eclipsecon2008: the dod, open source, and osgi as server infrastructure

© 2008 by Kit Plummer; made available under the EPL v1.0 | Thursday, March 20, 2008

The DoD, Open Source, and OSGi as a Server Infrastructure

Kit Plummer Gestalt, Now Part of Accenture

The DoD, Open Source… | © 2008 by Kit Plummer; made available under the EPL v1.0

The Story

• The U.S. Department of Defense and Open Source As a Consumer As a Producer Intra-Contractor

• The Experiment(s) JBI Components rVooz Tactical SOA


Consuming OSS in the DoD…

• Reduced Federal budget(s) • Shortened to-field cycles • Contractor competition • Lines of Code paid for by the DoD?

~ 34 Million SLOC in SOSCOE (Future Combat Systems)

• http://en.wikipedia.org/wiki/Use_of_Free_and_Open_Source_Software_(FOSS)_in_the_U.S._Department_of_Defense

• Current policy says FOSS and COTS are the same (2003)


Consuming Continued

• “When we rolled into Baghdad, we did it using open source…it may come as a surprise to many of you, but the U.S. Army is “the” single largest install base for Red Hat Linux. I'm their largest customer.” [General Justice, U.S. Army]

• Is this really that exciting – from an Open Source perspective?


Producing OSS for the DoD…

• Ball Aerospace’s BallForge.net Opticks

• Delta3D (Naval Postgraduate School/Alion) • Foremost (USAF) • SELinux (NSA) • Hmmn. That’s it?

Yep, at least that are public about their sponsorship

Take a cue from NASA: http://opensource.arc.nasa.gov/


Who owns the software developed by U.S. dollars?


Government Purpose License Rights

• http://www.dtic.mil/dtic/submitting/copyright.html

3) Is this a document produced by work done under Government contract? If yes, the contractor usually owns the copyright and the Government has certain rights to the work. Generally the Government has unlimited or Government purpose rights and may reproduce and distribute the work.


Software Reuse Inside (Company Walls)

• Breaking down stovepipes Reference architectures Open standards

• Cross-contract reuse

• DYK, technologies are not encouraged to be reused once contracts are awarded? Some projects/programs must be implemented from scratch, by contract.


Why Not For …

• Future Combat System (FCS) System of Systems Common Operating Environment

(SOSCOE)

a modular, open-architecture approach "that allows us to incrementally develop, test and validate software capability as we go.” says Dennis Muilenburg, GM of FCS at Boeing.

How much do you think Boeing is getting paid for those 34 millions lines?


U.S. Income Tax Payers?


Government Spending Stats (2007)

Source: http://www.usaspending.gov/fpds/fpds.php?reptype=a&database=fpds&mod_agency=M97&mod_fund_agency=&PIID=&psc_cat=D&psc_sub=All&contractor_type=&descriptionOfContractRequirement=&compete_cat=&dollar_tot=&fiscal_year=2007&first_year_range=&last_year_range=&detail=-1&datype=T&email=

• 3% of DoD Budget Spent on DPS


3% == $8,500,000,000


More numbers… Source:� http://www.usaspending.gov/fpds/fpds.php?

reptype=p&database=fpds&mod_agency=M97&mod_fund_agency=&PIID=&psc_cat=&psc_sub=1430&contractor_type=&descriptionOfContractRequirement=&compete_cat=&dollar_tot=&fiscal_year=2007&first_year_range=&last_year_range=&detail=-1&datype=T&email=

• $55,000,000 On Guided Missile Remote Control Systems

Source: http://www.usaspending.gov/fpds/fpds.php?reptype=p&database=fpds&mod_agency=M97&mod_fund_agency=&PIID=&psc_cat=&psc_sub=All&contractor_type=&descriptionOfContractRequirement=Software&compete_cat=&dollar_tot=&fiscal_year=2007&first_year_range=&last_year_range=&detail=-1&datype=T&email=

• $1,250,000,000 • On Software-centric contracts


Open Source and

National Security?


Security? • It is true that many DoD software projects are “classified”.

Why? Is the entirety of that 34 million lines worth protecting? And, from whom are you protecting it?

• Jim Stogdill asked at a DoD Open Technology Conference: “Are you prepared for the moment when open software, developed under government contract, is forked by the Chinese for their use?”

• It is, without a doubt, a hard problem for anyone to understand – let alone resolve.

Thanks Jim for being bold. http://www.slideshare.net/jstogdill/open-source-in-the-dod-build-it


Open Technology Development

• Roadmap http://www.acq.osd.mil/jctd/articles/OTDRoadmapFinal.pdf Open standards Open architecture Open source?

• U.S. Navy & SHARE “The Navy will acquire only systems based on open

technologies and standards. “ Vice Adm. Mark Edwards, deputy chief of naval operations for communications stated March 6, 2008

https://acc.dau.mil/GetAttachment.aspx?id=135208&pname=file&lang=en-US&aid=26859


Government Funded OSS / Collaboration

• Literal Open Technology Development

• Producing Open Source Solutions Cross government – commercial collaboration Learn what the affects of Patents and IP-constraints are

Community is a positive byproduct

• So, we’ve received permission to experiment


A Few Experiments…at Gestalt

• Objective: socialize “producing” Open Source as a standard practice for systems with common attributes (Open Technology Development)

• Started Simple JBI Components for OpenESB and ServiceMix

XMPP Binding Component RSS Binding Component

• Community Contributions OpenESB / JCP


Results

• Cultural shifts Agile Methods (Scrum) Blogging Participating in Open Source projects (personal

time) - Contributing

• Retention tool

• The Air Force is now competing with Google for hires.


From Scratch Open Source

• On the U.S. Government’s Nickel • The Same Deliverables as a proprietary path • We maintain copyright (via accepted OSS licenses)

• The Problem: Contextual Collaboration A priori knowledge of those with a shared interest How to cross system interfaces Communication types Manage security policies and parameters


rVooz Operational View

TOC

JFC

AOC

rVooz Service

TCP/IP

Target/Geo Location


Non-Defense Use Cases

• Eclipse plugin Project/file/code linking

• Ridesharing Geo linking

• Consumer information collaboration Product linking

• Search engine extension Research linking

• Medical/Patient diagnosis/symptmn repository Symptom – solution linking


rVooz is Born

• A “server” platform Modularity to support n-types of different context

Geo String XML

• Java Existing frameworks

Spring ESBs (ServiceMix, OpenESB)

• Name is a silly play on “rendezvous”


System Components

• Clients Apps that generate and register context

• Gateway Server-side front-end

• Matching Engines Search for matches, produce a product (Contextion)

• Voozers Apps that consume the Contextion Can be plugins to systems

XMPP, VoIP, IRC Or, can be the same Client that registered the context


OSGi?

• Seems like the perfect opportunity • Server-side evolution • Equinox, Felix, or Knopflerfish? • Or, All the above?

• Dynamic loading (hot-swap) • Extensible • Service registry


External Interfaces?

• HTTP • JMS

Ultimately gave up on

• Jetty Servlet provides context registration Servlet provides match fetch interface

• XSDs for Context and Contextions JAXB


Internal Interfaces

• Bundles Context Processor (a gateway) Geo Matching Engine String Matching Engine

• OSGI Service Registry Java interfaces


Reality Check

• Data life • Data store • Scalability • Security (HTTP, really Jetty)

• Development Process Pains Eclipse Maven Bundles Testing


Requirements and Options

• Software as a Service • Internet scalability • Security

• Languages • Frameworks • Architectures


Redirect

• Ruby on Rails Too much free stuff to not take

• Web app -> Service Maintain modularity with REST Interfaces “Tierless”

• Web 2.0ish User facing services Developer facing services (programmable web) & APIs

• We’ll release a live service as soon as we deliver the “goods” to our customer.


SOA is the holy grail of buzzphrases in the DoD tech-space.


SOA penetration in the DoD

• Pretty good buy-in to the hype. • Web services in Net-Centric Operations • Only in sanctuary data centers

• But, If SOA is about exposing data…

• Where is the data in this domain?

• The “Edge”.


OSGi on the Server Side?

• Obviously yes…simply based on the presentations here

• What if every “device” is a server? • Even more obvious, if you ask me. This is the “Edge”.

• Return to OSGi’s “embedded” roots with the Server in mind.

• Might be a bit of a different direction for the mainline.


Exposing Devices

• Pretty easy Web services (SOAP) REST XML-RPC

• Keep in mind that these devices might be resource constrained

• More importantly the transport/network will be constrained


Modularity

• Not just software

• Component-based hardware is right there too

• BUG Labs – style interfaces between the hardware and software

• Have to be careful as modularity complicates accreditation and certification


What will it take?

• Security, Security, Security MILS/MLS

Auditing - Policies DO-178B

Standard for life-critical systems • Realtime Java?

• Successes – on any scale


Open Source and the DoD?

Imagine a Java and OSGi-based environment, with applications development by “Us”, running on the Distributed Targeting Processor of an F18.


Questions?

eclipsecon2008: the dod, open source, and osgi as server infrastructure

Technology

open software

open source perspective

open sourceit

epl v1

dod open technology

numbers source

dod budget

govthe dod