100 likes | 235 Views
A Proposal to Archive Shuttle Records in the Cloud. Tracy Bierman August 17, 2011. Background. Situation: The Shuttle Program has an enormous amount of electronic records that need to be archived as a part of the Transition and Retirement effort
E N D
A Proposal to Archive Shuttle Records in the Cloud Tracy Bierman August 17, 2011
Background • Situation: The Shuttle Program has an enormous amount of electronic records that need to be archived as a part of the Transition and Retirement effort • Problem: On-Center NASA data centers possess little excess storage capacity. Centers would need upfront capital to build the additional capacity needed on site • IT Challenge: Provide an extensible near and long term approach for temporary and permanent electronic records storage of NASA records
The Cloud • Cloud infrastructure • A data center that is accessed over the internet enabling instant provisioning and elasticity for customers • Cloud Security • Cloud providers will need the same IT security accreditation that FISMA places on NASA data centers • Integration with Agency Data Center Consolidation • Cloud infrastructure is an element of the NASA data center consolidation strategy http://csrc.nist.gov/publications/drafts/800-145/Draft-SP-800-145_cloud-definition.pdf
One Proposed Approach • The Agency has existing TechDoc* document repository systems that can act as front end interfaces for cloud storage • Data would be encrypted on-Center before being stored in the cloud and returned on-Center before being decrypted • Authorized NASA users would access the records through the TechDoc systems located on-Center • Tried and true security “use case” and posture: • Extending a data center’s virtual private perimeter using encryption • *TechDoc is free to use with source code anywhere in the Federal Government. It is commercially supported GOTS and COTS software.
Benefits of an On-Center Front-end &Cloud Storage Back-end Solution • Low impact way to use the NASA Nebula and federal cloud • Allows on-Center tape backup in addition to the cloud’s backup strategies • Gives on-Center data centers the appearance of large amounts of storage capacity when it actually has little or none (NIST def #3), yet paying only for what is used (NIST def # 5) • Very short lead times. 24-48 hrs between identifying the need and meeting the need can be achieved (NIST def #1) http://csrc.nist.gov/publications/drafts/800-145/Draft-SP-800-145_cloud-definition.pdf
Data Integrity Approach Information is encrypted in a NASA data center by the repository Then it is placed in cloud storage and cannot be decrypted Information must be returned to the repository in the NASA data center before decryption and served up to authenticated users. The encryption - decryption cycle provides a built-in integrity check
Summary of Approach • The records repository application, TechDoc, would reside only on-premises at an Agency data center (e.g. KSC) • Federal cloud storage would work like a hard drive volume to TechDoc. Repository owners would determine where to store the encrypted data, either in local storage or federal cloud storage • All data would be encrypted on a NASA Center (e.g. KSC) within TechDoc before being stored on-premises or off-premises in the federal cloud • Only the TechDoc application account would have access privileges to the data at the federal cloud storage provider • TechDoc would manage metadata, verify integrity and manage encryption keys, all on-Center regardless of data storage location. Upon demand TechDoc would move encrypted data from federal cloud storage to an on-Center temporary cache, once on-premises TechDoc would decrypt it to serve it to the authenticated authorized requesting user, all within seconds
Next Steps • Meet with Center Records Managers and Institutional IT Organizations to discuss Cloud Archive Services as a potential solution • Socialize security strategies envisioned for the cloud. Continue to work on cloud concepts with Agency stakeholders • Fulfill all FISMA requirements to ensure we comply with security requirements • Investigate costs and what organization pays for long-term storage
Beyond Shuttle • Addressing Shuttle digital records management is a stepping stone to an Agency data and records management solution • Recommendation • Establish a WG led by OCIO, with OCE, Mission Directorates, Programs and Projects, Centers, and research efforts • Survey current practices, regulations, and software offerings for data and records management • Develop a proposal for Agency program data and electronic records management