New cloudtamer.io is now Kion! New name. Expanded capabilities. Same outstanding customer service. Learn More

Case Study Cloud Enablement

Managing and Scaling the Cloud for NASA’s National Assets

3 min read

Last updated on November 3rd, 2021 at 6:22am

When you’re collecting land, atmosphere, ocean dynamics, cryosphere, and human dimensions data across
multiple scientific missions, volume is just one of the challenges. One mission within NASA’s Earth Observing System Data and Information System (EOSDIS) generates approximately 80 TBs of data each day.

Earth science data comes from satellites, aircraft, field measurements, and various other programs. The task of processing this data falls to the Earth Science Data & Information System (ESDIS) team. ESDIS captures and cleans, processes, archives, subsets, and distributes the data to users in support of research, applications, and education. To do so, ESDIS uses the Amazon Web Services (AWS) cloud to help store and process much of their data.

As NASA field centers look to manage a growing amount of Earth science data as new satellites launch over the next several years the challenge is how to best manage and scale in the public cloud to achieve their mission of managing this data as a national asset.

Challenge

The infrastructure required to manage the EOSDIS data collections leverages a multi-account, Infrastructure-as-a-Service (IaaS) cloud platform operating on AWS to provide shared cloud services and controls. As the manager of this commercial cloud, ESDIS looked to more effectively manage and scale usage to support increasing demands for agility and efficiency. A controlled, distributed, account approach with automation was required to overcome some of the networking and resource limitations facing the cloud implementation at NASA.

NASA had several objectives for their cloud operations:

  • Maximize autonomy by providing users a platform, not a gate
  • Maximize flexibility to give users the freedom to achieve their mission
  • Deliver shared services and controls that would reduce duplication, complexity, and cost

Streamlining access and delivering governance

NASA chose Kion (at the time branded as cloudtamer.io) to provide user authentication, user authorization, spend monitoring, and budget control. Kion features help organizations overcome adoption and management hurdles that arise when taking a decentralized approach to cloud management responsibilities:

  • Automation and orchestration features allow users to create and control access to their own project AWS accounts through a self-service workflow and automatically align it to the broader organization structure.
  • Financial management features allow budgets to be set per AWS project based on allocations and
    funding sources available within the organization. Enforcement actions are managed to ensure that budgets can’t be exceeded, which could potentially violate regulations like the Antideficiency Act (ADA).
  • Continuous compliance features allow organizations to hierarchically enforce policies that restrict access to cloud services and configurations based on compliance frameworks. This ensures project AWS accounts stay within established frameworks based on their mission.

Multiple earth science data customers have AWS accounts. Kion allows these customers to create and manage their own funding sources and set thresholds for spend alerting. From a policy perspective, Kion delivers enforcement to restrict access to host websites from S3 buckets, limit the number of AWS services in use due to FedRAMP/NASA approvals, and restrict RI and Marketplace purchases. These policies are central to establishing a governance model and account structure for users across NASA.

The impact of Kion at NASA

Kion is a key element of the innovative cloud management methodology used at NASA ESDIS. Kion has helped ESDIS:

  • Successfully onboard selected customer AWS accounts with different budgets/spend plans, security boundaries, and user access boundaries for individuals
  • Enforce project budgets via Kion budget enforcement actions to ensure ADA compliance
  • Create and manage projects with different security boundaries enforced through Kion’s cloud rules

By implementing Kion, NASA can satisfy more diverse mission requirements and have a more scalable approach to overcome some of the resource bottlenecks facing the expansion of data and users. Kion streamlines end user access to AWS while making it simpler for individual teams to refine their own governance model.

Download PDF

Start your cloud enablement journey.

Request a demo today,