Choosing an OS for military IoT systems
OPEN SOURCE WAY BLOG: The parameters for choosing an operating system (OS) for IoT deployments vary significantly from those for embedded systems of the past. These embedded systems served a specialized function, often having proprietary interfaces to other devices through custom hardware and software that included the operating system. In contrast, IoT systems are open by design, composed of standard building blocks, and connected to other devices using open interfaces. Obviously, not all IoT systems are built the same way, but the core technologies are similar.
In a previous post, my colleague Russell Doty wrote about IoT security and the changes IoT is bringing to military embedded systems. I want to expand on his points by examining the use of the Linux operating system by various IoT systems, and what you should consider when choosing an OS distribution.
Much of the discussion for IoT centers on connectivity and data and analytics, but let’s not forget the foundation of the entire system: the operating system.
Choosing the right OS is an important factor for a successful IoT deployment. An IoT system used in a mission-critical environment that requires tasks to be completed in a defined period of time may need real-time Linux, while an IoT system needed to analyze millions of messages at wirespeed may be best served by an enterprise-grade Linux distribution.
One class of IoT systems provide connectivity to downstream sensors and need to be small and low power (32-bit or lower) to fit constrained environments. These systems are usually assembled piece by piece, first by building the OS by merging a BSP (board support package) into the kernel, then through the addition of a file system, configuration tools and other middleware. This type of assembly requires embedded software and kernel hacking skills, resulting in the creation of IoT systems that are extremely efficient for the task at hand. The downside is that these systems have minimal tools (to save processing and storage), can’t be upgraded without significant rework, and usually reside in the operational technology (OT) realm, outside the IT infrastructure.
Another class of IoT systems is responsible for providing data services: routing, data shaping and decision making. While also acting as firewalls to protect downstream devices (sensors, actuators, and other embedded systems). These systems, referred to as intelligent IoT gateways, help bridge the OT and IT worlds.
Closer to a server in terms of functionality, these systems (64-bit multi-core) are built with a standard OS; customization occurs through configuration instead of building a customized OS from the ground up. The use of a standard OS allows for the OS and other components to be enhanced and upgraded years after the initial deployment.
Which is best for you?
Military IoT systems have even greater challenges than commercial IoT systems in terms of security, maintenance, and upgrades. Your decision should consider not only those factors, but also the tooling needs for developing, deploying and managing these systems. Here are some recommendations:
- Combine the capabilities provided by SELinux with a layered security approach covering device, network and policy to help secure IoT infrastructure.
- Leverage new technology like containers combined with capabilities to provision these containers at scale using existing IT infrastructure.
- Choose market-tested technologies and products that have been proven reliable in keeping both commercial and military defense systems safe.
- Select an open source OS that’s stable, proven, and well supported.
With open source, access to all the code in Linux is available to everyone. Individual components like memory management, scheduling, storage management, networking, and power management are consistent across vendors. But how they are integrated, validated, fine-tuned, and supported is what matters.
However, choosing a Linux distribution can be challenging; you’ll need to select the one with the capabilities and capacity to meet your requirements. There are several things to examine about the various vendors and sources for Linux distributions. Specifically, choose a vendor or group that:
- Contributes code to Linux kernel and key packages
- Consistently submits patches
- Fully tests and qualifies systems through hardware certification
- Provides system tuning to change OS algorithms to adjust for memory and number of processors, done with the actual workloads or a close simulation of expected workload.
- Performs extensive testing, tuning and troubleshooting across a wide range of hardware, configurations and applications
- Shows commitment to open source by working with the upstream community
Additionally, suppliers of operating systems for military systems need to support long product lifecycles. Therefore, it is important when selecting an OS vendor to consider the company’s stability. Will they be able to sustain 10+ year lifecycles? Will they be around to automatically update their OS years after its deployment? Do they offer long-term support and provide a stable, consistent platform for running applications (i.e. making sure API, ABI, KABI and package set throughout the entire life of the release)?
There are several options for the choice of OS for military IoT devices and systems. Choosing the optimal OS is a design decision that should consider the IoT use case, existing infrastructure and the reliability and sustainability of the OS provider.