Dmitry Donskoy, Rusbitech Astra: Astra Linux - the platform for all types of users

Dmitry Donskoy: At the moment the situation with our share in the market changes for the better. Long time we were engaged in development of information security tools, received certificates, underwent testing and always developed in this direction. We were selected by large public institutions, municipal bodies, and we successfully cooperated also in this bed. Now it is possible to tell with confidence that Rusbitech - the key player in this segment of IT market. We reach the new level, Astra Linux - worthy option of transition to the domestic operating system. Of course, Microsoft for the present the market leader, we absolutely accurately understand that we have quite powerful competitor, but it stimulates to prove that Astra Linux - a good product.

Dmitry Donskoy: Advantages of the Astra Linux operating system over products of competitors consist in the following. First, the Astra Linux is the unified platform for all types of devices (workstations, thin clients, tablets, servers, storage systems, etc.) which functions practically on all processor architecture. It and a mass segment on h86-64 (release Smolensk), and MIPS (release Sevastopol), including work on domestic processors "Baikal" and "Divisional commander", and the certified release Murmansk under processor architecture of Z/Architecture, and release Novosibirsk under tablets on architecture of ARM. This year the release of release Leningrad under processor architecture Elbrus is planned to end.

Secondly, the developer company Rusbitech annually releases the new version of the operating system with the updated components included in it, modifed functionality according to security requirements of information.

Thirdly, the regular release of the bulletins of security on the certified version of the operating system directed to closing of the found vulnerabilities is performed.

Fourthly, having developed Astra Linux in an initiative order as a commercial product, Rusbitech could certify it on compliance to a high class of security in all three systems of certification - MO OF THE RUSSIAN FEDERATION FSTEC and FSB of Russia. Astra Linux OS takes Advantage MO Russian Federation and is widely applied in many public institutions and departments, gaining continuous development and maintenance. And last year the Astra Linux became the first and still only OS which received the certificate of conformity on a protection profile on a class of security A2 according to new security requirements of information to the operating systems admitted to FSTEC of Russia.

Fifthly, around development of Astra Linux and its means of protecting the powerful scientific and technical community was created. Except developer specialists of JSC NPO Rusbitech, professionals on cybersecurity from IKSI of FSB of Russia Academy, mathematics of ISP RAS of V.P. Ivannikov which carry out verification of model of security and correctness of its implementation and also some other technology partners and experts whose recommendations are considered at release of new versions participate in it. We keep in close connection with the international community of developers of the open source software through sponsorship and membership in such non-profit organizations as The Linux Foundation and The Document Foundation which significantly influence development of a core of Linux and office applications.

The closest competitors develop also promptly, as well as we, and it is good that they are. Each company has the way of development and the vision as the distribution kit should look.

Dmitry Donskoy: I can note several turning points. Probably, the most fundamental moment is a solution in 2008 in an initiative order, due to private investments to create the Astra Linux operating system on the basis of projects open source and own technologies of data protection which will have to correspond to high criteria of security in all systems of certification of the Russian Federation. For this purpose we had to make considerable efforts. Design of OS was initially executed taking into account requirements of the existing regulating documents in information security field. It is very labor-intensive process. For creation of a qualitative product it is necessary to have not only staff of highly skilled programmers, but also professionals in the field of cybersecurity. Our company coped with this task and the first release of Astra Linux Special Edition successfully underwent certification in the Ministry of Defence in 2010. In two years the certificate of conformity of FSTEC of Russia, and in a year - and in FSB of Russia was received. In parallel with it there was a joint work with specialists from FSB of Russia Academy and ISP RAS in development and deployment to a core of Astra Linux of new, more perfect model of security - MROSL-DP model on what the patent in 2014 was taken out. Shortly the version of the Astra Linux with new model of security successfully passed certification tests and received the certificates of conformity allowing to process information of limited access, including the state secret with privacy degree "top secret" inclusive in all state organizations and departments. It became too an important turning point which allowed to undergo, by the way, certification on new requirements of FSTEC last year.

The next milestone event for us - development of the protected virtualization environment Brest and its inclusion in the unified register of the Russian computer programs and databases of the Ministry of Telecom and Mass Communications of the Russian Federation. As I already spoke above, we continuously are in process of improvement of Astra Linux. The request for creation of the environment of virtualization to us arrived from our consumers, and we actively were engaged in its creation. Thus, the complex protected platform allowing to build geographically distributed failsafe information systems of any class on its basis turned out. This unique solution for the domestic market.

Dmitry Donskoy: We constantly face some factors which complicate process of the national project of import substitution of the software. It both absence of qualified specialists, and deficit of time (process of migration of all infrastructure not really fast), and with budgets on import substitution a situation also occasionally critical. However an exit is always and we as the developer, we try to help our clients in such heavy time as migration process. We offer clients complex methodology of carrying out projects on import substitution, jointly we start pilot projects where the existing infrastructure is recreated and projected, we open more and more rates based on the largest training centers on administration of Astra Linux. Process goes and it is already good.

Dmitry Donskoy: In my opinion, it was worth thinking of import substitution 20 years ago, but you will not return the past, and now not to contract the main thing from the selected way and to develop normative legal acts in the field of information security.

Dmitry Donskoy: In 10 years of development and deployment of Astra Linux OS the staff considerably grew. At the moment in Rusbitech company about 700 employees, about 200 employees work directly on the operating system. At the same time for such long period we formed rather big community of external developers. As for the second question, it is natural process - amount of works, tasks grows, respectively, and we adapt to a situation.

Dmitry Donskoy: Crucial element of Astra Linux OS are the built-in information security tools based on the mandatory intrinsic role model of access control and information flows (MROSL DP model) developed by specialists of Institute of cryptography, communication and information science of FSB of Russia Academy. Developers of JSC NPO Rusbitech execute program implementation of this model of data protection, and the Center of verification of Institute of system programming of RAS carries out deductive verification of a program code of means of protecting of Astra Linux. One of features of implementation of this model is complete concealment from subjects with the low level of confidentiality of objects with higher level of confidentiality. Simply speaking, the user associated with this or that process (subject) in OS does not see the files, tables, fields and other referred to as objects having higher mandatory tag. For the solution of a problem of opposition to the threats connected with unauthorized attempts of installation and start of not permitted software in Astra Linux OS function of restriction of software environment is implemented. It is the so-called "the closed software environment" or - the dynamic control of integrity providing automatic access control of subjects to objects for the purpose of start of programs on execution on the basis of calculation and verification of the EDS of access objects for executable files, program libraries and modules of a core – stored in headings of such files.

One of types of security risks are threats of availability of information. Quite most part from the total number of vulnerabilities in information systems is caused by errors in programs which allow an opportunity to redefine the course of accomplishment of the functions, rewriting them "on the fly" directly in RAM. Opposition to such threats of interception of management of software is solved by use in a kernel of Astra Linux OS of additional resources which complicate a research of functioning of programs of RAM, determination of memory registers, the selected working program, for implementation of the malware, prohibit start of executable code from the memory bank marked as "data segment", and rewriting of areas of code segment of memory.

Dmitry Donskoy: As I already told above, continuous work with software makers regarding mutual compatibility is conducted. The special Ready for Astra Linux program was for this purpose developed. At the moment it includes more than 80 companies among which - 1C, Teleform IS, Galaktika, Code, Consultant, Aladdin R.D., Active Soft, Panorama, Infotecs, Crypto Pro, LISSI-Crypto, "Releks", SAP, Siemens, Echelon, "The center of special system engineering, Sigma, New cloud technologies, NPO VS, NPO BAUM, Kaspersky Lab, Dr.Web, Acronis, "TERMIKA", VideoMost, Inteltekh, IT Bastion, SCADA producers of systems, etc.

Dmitry Donskoy: There are several ways of succession of events. The first and the most correct - to rewrite software under Linux again, at the same time to take into account all comments which are in the current version of software, but, as a rule, it long and expensively. The second option - to start the application in Wine, the third - to start the applications in Windows OS functioning in our protected environment of virtualization and the last - to find software analogs. On every way we are ready to help to orient. On the website astralinux.ru there are contacts, it is possible to contact us.

Dmitry Donskoy: Owing to the fact that the business model of 10-year was focused on work with the Ministry of Defence, defense industry enterprises, security agencies and state structures, we came to a commercial segment only last year. And here pleasant news to us turned out the fact that the commercial segment which occupies about 5% of total amount, became interested in our operating system. This interest is connected, first, with the fact that our product is many times cheaper, than the same set of software products from Microsoft, secondly - we have no annual runtime royalty fees for the right to be connected and use already purchased right (for example, for the mail server Exchange and MySQL it is annually necessary to pay for the right of connection to services). Thirdly, it is not necessary to buy in addition additional resources of data protection as our OS is already an information security product. Fourthly, the functions of information security tools implemented in Astra Linux are relevant for processing of a state secret including for the commercial organizations. And fifthly, a part of the software for Linux in general is freely extended, and it is possible to save money on it.

Dmitry Donskoy: The list rather impressive, easier to say, whom in it is mute is not present. In 10 years of development and deployment of Astra Linux we visited on a visit at many potential customers. Other question - duration of transition of customers to Astra Linux. We perfectly understand that to transfer information systems which were under construction and developed more than 20 years on Windows to other OS in months it is impossible. Though there are positive examples. In total about 150 pilot projects with different extent of their end are now conducted. Someone already comes for tender, someone only tests our solution in pilot projects and makes the positive decision. Regularly we receive comments from our customers, are always ready to provide technical support. Also it turned out that all not and is difficult how it is represented first. In the section of "news" on our website astralinux.ru publications about our successful projects, testings, partners and customers regularly appear.

Dmitry Donskoy: We are in continuous work, we develop our partnership, continuously we hold testings for compatibility with iron and the software of different producers. To us both the state, and municipal organizations constantly handle the purpose to perform transition to the domestic operating system. And it must be said, we are glad that we have quite big list of successful cases in this direction. In general now there is a lot of information in media on our implemented projects. In plans - an exit of new releases and versions, work with customers, they become more and more and we are ready to high-quality and productive work.

Dmitry Donskoy: Directions of development of a product a little. First of all, as it was already told above, - a release exit Leningrad under processor architecture Elbrus. An important stage - a release of new version 1.6 of the Astra Linux operating system, release Smolensk, and the subsequent certification in all three systems of certification of the Ministry of Defence, FSTEC and FSB of Russia. In plans - development of release Oryol and, in particular, - a repository of programs. One more already mentioned planned step in development of OS - a release of the version of release Sevastopol under the Baikal processor and transfer on certification of a distribution kit under the Divisional commander processor. We plan further work on development of domestic information security tools together with RAS FSB and ISP Academy. The important direction of development - release on the market of program bundles, in which Astra Linux as a single platform for package and office programs, means of antivirus protection, etc. and also the hardware-software bundles consisting of computers based on domestic processors "Elbrus", "Baikal", "Divisional commander". And, at last, - further development of the program of support of equipment manufacturers and the software of Ready for Astra Linux which was also already mentioned above which purpose is delivery to consumers of products guaranteed compatible to Astra Linux OS that excludes need of costs for check of compatibility, integration and reduces risks of frustration of the plan of creation (migration) of information systems. In fact, it is shop of the solutions Astra Market Store. We invite all software makers and iron to join this program.