# X-Road technologies
Technical Specification
Version: 1.8
26.09.2022
Doc. ID: ARC-TEC
# Version history
| Date | Version | Description | Author |
|---|---|---|---|
| 02.02.2018 | 1.0 | Initial version | Antti Luoma |
| 02.03.2018 | 1.1 | Added uniform terms and conditions reference | Tatu Repo |
| 17.04.2019 | 1.2 | Added RHEL7, Ubuntu 18.04, systemd and Postgres 10 | Petteri Kivimäki |
| 11.09.2019 | 1.3 | Remove Ubuntu 14.04 support | Jarkko Hyöty |
| 12.05.2020 | 1.4 | Add link to X-Road core tech radar | Petteri Kivimäki |
| 15.09.2020 | 1.5 | Updated to match security server REST API architecture | Janne Mattila |
| 02.06.2021 | 1.6 | Backup encryption related updates | Andres Allkivi |
| 07.09.2021 | 1.7 | Update technologies | Ilkka Seppälä |
| 26.09.2022 | 1.8 | Remove Ubuntu 18.04 support | Andres Rosenthal |
# Table of Contents
# License
This document is licensed under the Creative Commons Attribution-ShareAlike 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/
# 1 Introduction
This document describes the general technology composition of X-Road components. To better illustrate the role of main technologies in X-Road, the information is collected in to several technology matrices highlighting the technology relationships between components.
Besides, the X-Road Core Tech Radar (opens new window) is a list of technologies used in the implementation of the core components of X-Road.
# 1.1 Terms and abbreviations
See X-Road terms and abbreviations documentation [TA-TERMS].
# 1.2 References
- ARC-CP -- X-Road: Configuration Proxy Architecture. Document ID: ARC-CP.
- ARC-CS -- X-Road: Central Server Architecture. Document ID: ARC-CS.
- ARC-SS -- X-Road: Security Server Architecture. Document ID: ARC-SS.
- ARC-OPMOND -- X-Road: Operational Monitoring Daemon Architecture. Document ID: ARC-OPMOND.
- ARC-G -- X-Road Architecture. Document ID: ARC-G.
- TA-TERMS -- X-Road Terms and Abbreviations. Document ID: TA-TERMS.
# 2 Overview matrix of the X-Road technology
Table 1 presents the list of technologies used in the X-Road and mapping between the technologies and X-Road components.
Table 1. Technology matrix of the X-Road
| Technology | Security server | Central server | Configuration proxy | Operational Monitoring Daemon |
|---|---|---|---|---|
| Java 8 | X | |||
| Java 11 | X | X | X | |
| C | X | X | ||
| Logback | X | X | X | X |
| Akka 2 | X | X | X | X |
| Jetty 9 | X[3] | X | ||
| JRuby 9 | X | |||
| Ubuntu 20.04 | X | X | X | X |
| Ubuntu 22.04 | X | X | X | X |
| Red Hat Enterprise Linux 7 (RHEL7) | X | X | ||
| Red Hat Enterprise Linux 8 (RHEL8) | X | X | ||
| PostgreSQL 10 | X | X | X | |
| nginx | X | X | ||
| PAM | X | X | ||
| Liquibase 3 | X | X | X | |
| systemd | X | X | X | X |
| PKCS #11[2] | X | X | X | |
| Dropwizard Metrics 4 | X | X | ||
| Spring Boot 2 | X | |||
| Vue.js 2 | X | |||
| Npm 6 | X | |||
| Node 12 | X | |||
| Typescript | X | |||
| OpenAPI 3 | X | |||
| Embedded Tomcat 9 | X | |||
| GNU Privacy Guard | X | X |
See [ARC-G] for general X-Road architecture details.
[2] The use of hardware cryptographic devices requires that a PKCS #11 driver is installed and configured in the system.
[3] Security Server uses embedded Jetty for clientproxy, serverproxy and OCSP responder
# 3 Central server technologies
Table 2 presents the list of technologies used in the central server and the mapping between technologies and central server components.
Table 2. Technology matrix of the central server
| Technology | Signer | Web Server | Password Store | Management Services | Database | User Interface | Servlet Engine | Backend Scripts |
|---|---|---|---|---|---|---|---|---|
| Java 8 | X | X | X | X | ||||
| C | X | |||||||
| Logback | X | X | X | |||||
| Akka 2 | X | X | X | |||||
| Jetty 9 | X | |||||||
| JRuby 9 | X | |||||||
| Javascript | X | |||||||
| PostgreSQL 10 | X | |||||||
| nginx | X | |||||||
| PAM | X | |||||||
| Liquibase 3 | X | |||||||
| systemd | X | X | X | |||||
| PKCS #11[2] | X | |||||||
| GNU Privacy Guard | X |
[2] The use of hardware cryptographic devices requires that a PKCS #11 driver is installed and configured in the system.
See [ARC-CS] for the central server details.
# 4 Configuration proxy technologies
Table 3 presents the list of technologies used in the configuration proxy and the mapping between technologies and configuration proxy components.
Table 3. Technology matrix of the configuration proxy
| Technology | Web Server | Configuration Processor | Signer | Configuration Client |
|---|---|---|---|---|
| Java 11 | X | X | X | |
| Logback | X | X | X | |
| Akka 2 | X | X | ||
| nginx | X | |||
| systemd | X | X | X | X |
| PKCS #11[2] | X |
[2] The use of hardware cryptographic devices requires that a PKCS #11 driver is installed and configured in the system.
See [ARC-CP] for the configuration proxy details.
# 5 Security server technologies
Table 4 presents the list of technologies used in the security server and the mapping between technologies and security server components.
Table 4. Technology matrix of the security server
| Technology | Signer | Proxy | Password Store | Message Log | Metadata Services | Database | Configuration Client | User Interface frontend | REST API | Monitor | Environmental Monitoring Service | Operational Monitoring Buffer | Operational Monitoring Services |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Java 11 | X | X | X | X | X | X | X | X | X | X | |||
| C | X | ||||||||||||
| Logback | X | X | X | X | X | X | X | X | X | ||||
| Akka 2 | X | X | X | X | X | X | X | ||||||
| Embedded Jetty 9 | X | ||||||||||||
| Javascript | X | ||||||||||||
| PostgreSQL 10 | X | X | |||||||||||
| PAM | X | ||||||||||||
| Liquibase 3 | X | ||||||||||||
| systemd | X | X | X | X | |||||||||
| PKCS #11[2] | X | ||||||||||||
| Dropwizard Metrics 4 | X | ||||||||||||
| Spring Boot 2 | X | ||||||||||||
| Vue.js 2 | X | ||||||||||||
| Npm 6 | X | ||||||||||||
| Node 12 | X | ||||||||||||
| Typescript | X | ||||||||||||
| OpenAPI 3 | X | X | |||||||||||
| Embedded Tomcat 9 | X | ||||||||||||
| GNU Privacy Guard | X |
[2] The use of hardware cryptographic devices requires that a PKCS #11 driver is installed and configured in the system.
See [ARC-SS] for the security server details.
# 6 Operational monitoring daemon technologies
Table 5 presents the list of the technologies used in the operational monitoring daemon and the mapping between technologies and monitoring daemon components. Note: OP-monitoring daemon is an additional component of the X-Road.
Table 5. Technology matrix of the operational monitoring daemon
| Technology | Op. Mon. Daemon Main | Op. Mon. Database | Op. Mon. Service | Configuration Client |
|---|---|---|---|---|
| Java 11 | X | X | X | X |
| Logback | X | X | X | X |
| Akka 2 | X | X | ||
| PostgreSQL 10 | X | X | ||
| Liquibase 3 | X | X | ||
| Dropwizard Metrics 4 | X | X | ||
| systemd | X | X |
See [ARC-OPMOND] for the operational monitoring daemon details.