Why (and how) we use OpenBSD at VidiGuard
Update: This is an updated version of an earlier article that was previously posted on the VidiGuard Blog.
At VidiGuard, we care a lot about physical security. In fact, it’s our job. But equally important to physical security is the security of our customers’ data. We also need a robust, reliable platform that can run with minimal interaction. To make both of those happen, we employ OpenBSD in our on-premise equipment and our data infrastructure. Why OpenBSD?
Uncompromising quality and security
Over the past 20 years, OpenBSD’s focus on uncompromising quality and code correctness has yielded a top-notch operating system. Code auditing and review is core to the project’s development process. The team’s focus on security includes integrated cryptography, new security mitigation techniques, and an optional-security-is-no-security stance, making it one of the most secure operating systems available today.
Cohesive system with sane defaults
There are no surprises when building a product on OpenBSD. The operating system installer is fast and has a minimum of configuration options. The default configuration is immediately usable without any knobs that require tuning (though a few are available), and starts only the necessary services. OpenBSD features a full suite of tools, libraries, compiler, and documentation — and frequently the only software we need to add is our own.
The documentation of OpenBSD is the best of any UNIX-like operating system available. The FAQ will get you installed quickly and covers every common use case. Every executable, configuration file, and library function has a man page. Additional support options abound.
OpenBSD’s ultra-permissive license policy makes it a no-brainer for inclusion in any product, be it proprietary or open source. We have yet to need any changes to the operating system itself at VidiGuard, but we rest easy with the assurance that doing so would not require additional headaches on our part due to restrictions on license or distribution.
How we use OpenBSD
Each VidiGuard installation features one or more drones, with integrated computers (more on that later), drone enclosure(s) with charging pad, a command and control (C2)computer, and an uplink to our data services. Each C2 computer runs OpenBSD, distributed using a resflash image, and maintains the operational status of the drone(s), relays flight and video data back to our infrastructure, and modifies flight plans as directed.
Our infrastructure itself is based largely on OpenBSD. We use OpenBSD servers, whether Cloud or on-premise appliance based, in roles including database, API, or front-end web. These servers are fairly mundane in their deployment.
How we don’t use OpenBSD
The only major technology component where we don’t (yet) use OpenBSD is on the drones themselves. Most drones consist of two computers, a lower-level flight controller running a real-time OS, such as the Pixhawk, and higher-level companion computer that controls communication and direction of the craft. Our current fleet consists of the 3DR Solo, which runs an i.MX6 ARM board with Yocto Linux, mated to a Pixhawk 2 autopilot, and a custom drone, which runs a Raspberry Pi mated to a Pixhawk.
Porting OpenBSD to the i.MX6 variant in the Solo is probably possible, but is way outside the scope of work that we are currently focused on. With the recent news of OpenBSD’s armv7 port supporting the Raspberry Pi, we’re hopeful that in the future it will reach the level of maturity that we need for production deployment, at which point we will eagerly begin the migration.
Despite its popularity, the Raspberry Pi was not an arbitrary choice for a drone companion computer. Even with the plethora of ARM Single Board Computers (SBCs) on the market today, there are few that meet all our requirements: hardware video encoding, multiple USB ports, and accessible GPIO interface. At the moment, Raspberry Pi (OpenMAX) and i.MX6 are two of the few who fit that bill, and the RPi currently wins out for the level of software support that we need.
At VidiGuard, we’ve standardized on OpenBSD as our platform of choice for its reliability, security, and ease of administration. We look forward to making it an even larger part of our product catalog as our development progresses.