Virtualization and FAA Certification Activities

Companies all over the software industry are turning to virtualization in order to reduce costs, shorten development lifecycles, improve software measurement and test coverage, and migrate to DevOps strategies like continuous software delivery and on-demand scalability. In the enterprise and SaaS communities, this adoption is supplemented by a wide variety of both commercial and open-source technologies as well as cloud platforms that fully support VM deployments. Adoption of virtualization in the aerospace industry has been slower, due in part to concerns about how virtual machines might impact the predictability of safety-critical and real-time systems, which often undergo formal certification by the FAA or other governing bodies. Despite these challenges, the use of virtualization in FAA-certified systems is now not only possible, but desirable in certain situations.

Virtualization can be divided into two broad categories: hardware virtual machines and software virtual machines. Hardware virtual machines are designed to fully emulate the hardware features of the underlying system, including instruction set architecture, allocation of memory addresses, and interaction with peripheral devices. Pure software virtual machines run on top of a conventional operating system and application stack, and may be pure simulations or may contain optimizations designed to improve performance. Earlier concerns with the features of software virtual machines, especially the suitability of the Java Virtual Machine to fault-tolerant and real-time applications, have colored some of the attitudes toward virtualization in the aviation software industry. Standard Java does not guarantee any particular instruction timings or memory layouts and provides little-to-no access to the underlying hardware, making it difficult to predict, and therefore certify, software behavior. Hardware virtual machines, by and large, do not suffer from these deficiencies.

Notwithstanding these challenges, the FAA’s overall outlook toward virtualization, including software virtual machines, is positive. The agency’s cloud computing strategy calls for server virtualization and consolidation to save costs, improve infrastructure and speed modernization. Virtualization is also a key technology in the transformation of mission-critical applications. The current FAA technology capital plan directs migration of aeronautical data services to cloud and virtualization platforms, as well as the acquisition of a new, virtualization-based architecture to support aviation. Further initiatives, whether part of NextGen or independent of it, are bound to emerge as cloud and DevOps become the dominant way of delivering end-user applications.

Integrating virtualization into certified systems, subject to DO-178B/C and similar standards, can be trickier, but is still possible. To meet this certification, the virtual environment must be able to meet the same hardware, software, firmware, adaptation parameters, test equipment, and test tools requirements as the target system. Achieving this level of virtualization is only possible when the virtual machine successfully runs the same binary as the target hardware and passes all specified tests, including the “formal test run” (sometimes called “run for score”) tests.

When approaching a Certification Authority Software Team (CAST) to allow virtual machines in a certified system, it is important to emphasize the benefits that virtualization can offer. By offering developers a virtual platform, a full suite of regression tests and unit tests can often be performed in response to each code check-in or build. This has the potential to dramatically improve defect discovery in the early phases of the project. It is always easier to fix these defects before entering certification testing than to document and manage the impact of them later in the software lifecycle. Virtualization also allows for automatic injection of software faults into the target system without damage or disruption to the real hardware. In some cases, defects arising from these faults would otherwise be discoverable only by inspection or analysis, a non-preferred solution for both developers and certifiers. Finally, and most importantly, virtualization allows not only the unit tests, but the full certification test suite in response to defects or requirements changes. This eliminates the need for incremental testing.

With increasing software complexity driving development costs skyward, aerospace companies should also consider transforming their software development processes by utilizing virtualization to reduce costs, shorten development lifecycles, improve software measurement and test coverage, and convert to DevOps strategies like continuous software delivery and on-demand scalability. By capitalizing on the vast improvements in defect discovery, enhanced fault injection, and the FAA’s positive outlook towards applying virtualization for certification testing, the aerospace industry is positioned to enjoy the same virtualization benefits deployed by many other industries.