Govt ICT: Autocracy, all-of-government contracts, common capability and questions

The last blog was a bit of a primer, this blog looks at what the actual services are, and what the government is trying to do to push those services into central agencies.

When you talk to ICT professionals within government agencies there is a lot of confusion over what services are available, what categories they fall into, their actual usefulness, and the what must be taken up and when. There is a general, misconception, that a) the central government services will meet everyone’s needs and that b) they are mandatory, that being there is no option but to take the service. These two assertions need some definition.

Firstly, the services themselves. They actually come in three different flavours. The first is Common Capability, the second is All of Government (AoG), and the last is Government Supply Board (now known as N3).

N3 is the oldest practitioner, having been around for many years as the Government Supply Board, and has a raft of deals for government. However, in general, it doesn’t provide the high-end ICT services that we are talking about, so we’ll leave them out of the discussion.

AoG again does not supply high-end ICT services but it does provide some consumable services. You can find all the details here, at a summary level AoG services are; Advertising, Electricity, Energy Management, External Legal Services, External Recruitment Services, IT Hardware (being end user devices like PC’s, laptops, and tablets), Mobile and Voice, Office Consumables, Print Devices, Reticulate Gas, Travel, and Vehicles. Again, like N3, we aren’t much interested in these services.

What we are interested in is the Common Capability set of services. These are the ones that are occasionally mandated by government, are high-end ICT services, and are part of the government strategy to centralise and share ICT resources. This blog is going to look at each of them in some detail and ask whether they provide a good fit to agency needs. My opinion, of course.

Before we do that, let’s look at what “mandated” actually means. The only people who can mandate the use of a service are Cabinet, or the Head of the State Services Commission on recommendation from the Government Chief Information Officer (GCIO). “A mandate means that a capability must be taken up when there is a natural place to do so in the product lifecycle, and Agencies can only ‘opt out’ under exceptional circumstances with permission from the GCIO.” – Source: Common Capabilities Forum Presentation December 2013 (CCF2013).

Mandates only apply to Public Service and non-Public Service departments, the rest of the state sector and crown agencies can opt in if they choose to do so. However “the GCIO expects an agency’s plans to take up common capability services to be reflected in core agencies’ planning processes and investment intentions.” – CCF2013

Basically what this says is that for mandated services, where an agency is due to replace them, then it [the agency] should make an effort to adopt that service. However, if that service is expensive, or does not meet agency needs, then I would suggest that falls into the “extraordinary” opt-out clause. As we will see, not all mandated services will help all agencies and some come at a hefty price where the same, or better service, can be sourced directly from the market.

The services themselves are a very small proportion of an agencies overall ICT needs. It’s worth remembering that. They are valuable in their own right, but they do not allow for almost all of where the ICT money is spent, core business applications, and they can’t, because every agency’s core applications are heavily customised to that environment, so sharing them is almost impossible. Worse, surrounding applications that might be able to be shared, Finance for example, are heavily integrated with the core applications making them heavily customised.

The current Common Capabilities are then:

• Common Web Platform
• Common Web Services
• Desktop as a Service
• Enterprise Content Management Systems
• Infrastructure as a Service
• IT Managed Services
• Microsoft Licensing
• One.Govt
• RealMe
• Security and Related Services
• Secure Encrypted Email
• Office Productivity as a Service (Coming)
• Identity and Access Management (Coming)

Let’s take a look at each in turn, because they are all different. Again, this is my opinion, you need to go and read the full fact sheets for each to make up your own mind.

Common Web Platform and Common Web Services

I’m lumping them together because they sort of go with each other. One is the platform that websites run on and the other are the services that you use to create and manage web services. The Common Web Platform is delivered by Silverstripe and runs on the Gen-I – Revera Infrastructure as a Service. Neither are mandated and both have contracts that run through until 2016. There are twenty one different suppliers for web services.

Without seeing pricing these both seem like a good idea and its nice to see that a New Zealand company won the platform deal. The contract is short, and the number of providers in the web services area is high, so agencies have excellent choice.

Desktop as a Service

This is one of the newest and best, in my opinion, services. As well as providing virtual desktops to agencies the service also allows for the management of the desktop itself. This means that things like application fault calls, service calls, packaging of agency bespoke applications, and the like are an extension of the service itself.

The service is smart because it represents the way that end user services will migrate in the next few years. Away from fixed desk personal computers to work anywhere, anytime, secure access on remote devices that will also cater for bring your own device (BYOD).

It won’t cater for every user in government, but it will cater for the majority. The pricing I have seen, despite what I had heard earlier, is extremely competitive. It will stand up against the current Amazon pricing as I understand, which is a victory for Common Capability as others don’t.

The contract length is not known, it is not mandated, and there are four companies (Dimension Data, Datacom, Fujistu, and Gen-I – Revera) that can provide the service in two standard flavours. There is a rush on from agencies to investigate the service and the uptake is likely to be rapid and high. It is what you expect a Common Capability to look like.

Enterprise Content Management Systems

The bane of every ICT organisation a content management system is the evolution of the old file server to a newer, supposedly more open and searchable data repository. This contract runs until 2017 and includes three providers. Intergen (Sharepoint), OpenText (Content Suite), and TEAM Informatics (Oracle.)

It’s my opinion that this is one of the contracts that is flawed. Possibly because it was put together by commercial and legal people and the ICT professionals didn’t have as much influence as they should have? The contract is not flawed by what it contains, but by what it doesn’t contain.

For example, more than a third of agencies use a product called Objective. The company has over twenty local staff and has been in busy for more than a decade. In Australia they are deploying their Cloud based system, which, according to the marketing spiel is saving customers up to 80% in costs.

So why didn’t they make the cut? Where we have some services that have up to twenty one providers (or more) this contract has only three and misses a product that is already embedded in a third of the market.

Worse, content management systems are notoriously embedded within agency ICT systems, which means the amount of work to change from one to another, is high, and very expensive. At least it hasn’t been mandated.

Infrastructure as a Service (IaaS)

This was one of the first Common Capabilities and she is showing her age. One of the most misunderstood and potentially in today’s market, least cost effective, the service itself is misnamed and its capabilities are less than realised. Doesn’t make it bad, but the record should be set straight.

IaaS is a cluster of services that could be summarised as Facilities Management, Capacity on Demand, and Backup Services. Facilities Management means that an agency can take their datacentre from their own premises and put it in a leased, shared, datacentre. It’s a smart service and a lot of agencies are working toward doing just this. Capacity on Demand is the ability to quickly deploy processor, storage, and servers to an agency. Both services will save you money over traditionally managing your own facilities and purchasing your own infrastructure. Backup Services are a little more tricky and its questionable as to whether it makes financial sense, or indeed, whether Backup Service will even be around in two years.

Where the problem lies is firstly in the name. IaaS is a standard definition for a very specific Cloud Service. It allows companies to rent infrastructure over a wire as they need it. There is no contract and the end user can procure the services without the intervention of the vendor. Services can be rented down to seconds and hours, so you only ever pay for what you use. IaaS in this case should possibly be renamed Utility Computing, in order to take the somewhat Cloud washed definition out of the market.

The contract extends out a very very long way, 2019, with a right of renewal for five years after that. It’s too long in today’s age. There are three providers, Datacom, Gen-I – Revera, and IBM, who deliver the service from within New Zealand. There is a persistent rumour that IBM will exit this market as they, apparently, have not had a great deal of success attracting agencies to their datacentres.

Prices vary wildly between the three providers and without giving away too much, agencies are well advised to carefully shop around. Some prices for storage are as high as 75c per GB or more while others are down around 40c per GB, as an example.

Not all ICT services can be managed by the service. Generally, it provides a standard view of services that does not necessarily provide a good fit for agencies that have older, proprietary systems. This means that the agency has to migrate across from one type of infrastructure to another which can have very high cost implications.

Putting aside the cost, complexity, incorrect name, and risk of transitioning, the market itself is a very long way ahead of the IaaS services.

Amazon, Microsoft, Rackspace, and other big Cloud IaaS providers are in Australia and will be in New Zealand shortly. It’s inevitable. Either through a reseller agreement, or through deploying their own datacentres, its only a matter of time. The cost and service they deliver will force another migration of services from IaaS to true Cloud providers. Let me give you an example of cost.

For a thousand server agency, with a petabyte of data, including high availability, and DR, the cost per month is approximately $30,000 USD. Local prices are going to average ten times that amount or more. As for data sovereignty, often raised as a reason for not using local services, its a non-issue. There are a number of industrial strength solution available that allow you to store data overseas without breaking any data sovereignty rules.

It doesn’t help that IaaS is mandated.

A lot of agencies are in the process of investigating, choosing, planning, or moving their datacentres into an IaaS provider. This is a good thing and the companies involved are highly skilled at managing facilities. It saves money and significantly reduces risk, including that of a disaster.

The question is can IaaS evolve as quickly as the market while on a continuing cost reduction plane? Most large Cloud IaaS providers are decreasing their costs as time goes by. Amazon has had over eighty cost reductions since it started delivering the service with the most recent in the last week.

The jury is out on IaaS and its future. I suspect that if those companies start to wrap other valuable services around the offering then it will make it far more attractive to agencies.

ICT Security Services Panel

Nothing to see here. A list of twenty one suppliers that can help you with all aspects of ICT security management. It is a mandatory service, and the contract runs until 2015.

SEEMail

This has been around for years and is delivered solely by Dimension Data, the contract extends to 2019 (a long time again). It allows for the secure delivery of email up to a certain classification level. Over time, as new products evolve in the market (thanks to the NSA and PRISM), this service will be harder to justify and at some stage the question will need to be asked as to whether it should be opened up and reviewed. Until then, it just works, which is always good in ICT. The service is not mandated.

Microsoft Licensing Agreement

Effectively a bulk purchasing method for all Microsoft products delivered via a variety of Large Account Resellers. Makes sense, most agencies use it. The service is not mandated.

One.Govt

This was one of the original Common Capabilities that grew out of the old Government Shared Network that fell over with a hiss and a roar a few years back. It is contracted to 2019, mandated, and only delivered by Dimension Data.

It suffers from pricing problems. Initially it was the cheapest service on the block, however over the last couple of years at least one large agency has managed to buy the services from another telco at a much reduced price, and opted out of the mandate.

New telecommunication constructs, companies, services, and pricing are evolving every day. Once again, this is a service that should be reviewed well before 2019 with the advent of newer services like the Research and Education Advanced Network (REANZ) that some agencies are starting to investigate.

IT Managed Services

Buyer beware. The idea behind this service is to be able to purchase ICT Service Management from a variety of providers. So those of you who aren’t ICT savvy, ICT Service Management is a middle layer of services that are often bought within an outsource contract or are managed in house.

The include things like Incident Management, Problem Management, Capacity Management, and other industry standard processes.

Here are the issues. If an agency isn’t doing their own Service Management well, then asking someone else to do it often results in a poor outcome with a much increased cost. In other words, you don’t  outsource your problems.

Secondly, if you do outsource this service you do it as a total package. In other words, a full outsource contract. It’s the only way that it works in practice and its tried and true.

Buying Service Management in an existing outsourced contract setting is a recipe for miscommunication and disaster.

That will probably be why the service is noted on the website as: ”Scope is currently under review to meet agency demand in alignment with common capabilities and the Government ICT Strategy and Action Plan to 2017.” In other words, it ain’t working.

It is not mandated.

RealMe

Around for many years and managed via New Zealand Post RealMe is the service by which you and I use to get a username and password to interact with Government online. It’s a tried and true, slowly evolving, identity access management system that will most likely continue to grow and support the increasing online transactions between the citizen and government.

RealMe is mandated.

Office Productivity as a Service – OPaaS (Coming Soon)

Originally slated to be delivered by July 2013, work is still continuing to refine and make the service available. This service was effectively the deployment of Microsoft 365 onshore, though indications are that it may have changed. “Priority for first phase will focus on calendar services and email – including archive and data loss prevention. This phase will also include a proof of concept to demonstrate usability to interested agencies.” - CCF2013

If it is an onshore deployment of Microsoft 365 it is likely to run into a host of problems for agencies.

Firstly, Desktop as a Service (DaaS) effectively provides a simpler, more elegant delivery of Office systems, so why would you choose OPaaS if you were going to get that, and more, from DaaS?

Secondly, the costs are likely to be high given that Microsoft will have to establish local infrastructure to house the service. The reason for this is that this was the only initiative that mandated data sovereignty, and as I’ve pointed out, that comes at a cost, and with today’s add-on Cloud services, is a non issue.

Lastly, office systems are generally very tightly integrated with an agencies core applications and enterprise content management systems. For example, agencies using content management systems couple those, at a software plugin level, with office systems. So how does that work in a Microsoft 365 scenario?

It will be interesting to see how this pans out and what the final service looks like.

Identity Access Management (Coming Soon)

Little is known about this yet, except to say that the problem that is trying to be solved is one of Cloud. Each Cloud service has its own security system that must be integrated with an agency’s security system.

The problem is finding a common system when agency’s have differing security systems, Cloud providers have differing security systems, and the number of moving parts is high.

Summary

• Not all Common Capabilities are equal
• Common Capabilities will not service all of an ICT organisation’s needs
• Risks of integration, complexity, cost, and lock-in exist

Ian Apperley is an independent cloud computing consultant. He posts at whatisitwellington.com