Why the DoD should use OpenStack instead of AWS

The U.S. Department of Defense has more than 3,000 datacenters and countless applications. The US military smartly want to consolidate to save money. In March, the DoD put out a request for a proposal about a compute cloud infrastructure. Business Insider reports that Amazon is currently a shoe-in for the $10-billion contract. One reason is because Amazon has already signed a $600M contract with the CIA to run a more secure datacenter in Washington, D.C.

Bryan Crabtree wrote an article talking about why it is a mistake for the U.S. military to choose Amazon. Many don’t realize there is already a free solution to this problem, called OpenStack.

One of the benefits of the free software movement is that you can download the code and run it on your own computer. You can leverage the advancements of industry and academia inside your datacenter.

There are great free codebases for managing a private cloud. NASA helped create OpenStack way back in 2010. They wrote it in Python, which is becoming the language of data science and AI. Those people were so far ahead of industry they might be time travelers.

With OpenStack, the U.S. military could cheaply and quickly consolidate its existing computing datacenters into a more reasonable number. Presumably, some of the remaining ones will be under mountains.

I read insiders complaining about IT problems in the US Military. Many want to give up and move to Amazon, even though it will only solve a tiny fraction of their IT problems, and none of the big ones. At the same time, several ships crashed in the last year, and we don’t hear about the Navy giving up on having a fleet. OpenStack is a great chance for NASA and the DoD to work together to solve a common problem. I’m sure other agencies could be interested in this also.

Linux, and free and open-source software are taking over the world. It is a better way to write software, in the tradition of science. It is actually an idea both Marxists and libertarian economists can agree on.

Amazon is mostly a parasite of the free software movement. For example, look at Amazon’s repositories for Alexa. What you see are free JavaScript samples to plug into their proprietary system. The underlying code and data to understand your speech, and predict what you wanted, are not built in an open way. This is ironic because Amazon Web Services is largely a packaging of free software.

In the case of the cloud, Amazon’s open-source repositories mostly contain ways to connect to its servers. It’s primarily a free SDK, in many different programming languages, to talk to Amazon’s proprietary infrastructure. Amazon Web Services is the Windows of the online generation. We need to quit buying golden handcuffs.

People have built cross-platform cloud APIs. There’s a popular library written in Python called libcloud, which supports 30 cloud providers. Amazon on its website recommends the custom ones they built.

Moving applications to an external cloud is a security risk. Even if the data is encrypted over the wire, and on the hard drive, the application server processing the data has all the information un-encrypted. Putting all servers in one external cloud means one bad computer or software virus could steal all secrets.

The Defense Department can always afford soldiers to guard and maintain its computers. A modern server can handle 1000s of users. It’s easier to take apart a server than an M-16. The military would never outsource basic gun maintenance, and lose that knowledge. It’s simple to run a datacenter compared to an aircraft carrier.

OpenStack is a cloud operating system, so not trivial to setup. However, there are resources in Cyber Command, and expertise at NASA. The NSA knows the backdoors to defend against. It had collected or created many of the exploits released in Wikileaks Vault 7. Once setup, a small team of people can maintain hundreds of servers.

Security is a big topic, but OpenStack already has a team that can help. The federal government can spend many millions to improve OpenStack, and still save a lot compared to Amazon. Improving OpenStack also helps all the other companies and citizens who are using this free software.

None of the innovations to make computers secure were pioneered by Amazon. The federal government has the collective expertise to build a far more secure cloud. It requires leadership to gather disparate people together.

The RFP mentions a requirement for 50 petabytes (or 50,000 terabytes) of online storage. This is a huge number to anyone in the computer industry, who usually deals in megabytes or gigabytes, but you can buy enterprise-grade 6T drives for $300. You could buy all the storage for $2,500,000.

Note that 8,300 hard drives is probably not enough. You will want more for redundancy, and even more for performance. Some drives could be so busy that you want to make copies or split the data up to handle the load. So you could triple the cost to be safe

The RFP mentions needing 46,000 compute cores. On Dell’s website, you can purchase a 16-core server for $4,000. It would take 2,800 of those servers, and cost about $11 million.

These are just partial estimates, but it does put the $10 billion in perspective. People can save a lot of money compared to Amazon by using OpenStack on existing hardware.

You don’t even have to move all servers to a central location to manage them centrally. It’s only in the proprietary world where you get locked into the mindset that you need to run on someone else’s hardware to get software and maintenance. It’s a scam.

A datacenter in D.C. means that the application servers that used to be close to the soldiers will now go much farther. What used to be milliseconds to a server nearby will take 100 milliseconds one way.

Even assuming that there are no security risks by sending all traffic this extra distance, it will definitely slow down performance, no matter how fast the servers. Instead of having local servers and small pipes to talk between datacenters, they will have to build big pipes all around the country.

Past experience with the cloud shows that it only makes sense in some workloads. Amazon’s strength is elasticity, which is great for social media apps, games and startups, but many companies find it overpriced for stable enterprise apps. DropBox moved away from AWS this year to save money. Amazon has many money-losing operations to support. In addition, there are other reasons not to trust Amazon as a company.

Moving to the cloud won’t save that much money on I.T. The big expenses of an I.T. budget have to do with the number and complexity of the applications and the people to maintain them.

The U.S. Army has more than ten command and control systems. It also presumably has ten companies or teams it’s paid to create and maintain the software. It could move all its applications to the cloud, and it’ll still have ten proprietary command and control systems to support.

Fixing that problem is much harder than moving servers to the cloud. The U.S. military could give Amazon $10B and still have a broken computing infrastructure.

The DoD should do a software audit. That will allow them to find all the people reinventing the wheel, and all the proprietary software. PyTorch is a Python-based free neural network smart enough to win World War 4. The code for sophisticated machine learning already exists. It’s a matter of getting it trained and into the warfighter.

The US military is overpaying for inferior proprietary software. Moving to free software, shared codebases, Linux and Python, etc. will cost millions but save billions.