Jetting to the stars, using containers for development

For an organization that sends rockets into space, stagnancy isn’t an option. Jetting to the stars requires technology, agility and a penchant for change.

But much like for-profit environments, the U.S. Department of Defense struggles to move at the pace of business as it travels through the galaxy. It needs software development practices and platforms that promote resiliency, prevent vendor lock-in and reduce vulnerability to malicious actors.

“Timeliness is a key factor to success,” said Nicolas Chailian, chief software officer at the U.S. Air Force. “We must rapidly be able to adapt to challenges, whether it’s for AI, machine learning, cyberthreats or simply being able to compete in this world of fast-paced technology.”

The DOD develops for jets, bombers and space using a variety of systems and cloud computing resources, so its large teams need a platform-agnostic development environment to transcend programming languages and provide a common denominator. This “abstraction” is key to prevent security vulnerabilities, integration problems and coding errors.

That’s why the DOD turned to DevSecOps (which unifies development, operations and security teams) and enlisted Kubernetes containers, which helped it abstract physical resources, stay agile and create development environments geared toward IoT application development.

“We started to push that DevSecOps mindset, which is about automating that software development life cycle in a secure and flexible and interoperable fashion,” Chailian said.

The DevSecOps approach embraces an “everything is code” philosophy, it helps reduce inconsistencies between, say, a test and development environment and a production environment. This everything-as-code principle builds quality control into the development process and shores up security as developers build and share environments.

“By having everything in code, everything has to go through the code review process,” Chailian said. “Then you have immutable design state in code. You reduce your attack surface,” he said.

Using Containers for IoT Development

While virtual machines have also been integral for IoT and cloud application development, today using containers for development around IoT is key to the DOD’s development posture.

Containers are self-contained runtime environments: an application – including all its dependencies, libraries and other binaries, as well as configuration files needed to run it – bundled into a single package. By containerizing an application platform and its dependencies, developers can abstract differences in operating system distributions and underlying infrastructure. Unlike virtual machines, which also abstract physical resources, however, containers require less RAM and fewer CPU resources. So containers are more lightweight and, with solid change management practices, more modular and secure.

To read the complete article, visit IoT World Today.