Операционные системы РОСА

Today's agenda:

We will talk about how to migrate from foreign software to Russian software with minimal costs, guaranteeing data security and integrity, as well as compatibility with the existing IT infrastructure.

Today, the speakers will be Kadomsky Vyacheslav, Director of Strategic Development, Novoselov Mikhail, Development Engineer, and Betkher Alexander, Programmer.

At the end of 2022, thanks to publications by journalists, the opinion was formed that the state had chosen three OSs, and the ROSA operating system was not among them. But we, nevertheless, stubbornly continued to improve the ROSA operating systems, to make this system better. And our efforts were crowned with success, we were noticed, and in the latest public speeches of the representative of the Ministry of Digital Development, they announced that the Ministry of Digital Development and the state now see four main OSs, among which a place has appeared for ROSA.

And today we would like to talk in more detail about what the ROSA system is, what the ROSA company is. Because a lot depends on who makes the OS and other software products, how they are made.

So, the scientific and technical center of information technologies ROSA (Russian Operation System and Applications). That's how the company was named in 2010. And from the very beginning, the company focused on working with free software, contributing to the development of the community. Moreover, we formed our own ROSA community, which participates in the development of our OS. In general, our mission is that we do the same as other leading players in the open source product market. We provide solutions built on open source technologies with stability, performance and security, i.e. what companies need in order to build effective secure infrastructures, and have what they are used to having, buying proprietary software.

Over 13 years of work, we have built a large, extensive partner ecosystem, built technical support work and conduct training in various formats. We have organized technical support in such a way that we have TP engineers in different time zones, we easily provide both standard and round-the-clock extended technical support, and we adhere to the stated time frames. Users receive a technical support portal for communicating with specialists, email, and, if there is extended technical support, it is possible to use the phone. With technical support, security updates are received and a transition to new versions is made. And, if the customer has extended technical support, then the transition is absolutely free.

And we have built a partner ecosystem that includes equipment manufacturers, software manufacturers, and system integrators who both resell our solutions and promote them. For us, the process of testing our software with equipment and various application software is a constant process. We regularly test new versions of our products and the products of our partners.

One of the most frequent questions we are asked at every meeting is the question of who our clients are. We sell everywhere and to everyone, our software is not tailored to any one industry direction. Among our clients there are both governmental and commercial organizations, companies with state participation and without state participation. Our software is used in education and in science. We can be seen in both small and large companies, such as RosAtom.

We started our activity in 2010 with the creation of our own development environment, which is called ABF (Automatic Build Farm). This is an environment in which the OS and other ROSA products are assembled. And the repository is also located there. And all our production is located on the territory of Russia. We are completely autonomous, we will not stop in our production process. The repository that we created is of a decent size.

In June 2023 we were in seventh place in terms of the size of our repository in the world ranking. In Russia, only two companies are engaged in creating and developing their own repository, pursuing their own independent policy when creating operating systems. This is ROSA and BazAlt.

The next aspect is security. One of the criteria that we constantly keep in focus is security. Since this is primarily required by Russian customers. We have had secure development implemented since 2018, and now the FSTEC is developing requirements for all Russian developers so that they use a secure development methodology during production. We implemented this methodology back in 2018, we use it for all stages, this is a whole set of tools, both purchased from manufacturers of information security security tools, and we have our own developments. This allows us to find vulnerabilities, close them and keep the OS in a safe state.

What does our portfolio consist of. We have a whole family of operating systems, most of them are made on the basis of our repository. ROSA CHROME is a civilian OS that has 2 implementation options. The first is server. The second option is ROSA BARIUM. This is an OS that is made in the form of a distribution. And ROSA MOBILE is an OS that we make for smartphones. And at the end of the year, smartphones with the Russian OS, ROSA MOBILE, are expected to be released. We also have another OS. It is called ROSA COBALT. And its difference is that it is binary compatible with RHEL.

In order to manage operating systems in large numbers, we release a product called "Control Center". We also have a virtualization center and a resource manager. Ideally, our virtualization solution consists of two modules. ROSA Virtualization is the basic virtualization level. And the resource manager adds automation at the Operation level, i.e. maintenance of the virtual environment. And a single solution includes these two modules.

Now Mikhail Novoselov will tell us more about our operating systems.

The slide shows what operating systems we have. Our company develops two branches for OS. The first, which is shown in green on the slide, is the OS based on its ROSA 2021.1 repository. The ROSA FRESH package base is a free version. And the corporate distribution on the same ROSA Chrome package base. They have a common package base. In 2012, we had a MANRIVA distribution, then the MANRIVA company was bought by the ROSA company and it was decided to stop developing the MANRIVA distribution due to the financial insolvency of the French company. And what was MANRIVA became ROSA. And since then it has been developing independently with the participation of the MANRIVA community. And we are developing the Linux distribution not as a commercial craft. We are developing a full-fledged independent Linux distribution, and on the basis of this package base we are already releasing the commercial ROSA CHROME distribution. But at the same time, the source codes of ROSA CHROME remain open. And therefore our customers are protected. So, CHROME is an independent distribution built on an independent package base, which is common to CHROME and FRESH.

Separately, we have a branch that is shown in blue on the slide. It is binary compatible with RHEL. The certified ROSA COBALT is already available, ROSA CHROME is planned to be certified by the fall.

This slide lists the main features of ROSA CHROME 12.4. The distribution uses our design as a graphical shell, which is designed to minimize the load on the eyes when working with it. The background is not pure white, pastel colors are used. The ergonomics are designed to be familiar to Windows users. As practice shows, even elderly former Windows users easily master this system. As an office suite, you can install "My Office" R7. You can customize the ribbon interface. You can separately enable the top menu. Thus, it will be even more familiar to many users.

I was asked how COBALT will develop as a line. COBALT, i.e. a distribution based on compatibility with RHEL. Now the main attention is paid to CHROME, an independent distribution. And COBALT will most likely continue to be released in server form.

Your domain in CHROME. There are group policies. Our domain is not our own. We use time-tested domains in free implementation. Instead of group policies, we recommend using not Windows tools stretched over Linux, but Linux tools, including through our new control center. Use a CHROME server or use some external server. Any group policy does not allow you to do everything. When you work through native Linux tools, you can do everything. But there is a problem that for some actions you need to either write some of your own "sparks", or do something else. Therefore, we are working on a ready-made solution that can be conditionally called a group policy.

It is important to note that when we make our distribution, we do not copy other people's technical solutions, we do it ourselves as we see fit based on the needs of the customer. And we do not need to put up with other people's solutions that do not suit us very well, we immediately do it the way we need to.

I have already shown by the example of ROSA CHROME that our user applications are regularly updated. Automated deployment is supported, including according to special scenarios.

This slide shows ROSA COBALT 7.9. It also supports automated deployment. This OS is aimed at compatibility with CentOS.

This COBALT is already certified.

Based on our server solutions, you can do a lot. For example, a high availability cluster. I would also like to note that the CHROME server distribution is a minimalistic image in which a minimalistic OS is installed. There, for example, the network works. Everything else that is needed is inserted as needed for the repository. This makes the system lightweight and convenient for a wide variety of applications both on hardware and in virtualization, in clouds, etc.

We also have a separate ROSA BARIUM solution, which is built on the same package base as CHROME. This is a special distribution for either working from a flash drive or for mass deployment of the same type of distributions, for example, loading over the network. Its developer Alexander Betkher will tell you more about this.

ROSA BARIUM is another distribution of the ROSA product line, assembled on the basis of the ROSA-2021.1 platform. That is, it is the same platform on which ROSA CHROME and ROSA FRESH are assembled. At the same time, BARIUM differs radically architecturally. BARIUM is a modular OS, which makes it closer to a light build than to a regular distribution. Both characteristics accurately determine what kind of system it is. This difference is due to the fact that the distribution is primarily intended for loading from an external drive. Currently, BARIUM is assembled in two editions. The first is a preview version for installation on a regular flash drive. And the second version is for installation on a token.

A number of custom builds of Barium are under development according to the technical specifications of the customer. There will be its own set of software and its own settings. Today we will talk about "Barium" installed on a token.

This distribution is primarily intended for organizing secure remote access for employees to their workplaces or VDI. The task of providing secure remote access can be conditionally divided into 2 parts: server and client. If everything is more or less clear with the server side, then on the client side users have confusion: machines are different, operating systems are different, viruses, lack of updates, etc. It is quite difficult to organize reliable access in such a situation, and there is no point in talking about the security of such a connection at all.

"Barium" on a token is an operating system that the user carries with them and uses from home, on a business trip, where for obvious reasons there is no system administrator next to him. Therefore, special attention is paid to the security and reliability of the OS. Security is ensured as follows:

1) encryption of user files, settings, additional software and all changes made to the system in general. That is, the system itself is not encrypted, but if you create a new special system file, then these changes will be encrypted.

2) User login to the system is carried out using the token PIN code. That is, we can talk about the fact that the login has hardware protection. Two-factor authentication is also possible, when you will need to enter both a PIN code and a user password. Thus, even the loss of the OS carrier is unlikely to lead to data compromise. However, you should not continue to use the token after it has been in the wrong hands. You should reformat everything.

What has been done for reliability? The first is delayed recording. It significantly increases the service life of the carrier. Usually operating systems, the same "Chrome", constantly write some files, for example, logic, cache or configs, etc. This constant recording has a sharply negative effect on the life of flash memory. For "Barium" this problem has been solved. System changes are written to disk only when turned off and rebooted. The user's home directory can be additionally saved manually by clicking on the icon on the desktop, or automatically with an interval that is specifically set in the place where the management of the features of the Barium OS is collected.

In addition, atomic update with version switching. "Barium", unlike its brothers "Chrome" and FRESH, cannot update packages one by one, as is done in regular distributions. Packages in "Barium" are installed in the module. And a module is an archive, it cannot be changed, it can only be created again. Therefore, "Barium" is updated by synchronizing copies of the operating system with the updated version on the server. That is, even in case of errors introduced by an unsuccessful update, the user always has the opportunity to download the OS version in the form in which it was before the update.

And third in reliability. The system partition of the OS is mounted in Read Only mode. And when working in Terminal mode, the carrier is completely unmounted. Therefore, it is not so easy to accidentally break the OS.

Loading modes. In fact, there are not two, but four loading modes. Let's talk about two main ones. The first mode of operation is called Terminal. This is a loading mode where the user does not have access to any programs except clients for connecting to a remote desktop. That is, as soon as you select the Terminal loading mode, the loading reaches the client, and the user cannot load any other applications.

The second mode of operation is a workstation. When loading into a workstation, the user receives a regular universal secure operating system, which differs only in that the user carries it with them in their pocket, and does not carry a computer with them. There is an office, a browser, mail, etc. Given that "Barium" has full soft compatibility with "Chrome" and FRESH, everything that can be run in them will work perfectly in "Barium".

"Barium" is a token that has built-in Flash memory, and the OS is installed in this memory. The operating system is assembled modularly, which makes it more suitable for such loading from an external drive. So, we have a token, a Flash drive, we can continue to use it as a flash drive, plus a full-featured OS and pre-configured thin clients. All this in one physical device of pocket size.