VMware Pursues Federal Cloud Contracts - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cloud computing
09:06 AM
Connect Directly

VMware Pursues Federal Cloud Contracts

VMware seeks FedRAMP authority to offer cloud services to federal agencies, will offer them from data centers run by Carpathia.

VMware is trying to convert its large presence as the virtualization supplier for federal agencies and become a supplier of public cloud services to the US government. The company on Tuesday is launching vCloud Government Service. Well, almost. Stopping just short of that, it's announced a bid to secure FedRAMP Authority to operate a hybrid cloud service for the government.

The Federal Risk and Authorization Program (FedRAMP) is a set of security and operations requirements drawn up by National Institute of Standards and Technology that must be verified as being in place at a service provider by a third-party audit. Getting FedRAMP approval "requires a lot of time and can hinder innovation and drive up costs," wrote Sean Applegate, director of federal technology strategy at Riverbed Technology, in a recent posting on InformationWeek.com.

Once FedRAMP Authority is approved, its service will be known as VMware vCloud Government Service. But it won't be running in VMware's four U.S. vCloud data centers. To meet the FedRAMP requirements, the service will be hosted in service provider Carpathia's data centers. That means it will be known by the full name of VMware vCloud Government Service Provided by Carpathia, said Angelos Kottas, director of product marketing, public sector for vCloud Hybrid Service.

"Carpathia has been a long term VMware partner with experience in running secure facilities in Virginia and Phoenix, Ariz.," Kottas said in an interview. Carpathia is both a hosted managed service provider and a cloud service provider. It operates datacenters in Dulles and Ashburn, Virginia, and Los Angeles, as well as Phoenix. It was founded in 2003, has experience in providing secured services to federal agencies, and knows its way around the federal government. That was evident in a Feb. 26 announcement that it was forming a federal advisory council composed of a former federal agency CIO, a deputy CIO, and the former operations director for Homeland Security.

[Learn what FedRAMP Director Maria Roat thinks about cloud trends. Read FedRAMP Director Discusses Cloud Security Innovation.]

Kottas said VMware will not be able to offer hybrid cloud services until the second half of 2014, but was announcing its pursuit of FedRAMP approval now because "we can then start bidding on federal business" that will be awarded in the second half of 2014.

The service "will be branded and sold by VMware. It will be managed and supported by Carpathia," he said. Among other contracts, VMware expects to bid on a deal with the General Services Administration, where ESX Server and vSphere are already deeply entrenched. "Many government agencies standardize on vSphere. If anything, it's higher than the commercial market," he said.

By getting a compatible vCloud service FedRAMP authorized, VMware will kick start its public hybrid cloud service with an additional class of customers, ones that may offer a powerful example to enterprises worried about maintaining security in the cloud. VMware customers used to vMotioning virtual machines around the datacenter may find it second nature to live migrate them out into a compatible cloud location, provided they have assurance on security. VMware's goal is to move customers into its cloud services by allowing them to use the tools and management console with which they are already familiar.

VMware customers in federal agencies "won't need to learn new tools or new workflows," said Kottas. They'll be able to master cloud operations quickly and gain the benefits of cloud-bursting rather than adding to federal data centers, he said.

Government agencies can count on hybrid cloud built on best-of-breed technologies with which government agencies are familiar," said Peter Weber, CEO of Carpathia, in the announcement.

Kottas couldn't specify when in the second half FedRAMP approval might materialize. VMware will rely on one of Carpathia's Virginia datacenters with the Phoenix datacenter serving as a second source.

The emergence of VMware as a federal government supplier means another competitor for IBM's Federal Services Division, which in November lost a bidding process for a $600 million CIA cloud contract to Amazon Web Services.

Find out how a government program is putting cloud computing on the fast track to better security. Also in the Cloud Security issue of InformationWeek Government: Defense CIO Teri Takai on why FedRAMP helps everyone.

Charles Babcock is an editor-at-large for InformationWeek and author of Management Strategies for the Cloud Revolution, a McGraw-Hill book. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
3/4/2014 | 5:48:36 PM
FedRAMP process
The decision by VMware to pursue FedRAMP approval is good news, but indicative of what Amazon Web Services public sector VP, Teresa Carlson told us in January:

"You will see a lot of acquisition contracts embrace Fed-RAMP. That will be a key driver. Cloud companies won't be able to participate in any procurement or award without being able to achieve the FedRAMP standards," she told s. Read more here: Cloud Providers Align With FedRAMP Security Standards

Given VMware's strong presences in the federal market, and Carpathia's highly secure data center hosting operations, it's likely they'll be able to complete the process within the usual six months most cloud service providers must go through to receive FedRAMP approval.

First, however, they must complete a readiness process prior to the application kick-off where FedRAMP officials do an initial review of the CSP's docs to make sure they meet the mark on the level of detail required in describing their controls. Some CSPs don't know the government's FISMA requirements (which are at the heart of FedRAMP common standards) and can't adequately describe their system and controls. The readiness process does just that - gets them ready for the full-on authorization process.  
Charlie Babcock
Charlie Babcock,
User Rank: Author
3/4/2014 | 12:58:24 PM
Terremark, IBM, Amazon,, CenturyLink
Laurie, Terremark, now part of Verizon, specialized in establishing secure facilities outside of Washington, D.C., and was authorized to supply services to federal agencies. The IBM offers cloud services. Amazon Web Services has FedRAMP approval and of course won the $600 million CIA contract. There's probably more but these might be the top competitors. CenturyLink with what it used to call its Savvis unit is seeking FedRAMP approval and has data centers in the region -- one in N.J., for example, and probably one in the DC area. Anyone care to add to this list?
User Rank: Author
3/4/2014 | 12:09:51 PM
VMware rivals
Charlie, who are VMware's biggest rivals for the gov customers' cloud business? What advantage will VMware stress?
11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll