Airgap Deployments Are Like Camping
Defense IT systems are often "airgapped," meaning they're disconnected from the Internet. This could be intentional for security reasons to isolate and protect sensitive data, or it could be due to physical constraints. (It's hard to get Internet access on a submarine deep underwater!)
Working in airgapped environments presents a host of unique problems to solve. Modern software is typically built to assume it has a reliable Internet connection to download dependencies and updates or communicate with external services. When you take away the ability for "cloud-native" applications to access the cloud, things fall apart quickly.
Defense Unicorns overcomes these challenges with Unicorn Delivery Service (UDS), our secure software delivery platform designed from the ground up to support airgap deployments. The technical details of how UDS works are complex, so to simplify things with an analogy… let's go camping!
Packing for Your Trip
Imagine you're preparing for a remote camping trip deep in the backcountry, where there's no cell service or Wi-Fi, and no nearby stores to pick up any forgotten items. You'd better make sure you bring everything you might need.
Your Essentials
There's a standard set of camping gear that you need for every trip: your tent, sleeping bag, first-aid kit, and so on. These are the essential items that you always bring when going camping.
Defense IT systems have their own set of must-have essentials: Access Management, Logging, Monitoring, etc. (See NIST SP 800-53 for more details, or to cure insomnia.) The UDS Core platform includes applications to handle all of those essential IT requirements. Think of UDS as the standard packing list for your trip, so you don't need to worry about which Service Mesh you should bring to keep the mosquitoes away from your data.
Your Accessories
Depending on the purpose of your camping trip, you'll need additional gear beyond the core essentials. Going rock climbing? You'll need ropes and carabiners. Planning on mountain biking? That'll be hard to do without your bike and helmet.
These accessories represent mission applications - the unique software tools necessary to accomplish your specific operational needs. If you're going to be doing software development, you might want GitLab and SonarQube. If you'll be running tactical operations in the field, then Tactical Assault Kit (TAK) would be more appropriate.
Packing It Up
You've got all of your camping essentials and accessories sprawled out at home on your living room floor. It's time to pack!
Under the hood, UDS uses an open-source tool called Zarf to package all of that essential and accessory software into a single bundle that's easy to transport. Zarf also ensures that any dependencies those applications might need are included. (It'd be a bummer to arrive at your campsite and realize you brought your tent but forgot to bring the tent stakes.)
Getting to the Campsite
Now that all the gear and supplies are packed, it's time to hit the road! For camping, that means loading up your car and driving out to your wilderness destination.
For software delivery to an airgapped environment, this means physically transporting the digital information contained within that UDS bundle from where it was created to its destination. In physically airgapped environments, this is often done by burning CDs or using a portable hard drive, something folks call the "sneaker net" method of manually moving data. Cloud-based environments often have a "cross-domain solution" available to transfer data one-way, going from low-to-high classification levels, which are disconnected from the Internet.
The specific transfer mechanism will vary based on the environment and situation, but ultimately, it's about getting your software from its source to its destination, just like physically getting camping gear from your home to the campsite.
Setting up Camp
You've finally arrived, and it's time to set up camp! You'll need to pitch your tent, build a fire, and do everything else necessary to make your campsite functional. It's a lot more work than simply dropping off the bags.
In addition to using Zarf to package up everything before the trip, UDS also uses Zarf to unpack and deploy everything into your mission environment. Zarf uses all the gear it brought along to set up a local version of the resources your cloud-native applications expect to access. When those applications try to reach out over the non-existent Internet to retrieve something, wandering off into the empty wilderness alone, Zarf politely redirects them back to the local resources it set up in camp. This keeps everything running smoothly in an airgapped environment
Getting New Gear
After several days camping alone, basking in the solitude of being disconnected from the outside world, your friend shows up at your campsite! They've brought a bunch of new camping gear, including a better tent than what you originally brought with you and an entirely new set of equipment for mountain biking.
Delivering new gear to the campsite is like delivering new applications and software updates to an airgapped environment. In the same way you used Zarf to pack and unpack all the equipment when you initially arrived, Zarf packs and unpacks later updates - the journey those packages take across the airgap is similar. Software is constantly evolving, and Zarf helps you ensure you have the latest gear, even when you're camping deep in the wilderness, off the grid.
Where to Next?
Your trip is over. You had a blast! Now you're excited for your next camping adventure. But where will you go? To the mountains? Beaches? A quaint grassy meadow in the countryside?
Just as there are lots of different types of places to go camping, there are lots of different kinds of environments to deploy mission software, including commercial cloud, on-prem data centers, and out at the tactical edge. UDS is designed for portability, with a "configure once; deploy anywhere" mindset. The work you did packing everything for your first trip can easily be reused for future deployments in other environments.
UDS goes wherever the mission requires, especially those hard-to-reach airgapped environments.
