Skip to content

Appliance Operating System

Architecture Overview

Our infrastructure media appliance uses a specially developed operating system built on Linux with a number of key modifications to ensure maximum security, reliability, and efficiency.

InfraMedia OS is provided as the base operating system in our appliance and PAK (Professional Appliance Kit) hardware deliveries. This specialized OS is pre-configured and optimized for media server operations, ensuring consistent performance and security across all deployment scenarios.

Minimal Package Set

Minimalism Principle

We independently compile a minimal set of packages for the operating system, which allows:

  • Minimize attack surface - fewer packages mean fewer potential vulnerabilities
  • Reduce firmware size - compact system loads faster and takes up less space
  • Improve stability - excluding unnecessary components reduces the likelihood of conflicts
  • Simplify support - fewer components are easier to test and update

Build Process

  1. Dependency analysis - thorough analysis of necessary components for media server operation
  2. Source compilation - building packages from verified source codes
  3. Security validation - checking each package for known vulnerabilities
  4. Size optimization - removing unnecessary files and compressing components

File System Images

Readonly Architecture

After installing the minimal package set, we create readonly file system images:

  • Immutability - file system is protected from accidental changes
  • Integrity - impossibility of modifying system files
  • Reproducibility - identical images for all devices

Linux Kernel Modification

Our Linux kernel is modified to work with file system images instead of traditional installation:

  • Image support - kernel can mount and work with FS images
  • Partition management - special drivers for working with image partitions
  • Performance optimization - fast loading and working with images

Additional Software Installation

Installation Mechanism

Additional software is installed by copying new file system images to a separate partition:

┌─────────────────┐
│   System        │
│   partition     │
│  (readonly)     │
├─────────────────┤
│   User          │
│   partition     │
│   (readwrite)   │
├─────────────────┤
│   Software      │
│   partition     │
│   (FS images)   │
└─────────────────┘

Approach Advantages

  • Isolation - additional software does not affect the main system
  • Versioning - each software version is stored in a separate image
  • Rapid deployment - copying image instead of installation
  • Change rollback - ability to return to previous version

Update System

Safe Updates

System updates occur by loading a new image without overwriting the old one:

  1. Loading new image - new image is loaded to a separate partition
  2. Validation - checking integrity and compatibility of the new image
  3. Switching - changing boot parameters to use the new image
  4. Testing - checking functionality after update

Rollback Mechanism

If something goes wrong during the update, the system can automatically or manually rollback to the previous configuration:

  • Preserving previous versions - old images remain available
  • Fast rollback - switching to previous image takes seconds
  • Automatic recovery - system can automatically rollback on critical errors

Update System Advantages

  • Reliability - impossibility to "break" the system during updates
  • Minimal downtime - fast updates and rollbacks
  • Production testing - ability to safely test new versions
  • Version history - preserving all previous versions for analysis

Security

Multi-level Protection

Our architecture provides several levels of security:

  1. Minimal attack surface - only necessary components
  2. Readonly file system - protection from system file modification
  3. Component isolation - separation of system and applications
  4. Version control - ability to quickly rollback when vulnerabilities are detected

Monitoring and Auditing

  • Logging all changes - complete history of modifications
  • Integrity verification - checksums for all images
  • Automatic anomaly detection - monitoring unusual activity

Conclusion

Our appliance's operating system represents a highly optimized solution that provides maximum security, reliability, and efficiency for infrastructure media applications. Using file system images, minimal package sets, and secure update systems makes our solution ideal for critical production environments.