Click here to close now.


Microservices Expo Authors: Lori MacVittie, Pat Romanski, Jason Bloomberg, Elizabeth White, Yeshim Deniz

Blog Feed Post

INSA Publishes White Paper on Intelligence Community Information Technology Enterprise


Insa_clearThe Intelligence and National Security Alliance (INSA) has released a white paper documenting the vision and approach for enhancing enterprise information technology in support of intelligence and national security missions. This paper, titled  ”Doing in Common What Is Commonly Done” provides insights based on interviews of government leaders including CIOs, CTOs and other agency leadership.

The goal of the IC ITE approach is to move to an IT posture that is more integrated and service based (with 10 common service offerings across the IC for primary IT functions). IC level portfolio management will also be done enabling IT decisions to be made by more informed IT leaders across the enterprise. And enhancements will be made to the IC enterprise IT acquisition process, including more centralized and synchronized IT acquisition and more progressive models for procurement (like SOA and Agile instead of typical procurement).

From the paper:


The IC ITE focuses on greater integration, information security, and information sharing while seeking substantial cost reductions through shared infrastructure and service models. The IC recognizes that each agency has particular strengths or core competencies that can be better leveraged by designating IC elements to act as Service Providers for specific capabilities for the entire Community. The DNI designates the IC Service Providers who are responsible for determining investment requirements and using their respective acquisition and contract authorities to execute their IC ITE responsibilities. Currently identified common services and their respective providers include: the Desktop Environment, DIA and NGA; IC Cloud Services, NSA and CIA; Applications Mall, NSA; and Applications Stores, all agencies.

The IC ITE will be delivered in increments with Increment 1 (Initial Operating Capability, or – IOC) in FY13 and achievement of Full Operating Capability (FOC) planned in FY18. Increments for the IC ITE will include all activities required to plan for and implement IC ITE services, including scaling services across the IC enterprise, transitioning relevant legacy data and applications, and retiring legacy capabilities as appropriate. The initial IC ITE services focus on delivery of a common IC desktop, common back office tools, broader and standardized access to analytic tools and applications, and data-centric computing using complementary government-developed and commercial cloud architectures. Development of Increment 1 began in 2012 and ultimately intends to deliver enterprise capabilities for the IC Cloud Environment, the IC Desktop Environment, and the IC Applications Mall services. Future increments propose to deliver additional ITE services and capabilities based on mission needs, and will further define/refine governance, cost recovery business models, and additional efficiency opportunities. In five years, the IC expects all agencies to be leveraging this shared services platform with each providing or paying for enterprise services. This baseline platform and new Community IT ecosystem is expected to enable and encourage innovation to occur and to spread rapidly.

For industry, especially the IT vendors, one of the most important paragraphs follows:

The IC will lean heavily on industry to conduct R&D on enterprise solutions – COTs technology will likely predominate. Acquisition will be deliberate to provide some stability in enabling organized change. Outsourcing may be considered as long as vendors can meet service needs on a sustainable basis without sacrificing mission agility. Vendors depending on revenue streams from cost-prohibitive long-term license fees will likely find themselves disadvantaged as the IC ITE moves forward. Integrators who specialize in specific agencies may also be disadvantaged when the IC is seeking enterprise-wide solutions.

I encourage all technologists from all enterprises, even totally commercial enterprises, to review this INSA document for lessons learned for your particular organization. And for those who serve the national security community I encourage you to read closely both so you can see what is coming next and so you can provide input where you think it is necessary.

I have heard from IC IT leaders directly on this activity, and they genuinely want continued feedback. I’m working up thoughts for IC leaders myself on this. My inputs so far will probably be minor but my view is I must show friends in government that I care so I will provide input. I encourage you to do that as well.

One piece of input I’ll publicly state just for continued dialog: I found this summary of IC ITE views and vision to be overly simplistic in how “industry” is thought of. I think that may be because most IC CIOs and CTOs come from life-long careers in government. Or maybe it is because the document is just a summary and it doesn’t reflect the real nuanced views of IC IT leadership. But to try to summarize all that is not government under the term “industry” just falls flat with me. In the views of many who were interviewed for this summary, there is the government and there are vendors and it is that black and white. In the real nuanced world, there are many segments to American industry and to assume they are all the same weakens your ability to work with and influence and get the best from these many segments.

When it comes to IT, a useful segmentation of “industry” for national security decision makers might be: Systems Integrators, Service Companies/Consultancies and IT Vendors. Considering “industry” this way instead of as just one big blob can help inform and produce a more impactful strategy.

Here is how this sort of segmentation of IT related firms might look:

  • Systems Integrators (SIs): Northrop Grumman, Lockheed Martin, Boeing, SAIC, Raytheon, CSC, Harris, GD
  • Services Companies and Consultancies: the SIs do some of this but many firms specialize here, including CACI, BAH, ManTech, Camber, the FFRDC (Mitre, Aerospace) and many others
  • IT vendors: Microsoft, IBM, Oracle, Google, Amazon, Cisco, SAP, HP, EMC, RedHat, Cloudera, Thetus, MarkLogic, Cleversafe, Terracotta, Fixmo, Recorded Future, Sitscape, Triumfant, Invincea, WayIn, etc etc.

I’d be the first to admit this segmentation of the IT industry is not perfect (some companies do not fit this model), but it has a bit more fidelity than lumping all industry into one term, and if it were used in the IC ITE it would allow a more meaningful expression of intent. For example, the INSA articulation of the IC ITE makes it seem that the IC views all of industry as traditionally embedding themselves in an IC element for years to provide all holistic IT support. Clearly this is not talking about all of industry, it must refer to the systems integrators. In other parts it talks of industry needing to change software license models. This makes more sense if it is aimed at the IT vendors segment, not services firms and usually not systems integrators.  And portions which talk about the need for new educational and training for commercial workforces are probably focused on the Service companies. Lumping all kinds of industry serving IC IT needs into one term is sub optimal for many reasons which I will leave to readers to consider.

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley, former CTO of the Defense Intelligence Agency (DIA), is Founder and CTO of Crucial Point LLC, a technology research and advisory firm providing fact based technology reviews in support of venture capital, private equity and emerging technology firms. He has extensive industry experience in intelligence and security and was awarded an intelligence community meritorious achievement award by AFCEA in 2008, and has also been recognized as an Infoworld Top 25 CTO and as one of the most fascinating communicators in Government IT by GovFresh.

@MicroservicesExpo Stories
For it to be SOA – let alone SOA done right – we need to pin down just what "SOA done wrong" might be. First-generation SOA with Web Services and ESBs, perhaps? But then there's second-generation, REST-based SOA. More lightweight and cloud-friendly, but many REST-based SOA practices predate the microservices wave. Today, microservices and containers go hand in hand – only the details of "container-oriented architecture" are largely on the drawing board – and are not likely to look much like S...
Despite all the talk about public cloud services and DevOps, you would think the move to cloud for enterprises is clear and simple. But in a survey of almost 1,600 IT decision makers across the USA and Europe, the state of the cloud in enterprise today is still fraught with considerable frustration. The business case for apps in the real world cloud is hybrid, bimodal, multi-platform, and difficult. Download this report commissioned by NTT Communications to see the insightful findings – registra...
Manufacturing has widely adopted standardized and automated processes to create designs, build them, and maintain them through their life cycle. However, many modern manufacturing systems go beyond mechanized workflows to introduce empowered workers, flexible collaboration, and rapid iteration. Such behaviors also characterize open source software development and are at the heart of DevOps culture, processes, and tooling.
Any Ops team trying to support a company in today’s cloud-connected world knows that a new way of thinking is required – one just as dramatic than the shift from Ops to DevOps. The diversity of modern operations requires teams to focus their impact on breadth vs. depth. In his session at DevOps Summit, Adam Serediuk, Director of Operations at xMatters, Inc., will discuss the strategic requirements of evolving from Ops to DevOps, and why modern Operations has begun leveraging the “NoOps” approa...
Between the compelling mockups and specs produced by analysts, and resulting applications built by developers, there exists a gulf where projects fail, costs spiral, and applications disappoint. Methodologies like Agile attempt to address this with intensified communication, with partial success but many limitations. In his session at DevOps Summit, Charles Kendrick, CTO and Chief Architect at Isomorphic Software, will present a revolutionary model enabled by new technologies. Learn how busine...
DevOps has often been described in terms of CAMS: Culture, Automation, Measuring, Sharing. While we’ve seen a lot of focus on the “A” and even on the “M”, there are very few examples of why the “C" is equally important in the DevOps equation. In her session at @DevOps Summit, Lori MacVittie, of F5 Networks, will explore HTTP/1 and HTTP/2 along with Microservices to illustrate why a collaborative culture between Dev, Ops, and the Network is critical to ensuring success.
The APN DevOps Competency highlights APN Partners who demonstrate deep capabilities delivering continuous integration, continuous delivery, and configuration management. They help customers transform their business to be more efficient and agile by leveraging the AWS platform and DevOps principles.
Containers are changing the security landscape for software development and deployment. As with any security solutions, security approaches that work for developers, operations personnel and security professionals is a requirement. In his session at @DevOpsSummit, Kevin Gilpin, CTO and Co-Founder of Conjur, will discuss various security considerations for container-based infrastructure and related DevOps workflows.
Overgrown applications have given way to modular applications, driven by the need to break larger problems into smaller problems. Similarly large monolithic development processes have been forced to be broken into smaller agile development cycles. Looking at trends in software development, microservices architectures meet the same demands. Additional benefits of microservices architectures are compartmentalization and a limited impact of service failure versus a complete software malfunction....
With containerization using Docker, the orchestration of containers using Kubernetes, the self-service model for provisioning your projects and applications and the workflows we built in OpenShift is the best in class Platform as a Service that enables introducing DevOps into your organization with ease. In his session at DevOps Summit, Veer Muchandi, PaaS evangelist with RedHat, will provide a deep dive overview of OpenShift v3 and demonstrate how it helps with DevOps.
The last decade was about virtual machines, but the next one is about containers. Containers enable a service to run on any host at any time. Traditional tools are starting to show cracks because they were not designed for this level of application portability. Now is the time to look at new ways to deploy and manage applications at scale. In his session at @DevOpsSummit, Brian “Redbeard” Harrington, a principal architect at CoreOS, will examine how CoreOS helps teams run in production. Attende...
IT data is typically silo'd by the various tools in place. Unifying all the log, metric and event data in one analytics platform stops finger pointing and provides the end-to-end correlation. Logs, metrics and custom event data can be joined to tell the holistic story of your software and operations. For example, users can correlate code deploys to system performance to application error codes.
Containers are revolutionizing the way we deploy and maintain our infrastructures, but monitoring and troubleshooting in a containerized environment can still be painful and impractical. Understanding even basic resource usage is difficult - let alone tracking network connections or malicious activity. In his session at DevOps Summit, Gianluca Borello, Sr. Software Engineer at Sysdig, will cover the current state of the art for container monitoring and visibility, including pros / cons and li...
As the world moves towards more DevOps and microservices, application deployment to the cloud ought to become a lot simpler. The microservices architecture, which is the basis of many new age distributed systems such as OpenStack, NetFlix and so on, is at the heart of Cloud Foundry - a complete developer-oriented Platform as a Service (PaaS) that is IaaS agnostic and supports vCloud, OpenStack and AWS. In his session at 17th Cloud Expo, Raghavan "Rags" Srinivas, an Architect/Developer Evangeli...
In their session at DevOps Summit, Asaf Yigal, co-founder and the VP of Product at, and Tomer Levy, co-founder and CEO of, will explore the entire process that they have undergone – through research, benchmarking, implementation, optimization, and customer success – in developing a processing engine that can handle petabytes of data. They will also discuss the requirements of such an engine in terms of scalability, resilience, security, and availability along with how the archi...
In a report titled “Forecast Analysis: Enterprise Application Software, Worldwide, 2Q15 Update,” Gartner analysts highlighted the increasing trend of application modernization among enterprises. According to a recent survey, 45% of respondents stated that modernization of installed on-premises core enterprise applications is one of the top five priorities. Gartner also predicted that by 2020, 75% of
DevOps Summit at Cloud Expo 2014 Silicon Valley was a terrific event for us. The Qubell booth was crowded on all three days. We ran demos every 30 minutes with folks lining up to get a seat and usually standing around. It was great to meet and talk to over 500 people! My keynote was well received and so was Stan's joint presentation with RingCentral on Devops for BigData. I also participated in two Power Panels – ‘Women in Technology’ and ‘Why DevOps Is Even More Important than You Think,’ both ...
The web app is agile. The REST API is agile. The testing and planning are agile. But alas, data infrastructures certainly are not. Once an application matures, changing the shape or indexing scheme of data often forces at best a top down planning exercise and at worst includes schema changes that force downtime. The time has come for a new approach that fundamentally advances the agility of distributed data infrastructures. Come learn about a new solution to the problems faced by software organ...
All we need to do is have our teams self-organize, and behold! Emergent design and/or architecture springs up out of the nothingness! If only it were that easy, right? I follow in the footsteps of so many people who have long wondered at the meanings of such simple words, as though they were dogma from on high. Emerge? Self-organizing? Profound, to be sure. But what do we really make of this sentence?
There once was a time when testers operated on their own, in isolation. They’d huddle as a group around the harsh glow of dozens of CRT monitors, clicking through GUIs and recording results. Anxiously, they’d wait for the developers in the other room to fix the bugs they found, yet they’d frequently leave the office disappointed as issues were filed away as non-critical. These teams would rarely interact, save for those scarce moments when a coder would wander in needing to reproduce a particula...