stack with us,” Chaillan said.
That stack includes:
• The Cloud One infrastructure
layer, which is a stable and secure common development, test and pro- duction environment. Authorities to operate are already in place so app developers and producers can use Microsoft or Amazon Web Services clouds, depending on their needs. It also offers tools that can help reduce costs for software development.
• Platform One provides software enterprise services and hardened con- tainers, continuous integration/contin- uous delivery options and the service mesh layer, which brings baked-in, zero trust security and the architec- ture to enable microservices. It also offers training/onboarding options and contracting support.
• The application layer allows devel- opment teams to build easily reusable modular software or microservices with hardened containers that can be
used across teams.
The DevSecOps ecosystem and
program applications depend on the DOD Centralized Artifacts Repository of hardened and centrally accredited containers. The repository, which con- tains over 170 secure containers that have DOD-wide reciprocity across clas- sifications, will be maintained by the Air Force team.
“We don’t believe in a one-size-fits- all approach, so we give freedom to the team to swap containers,” Chaillan said. “For us, it’s kind of Lego blocks.” Developers can pick and choose differ- ent tools and access 16 programming languages and 23 databases. “That reopens the door to picking the best tool to get the job done.”
The benefits are significant. The DevSecOps initiative will allow DOD developers to rapidly adapt to new challenges and work as a team with various technologies, including artifi- cial intelligence and machine learning.
The open-source foundation avoids vendor lock-in at the infrastructure and platform layers. Code can be reused for different apps that will run on any platform, which is especially impor- tant at DOD where there are myriad classified, disconnected environments.
It also enables any DOD program to deploy a hardened solution within days, saving time and money, accord- ing to Chaillan.
The group is working with about 25 commercial vendors to certify their containers, which can then be used by other federal agencies.
“Seeing Kubernetes run in the jet is really quite a useful and interest- ing example, but...we’re using it to power all the sort of normal busi- ness activities that the Air Force is doing,” Chaillan said. “We have a lot of business systems moving to cloud-native environments, moving to microservices, being rebuilt right from the get-go.” n