The US Department of Defense (DoD) is working on a framework that would allow commercial providers to use its premises to run modern cloud services for the military.

The department’s greatest concern is security, since the contractors would have to handle highly sensitive data. One of the proposals actually suggests housing private cloud infrastructure in pre-fabricated shipping containers parked outside government-owned data centers.

These details were revealed in a Request for Information (RFI) published by the Defense Information Systems Agency (DISA), designed to gauge the interest and readiness of the cloud services market.

“Should the government provide the racks?”

The DoD wants to integrate private cloud services into its networks, to do things like VM management and storage. It also wants commercial providers to run support services such as networking, identity, billing and resource management.

“The vendor ecosystem may have services beyond those listed above, but must include core services to address VM workloads and storage,” states the RFI.

In terms of actual deployment, DISA is looking at two options: the first, known as the Data Center Leasing Model (DCLM), would have commercial providers lease rack space or floor space inside the DoD data centers, and install their own hardware and software.

The second, called the On-Premise Container Model (OPCM), would see providers move into shipping containers physically located outside the facility, but connected to its networks, power and cooling systems.

The FOI notes that “containerized IT resources provide an inherent physical boundary” but doesn’t list other advantages for this approach.

In both cases, participants will have to be thoroughly screened and accredited before handling data designated as ‘Cloud Security Model’ Level 5 and 6 – the highest grade of Classified and Secret government information that can be exchanged through cloud services.

DISA is looking for examples of infrastructure required to run anything from a small 10,000-VM configuration to a large 200,000-VM server farm. It is especially interested in power, space and cooling requirements, as well as details on network integration, software updates and hardware maintenance.

In case of OPCM, the agency wants to know about physical security of the container and its suitability for different climates.

The FOI does not guarantee that one of the described models will be adopted by the US military. The document notes that “other efforts are already exploring off-premise cloud computing use”. However, it does give cloud providers the chance to steer the discussion, and could be followed by more specific requests for proposals, which usually result in contracts.