications required an architectural assessment and agencies were asked to participate in testing the applications. This testing consisted of exercising the application to allow a tool (ExtraHop) to create a map of the application components and their dependencies. The tool monitored application communications on the network and, through data packet analysis, produced a map of the components comprising the application. This provided the information necessary to determine if the applications to be assessed met the requirements for the existing technical architecture to migrate into a cloud environment. The next stage of the framework required an analysis of the performance of the application. This testing was conducted by agencies exercising the application from a workstation located in the cloud. This approach simulates the performance of an application that has been migrated to the cloud. In addition, a tool called WANEm was used to simulate network latency (the time elapsed between the moment that the source sends a data packet and the destination receives it) between components that could be moved to the cloud and components that could not move. The amount of simulated latency was equivalent to the amount of latency on a connection between state agencies in Tallahassee and a major third party IaaS cloud provider. No application that reached this stage of the assessment was able to maintain equal or better performance with the inclusion of additional latency. Lessons Learned From the Cloud Readiness Study The cost savings associated with cloud services are based on large-scale, shared use of commoditized application components and services. Anything that can be shared, such as hardware, network, operating systems, application administration tools, as well as entire applications that are designed for January 15, 2016 Page 3 of 7 multi-tenant shared use (i.e., multiple customers using the same computing environment, such as Salesforce or Office 365), are available for consumption as needed. The economies of scale within cloud services have the ability to significantly reduce costs, provided that the applications are designed to leverage these shared services. Unfortunately, due to age and complex interdependencies, most existing state applications require software re-engineering to enable the eventual realization of cost savings from using cloud services. As found during this study, legacy hardware dependencies excluded many applications from a migration to the cloud. For other applications, programming methodologies and the age of the protocols used resulted in applications that could not function after a cloud migration. Further, some applications modern enough to function in the cloud had shared components and integration dependencies with applications that were not capable of functioning in the cloud, preventing their migration as well. The outcomes are not unusual. The older, more complex and interdependent the application, the lower the probability that it can be moved to the cloud without changes, the higher the migration costs, and the less that can be saved by migrating. Conversely, modern, modular, and actively-developed systems designed to function in the cloud will have the lowest cost and risk to migrate, and produce the greatest savings once migrated. The lesson illustrated by this study is that the value proposition for the cloud is not about less expensive hardware, but about leveraging applications that can take advantage of the cloud. Life Before Cloud In the very recent past, the only way to support the development of an application was to purchase and install equipment and services. The equipment necessary to support the application typically had a life span of five to ten years. As a result, it would be necessary to calculate the needs of the application, including growth and future features, for the entire life span of the equipment. If the estimate is calculated incorrectly and the equipment is too large for the growth of the application, a portion of the investment is underutilized. However, if the calculation results in equipment that is undersized for the growth, then the consequences are far more severe. Undersized hardware results in poor performance, many lost staff hours attempting to optimize the application, and emergency funding requests to augment the undersized hardware. Consequently, the equipment specifications are aligned with the high estimates of the projected application needs to ensure that crisis situations are avoided and future flexibility is retained. In order to minimize waste and leverage the utility of the unused capacity set aside for growth, multiple applications were often consolidated to use the same equipment and software licenses. Further, noncritical application components used for development could also use any excess resources to further reduce costs. The idea that consolidation could increase efficiency was so compelling that the Legislature required agencies to consolidate equipment and resources within a shared State Data Center to further achieve economies of scale through the sharing of equipment and licenses. The outcome of leveraging unused capacity to optimize economies of scale during consolidation has compounded complexities and led to an application environment where many of the dependencies within applications overlap. January 15, 2016 Page 4 of 7 The Cloud Readiness Study The question at the heart of the study was straightforward: What applications can go to the cloud easily ( with limited or no modifications ), for no additional cost (by validating that cloud reduces data center costs ) without compromising performance or security? Based on the scope of the study we now know the answer to that question is that there are none. Due to this outcome, one could conclude that the study somehow failed to meet its objectives and that the effort and budget were wasted. This conclusion fails to recognize the value of removing flawed assumptions that may have been used to guide future cloud migration efforts. One such assumption is that the cost savings of a cloud migration are immediately available without an investment in application modifications. Instead, the goals of a cloud migration must remain permanently changed from an easy way to save money without significant investment, into an opportunity to efficiently leverage cloud services in the scope of an application implementation, replacement, or upgrade. When the Cloud is the Right Answer to a Different Question Economies of scale define the value proposition of the cloud. As a result, the cloud has grown to support the most commonly used, widely deployed, modern technologies that can be consumed by the broadest array of consumers. Although cloud solutions are maturing rapidly and are continuously adding features to expand their scope, the high degree of specialization and customization often found in systems developed for the state are contrary to the business model of cloud services. Cloud services require compromise. First and foremost, everything in the cloud must be virtual. If a physical device is necessary, then it must be addressable over the network instead of connected to the server. An example would be a voice-over-ip (VoIP) phone line instead of a physical phone line. Second, all cloud services must be designed to function with the inherent latency and bandwidth limitations of Internet traffic. The design architecture of applications must change as well. The idea of a large, powerful server to handle the load of a high volume application has now been replaced by the concept of many small servers working together cooperatively to scale larger than any single server could. Similarly, storage that previously required powerful, centralized storage arrays can now grow nearly infinitely through the distribution of files across many small repositories that are replicated to multiple locations instead of backed up to avoid failures that could result in data loss. The Opportunities Florida is home to a rapidly growing economy which is increasingly demanding convenient access to agency services from smartphones and other devices that are easily accessible and affordable. While there are great examples of services provided to citizens from agencies using these devices, the visual presentation of these services is not consistent, and the depth and breadth of services available from each agency varies considerably. Perhaps due to several high profile technology project issues, the idea of investing in technology services and staff is still approached as high risk. Although there is no lack of opportunity when it comes to technology, the reality is that the single largest issue preventing cloud computing adoption in the State of Florida is the long-term lack of significant investment in information technology resources, January 15, 2016 Page 5 of 7 including the modernization of applications to take advantage of cloud technologies. This lack of investment, induced by inexpedient time horizons for obtaining a return on the investments, does not permit the state s primary business applications to take advantage of new technology opportunities and impacts the services provided to the citizens by the State of Florida. If applications are treated as expense centers to be managed, instead of assets to be cared for, it results in a backlog of necessary improvements and unmet business needs. This technology debt is an accumulation of short-term cost savings that manifests itself in the future through increased costs when adding features, sourcing staff and expertise to maintain the system, as well as the costs to remediate the application to take advan
Similar documents
View more...
Related Search
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks