Military Embedded Systems


Receive our complimentary magazine via U.S. Mail or E-mail.

Military Embedded Systems

Deploy warfighter applications faster with open source Platform-as-a-Service

David Egts Red Hat

4Up-and-coming Web startups are leapfrogging each other to market using Internet-hosted Platform-as-a-Service (PaaS) technologies. PaaS allows these startups to innovate rapidly by focusing more time on their mission and less time managing hardware and software. Can the warfighter benefit from PaaS too? Yes, if the warfighter controls the PaaS stack - and open source delivers that control.

Historically, warfighter applications are often monoliths from the power plug to the running application – they were often designed for a single purpose without reuse and interoperability in mind. The design variances of these monoliths have also prevented economies of scale in terms of technology and Certification and Accreditation (C&A) reuse. This lack of reuse can prevent applications from getting to the warfighter in a timely fashion and can also lead to cost and schedule overruns. By identifying areas of commonality that could be standardized, certifying those components once for reusability, and focusing more on the remaining differences, agencies can increase efficiency and save the time involved with regularly recertifying applications. Platform-as-a-Service () is one solution that can alleviate these challenges by shrinking timelines and eliminating vendor lock-in. PaaS utilizes IT stacks that are consistent across multiple applications, including everything from the power plug to hardware to to operating system to application server. The IT stack can be certified once and reused many times with a significantly smaller amount of re-certification work. As such, developers can focus more on their application and get it into production sooner since it’s running on a stack of hardware and software that someone else has already rigorously certified.

Figure 1 illustrates the difference between a developer-maintained stack versus a PaaS stack. Note how the developer’s effort is diffused down the stack without PaaS. Instead of focusing on the application itself, effort needs to be expended to specify, acquire, integrate, deploy, certify, and maintain all the components of the stack. Further, every application’s developer may specify a different vendor for each of the components, requiring the end customer to be proficient in all. This erodes economies of scale in terms of training, operations and maintenance costs, and volume purchasing. With PaaS, the developer can dedicate more time to the application itself while letting the PaaS provider take advantage of economies of scale while maintaining and securing the infrastructure and platform hardware and software on the developer’s behalf.

Figure 1: Developer-maintained stack compared to PaaS stack
(Click graphic to zoom by 1.5x)

Proprietary PaaS is a nonstarter for the warfighter

One problem with PaaS, however, is that most Internet-hosted PaaS providers are proprietary. Many of these PaaS providers only support their proprietary languages and/or libraries, which only run on their back-end servers on the Internet. If a developer ever wants to move an application to another PaaS provider or move an application to on-premise servers, application porting is necessary. And in the case of embedded and/or classified systems, which may not have Internet connectivity, proprietary Internet-hosted PaaS is not an option. This is where open source PaaS can provide a solution. A PaaS stack that is open source from top to bottom can be run on a public , a classified enclave, or a tactical vehicle and provide the same experience. The application written for one deployment model is also portable across all. Open source PaaS offers the deployment efficiencies of traditional PaaS with the platform deployment target choice of open source.

Figure 2 illustrates this difference between a hosted PaaS provider and an on-premise PaaS solution. Both offerings allow the developer to focus on their application, but only an on-premise PaaS solution can run in an end user’s , classified enclave, tactical vehicle, airborne or undersea platform, and so on. When choosing a PaaS solution, one should ensure that applications written in a hosted PaaS environment can run on an on-premise PaaS environment with little to no modification. The best way to do this is to ensure maximum portability by ensuring the PaaS solution and applications are built upon open source software.

Figure 2: Hosted PaaS compared to on-premise PaaS
(Click graphic to zoom by 1.5x)

Open source PaaS delivers agility with control

OpenShift is an autoscaling, open source PaaS for applications and includes hosted, on-premise, and community offerings (Figure 3). It was first released in developer preview in May 2011 to address the need for vendor-agnostic PaaS using open source principles and serves as a good example of the aforementioned PaaS concepts. It runs on top of Enterprise and each user-developed application runs as a PaaS “gear” inside a Linux container. By using Linux containers and not giving each application its own virtual machine, applications can be thinly and rapidly provisioned, which is ideal for massive scale as well as for small form factor embedded tactical deployments. Even though the applications are multitenant and running on the same Linux operating system, the Linux containers are confined using Linux resource control groups called cgroups, as well as Common Criteria-certified and NSA-developed SELinux.

Figure 3: OpenShift components
(Click graphic to zoom by 1.9x)

Once the application’s gear is provisioned, a developer can then choose pre-canned PaaS “cartridges” of application frameworks, languages, and SQL and NoSQL databases. By choosing these cartridges, the developer leaves the maintenance and security of that code up to the centralized PaaS administrator. This provides economies of scale in that the PaaS administrator can apply a bug or security fix to a cartridge once and all developers’ applications using that cartridge immediately benefit.

Once the cartridges are in place, the developer can then add mission-specific application code to the PaaS using git or an Eclipse IDE with a compatible PaaS plug-in. Once the code is pushed into the gear, it’s up and running. After deployment, DevOps tools such as Maven and Jenkins can also be added for automated building and continuous integration. When the application has been put into production, and if it goes “viral” (in a good way), the PaaS even has an HA-Proxy Cartridge that can automatically spin up and spin down additional gears based upon server load. By being built on top of open source, any application written for the PaaS can run without it, so vendor lock-in is eliminated. Further, an application can be developed on the PaaS and then deployed without it, such as in a lightweight tactical or embedded environment.

PaaS is the future

Agencies are being forced to do more with less. They need to identify areas of redundancy and consolidate efforts without compromising their missions. As proven in the private sector, PaaS provides the ability to rapidly deploy applications by focusing more on the mission and letting the PaaS provider economically provide a secure and stable platform upon which to build. For the warfighter, Internet-hosted PaaS is often a nonstarter. Applications need to run disconnected in either tactical and/or classified environments. Again, open source PaaS, such as Red Hat’s OpenShift, for example, provides a way for the warfighter to take advantage of the economies of scale of PaaS with the control of open source.

David Egts is the Principal Architect for Red Hat’s U.S. Public Sector organization, specializing in the application of open source enterprise infrastructure technologies within federal, state, and local government agencies, the Department of Defense, and educational institutions. Contact him at and follow him on Twitter @davidegts.

Red Hat 703-748-2201