Technical Annex: Announcing Palantir Government Web Services
Editor’s note: The Technical Annex is the second blog of a two part series. Read the first, From Last Supper to First Breakfast, here.
Palantir Government Web Services (PGWS) aims to make the building blocks we developed over 20 years to break into and scale our government business available as discrete and individual offerings. Much like how hyperscalers enabled internet companies to build more quickly and less expensively, PGWS will enable government tech innovators to go faster and farther by leveraging accredited, compliant, and proven technology that powers Palantir’s platforms. We want to enable our customers and partners to focus their attention on the next generation of development and innovation our nation needs by leveraging the infrastructure we had to build to break into government. Our first three PGWS offerings are FedStart, Apollo, and Ontology SDKs.
FedStart & Apollo: Eliminating the Accreditation Barriers
DevSecOps is a huge improvement over where the department was in 2003. But it doesn’t go far enough. We built Apollo as a DevSecOps-compliant platform to enable our engineers to continuously deliver and autonomously deploy modern software across many heterogeneous environments and networks. Most commercial companies need only run a few large, geographic instances of their software in the cloud. Solutions for the Department require deployment of 10s to 100s of microservices continuously across many air-gapped environments — across edge and cloud nodes, networks, and assets.
Current solutions don’t scale to this challenge. Apollo’s autonomous DevSecOps approach separates services from environments to scale instances without scaling DevOps. Lockheed is using Apollo to modernize Aegis. Anduril is evaluating Apollo on Longbow. Cisco is using it to standardize how to deliver software across commercial and government environments. Apollo makes deploying and managing your software-as-a-service to government customers actually possible at any sort of scale without having to linearly scale high-side site reliability engineers or DevOps headcount.
Apollo integrates with your existing software development infrastructure and artifact stores to make the process of deploying your software on SC2S, C2S, air-gapped edge nodes, vehicles, and sensors easy. It automates and handles the full lifecycle, including moving binaries to networks, orchestrating deployments, roll backs, security, and vulnerability management.
In addition to Apollo, we also offer FedStart — an accredited platform-as-a-service (PaaS) offering. Working with the department necessitates every ecosystem partner to receive accreditation for each instance of their software. Convincing sponsors to provide accreditation can take time and effort, and once partners are on board, they then have to prepare to spend 18 months and $2M on average to complete the process — an unviable option for most sensible VC-backed companies. With FedStart, companies that bring containerized offerings to our PaaS can quickly offer IL5 SaaS, and in Jan 2024, also IL6 SaaS to their customers. FedStart turns the 18 month, roughly $2M accreditation process into something that can be done in as little as 6 weeks, and a fraction of the cost.
Ontology Software Development Kit (SDK): Eliminating the Data Access Barrier
The second place we can provide the defense tech ecosystem an “unfair advantage” is with access to government data they’re authorized to obtain via our Ontology Software Development Kit (OSDK). One of the most challenging obstacles we’ve faced over the last 20 years has been the hard yards required to connect to each source system across the Department. Lacking a centralized procedure, the promise of a unified program to solve this challenge was always just around the corner but never actually materialized. As a result, we just did it ourselves, bit by bit.
Data Connections: In total, we have integrated 1,150 data connection sources and nearly 24,000 syncs relevant to the Combatant Commands and Services spanning warfighting, personnel, logistics, operations, intel, manning, training, and equipping systems. Our software provides more than just a data dump of rows and columns, but instead an object-oriented view of the world — the Ontology — reflecting which pieces of data are valuable and their relationship to one another. Such insight is available through our highly ergonomic Ontology SDK and APIs.
Who is OSDK for? Government programs, defense companies, and individual builders with authorized access to relevant programs can use OSDK to enable their applications to securely search, retrieve, and enrich their associated data. This allows customers to avoid the trials and tribulations of connecting to the dozens to hundreds of source systems that make up any individual program (e.g., Army Vantage).
With just four lines of code, the defense tech ecosystem can take advantage of all the data we have curated over 20 years of data integration.
Beyond Data Connections: More than providing ease of connections to data, OSDK enables rapid development of applications by accessing the ontology with minimal code required. A better developer experience translates to better applications and faster feedback loops with operational users. “Digital transformations” are composed of the individual success stories and outcomes from solving specific problems, whether that’s vessel tracking with a pattern of life algorithm, or using predictive analytics to inform the rate of ammunition depletion in Ukraine. OSDK enables developers and operators to solve these specific problems, without requiring end-to-end use of Foundry. We’ve isolated the Foundry ontology and made it easy to use OSDK in React applications, providing full control into your frontend and backend.
Vendor Lock-In Avoided: OSDK eliminates vendor lock on both top (the application layer) and bottom (the data layer). On top, new applications can be developed and deployed that are interoperable through the Ontology API. This is the same mechanism that makes all Palantir products interoperable, and we’ve extended the capability to include any commercial and government built application. At the data layer, the switching cost away from Palantir is bounded to having another vendor or government program use the APIs to pull the data in their platform.
This capability has been used by Army and SpaceForce to build applications and provide extensibility. Some of our DoD SDK docs are shown below. For government agencies and qualified companies, we can provide a low-side environment that can be used to develop against the actual ontologies for targeted use cases with notional data. To express interest and learn more, email Forge@Palantir.com.
Witchcraft for Operating Complex Software: Our next open-sourced project is Witchcraft, the tool we have used internally since 2016 to provide a zero-configuration application server. It streamlines operational challenges by defaulting to the right things with regard to logging, SSL, call tracing, HTTP/RPC semantics, application configuration, and authentication. We’ll provide libraries for audit logging that simplify compliance and lower barriers, as well as an online database upgrade framework that reduces developer toil and makes it practical to operate complex software in even more complicated environments. As a bonus, Witchcraft services automatically work with Apollo and FedStart.
Access Controls and Data Sharing: Palantir was founded shortly after 9/11 to provide products to the Intelligence Community. From Day 1, part of our core offering was the ability to share data securely. This means all of our products have been designed with security and data protection as foundational principles rather than an afterthought. As part of our roadmap, we want to make security capabilities available as a standalone licensed service to the ecosystem, including: 1) Authentication and authorization technology that supports Classification-Based Access Controls, Role-Based Access Controls, and Granular Access Policies (where policies are evaluated uniquely against the content of the data); 2) Support for facilitating secure cross-partner sharing, which is critical for effective collaboration with Allies; and 3) User and group management in compliance with defense standards, like CAC/PIV authentication, entitlement validation and approvals, and more.
The capabilities described above are only the start of what we plan to provide the defense tech ecosystem. We are committed to enabling our customers and partners, where they want to, to leverage our hard-earned experiences delivering to the government so that they can focus their attention on the next generation of development.
Providing formal tools to enable the ecosystem is an acceleration and extension of our long held view, and builds on our legacy of open source contributions and projects and our promotion, mentorship, and support of open standards with UAV companies. This philosophy shapes every commit we make: from the future of our zero-trust DDIL application solution in a box, to our investments in Mixed Reality. At Palantir, every investment and roadmap has been re-explored not just through the lens of openness, but with the goal of accelerating the ecosystem as a whole, and in turn, creating more seats at the First Breakfast table.
Shyam Sankar, Chief Technology Officer, Palantir
Greg Little, Senior Counselor, Palantir
Madeline Zimmerman, Deployment Strategist, R&D Federal, Palantir