Unicorn Delivery Service (UDS)
The Unicorn Delivery Service (UDS) enables secure software delivery into highly regulated or egress-limited environments enabling your teams to deploy and run the mission-critical applications required, wherever needed. UDS offers a comprehensive suite of tools tailored for mission operations, spanning software development, generative AI, defensive cyber, collaboration, and secure access management. If a required mission applications is not present in the ecosystem, users have the ability to choose a commercial or open-source application and specify the target environment for implementation.
UDS integrates with Open Security Controls Assessment Language (OSCAL) to streamline Authority to Operate (ATO) processes, enabling secure and compliant software deployments. The open-source platform is designed to facilitate repeatable, reliable, and secure runtime environments to deploy mission applications into any environment.
Key Features
Declarative Baseline: Rapidly establishes secure and repeatable runtime environments via declarative baselines. GitOps workflows manage declarative baselines to ensure consistent, efficient deployment and safeguard critical applications.
Software Capabilities: Ensures contiuous improvement and adaptation through synchronization with upstream providers, utilization of hardened images, and testing against common platforms and infrastructures.
Infrastructure Agnostic: Provides flexible software deployment across classified and unclassified cloud, on-premises, and edge environments, ensuring that your software successfully deploys and runs wherever the mission needs it.
No Data or Vender Lock: Leverages open-source technologies to ensure data sovereignty and enhance flexibility while eliminating the limitations of data lock-in and vendor constraints.
1 -
Why is UDS Important?
UDS creates, supports, and maintains a secure runtime platform that simplifies software delivery and deployment for both application development
teams and platform teams. UDS deploys mission applications into any environment while providing documentation and evidence to facilitate obtaining an Authority to Operate (ATO). By leveraging the power of open source projects like Zarf, Pepr, Lula, LeapfrogAI and more, UDS enables the creation of
portable and compliant
software artifacts.
With UDS, mission teams can:
- Deploy a new accreditable software environment swiftly and seamlessly.
- Update mission application bundles and packages on-demand in minutes.
- Deploy mission applications to classified and unclassified cloud, on-premises, and edge environments.
- Use open and extensible architectures.
- Avoid data and vendor lock-in.
Why Use UDS?
UDS offers enhanced portability, allowing teams to deploy
their software artifacts across diverse environments regardless of underlying infrastructure. Whether it’s cloud-based,
on-premises, or edge environments,
UDS ensures that mission applications can be easily migrated and executed on different platforms. This seamless deployment
across domains reduces the need for platform-specific modifications, accelerating the ATO process through the incorporation
of compliance documentation directly into the software delivery pipeline. UDS’s portability
enables Mission Heroes to adapt quickly to changing infrastructure needs and expand their reach to various environments.
Open Source and Avoiding Vendor Lock
UDS is built on a foundation of open-source technologies, providing Mission
Heroes with the freedom to access and modify the underlying code. By leveraging open-source projects like Zarf, Pepr,
Keycloak, Istio, and more, UDS ensures that users can avoid vendor lock-in and maintain control over their data. This open approach allows Mission Heroes to customize and optimize their software delivery processes.
Security and Compliance
UDS places a strong emphasis on security and compliance, enabling Mission Heroes
to meet stringent requirements for obtaining an Authority to Operate (ATO). It implements the Open Security Controls
Assessment Language (OSCAL) framework, which binds compliance to specific software features, ensuring that controls
required for accreditation are met efficiently. By integrating security and compliance into the software development
and deployment lifecycle, UDS helps your team proactively address potential vulnerabilities, reduce risk,
and maintain a secure software ecosystem.
Leverage UDS Core
UDS Core offers a foundational suite of applications designed to establish a secure and efficient mission environment. It encompasses critical functionalities such as collaboration, monitoring, logging, security, compliance, and data protection. By utilizing these integrated applications, Mission Heroes can confidently deploy and operate source packages that adhere to rigorous security and performance standards.
2 -
What is UDS?
Unicorn Delivery Service (UDS) is a hardware-agnostic software landscape built on top of the secure runtime platform provided by UDS Core. The UDS software landscape enables application development teams to focus their efforts on feature development and delivering
value while reducing the time spent grappling with the intricacies of individual runtime environments. Simultaneously,
it allows platform teams to allocate more resources to system operation and less to the concerns associated with
application nuances.
With UDS, mission teams can:
- Orchestrate applications into any supported environment with a secure runtime platform.
- Streamline application deployment, management, accredidation, and scalability across developer and production environments.
- Facilitate obtaining an Authority to Operate (ATO) with documentation evidence to support that controls are met.
- Leverage open-source tools.
UDS Mission Bundles and Packages
UDS consists of three main components, each serving a distinct purpose and working together to enable the deployment of mission capabilities and applications effectively.
UDS Packages: UDS Packages refer to the specific requirements of a Mission Hero. These packages must be bundled and delivered in a consistent and repeatable manner to effectively achieve mission outcomes. UDS Packages are integrated into UDS through a process that involves the coordination of various open-source projects.
UDS Applications: Reusable collections of external tools that enable and extend the functionality of UDS Bundles. They include object storage, databases, and other tools that assist Mission Heroes in delivering software and achieving mission objectives. Mission Applications are synonymous with external supporting applications, tested and proven reliable, packaged as Zarf Packages, and then readily prepared for deployment within the UDS environment.
Mission Capabilities: Represent the unique requirements and tools essential for our Mission Heroes to achieve their mission objectives. These capabilities include a wide range of functionalities, tools, and resources specifically tailored to meet the needs of our Mission Heroes.
UDS Bundle: A collection of UDS Packages that combine mission-critical tools into a secure runtime environment supported by UDS. UDS Bundles provide the foundational layer for deploying additional mission applications and must be deployed before any other UDS Package.
Current UDS Mission Capabilities
| Mission Capability | Description |
|---|
| Software Factory | Software Factory is designed to enhance software development in enterprise DevSecOps pipelines in cloud, on-premises, or edge systems. It offers a comprehensive package of preconfigured, open-source tools to host secure CI/CD pipelines in any environment. Software Factory automates the software delivery process, ensures security across the entire CI/CD pipeline, and provides Mission Heroes with immediate assurances of software safety. With Software Factory, Mission Heroes gain data independence, support and maintenance options, and secure CI/CD pipelines that adhere to industry and DoD best practices. |
| LeapfrogAI | LeapfrogAI extends the capabilities of the UDS platform by delivering mission-specific AI capabilities. The integration of LeapfrogAI within UDS offers a comprehensive, end-to-end solution for mission-critical operations. LeapfrogAI includes suitable predefined AI models, databases, frontends, and configurations that best align with the user’s mission objectives and deploys them within the secure and declarative baseline of UDS. This integration enables more efficient, data-driven decision-making and offers support for a wide range of mission-critical functions. |
| Your App Your Environment | Your App Your Environment streamlines application deployment for Mission Heroes, enabling seamless selection, deployment, and management of mission-critical software on a Kubernetes cluster. Leveraging UDS and open-source projects, it efficiently addresses challenges like egress-limited or air-gapped environment software delivery. Integrated with Defense Unicorns’ DevSecOps Reference Guide compliant architecture, it ensures compliance and security, meeting 70% of technical security controls out of the box. Teams maintain ownership and independence over their applications, with the flexibility to deploy across various environments. |
At a high level, UDS bundles infrastructure, platform, and mission applications in a way that makes them portable to
different mission systems and environments. It is an end-to-end solution that establishes and leverages a secure and declarative baseline
to streamline software delivery. UDS tightly integrates and leverages Defense Unicorns’ open source projects: Zarf, Pepr, Lula, and LeapfrogAI. The UDS CLI serves as the interaction point connecting these components, facilitating seamless deployment and security of infrastructure within the UDS platform.
Zarf
Zarf is the generic bundler and installer for UDS. It plays a critical role in the UDS platform by simplifying the packaging and delivery of applications. Zarf delivers platform infrastructure and applications in a declarative state via a collection of Zarf Packages while reducing the need for mission personnel in constrained or classified environments to be Kubernetes or platform experts.
Zarf enables the deployment of Big Bang and other DevSecOps tools, platforms, or infrastructure across security boundaries and classification levels. Zarf also simplifies the installation, updating, and maintenance of DevSecOps capabilities such as Kubernetes clusters, logging, and Software Bill of Materials (SBOM) compliance out of the box. Most importantly, Zarf keeps applications and systems running even when disconnected. For more information, see the Zarf documentation or Zarf GitHub page.
Pepr
Pepr automates the integration of applications with runtime capabilities within an environment. This is the core project that will enable the agnostic runtime of applications into any UDS environment as Pepr will adjust the application configuration to be compatible with the target environment. Pepr seamlessly integrates UDS Bundles and Zarf Components, forming a growing library of bundles and components. It streamlines the integration process, enabling application teams to leverage a wide range of pre-built bundles and packages without the need for extensive manual configuration. For additional information, please see the Pepr GitHub page.
Lula
Lula is the compliance bridge that leverages the NIST OSCAL framework to automate and simplify compliance in a Kubernetes environment. Lula will demonstrate control inheritance and validation for each UDS Package within the UDS environment. Lula documents and validates controls satisfied by applications, expediting the accreditation process and generating real-time reports for authorizing officials, reducing the burden on the site reliability engeneering team and other individuals involved in manually providing control mapping and responses. For additional information, please see the Lula GitHub page.
UDS CLI
The UDS CLI serves as the primary interface for users to interact with various components within the UDS platform. The UDS CLI streamlines the deployment process of mission applications and secure infrastructure. The UDS CLI simplifies the tasks involved in running mission applications while maintaining regulatory compliance in a unified and efficient manner.
UDS CLI simplifies deployment by bundling multiple Zarf Packages into a single deployable artifact. This process ensures that UDS Bundles, which encompass infrastructure, platform, and mission applications, can be efficiently deployed within any Mission Hero’s system environment. Additionally, the UDS CLI extends its capabilities to Pepr, where multiple Pepr applications are bundled and deployed as a single Pepr Module to support UDS Bundles during runtime.
The UDS CLI is the interaction point for the entire UDS platform and combines and deploys various UDS products. This unified interface allows users to interact with UDS as a comprehensive platform, simplifying the management of mission-critical applications and components.
Environments Supported by UDS
UDS Bundles are designed to be deployed across various environments, providing flexibility and adaptability for your mission needs. UDS is adaptable to the requirements of different software applications and missions, ensuring successful deployment in diverse environments. Below are the environments where bundles can be deployed:
| Environment | Description |
|---|
| Cloud | UDS Bundles support both classified and unclassified cloud environments, including AWS, Azure, Google Cloud, and others. Deploy mission capabilities confidently to public, private, or hybrid cloud environments with UDS. |
| On-Premises | UDS Bundles are equipped to handle on-premises deployment for missions requiring it. Deploy capabilities securely within your infrastructure, providing a secure and controlled environment for software applications. Mission Heroes can bundle and deploy software to servers located within the organization’s premises using UDS. |
| Tactical Edge | UDS extends its capabilities to edge environments, enabling the deployment of software to devices with limited resources and connectivity. For scenarios where edge computing is crucial, UDS facilitates the deployment and operation of mission capabilities at the edge of the network, ensuring efficient and responsive operations. Tactical edge deployments are suitable for scenarios where low latency and real-time processing are critical to mission success. |
3 -
Core Concepts
Key Terms
Before diving further into UDS and its features, it is essential to understand some key terms that form the foundation of UDS:
Mission Heroes: Mission Heroes are individuals focused on securely migrating their application workloads across various environments - ranging from shifting between multiple cloud providers to transitioning between cloud, on-premises, or edge environments. Mission Heroes leverage UDS Bundles to deliver unique mission objectives on their timelines and within their preferred environments.
Zarf Package: A Zarf Package plays a critical role in the UDS platform by facilitating the packaging and delivery of applications and capabilities.
UDS Package: A UDS Package is a collection of open-source applications bundled together to create a single UDS Package. UDS Packages are bundled and delivered in a consistent and repeatable manner to achieve successful mission outcomes. These packages leverage UDS to bundle, deploy, and operate securely in the Mission Heroes specific environment.
UDS Application: A UDS Application represents a specific open-source tool selected to accomplish a function in the mission operations process. Each application is accomplished by selecting a specific tool to perform the function. For instance, source code management can be accomplished using a tool like GitLab, and runtime policy enforcement can be achieved with a tool like Kyverno.
UDS Application Dependency: A UDS Application dependency refers to environment-specific needs and infrastructure that must be met for a bundle with core applications to operate successfully. UDS Applications are designed to provide distinct functions and services. However, some UDS Applications may rely on external resources, services, or configurations to function as intended within a particular environment.
UDS Core: UDS Core is a collection of several individual applications combined into a single Zarf Package that establishes a secure baseline for secure cloud-native systems. It comes equipped with comprehensive compliance documentation and prioritizes seamless support for highly regulated and egress-limited environments.
UDS Bundle: A UDS Bundle is the fundamental building block of UDS. Each bundle is comprised of one or more UDS Applications or Packages that are grouped to enable a key part of the mission. These bundles provide a structured approach to assembling capabilities and enable the effective deployment of mission-oriented functionalities.
Declarative Baseline: A declarative baseline is an explicit specification of the desired configuration and deployment of software components. Users may use declarative baselines to create a Zarf Package or UDS Bundle in UDS to precisely define what is intended to be deployed. The term “baseline” is used to emphasize that this declaration serves as the foundation for the final configuration, ensuring that the end-state matches the stated intentions.
Authority to Operate: Authority to Operate (ATO) is a formal declaration that a system or application meets specific security requirements and is approved to operate in a given environment. Achieving ATO demonstrates compliance with regulations and standards, providing assurance that the system has undergone rigorous security testing and validation.
Software Bill of Materials: A Software Bill of Materials (SBOM) is a comprehensive list of components used in building a software product. It provides transparency into the software supply chain, detailing the dependencies and libraries that make up the software. SBOMs are essential for understanding and managing software vulnerabilities, facilitating effective risk management and compliance efforts.
Open Security Controls Assessment Language: NIST Open Security Controls Assessment Language (OSCAL) simplifies the process of implementing, assessing, and documenting security controls, promoting consistency and efficiency in security management and compliance activities. It provides a common framework for expressing security requirements, controls, and assessment procedures, facilitating interoperability and automation across security tools and platforms.
How UDS Works
The UDS workflow is a systematic approach that enables Mission Heroes achieve mission objectives by deploying mission applications effectively and securely. UDS simplifies the deployment process while ensuring the delivery of secure and mission-critical applications. From establishing secure runtimes with a UDS Bundle to enhancing deployment efficiency with UDS Packages and deploying tailored mission capabilities, UDS empowers Mission Heroes to achieve successful and secure deployments across various environments. UDS supports your team at every step, from building foundational environments to deploying mission-specific applications that drive impactful outcomes.
Infrastructure as Code (IaC)
UDS Core applications rely on various dependencies, such as relational databases, key-value stores, and object stores. These requirements can be met through environment-provided services hosted within the infrastructure layer. UDS offers two approaches for fulfilling these dependencies: utilizing in-cluster resources or leveraging external infrastructure services.
The decision to provision external resources is based on mission environment specifics, granting your teams the flexibility to adapt while maintaining operational efficiency. UDS IaC ensures consistency and reduces manual efforts, providing an optimal foundation for various mission needs through the automation of provisioning, configuration, and management of infrastructure resources.
Building the UDS Core Bundle
The UDS workflow begins with the creation and maintenance of a UDS Bundle. This bundle forms the foundation of a secure runtime environment for your mission applications. UDS Bundles provide the necessary baseline tools that ensure the security, compliance, and reliability of your mission-critical applications.
UDS Bundles are created to include essential components, configurations, and security measures. They lay the groundwork for deploying additional capabilities and software without compromising security. By building and employing UDS Bundles, Mission Heroes can establish a consistent and secure runtime environment that serves as a strong foundation for software deployments.
Deploying Mission-Specific Packages
The final phase of the UDS workflow involves the deployment of mission-specific packages onto the secure UDS environments that have been established. These packages are tailored to meet the unique needs of your mission and enhance the execution of your application.
Mission-specific packages are bundled and delivered alongside your application. They provide specialized functionalities, services, and tools that align with your mission objectives. Whether it’s generative AI-driven solutions, software factories, collaborative tools, or identity and access management, UDS enables you to deploy these packages whenever and in whatever environment best fits your mission needs.