ISA 301 Advanced Enterprise Information Systems Acquisition Instructor Support Package Lesson / Activity Plan Cover Unit of Instruction (UOI) - Lesson/Activity Plan(s) (Instructions/Guide) Course ID: ISA 301 Course Title: Advanced Enterprise Information Systems Acquisition Unit of Instruction #: Lesson 08 Unit of Instruction Title: Cloud Services Prepared By: Sterling Mullis, Lesson Owner (703) 805 5246   UNIT OVERVIEW – In the space provided, provide a brief description of the unit design, intent and how it supports or fits into the course. This UOI is composed of: One Lesson/Activity Plans and three group exercises. The last group exercise is evaluated as part of the course assessment strategy. The first two “mini-exercises” may be completed informally with group answers recorded on whiteboard or butcher paper. The final exercise should be briefed by students from a powerpoint presentation. Three documents support this lesson: 1. Student View graphs (SVG) 2. Instructor view that include the notes pages which constitute the ISP 3. The two articles, one GAO report, and one IG report from the Veterans Administration TLO(s) COVERED – TLO 31.101.1 Given an IT acquisition scenario, evaluate the effectiveness of the cloud services solution Major Takeaways: Cloud Services are beneficial because they are: Fast, Flexible, and Economical Cloud Services deployment and service models provide DOD the opportunity to tailor IT services to its needs. Currently, the DOD is using a 3 tiered approach to Cloud Services OMB has developed key practices associated with cloud Service Level Agreements (SLA) and the implementation has been uneven across the Fed Govt Two areas of particular risk and concern are COOP and Vendor exit strategies Cloud Services acquisition requires the skilled application of accepted program management and contracting practices and policies in order to be effective. Application of the OMB key practices for SLAs also contribute to effective Cloud Service implementations ISA 301 Advanced Enterprise Information Systems Acquisition

Lesson 08 Cloud Services Lesson / Activity Plan Feedback for CM/LD if you find errors or have suggestions for improvement: Email Sterling at sterling.mullis@dau.mil CC your CMRR. LESSON/ACTIVITY DETAILS Planned Academic Time Required: 210 minutes . The time for this lesson/activity plan is broken out as follows Instructor-facilitated Discussion 60 minutes Classroom Exercises 70 minutes Group Work 0 minutes Presentations 50 minutes Assessments 0 minutes Planned Breaks 30 minutes (includes time planned at the end of this lesson/activity) Support Requirements: Must be reflected in the POI. List all that apply to this lesson/activity. Equipment Required/Desired (NOTE: Need Required and Desired) COMPUTERS Required: Instructor, Computer Projection Capability, One computer per Student, Classroom Printer, Team Whiteboards, Internet Access Desired: Software/Related and Hardware Required/Desired Required: BB/ATLAS interface, MS Office Suite, adobe reader Desired: NA Facilities Required: Standard Classroom; # 0 Break Out Rooms Support Requirements Not identified above: None INSTRUCTOR PREPARATION Supporting Materials and Location (Type, Ref, Description or Identification) The articles required for the exercise sequence are found in the Exercise Folder: “DISA Lessons Learned Cloud App Migration” “DOD Three-Tiered Approach to Cloud Computing” “GAO – Cloud Key Practices April 2016 – Excerpt” “VA Cloud Computing Report VAOIG-15-02189-336” Reference Material and location (Type and Description or Identification) In the Lesson References Folder the instructors and students will find: The DOD Cloud Strategy The Cloud Security Requirements Guide DOD Cloud Policy Memo Full GAO report on Key Practices STUDENT PREPARATION Required Student Preparation N/A Lesson Owner Comments The lesson is designed so that there is a quick review of basic terms and concepts followed by group and class discussions on the state of practice with the DOD and Federal Government. Suggest you make it clear that for the final exercise on the VA IG Cloud Implementation Report that you emphasize the need for a formal presentation either via PowerPoint (preferred) or butcher paper. 30 minutes on review 45 minutes key practices part 1 (30 minutes to read and discuss as team, 15 minutes for class discussion) 45 minutes key practice part 2 (30 minutes to read and discuss as team, 15 minutes for class discussion) 90 minutes (60 minutes to read and prepare – 30 minutes to brief)

Today we will learn to: Given an IT acquisition scenario, evaluate the effectiveness of the cloud services solution SLIDE INFORMATION******** Method Employed: Facilitated Lecture Supporting TLO/ELOs ID: TLO 31.101.1 Given an IT acquisition scenario, evaluate the effectiveness of the cloud services solution Key Reference(s): NA SVG Slide# 3 Total Lesson Time: 210 minutes Lesson Instructor-facilitated Discussion: 60 minutes Classroom Exercises: 150 minutes Slide Time Required: 3 mins Major Takeaways (MT): Cloud Services are beneficial because they are: Fast, Flexible, and Economical Cloud Services deployment and service models provide DOD the opportunity to tailor IT services to its needs. Currently, the DOD is using a 3 tiered approach to Cloud Services OMB has developed key practices associated with cloud Service Level Agreements (SLA) and the implementation has been uneven across the Fed Govt Two areas of particular risk and concern are COOP and Vendor exit strategies Cloud Services acquisition requires the skilled application of accepted program management and contracting practices and policies in order to be effective. Application of the OMB key practices for SLAs also contribute to effective Cloud Service implementations Learning Points (LP): Note to Instructors (Q&As; Guidance for Slide): Cloud Computing

Why Cloud Lesson Plan Cloud Basics Review Emerging Approaches, Lessons Learned and Key Practices Veterans Administration Cloud Implementation Case Summary SLIDE INFORMATION******** Method Employed: Transition Supporting TLO/ELOs ID: TLO 31.101.1 Given an IT acquisition scenario, evaluate the effectiveness of the cloud services solution Reference(s): NA ******** SVG Slide# 4 IVG# 4 Total Lesson Time: 210 minutes Lesson Instructor-facilitated Discussion: 60 minutes Classroom Exercises: 150 minutes Slide Time Required: 3 min Major Takeaways (MT): Learning Points (LP): Note to Instructors (Q&As; Guidance for Slide): Transition to topic area Cloud Computing

Economical Flexible Fast Why Cloud? SLIDE INFORMATION******** Method Employed: Content Supporting TLO/ELOs ID: TLO 31.101.1 Given an IT acquisition scenario, evaluate the effectiveness of the cloud services solution Reference(s): GAO Report: GAO-16-325 ******** SVG Slide# 5 IVG# 5 Total Lesson Time: 210 minutes Lesson Instructor-facilitated Discussion: 60 minutes Classroom Exercises: 150 minutes Slide Time Required: Major Takeaways (MT): Cloud Services are beneficial because they are: Fast, Flexible, and Economical Learning Points (LP): Note to Instructors (Q&As; Guidance for Slide): This slide builds. Start with the question: “Why Cloud?” or “Why is the DOD moving forward with more Cloud Services implementations?” Let the students answer…typical answers include: cheaper, faster, easier to expand and contract, or just “we are told to”. Note that cloud may not be the cheapest solution. Economical Flexible Fast (OMB – as cited by GAO in GAO-16-325) Cloud Computing

Cloud Basics Review Lesson Plan Why Cloud Emerging Approaches, Lessons Learned and Key Practices Veterans Administration Cloud Implementation Case Summary SLIDE INFORMATION******** Method Employed: Transition Supporting TLO/ELOs ID: TLO 31.101.1 Given an IT acquisition scenario, evaluate the effectiveness of the cloud services solution Reference(s): NA ******** SVG Slide# 4 IVG# 4 Total Lesson Time: 210 minutes Lesson Instructor-facilitated Discussion: 60 minutes Classroom Exercises: 150 minutes Slide Time Required: 3 min Major Takeaways (MT): Learning Points (LP): Note to Instructors (Q&As; Guidance for Slide): Transition to topic area Cloud Computing

Official DoD Definition of Cloud Computing Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. SLIDE INFORMATION******** Method Employed: Content Supporting TLO/ELOs ID: TLO 31.101.1 Given an IT acquisition scenario, evaluate the effectiveness of the cloud services solution Reference(s): NIST SP 800-145 ******** SVG Slide# 7 IVG# 7 Total Lesson Time: 210 minutes Lesson Instructor-facilitated Discussion: 60 minutes Classroom Exercises: 150 minutes Slide Time Required: Major Takeaways (MT): Cloud Services are beneficial because they are: Fast, Flexible, and Economical Learning Points (LP): Note to Instructors (Q&As; Guidance for Slide): Slide is just basic definition…connect the definition to the expectations of Fast, Flexible and Economical (rapidly, minimal management, pooled resource) The National Institute of Standards and Technology (NIST) definition of Cloud Computing (NIST 800-145) is the official DoD definition. Note 1: Cloud computing is still an evolving paradigm. Its definitions, use cases, underlying technologies, issues, risks, and benefits will be refined in a spirited debate by the public and private sectors. These definitions, attributes, and characteristics will evolve and change over time. Note 2: The cloud computing industry represents a large ecosystem of many models, vendors, and market niches. This definition attempts to encompass all of the various cloud approaches. NIST Special Publication 800-145 Cloud Computing

The Composition of the Cloud The “Cloud” is composed of five essential characteristics, three service models, four deployment models SLIDE INFORMATION******** Method Employed: Content Supporting TLO/ELOs ID: TLO 31.101.1 Given an IT acquisition scenario, evaluate the effectiveness of the cloud services solution Reference(s): NIST SP 800-145 ******** SVG Slide# 8 IVG# 8 Total Lesson Time: 210 minutes Lesson Instructor-facilitated Discussion: 60 minutes Classroom Exercises: 150 minutes Slide Time Required: Major Takeaways (MT): Cloud Services deployment and service models provide DOD the opportunity to tailor IT services to its needs. Learning Points (LP): 1. The five “essential” characteristics are, in fact, essential…an offering must have them to be considered a “cloud service” Note to Instructors (Q&As; Guidance for Slide): This is a section overview slide. The next 3 slides go through the characteristics, service models and deployment models Key Points: Key Questions to Ask and Anticipated Answers: Terms \ Definitions \ Acronyms: NIST Special Publication 800-145 Cloud Computing

5 Essential Cloud Characteristics According to the NIST Special Publication 800-145, the Cloud model is composed of five essential characteristics: On-demand self-service Broad network access Resource pooling Location independence Rapid elasticity Measured service SLIDE INFORMATION******** Method Employed: Content Supporting TLO/ELOs ID: TLO 31.101.1 Given an IT acquisition scenario, evaluate the effectiveness of the cloud services solution Reference(s): NIST SP 800-145 ******** SVG Slide# 9 IVG# 9 Total Lesson Time: 210 minutes Lesson Instructor-facilitated Discussion: 60 minutes Classroom Exercises: 150 minutes Slide Time Required: Major Takeaways (MT): Cloud Services deployment and service models provide DOD the opportunity to tailor IT services to its needs. Learning Points (LP): 1. The five “essential” characteristics are, in fact, essential…an offering must have them to be considered a “cloud service” Note to Instructors (Q&As; Guidance for Slide): This is a section overview slide. The next 3 slides go through the characteristics, service models and deployment models Key Points: Key Questions to Ask and Anticipated Answers: Terms \ Definitions \ Acronyms: NIST Special Publication 800-145 Cloud Computing

The 3 Cloud Service Models Infrastructure as a Service (IaaS) Compute, storage, and networking capability Platform as a Service (PaaS) Deploy customer-created applications to a cloud Software as a Service (SaaS) Use provider’s applications over a network SLIDE INFORMATION******** Method Employed: Content Supporting TLO/ELOs ID: TLO 31.101.1 Given an IT acquisition scenario, evaluate the effectiveness of the cloud services solution Reference(s): NIST SP 800-145 ******** SVG Slide# 10 IVG# 10 Total Lesson Time: 210 minutes Lesson Instructor-facilitated Discussion: 60 minutes Classroom Exercises: 150 minutes Slide Time Required: Major Takeaways (MT): Cloud Services deployment and service models provide DOD the opportunity to tailor IT services to its needs. Learning Points (LP): 1. The five “essential” characteristics are, in fact, essential…an offering must have them to be considered a “cloud service” Note to Instructors (Q&As; Guidance for Slide): Consider asking students if they are currently involved in acquiring cloud services, which service model they are using and why Key Points: Key Questions to Ask and Anticipated Answers: Consider asking students if they are currently involved in acquiring cloud services, which model they are using and why Terms \ Definitions \ Acronyms: Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly select networking components (e.g., firewalls, load balancers). Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created applications using programming languages and tools supported by the provider (e.g., java, python, .Net). The consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, or storage, but the consumer has control over the deployed applications and possibly application hosting environment configurations. Software as a Service (SaaS). The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure and accessible from various client devices through a thin client interface such as a Web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. Cloud Computing

The 4 Cloud Deployment Models Cloud services can be deployed in different ways depending on the customer’s specific needs, such as security, privacy, and cost. Public cloud Private cloud Community cloud Hybrid cloud SLIDE INFORMATION******** Method Employed: Content Supporting TLO/ELOs ID: TLO 31.101.1 Given an IT acquisition scenario, evaluate the effectiveness of the cloud services solution Reference(s): NIST SP 800-145 ******** SVG Slide# 10 IVG# 10 Total Lesson Time: 210 minutes Lesson Instructor-facilitated Discussion: 60 minutes Classroom Exercises: 150 minutes Slide Time Required: Major Takeaways (MT): Cloud Services deployment and service models provide DOD the opportunity to tailor IT services to its needs. Learning Points (LP): Note to Instructors (Q&As; Guidance for Slide): Consider asking students if they are currently involved in acquiring cloud services, which deployment model they are using and why Key Points: Key Questions to Ask and Anticipated Answers: Terms \ Definitions \ Acronyms: Private cloud. The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises. Community cloud. The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises. Public cloud. The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider. Hybrid cloud. The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds). MT 14.1 The [Public] cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider. Public cloud infrastructures operate in a multi-tenant environment whose resources are allocated for the general public. Security and privacy concerns are heightened with public clouds because any individual or organization can potentially access the same cloud infrastructure. Only DoD information that has been approved for public release should be placed on a public facing website. MT 14.2 The [Private] cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises. Private cloud infrastructures are operated only for an individual organization (single-tenant). The organization can leverage the scalability and performance aspects of cloud computing, but the infrastructure is isolated from that of other organizations, improving security and privacy. Because of their specialized nature, private clouds could potentially be as costly as dedicated data centers. DoD has its own private cloud, called milCloud, which is operated by the Defense Information Systems Agency (DISA) and is isolated to both the SIPRNet and NIPRNet. “milCloud” is a multi-tenant Infrastructure as a Service cloud service offering. Private Clouds can offer very high levels of security and access control making them better suited for applications and data where impact to the DoD mission is a primary consideration. MT 14.3 The [Community] cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises. A community cloud infrastructure is a private cloud that has been provisioned for a specific community of interest with shared concerns, such as a government-only cloud. The Department’s current focus is on leveraging commercial cloud services to the maximum extent possible which argue for investing in Hybrid Cloud rather than attempting to build, operate, and maintain several DoD Private Clouds. MT 14.4 The [Hybrid] cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds; Cloud bursting is an application deployment model in which an application runs in a private cloud or data center and bursts into a public cloud when the demand for computing capacity spikes. There are HUGE security RISKS here!). Hybrid cloud infrastructures are combinations are any two or more of the other cloud infrastructures. Hybrid clouds will be the most prevalent model for the DoD given its strategy to aggressively pursue the competitive acquisition and use of commercial cloud service offerings. An example of a Hybrid Cloud is the “Development – Test – Production” software lifecycle. A commercial/public cloud service offering could be used for development and limited operational testing prior to hosting the final product in a private cloud, such as milCloud. Another hybrid deployment model is when a Cloud Service Provider (CSP) sells its Software as a Service (SaaS) Cloud Service Offering even though it’s using a third party business to provide the Infrastructure as a Service (IaaS). (I need to see a picture of this one? Complicated!!!) Combining cloud infrastructures presents a variety of cybersecurity concerns that require careful analysis of how the Cloud Service Offerings are architected, deployed, assessed and authorized. MT 14.5 Cloud services can be deployed in different ways depending on the customer’s specific needs, such as security, privacy, and cost. MT 14.6 All cloud deployment models suffer from “Noisy Neighbor” risk due to the use of virtualization. For example, we know that one physical server is able to support many virtual servers; however, if one of the virtual servers is consuming a large amount of CPU that will likely cause the other virtual servers to receive less capacity from the underlying physical CPU causing a possible “Noisy Neighbor” situation. MT 14.7 The two most prevalent models are Public Cloud and Private Cloud. Public Clouds are open to all users (multi-tenant) and Private Clouds are closed to all users except the users identified by the Business Entity paying for the service (single-tenant). MT 14.8 Community Clouds are private clouds for a designated community. MT 14.9 Hybrid Clouds are a mix of the Public, Private, and/or Community. Any two, including two of the same (e.g., two private clouds or two community clouds) constitute a Hybrid Cloud. NIST Special Publication 800-145 Cloud Computing

Emerging Lessons Learned and Key Practices Lesson Plan Why Cloud Cloud Basics Review Emerging Lessons Learned and Key Practices Veterans Administration Cloud Implementation Case Summary SLIDE INFORMATION******** Method Employed: Transition Supporting TLO/ELOs ID: TLO 31.101.1 Given an IT acquisition scenario, evaluate the effectiveness of the cloud services solution Reference(s): NA ******** SVG Slide# 12 IVG# 12 Total Lesson Time: 210 minutes Lesson Instructor-facilitated Discussion: 60 minutes Classroom Exercises: 150 minutes Slide Time Required: 3 min Major Takeaways (MT): Learning Points (LP): Note to Instructors (Q&As; Guidance for Slide): Transition to topic area Cloud Computing

Emerging Approaches, Lessons Learned & Key Practices (Part 1) Read “Lessons Learned from the First DoD Applications Migrated to the Commercial Cloud” and “DoD’s Three-Tiered Approach to Cloud Computing” Within your teams discuss the following and be prepared to share your findings with the class: How might you apply the lessons learned identified by Mr. Wilmer to your program or organization’s cloud initiatives? What lessons learned can you add to his list? What actions might you expect the DoD enterprise to take in response to these lessons learned? What advantages are gained by DISA’s Three-Tiered approach? SLIDE INFORMATION******** Method Employed: Content Supporting TLO/ELOs ID: TLO 31.101.1 Given an IT acquisition scenario, evaluate the effectiveness of the cloud services solution Reference(s): ******** SVG Slide# 13 IVG# 13 Total Lesson Time: 210 minutes Lesson Instructor-facilitated Discussion: 60 minutes Classroom Exercises: 150 minutes Slide Time Required: Major Takeaways (MT): Learning Points (LP): Note to Instructors (Q&As; Guidance for Slide): Instruct students to put work up on whiteboard or butcher paper Below are some notional answers: Additional plausible answers are available in the Exercise Examples Folder Relook security requirements and how they impact service and deployment model choices…question organizational culture? The business case for cloud may hinge more on flexibility and rapid provisioning rather than cost Good market research into cloud offerings is important Develop enterprise level security tools for cloud services, Develop standard SLA language Gives DOD the flexibility with options based on cost, schedule, security concerns Key Points: This is a good place to harken back to the Agile Culture lesson and make case for organizational change awareness in acquiring cloud services Key Questions to Ask and Anticipated Answers: Cloud Computing

Emerging Approaches, Lessons Learned & Key Practices (Part 2) Read the extract from the GAO report “Cloud Computing: Agencies Need to Incorporate Key Practices to Ensure Effective Performance” Within your teams discuss the following and be prepared to share your findings with the class: What practices would you add to OMB’s list? What stood out to you most about DoD’s application of the key practices? SLIDE INFORMATION******** Method Employed: Content Supporting TLO/ELOs ID: TLO 31.101.1 Given an IT acquisition scenario, evaluate the effectiveness of the cloud services solution Reference(s): ******** SVG Slide# 14 IVG# 14 Total Lesson Time: 210 minutes Lesson Instructor-facilitated Discussion: 60 minutes Classroom Exercises: 150 minutes Slide Time Required: Major Takeaways (MT): Learning Points (LP): Note to Instructors (Q&As; Guidance for Slide): Instruct students to put work up on whiteboard or butcher paper Below are some notional answers: Additional plausible answers are available in the Exercise Examples Folder Generally speaking the key practice list is comprehensive given the emerging nature of cloud acquisition. Answers may indicate greater scrutiny towards security, COOP, data rights, and exit strategy At a minimum the students should notice the unevenness of application by the DOD. Also, the students should note the poor performance in Disaster Recovery coverage Key Points: Note that the some of the concerns and lessons learned raised in the first article are addressed within the OMB key practice list…culture not addressed here. Emphasize that this key practice list is a good lens through which to view the next case / exercise Key Questions to Ask and Anticipated Answers: Cloud Computing

Veterans Administration Cloud Implementation Case Lesson Plan Why Cloud Cloud Basics Review Emerging Lessons Learned and Key Practices Veterans Administration Cloud Implementation Case Summary SLIDE INFORMATION******** Method Employed: Transition Supporting TLO/ELOs ID: TLO 31.101.1 Given an IT acquisition scenario, evaluate the effectiveness of the cloud services solution Reference(s): NA ******** SVG Slide# 15 IVG# 15 Total Lesson Time: 210 minutes Lesson Instructor-facilitated Discussion: 60 minutes Classroom Exercises: 150 minutes Slide Time Required: 3 min Major Takeaways (MT): Learning Points (LP): Note to Instructors (Q&As; Guidance for Slide): Transition to topic area Cloud Computing

Veterans Administration Cloud Implementation Case Read the Veterans Administration (VA) Inspector General (IG) Report: “Review of Alleged Wastes of Funds on a Cloud Brokerage Service Contract” Discuss the following in your team and prepare a 5-10 minute presentation for the class addressing the following questions: Was the cloud services solution effective? How did you determine the cloud services solution was effective or ineffective? What factors impacted the effectiveness of this cloud services acquisition? In your opinion, what were the three biggest lessons learned from this report? – defend your response In addition to the ones made by the IG, what other recommendations would you give the VA acquisition leadership to improve the effectiveness of this or future cloud service acquisitions? SLIDE INFORMATION******** Method Employed: Content Supporting TLO/ELOs ID: TLO 31.101.1 Given an IT acquisition scenario, evaluate the effectiveness of the cloud services solution Reference(s): ******** SVG Slide# 16 IVG# 16 Total Lesson Time: 210 minutes Lesson Instructor-facilitated Discussion: 60 minutes Classroom Exercises: 150 minutes Slide Time Required: Major Takeaways (MT): Learning Points (LP): Note to Instructors (Q&As; Guidance for Slide): Instruct students that this a formal presentation. PowerPoint is appropriate Below are two generalized answers. The teams should address at least one of these factors/lessons learned areas to receive a passing score for the exercise. Additional plausible answers are available in the Exercise Examples Folder No. Limited or no capability delivered. Cost exceeded budget. Cost, Schedule, Performance targets missed. Use this question to more fully explore what it means to have an “effective” solution or acquisition vs. “successful” acquisition…how do you define and measure? Is it only cost, schedule and performance? Must it be all three? What if it was late, but performed and didn’t bust budget? Was it effective? Was it “successful”. 3. Lack of appropriate management and oversight. Cloud Services acquisition requires the skilled application of accepted program management and contracting practices and policies in order to be effective. 4. Application of the OMB key practices for SLAs also contribute to effective Cloud Service implementations – In particular here the need to have clear roles and responsibilities and performance measures becomes evident. 1 defensible recommendation tied to areas 1 or 2 OR tied to identified lessons learned = emerging 2 defensible recommendations tied to areas 1 or 2 OR tied to identified lessons learned = acceptable 3+ defensible recommendations tied to area 1 or 2 OR tied to identified lessons learned = superior Key Points: Note that the some of the concerns and lessons learned raised in the first article are addressed within the OMB key practice list…culture not addressed here. Emphasize that this key practice list is a good lens through which to view the next case / exercise Key Questions to Ask and Anticipated Answers: Cloud Computing

Today we learned to: Given a DoD IT acquisition scenario, evaluate the cost effectiveness of the Cloud services solution SLIDE INFORMATION******** Method Employed: Facilitated Lecture Supporting TLO/ELOs ID: TLO 31.101.1 Given an IT acquisition scenario, evaluate the effectiveness of the cloud services solution Key Reference(s): NA SVG Slide# 3 Total Lesson Time: 210 minutes Lesson Instructor-facilitated Discussion: 60 minutes Classroom Exercises: 150 minutes Slide Time Required: 3 mins Major Takeaways (MT): Cloud Services are beneficial because they are: Fast, Flexible, and Economical Cloud Services deployment and service models provide DOD the opportunity to tailor IT services to its needs. Currently, the DOD is using a 3 tiered approach to Cloud Services OMB has developed key practices associated with cloud Service Level Agreements (SLA) and the implementation has been uneven across the Fed Govt Two areas of particular risk and concern are COOP and Vendor exit strategies Cloud Services acquisition requires the skilled application of accepted program management and contracting practices and policies in order to be effective. Application of the OMB key practices for SLAs also contribute to effective Cloud Service implementations Learning Points (LP): Note to Instructors (Q&As; Guidance for Slide): Cloud Computing