The Empire Strikes Back - Pentagon slays JEDI with the 'Force' of multi-cloud

Profile picture for user kmarko By Kurt Marko July 12, 2021
Summary:
The Pentagon is playing its typical procurement shenanigans with a huge multi-year cloud computing contract.

jedi

Pentagon planners had to know Amazon was never going quietly when they awarded the JEDI cloud contract to Microsoft. After 20 months of legal feuding, political arm-twisting and PR narrative-setting, AWS prevailed as the U.S. DoD mothballed JEDI in favor of a trendy new multi-cloud strategy. It's a testament to the Pentagon's lumbering bureaucracy more than the blistering pace of cloud technology that  "the JEDI Cloud contract no longer meets its needs," however, it rationalizes the decision by citing an alphabet soup of defense initiatives, writing:

JEDI was developed at a time when the Department’s needs were different and both the CSPs technology and our cloud conversancy was less mature.

Only in Washington can the strategy underlying a multi-billion dollar, decade-long contract become obsolete in less than two years. Of course, that's the official account, but the legal wrangling, political overtones and post-election administrative changes were undoubtedly significant factors.

Hedging their bets or spreading the wealth?

JEDI is being replaced by Joint Warfighting Cloud Capability (JWCC), a new "multi-vendor Indefinite-Delivery, Indefinite-Quantity (IDIQ) contract" (i.e. "we don't know how much we need") open to "U.S.based hyperscale Cloud Service Providers." In reality, this means AWS and Azure will split the bulk of the spending "as available market research indicates that these two vendors are the only Cloud Service Providers (CSPs) capable of meeting the Department’s requirements." Google, IBM, Oracle, Rackspace and Salesforce are invited to split the crumbs, which only seems fitting given the time and effort Amazon and Microsoft have already put into this and their cloud market dominance.

mkm1

The DoD has outlined its requirements in a "pre-solicitation notice" with the gory details coming later in a full RFP. It includes features expected of any large cloud service provider like highly available and resilient infrastructure and services, global reach, centralized management system, rapidly deployed and scalable resources and ease of use. It adds several elements that could differentiate contract winners from losers, namely:

  • Fortified security to include an identity management system (IDS) with support for multi-factor authentication (standard at all major cloud providers), automated information security and access control tools that automate patch management, threat detection and incident response, continuous monitoring and logging, data encryption at rest (stored) and in transit (network) with support for customer-supplied keys and hardware security modules.
  • Advanced data analytics including, batch, streaming and predictive analytics, machine learning; and AI
  • Tactical edge devices that balance portability with capability and can "operate seamlessly across network connectivity levels including DDIL (denied, degraded, intermittent, or limited; i.e.poor or non-existent network availability) environments."
  • Commercial parity with CSPs making new features and hardware available to the DoD cloud (presumably at all security classification levels), at comparable pricing to commercial offerings within 30 days of their public release.

The Pentagon's assumption that AWS and Azure are the only hyperscale clouds capable of meeting all its requirements might be true, but broadening its cloud strategy to include multiple primary and secondary providers provides it two principal advantages:

  1. The ability to play AWS and Azure, whose mutual animosity has been exacerbated by JEDI, against one another to extract price discounts and custom features.
  2. The option of using second-tier clouds like Google (for AI, data analytics), Oracle (databases and analytics) and IBM (legacy system integration) in areas where they can demonstrate feature and price superiority over the two primary CSPs.

Unfortunately, these potential benefits come with a significant downside: management complexity.

More vendors equal more overhead

The overhead of managing enterprise cloud environments can be approximated by a corollary to Metcalf's Law: the cost of managing an interconnected IT environment is proportional to the square of the number of cloud vendors. Although the large CSPs have no problem meeting the Pentagon's "centralized management and distributed control" requirements, including APIs to automate service management, that doesn't mean they play well with one another. Indeed, as Flexera's State of the Cloud report demonstrates, almost three-quarters of cloud users cite managing multi-cloud environments as a challenge, yet only a third use cloud-agnostic management software (see my previous coverage of the Flexera report and 2021 cloud trends here).

km2

A charitable interpretation of the Pentagon's JEDI decision takes it at face value as a legitimate attempt to improve the DoD's cloud capabilities, flexibility and cost-efficiency. However, we're talking about the Pentagon here; an organization known for cost overruns, budget gimmicks and backroom dealing. A more cynical, but realistic explanation is to facilitate the twin procurement strategies known in defense analyst circles as "front loading" and "political engineering."

As military analyst Chuck Spinney described them in a seminal 1998 paper, front loading gets a big new project going by,

downplaying or misrepresenting the future consequences of current decisions.  The aim of a front-loading operation is twofold: (1) get the program STARTED and (2) buy the TIME needed by the Political Engineers to build a political barrier to its cancellation.

Political engineers guarantee a defense project's survival by (emphasis added):

spreading subcontracts and jobs to as many Congressional districts as quickly as possible. These spreading operations may start insensibly, but their operational aim is political blitzkrieg: build up jobs and profits in congressional districts rapidly, making their effects more visible and powerful over time, until their brutish ubiquity PARALYZES the discretionary decision-making power of the Executive and Legislative branches of government.

Multi-cloud provides an opportunity for political engineering within the cloud oligarchy by spreading workloads, and hence, jobs and political influence, among all the states and Congressional districts where AWS, Microsoft, Google, Oracle and IBM have hyperscale facilities and support offices.

While not directly analogous to weapons systems, by proposing a best-of-breed multi-cloud IT environment, the DoD is following a familiar path of prioritizing cutting-edge technology over cost-efficiency, simplicity, manageability and development time. Such prioritization of technological superiority over all other attributes was decried two decades ago by a retired Air Force colonel and defense program manager. He explained how the process leads to overly complicated systems, cost overruns and schedule delays through entrenched bureaucracies that patch every problem with another layer of complexity, writing (emphasis added):

Complexity prolongs the weapons development process, which then encourages military contractors to ingratiate themselves in ever more creative ways with the political system that sustains them economically. The result is as follows: It becomes axiomatic that the time it takes to bring new weapon systems on line as well as their costs always are underestimated in the early going and then grow exponentially thereafter.

At the same time, once the Pentagon bureaucracy is hooked on the overstated potential of a new weapons system, it becomes almost impossible to withdraw from the commitments made to such a system. Why? Because the process quickly invests such a wide array of interests in its success that rising costs are viewed institutionally as inevitable and largely irrelevant.

My take

I have frequently written about the growing adoption of multi-cloud enterprise architectures and their advantages and externalities. Although I remain optimistic about a future of cloud-agnostic compute grids, network and storage fabrics and centralized management systems, much development work must be done before enterprises can deploy such a seamless multi-cloud environment.

In the meantime, as the Flexera survey shows, multi-cloud organizations will typically silo applications on different environments and exchange data between them. The goal of automated workload migration between clouds based on dynamic performance parameters, cost and client location (i.e. cloud bursting, brokering) remains a vision.

The DoD hasn't detailed its multi-cloud program and perhaps it will conclude that JWCC is just a procurement tool to allow organizations to choose the cloud provider that best fits their requirements rather than shoot for a grand-unified multi-cloud system spanning the entire Pentagon bureaucracy. While such modest multi-cloud goals are best, decades of Pentagon procurement history indicate it will choose the gold-plated, functionally maximal solution.

km3

Amazon won its battle with Microsoft over the Pentagon's cloud contract, but taxpayers and military readiness might be the ultimate losers as defense industry lobbyists sink their claws into DoD officers and procurement managers to take chunks of the multi-cloud business. If JWCC follows the typical DoD playbook of breaking up a valuable contract into multiple subcontractors spread across politically influential states and Congressional districts, it will harm military readiness and taint the multi-cloud concept with the stain of a massive bureaucratic fiasco.