Containers for
Aerospace and Defense
Wind River is the industry leader in delivering RTOS support for containers, ideal for addressing the unique challenges faced by the aerospace and defense industry.
Wind River helps aerospace and defense customers use containers to improve the performance, efficiency, security, and reliability of their embedded systems.
VxWorks®, the Wind River® real-time operating system (RTOS), is the first and only RTOS in the world to support application deployment through OCI-compliant containers. By encapsulating applications and their dependencies into portable containers, containerization delivers more efficient resource utilization, improved scalability, simplified deployment, and enhanced security.
Optimizing Size, Weight, and Power
Containerization has emerged as an effective strategy for optimizing size, weight, and power (SWaP).
- Size: Packaging applications and their dependencies into containers allows their consolidation across shared systems, optimizing space utilization, improving resource allocation, and reducing footprint.
- Weight: Consolidating applications across shared systems can also reduce weight, as fewer systems and associated cabling are required. Containerization supports running distinct applications on fewer systems, even when those applications have mixed levels of safety criticality.
- Power: Reducing systems also cuts power requirements. Containers enable efficient utilization of computing resources by sharing the underlying host operating system.
Enhancing System Security
Security is key in aerospace and defense, where embedded systems often handle sensitive data, support critical systems, and operate in challenging environments. Containerization enhances security by isolating applications and their dependencies within separate containers. Each container runs in its own isolated environment, preventing interference and minimizing the impact of potential security breaches. Additionally, container images can be digitally signed and verified, ensuring the integrity and authenticity of the deployed software. Container orchestration platforms support self-healing of crashed containers, adding resiliency. Orchestration platforms also provide advanced security features such as role-based access control, network policies, zero-trust support, and vulnerability scanning, strengthening the overall security posture of the systems.
Supporting a Modular Open Systems Approach
The U.S. Department of Defense (DoD) adopted a Modular Open Systems Approach (MOSA) as the preferred method for acquiring and designing affordable and adaptable systems. The goals of a MOSA include:
- Reduced vendor lock-in
- Increased flexibility
- Improved safety and reliability
- Streamlined process of updating technologies and incorporating innovations
- Reduced development costs
- Faster development cycles
- Improved interoperability of major systems
Containerization directly supports a MOSA by isolating those components that are updated or affected by an update. Containers provide increased flexibility to enable a faster development cycle, leaving the remainder of the platform unchanged. Microservices encapsulated by containers ease the implementation of a modular architecture. Open standards and interoperability are the foundation for OCI-compliant containers, supporting a multi-vendor acquisition strategy without vendor lock-in.
Containers and the DoD Reference Design
In 2019, the DoD released its initial DoD Enterprise DevSecOps Reference Design (an unclassified document) to define the strategy, architecture, and processes for building modern information systems and weapons platforms.
As part of this initiative to encourage the secure development, testing, and deployment of software features, patches, and fixes more frequently, the Reference Design calls for software developers to adopt the use of containers as part of a DevSecOps process and technology platform. It defines the use of Open Container Initiative (OCI)–compliant containers made secure according to DoD container hardening requirements. Kubernetes is used to help avoid vendor lock-in.
The Reference Design defines a software factory approach that also includes an orchestrator for continuous integration/continuous delivery (CI/CD) and tools for use across the DevSecOps lifecycle. The first DoD-approved managed service for DevSecOps is Platform One, a modern, open source, cloud-era DevSecOps platform. Iron Bank is its trusted repository of approved, hardened containers of micro-services, of which the VxWorks RTOS is one.
“This DoD Enterprise DevSecOps Reference Design is specifically for Cloud Native Computing Foundation (CNCF)—certified Kubernetes implementations. This enables a cloud-agnostic, elastic instantiation of a DevSecOps factory anywhere: cloud, on premise, embedded system, edge computing.”
—DoD Enterprise DevSecOps Reference Design:
CNCF Kubernetes | March 2021
Related Resources
White Paper
Learn how containers bring portability, security, and manageability to embedded software development and distribution.
White Paper
Discover how container technology revolutionizes systems’ development, testing, and deployment.
Blog
Discover how technologies such as container-based workloads, vision systems, 5G communications, autonomous controls, and AI are driving change in the industry.
White Paper
Benefit from our proven real-time operating systems, expert partnership, and robust software lifecycle management designed to meet the demanding needs of armored vehicles.
Web Seminar
Avionics International discusses best practices, performance management, and security challenges in container-based avionics applications.
Interview
An interview with Nicolas Chaillan discussing how containers deliver effective deployment of embedded software with built-in high security and strong manageability
Web Seminar
Discover how technologies such as container-based workloads, vision systems, 5G communications, autonomous controls, and AI are driving change in the industry.
Blog
At Wind River, we’re moving on several fronts to achieve one key goal, which is to help embedded systems developers make better software, faster.