Military Embedded Systems

Open source, high availability middleware for the military environment


June 17, 2009

John Fryer

OpenSAF Foundation

High availability is a key requirement for many military embedded systems. To meet this need, OpenSAF, an open source middleware implementation of the Service Availability Forum's high-availability specifications, provides new options for this critical software layer. This open source middleware offers several benefits, comprises the HPI and AIS open specifications, and is highly suitable for use in security-conscious environments.

The availability of systems in many harsh environments is an essential requirement of continuous operation. Because military systems must increasingly leverage COTS technology to provide superior performance in all situations while optimizing life-cycle costs, the availability of these systems is critical. Consequently, implementing high-availability middleware – such as that developed by the OpenSAF (Open Service Availability Framework – – is an essential aspect of meeting this challenge.

Early versions of the Service Availability Forum (SA Forum) specifications are already deployed in some updated aspects of the Aegis Combat System, with the potential for broader deployment of additional features in future technology refreshes. Other examples of applicability include radar control systems, unmanned system ground control stations, and control systems on ships, aircraft, missiles, and space shuttles. Meanwhile, there are several important aspects to understand for this high-availability middleware approach, including the benefits of using open source, the open specifications available, and how these specifications can be used effectively in a security-conscious environment.

Benefits of open source

High availability is not a new concept in many industries and is often COTS-driven these days. Defense systems have incorporated redundancy in many areas as a fundamental aspect to continuous operation in battlefield situations. With increasing use of and reliance on technology, it is essential that systems can survive catastrophic failure and continue to operate seamlessly.

The traditional approach to high availability has been to design to specific system requirements, particularly when proprietary or specialized hardware has been used. While this might yield an optimal solution for a particular system, it generally results in software systems that are tailored to the specific hardware and architectures where the software applications are tightly integrated with high-availability middleware. Extension of these systems requires the expertise of the design team who understands the philosophy and implementation behind the system. As a result, open source works best in environments where functionality is necessary but where multiple proprietary or commercial implementations hinder the overall objective.

Sidebar 1: OpenSAF



Open specifications are key

With the increasing use of COTS and open specification technologies such as AdvancedTCA and MicroTCA, the perspective is radically different, and optimization can only be achieved if the high-availability environment is common to all applications’ interfaces and underlying implementation. Thus, the SA Forum has developed two sets of high-availability middleware specifications that provide the layering of high-availability services: the Hardware Platform Interface (HPI) and the Application Interface Specification (AIS).

HPI: Low-level abstracting

HPI is used to abstract low-level information from hardware so that it can be accessed and programmed through common interfaces. This enables applications directly accessing hardware functions and receiving hardware events to run on multiple platforms with minimal modification. Indeed, HPI is now implemented in many commercial and proprietary platforms and is viewed as a market success. HPI exposes a set of platform-defined management instruments, examples of which are shown in Figure 1. Through the HPI interface, the various instruments can be read and configured. Common application triggers, such as voltage drops or watchdog timer expirations, constitute failure “events,” which serve as inputs to AIS high-availability middleware. The specifications also allow for instrument grouping to create resource records that can then be further grouped into domains with a common set of capabilities.

Figure 1: HPI exposes a set of platform-defined management instruments.



AIS serves up high availability

AIS is significantly more sophisticated as it provides the set of services necessary to support highly available software applications, as shown in Figure 2. All high-availability middleware implements most or all of these services, as they are fundamentally necessary for an “always on” system. What is different is the layered approach and open forum collaboration to create application- and platform-agnostic architectural models with a rich set of APIs. Remember that AIS is driven and configured by its application environment, and it is the common approach to the middleware that enables rapid portability across multiple systems and between multiple applications.

Figure 2: AIS is significantly more sophisticated than HPI and provides the set of services necessary to support highly available software applications.



The OpenSAF project

Open source and commercial implementations of the HPI and AIS specifications are now available in the marketplace. OpenSAF is actively backed by the OpenSAF Foundation, which provides financial, legal, and marketing support. The open source project itself is open to anyone who wishes to participate and is organized by industry experts who form a technical leadership council. Actively participating companies include Ericsson, Huawei Technologies, Nokia Siemens Networks, HP, Emerson Network Power, Enea, and Wind River Systems.

OpenSAF Release 2 provides capabilities beyond the scope of the SA Forum, such as porting and messaging infrastructure, and it also provides additional functionality such as a message-based checkpointing service. Release 2 is stable and field deployed with the communications industry.

Release 3 of OpenSAF is currently undergoing testing within the OpenSAF community. It is targeted for release in the second quarter of 2009. The flexibility of OpenSAF will be extended to include more ports and hardware platforms beyond the current base of AdvancedTCA, enterprise and proprietary hardware, and a broad array of Linux variants.

Security-conscious environments meet OpenSAF

OpenSAF is available under the Lesser GNU Public License v2.1 (LGPL v2.1), a critical consideration for defense industry adoption. Under LGPL v2.1, any applications that link to the code base and do not modify the code base itself are not subject to the license terms. LGPL v2.1 states that modifications made to the code base must be made available for free, if requested, although there is no obligation to offer these as contributions to the OpenSAF project. The license also enables multiple companies from an industry segment to contribute to the project without fear that a competitor can derive direct financial benefit from the software, as no charge can be made for direct licensing of the code base.

The OpenSAF mailing lists are mechanisms to contribute fixes and enter into discussion with experts on specific applications of OpenSAF. For most organizations, the preferred method is to work with companies who offer commercial distributions of the OpenSAF code base, which include training support and services.

OpenSAF gains momentum

The modern military environment calls for highly available systems in an increasingly technological environment, and it might be impractical for trained technicians to be present in all situations. The transition to COTS and accelerated technology refresh rates means that standardization of high-availability middleware is an increasing requirement. The SA Forum HPI and AIS specifications provide the groundwork for this transition, and they have already been deployed in early versions in the military world.

The OpenSAF open source project provides an active and robust ecosystem, using a proven stable implementation of the AIS services as a starting point to accelerate development of a common high-availability infrastructure in a collaborative environment. This enables sharing of resources and an increased focus on additional functionality. It also provides a choice of how to adopt OpenSAF, either directly by downloading the code or through a commercial distribution, similar to the various Linux models. In this environment, OpenSAF is an increasingly interesting option for an SA Forum based middleware implementation.

John Fryer is president of the OpenSAF Foundation and serves on the Service Availability Forum’s board of directors representing Emerson Network Power, where he is director of technology marketing for Emerson’s Embedded Computing business. Previously, he was responsible for the worldwide product marketing of AdvancedTCA platforms at Motorola. Prior to joining Motorola, he was vice president of marketing for control plane and data plane software applications at NetPlane Systems. John has more than 25 years of experience in the communications industry in a variety of marketing and engineering positions. He holds a B.Sc. with honors in mathematics from the University of Nottingham, England. He can be contacted at [email protected].

OpenSAF Foundation 925-964-9298


Featured Companies

OpenSAF Foundation

3855 SW 153rd Dr
Beaverton, OR 92003