EclipseCon2008: The Dod, Open Source, and OSGi as Server Infrastructure

The DoD, Open Source,
and OSGi as a Server Infrastructure

Kit Plummer
Gestalt, Now Part of Accenture

© 2008 by Kit Plummer; made available under the EPL v1.0 | Thursday, March 20, 2008

The Story
• The U.S. Department of Defense and Open
Source
 As a Consumer
 As a Producer
 Intra-Contractor
• The Experiment(s)
 JBI Components
 rVooz
 Tactical SOA

The DoD, Open Source… | © 2008 by Kit Plummer; made available under the EPL v1.0

Consuming OSS in the DoD…
• Reduced Federal budget(s)
• Shortened to-field cycles
• Contractor competition
• Lines of Code paid for by the DoD?
 ~ 34 Million SLOC in SOSCOE (Future Combat Systems)

• http://en.wikipedia.org/wiki/
Use_of_Free_and_Open_Source_Software_(FOSS)_in_the_U.S._Department_of
_Defense

• Current policy says FOSS and COTS are the same
(2003)


Consuming Continued
• “When we rolled into Baghdad, we did it using open
source…it may come as a surprise to many of you, but
the U.S. Army is “the” single largest install base for
Red Hat Linux. I'm their largest customer.” [General
Justice, U.S. Army]

• Is this really that exciting – from an Open Source
perspective?


Producing OSS for the DoD…
• Ball Aerospace’s BallForge.net
 Opticks
• Delta3D (Naval Postgraduate School/Alion)
• Foremost (USAF)
• SELinux (NSA)
• Hmmn. That’s it?
 Yep, at least that are public about their sponsorship

Take a cue from NASA:
http://opensource.arc.nasa.gov/


Who owns the software developed
by U.S. dollars?


Government Purpose License Rights
• http://www.dtic.mil/dtic/submitting/copyright.html

3) Is this a document produced by work done under
Government contract?
If yes, the contractor usually owns the copyright and
the Government has certain rights to the work.
Generally the Government has unlimited or
Government purpose rights and may reproduce and
distribute the work.


Software Reuse Inside (Company Walls)
• Breaking down stovepipes
 Reference architectures
 Open standards

• Cross-contract reuse

• DYK, technologies are not encouraged to be reused
once contracts are awarded? Some projects/programs
must be implemented from scratch, by contract.


Why Not For …
• Future Combat System (FCS)
 System of Systems Common Operating Environment
(SOSCOE)

a modular, open-architecture approach quot;that
allows us to incrementally develop, test and
validate software capability as we go.” says
Dennis Muilenburg, GM of FCS at Boeing.

How much do you think Boeing is getting paid
for those 34 millions lines?


U.S. Income Tax Payers?


Government Spending Stats (2007)

Source: http://www.usaspending.gov/fpds/fpds.php?
reptype=a&database=fpds&mod_agency=M97&mod_fund_agency=&PIID=&psc_cat=D&psc_
sub=All&contractor_type=&descriptionOfContractRequirement=&compete_cat=&dollar_tot=&fi
scal_year=2007&first_year_range=&last_year_range=&detail=-1&datype=T&email=

• % of DoD Budget Spent on DPS
3


3% == $8,500,000,000


More numbers…
reptype=p&database=fpds&mod_agency=M97&mod_fund_agency=&PIID=&psc_cat=&psc_sub=1430&contra
ctor_type=&descriptionOfContractRequirement=&compete_cat=&dollar_tot=&fiscal_year=2007&first_year_ra
nge=&last_year_range=&detail=-1&datype=T&email=

• 55,000,000
$
 n Guided Missile Remote Control Systems
O
reptype=p&database=fpds&mod_agency=M97&mod_fund_agency=&PIID=&psc_cat=&psc_sub=All&contract
or_type=&descriptionOfContractRequirement=Software&compete_cat=&dollar_tot=&fiscal_year=2007&first_y
ear_range=&last_year_range=&detail=-1&datype=T&email=

• 1,250,000,000
$
• On Software-centric contracts


Open Source
and
National
Security?


Security?
• It is true that many DoD software projects are “classified”.
 Why? Is the entirety of that 34 million lines worth protecting? And,
from whom are you protecting it?

• Jim Stogdill asked at a DoD Open Technology Conference: “Are
you prepared for the moment when open software, developed
under government contract, is forked by the Chinese for their
use?”

• It is, without a doubt, a hard problem for anyone to understand –
let alone resolve.

Thanks Jim for being bold. http://www.slideshare.net/jstogdill/open-source-in-the-dod-build-it


Open Technology Development
• Roadmap
 http://www.acq.osd.mil/jctd/articles/OTDRoadmapFinal.pdf
 Open standards
 Open architecture
 Open source?

• U.S. Navy & SHARE
“The Navy will acquire only systems based on open
technologies and standards. “ Vice Adm. Mark Edwards,
deputy chief of naval operations for communications stated
March 6, 2008
https://acc.dau.mil/GetAttachment.aspx?
id=135208&pname=file&lang=en-US&aid=26859

Government Funded OSS / Collaboration
• Literal Open Technology Development

• Producing Open Source Solutions
 Cross government – commercial collaboration
 Learn what the affects of Patents and IP-constraints are

 Community is a positive byproduct

• So, we’ve received permission to experiment


A Few Experiments…at Gestalt
• Objective: socialize “producing” Open Source as a
standard practice for systems with common attributes
(Open Technology Development)

• Started Simple
 JBI Components for OpenESB and ServiceMix
 XMPP Binding Component
 RSS Binding Component

• Community Contributions
 OpenESB / JCP


Results
• Cultural shifts
 Agile Methods (Scrum)
 Blogging
 Participating in Open Source projects (personal
time) - Contributing

• Retention tool

• The Air Force is now competing with Google
for hires.

From Scratch Open Source
• On the U.S. Government’s Nickel
• The Same Deliverables as a proprietary path
• We maintain copyright (via accepted OSS licenses)

• The Problem: Contextual Collaboration
 A priori knowledge of those with a shared interest
 How to cross system interfaces
 Communication types
 Manage security policies and parameters


rVooz Operational View

rVooz
Service JFC

AOC

TOC

Target/Geo Location
TCP/IP


Non-Defense Use Cases
• Eclipse plugin
 Project/file/code linking
• Ridesharing
 Geo linking
• Consumer information collaboration
 Product linking
• Search engine extension
 Research linking
• Medical/Patient diagnosis/symptmn repository
 Symptom – solution linking


rVooz is Born
• A “server” platform
 Modularity to support n-types of different context
 Geo
 String
 XML

• Java
 Existing frameworks
 Spring
 ESBs (ServiceMix, OpenESB)

• Name is a silly play on “rendezvous”

System Components
• Clients
 Apps that generate and register context
• Gateway
 Server-side front-end
• Matching Engines
 Search for matches, produce a product (Contextion)
• Voozers
 Apps that consume the Contextion
 Can be plugins to systems
 XMPP, VoIP, IRC
 Or, can be the same Client that registered the context


OSGi?
• Seems like the perfect opportunity
• Server-side evolution
• Equinox, Felix, or Knopflerfish?
• Or, All the above?

• Dynamic loading (hot-swap)
• Extensible
• Service registry


External Interfaces?
• HTTP
• JMS
 Ultimately gave up on

• Jetty
 Servlet provides context registration
 Servlet provides match fetch interface

• XSDs for Context and Contextions
 JAXB


Internal Interfaces
• Bundles
 Context Processor (a gateway)
 Geo Matching Engine
 String Matching Engine

• OSGI Service Registry
 Java interfaces


Reality Check
• Data life
• Data store
• Scalability
• Security (HTTP, really Jetty)

• Development Process Pains
 Eclipse
 Maven
 Bundles
 Testing


Requirements and Options
• Software as a Service
• Internet scalability
• Security

• Languages
• Frameworks
• Architectures


Redirect
• Ruby on Rails
 Too much free stuff to not take
• Web app -> Service
 Maintain modularity with REST Interfaces
 “Tierless”
• Web 2.0ish
 User facing services
 Developer facing services (programmable web) & APIs

• We’ll release a live service as soon as we deliver the
“goods” to our customer.


SOA is the holy grail of buzzphrases
in the DoD tech-space.


SOA penetration in the DoD
• Pretty good buy-in to the hype.
• Web services in Net-Centric Operations
• Only in sanctuary data centers

• But, If SOA is about exposing data…

• Where is the data in this domain?

• The “Edge”.


OSGi on the Server Side?
• Obviously yes…simply based on the presentations
here

• What if every “device” is a server?
• Even more obvious, if you ask me. This is the “Edge”.

• Return to OSGi’s “embedded” roots with the Server in
mind.
• Might be a bit of a different direction for the mainline.


Exposing Devices
• Pretty easy
 Web services (SOAP)
 REST
 XML-RPC

• Keep in mind that these devices might be resource
constrained
• More importantly the transport/network will be
constrained


Modularity
• Not just software

• Component-based hardware is right there too

• BUG Labs – style interfaces between the hardware
and software

• Have to be careful as modularity complicates
accreditation and certification


What will it take?
• Security, Security, Security
 MILS/MLS
 Auditing - Policies
 DO-178B
 Standard for life-critical systems
• Realtime Java?

• Successes – on any scale


Open Source and the DoD?
Imagine a Java and OSGi-based environment, with
applications development by “Us”, running on the
Distributed Targeting Processor of an F18.


Questions?


EclipseCon2008: The Dod, Open Source, and OSGi as Server Infrastructure

Recommandé

Recommandé

Contenu connexe

Similaire à EclipseCon2008: The Dod, Open Source, and OSGi as Server Infrastructure

Similaire à EclipseCon2008: The Dod, Open Source, and OSGi as Server Infrastructure (20)

Dernier

Dernier (20)

EclipseCon2008: The Dod, Open Source, and OSGi as Server Infrastructure