Research & Enterprise Cloud

Joshua Stultz

Cloud Operation & Security Lead, NIH STRIDES Initiative

May 2023

About Me

RESEARCH & ENTERPRISE CLOUD

I joined STRIDES because of its commitment to build an enterprise-class cloud environment to meet NIH’s needs and make it easier and more secure to do research in the cloud.

U.S. Army – 4 Years

Telephone and network administrator – LAN, radio

Higher Education – 6 Years

Network engineer and architect

National Heart Lung and Blood Institute – 7 Years

Infrastructure operations manager and cloud architect

NIH STRIDES Initiative – 3 Years

Cloud operations and security lead

Our Environment

RESEARCH & ENTERPRISE CLOUD

• STRIDES supports all twenty-seven Institutes and Centers at the NIH
• Some have full IT departments, and some have minimal or no dedicated IT support
• They all use the same identity provider and NIH network
• They all have to adhere to the same NIH policies

Gaps Between Research IT & Enterprise IT

RESEARCH & ENTERPRISE CLOUD

Research Priorities for IT

Innovation

Advancing my research means using cutting-edge tech.

Speed

I don’t have time to jump through hoops for approvals.

Cost

I’d rather do this with a free tool than have to find more funding.

MIND THE GAP

Enterprise Priorities for IT

Integration

We need to integrate new technology with existing systems in our environment.

Security

We need to be careful not to put our systems at risk.

Standardization

Getting everyone onto the same tools is a more efficient use of funds.

Finding Common Ground

RESEARCH & ENTERPRISE CLOUD

Research

A place to start learning the cloud

Help understanding how cloud can benefit them

Help building their workloads

​

Enterprise

An easier way to evaluate security

Help defining system controls and documentation

Help designing architecture for their systems

​

Common Ground

An easy and secure path to cloud

A place to build effective systems/applications

Guidance and best practices for cloud

Shared Use Cases

RESEARCH & ENTERPRISE CLOUD

• Data storage and archive
• Database-as-service
• Public-/private-facing web applications
• Data analysis applications
• Data sharing
• Container-based workloads
• High-performance computing workloads
• DevOps environments
• Direct internet access
• Services such as Content Delivery Network (CDN)

Shared Use Cases�Data Storage and Archive

RESEARCH & ENTERPRISE CLOUD

Challenge

Compared to standard enterprise solutions, it took researchers twice as long to transfer data to cloud storage and archive, because they were using free tools that could not support high-speed, multi-threaded transfers.

Solution

We found tools such as Globus that worked for researchers and were low cost – this brought their performance in line with enterprise customers.

Shared Use Cases�Direct Internet Access

RESEARCH & ENTERPRISE CLOUD

Challenge

Federal government policies require all internet traffic to go through a central Trusted Internet Connection (TIC). This limits some of the features and functionality of cloud.

Solution

Based on use cases, we are building out a distributed set of Policy Enforcement Points to decentralize security inspection but still allow secure sharing of data and access to applications.

Shared Use Cases�High-Performance Computing

RESEARCH & ENTERPRISE CLOUD

Image courtesy of Hugo Hernandez, National Center for Advancing Translational Sciences

Challenge

When should you do high-performance computing (HPC) in the cloud?

Moving data to the cloud is challenging, but enterprise storage systems are filling up.

Networking and security pose challenges.

Solution

What if you brought the compute to my data?

Lessons Learned & Moving Forward

RESEARCH & ENTERPRISE CLOUD

• Depending only on cloud-native monitoring tools is a mistake. When the cloud is impacted, we are not alerted. That’s why we are looking at using tools external to the CSP for monitoring.

​

• Some services require CSP DNS solutions and will not work with enterprise DNS systems. This seems to be a small number of workloads so far, but with relatively large impact to research.

​

• Direct access to the internet is critical in sharing data with external collaborators. We are building out a model to comply with federal government regulations using Policy Enforcement Points in each CSP.

​

• Our customers want nearly everything “as a service”, so we are looking at how we can expand our offerings, including through collaborations with other central IT groups (e.g., application hosting, enterprise storage/backup, logging/monitoring/alerting, business continuity and disaster recovery, etc.)

Where We’re Headed

RESEARCH & ENTERPRISE CLOUD

Cloud is changing the way NIH provides infrastructure.

Recognition of the benefits of things like standard images and cloud as a service are driving a broader shift toward centralized infrastructure.

Thank You

Contact Us

STRIDES@nih.gov