Vulcanexus, the All-in-One ROS 2 tool set

Hi everybody!

Celebrating the Humble release these days, eProsima prepared a special gift for the ROS 2 community: Vulcanexus, the All-in-one ROS 2 tool set!

Vulcanexus is an open-source software stack that enables the easy and personalized development of robotic applications based on ROS 2 Humble Hawksbill.

It includes all benefits and features of ROS 2 but guaranteeing always the latest version of Fast DDS, that ensures stable performance; together with many already integrated components such as MICRO, TOOLS, and CLOUD. This way users can easily integrate microcontrollers, monitor data, deploy ROS 2 entities in the cloud, and more.

Vulcanexus is easy to download and configure, you can get set up in a matter of minutes. You can use Vulcanexus for free, try it today here.


Cheers for the launch @Katrin_Kellner! I see security plays an relevant role in this launch. I went through the material and found various security things in here that got me quite confused though. Your site says:

Fast DDS being the most secure open-source DDS implementation [1]

Based on what exactly do you claim this? Last security exercise we disclosed reviewing DDS implementations hinted that Fast DDS was one of the most flawed ones. There’re outstanding issues from that research that still haven’t been fully mitigated. For example, last month I checked with your master again and I could still exploit one of the reported issues in a recent announcement (see discussion).

Is Vulcanexus secure? [2]
Yes, it is. Vulcanexus is an extension of ROS 2 which includes some additional packages and tools. Vulcanexus’ middleware is eProsima’s Fast DDS, which implements the OMG DDS Security specification. Among the extended features available using Vulcanexus is PKCS#11 security support that is not yet available in ROS 2.

Security is an end-to-end characteristic, and I don’t see this fulfilled at all.

Besides the security issues with Fast DDS, from my reading of Vulcanexus, it seems to rely on various open source projects that need proper security assessments and/or do not provide security at all (eProsima DDS Router’s code or micro-ROS, among others). So, on what basis do you claim that Vulcanexus is secure? Can you facilitate a threat model that justifies the security measures available and security policies adopted?

Finally, you may want to run git-secrets (or similar) in your vulcanexus source. There’re some interesting :upside_down_face: findings there you may want to review :wink: .

  1. The Product. Top Vulcanexus Elements - Vulcanexus ↩︎

  2. Help & Documentation - Vulcanexus ↩︎


Hi @vmayoral

I will happy to answer about security questions of ROS 2 and DDS in a dedicated post about the subject, but here we are announcing a big set of tools for ROS 2 Humble, and I would like to focus on that.

Vulcanexus is a big effort combining several projects we lead into a single package. You can download a docket or just install it from our repos.

As @Katrin_Kellner is announcing:

It includes all benefits and features of ROS 2 but guaranteeing always the latest version of Fast DDS, that ensures stable performance; together with many already integrated components such as MICRO, TOOLS, and CLOUD. This way users can easily integrate microcontrollers, monitor data, deploy ROS 2 entities in the cloud, and more.

This is a big step for ROS 2 and we think it will sure increase the adoption of the latest release, ROS 2 Humble.

1 Like

What’s the advantage of having everything integrated and hard-coded into a single package, rather than using the federated model of ROS?

1 Like


Actually many. The concept of a software suite is something that is used by many organizations.

First let’s recap. Vulcanexus is:

  • ROS 2 + Fast DDS
  • ROS 2 Discovery Server
  • ROS 2 Router
  • ROS 2 Monitor
  • ROS 2 Shapes Demo
  • Micro-ROS
  • Webots (simulation, by cyberbotics)

Some advantages of having all these together:

1.- New Tools: Vulcanexus offers tools such as the ROS 2 Router (cloud apps), ROS 2 Monitor (monitor ROS 2 protocol statistics), and ROS 2 Shapes Demo (handy demo for many example applications). These tools were not available before.

2.- Simplicity: Rather than searching which versions of the tools and what configuration is required to run all our tools together, we created everything you need to make your life easier: Dockers, Debian repos, common docs, examples and demos mixing all together, and this is just the beginning.

3.- End to End solution: We are covering here from the cloud to the microcontroller, in a holistic approach.

4.- Awareness: We are doing a big effort to promote these tools, and it is better to concentrate the effort rather than doing this per component. This way we will increase the awareness, helping the community to understand how to use these tools together, and hopefully increasing the adoption of both Vulcanexus a and ROS 2.

5.- Always updated: Vulcanexus is always going to have the latest versions of our middleware and tools, introducing sooner the new features to the community.


@Jaime_Martin_Losa the questions above aren’t about DDS[1] specifically, but about the security claims surrounding Vulcanexus and its components (including Fast DDS). That’s why I provided the references to those applicable sections in your page that surprised me on a quick read, so that we can focus the discussion first in those concerns.

Security in this community is widely being used as a marketing tool, with various products and services advertised boldly as secure, or as providing security. This is misleading, and dangerous. We need more open security talk, instead of avoiding it systematically and pushing it to a WG which doesn’t have the resources to guarantee security (and though we’re trying, I don’t think it never will). Security claims need to be backed by security work, security research and evidence.

I think it’d be great if you can comment on the security claims of Vulcanexus and how these components are guaranteeing it (alongside my questions above).

  1. DDS is a crucial component of your proposed architecture, so of course the security claims need to be coherent with the security capabilities of DDS as well. But anyhow ↩︎

I’d like to clarify that nothing is hard-coded (although Fast DDS will always be the default DDS implementation), nor is Vulcanexus a single debian package.

Vulcanexus provides a set of packages which extend ROS 2, with the benefit of having a rolling version of Fast DDS, which means it is not tied to a specific Fast DDS minor version (as ROS 2 is at the moment). Instead, the Fast DDS version in Vulcanexus is always going to be the latest available. Furthermore, the Fast DDS library is shipped with the Statistics Module activated (it’s disabled in ROS 2 by default), which enables the use of DDS related statistics introspection through the Fast DDS Monitor.

Moreover, Vulcanexus is as modular as ROS 2 is, and everything that you can do in ROS 2 is also possible in Vulcanexus.