# X-Road technologies

Technical Specification

Version: 1.7
07.09.2021 Doc. ID: ARC-TEC


# Version history

Date Version Description Author
02.02.2018 1.0 Initial version Antti Luoma
02.03.2018 1.1 Added uniform terms and conditions reference Tatu Repo
17.04.2019 1.2 Added RHEL7, Ubuntu 18.04, systemd and Postgres 10 Petteri Kivimäki
11.09.2019 1.3 Remove Ubuntu 14.04 support Jarkko Hyöty
12.05.2020 1.4 Add link to X-Road core tech radar Petteri Kivimäki
15.09.2020 1.5 Updated to match security server REST API architecture Janne Mattila
02.06.2021 1.6 Backup encryption related updates Andres Allkivi
07.09.2021 1.7 Update technologies Ilkka Seppälä

# Table of Contents

# License

This document is licensed under the Creative Commons Attribution-ShareAlike 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/

# 1 Introduction

This document describes the general technology composition of X-Road components. To better illustrate the role of main technologies in X-Road, the information is collected in to several technology matrices highlighting the technology relationships between components.

Besides, the X-Road Core Tech Radar (opens new window) is a list of technologies used in the implementation of the core components of X-Road.

# 1.1 Terms and abbreviations

See X-Road terms and abbreviations documentation [TA-TERMS].

# 1.2 References

  1. ARC-CP -- X-Road: Configuration Proxy Architecture. Document ID: ARC-CP.
  2. ARC-CS -- X-Road: Central Server Architecture. Document ID: ARC-CS.
  3. ARC-SS -- X-Road: Security Server Architecture. Document ID: ARC-SS.
  4. ARC-OPMOND -- X-Road: Operational Monitoring Daemon Architecture. Document ID: ARC-OPMOND.
  5. ARC-G -- X-Road Architecture. Document ID: ARC-G.
  6. TA-TERMS -- X-Road Terms and Abbreviations. Document ID: TA-TERMS.

# 2 Overview matrix of the X-Road technology

Table 1 presents the list of technologies used in the X-Road and mapping between the technologies and X-Road components.

Table 1. Technology matrix of the X-Road

Technology Security server Central server Configuration proxy Operational Monitoring Daemon
Java 8 X
Java 11 X X X
C X X
Logback X X X X
Akka 2 X X X X
Jetty 9 X[3] X
JRuby 9 X
Ubuntu 18.04 X X X X
Ubuntu 20.04 X X X X
Red Hat Enterprise Linux 7 (RHEL7) X X
Red Hat Enterprise Linux 8 (RHEL8) X X
PostgreSQL 10 X X X
nginx X X
PAM X X
Liquibase 3 X X X
systemd X X X X
PKCS #11[2] X X X
Dropwizard Metrics 4 X X
Spring Boot 2 X
Vue.js 2 X
Npm 6 X
Node 12 X
Typescript X
OpenAPI 3 X
Embedded Tomcat 9 X
GNU Privacy Guard X X

See [ARC-G] for general X-Road architecture details.

[2] The use of hardware cryptographic devices requires that a PKCS #11 driver is installed and configured in the system.

[3] Security Server uses embedded Jetty for clientproxy, serverproxy and OCSP responder

# 3 Central server technologies

Table 2 presents the list of technologies used in the central server and the mapping between technologies and central server components.

Table 2. Technology matrix of the central server

Technology Signer Web Server Password Store Management Services Database User Interface Servlet Engine Backend Scripts
Java 8 X X X X
C X
Logback X X X
Akka 2 X X X
Jetty 9 X
JRuby 9 X
Javascript X
PostgreSQL 10 X
nginx X
PAM X
Liquibase 3 X
systemd X X X
PKCS #11[2] X
GNU Privacy Guard X

[2] The use of hardware cryptographic devices requires that a PKCS #11 driver is installed and configured in the system.

See [ARC-CS] for the central server details.

# 4 Configuration proxy technologies

Table 3 presents the list of technologies used in the configuration proxy and the mapping between technologies and configuration proxy components.

Table 3. Technology matrix of the configuration proxy

Technology Web Server Configuration Processor Signer Configuration Client
Java 11 X X X
Logback X X X
Akka 2 X X
nginx X
systemd X X X X
PKCS #11[2] X

[2] The use of hardware cryptographic devices requires that a PKCS #11 driver is installed and configured in the system.

See [ARC-CP] for the configuration proxy details.

# 5 Security server technologies

Table 4 presents the list of technologies used in the security server and the mapping between technologies and security server components.

Table 4. Technology matrix of the security server

Technology Signer Proxy Password Store Message Log Metadata Services Database Configuration Client User Interface frontend REST API Monitor Environmental Monitoring Service Operational Monitoring Buffer Operational Monitoring Services
Java 11 X X X X X X X X X X
C X
Logback X X X X X X X X X
Akka 2 X X X X X X X
Embedded Jetty 9 X
Javascript X
PostgreSQL 10 X X
PAM X
Liquibase 3 X
systemd X X X X
PKCS #11[2] X
Dropwizard Metrics 4 X
Spring Boot 2 X
Vue.js 2 X
Npm 6 X
Node 12 X
Typescript X
OpenAPI 3 X X
Embedded Tomcat 9 X
GNU Privacy Guard X

[2] The use of hardware cryptographic devices requires that a PKCS #11 driver is installed and configured in the system.

See [ARC-SS] for the security server details.

# 6 Operational monitoring daemon technologies

Table 5 presents the list of the technologies used in the operational monitoring daemon and the mapping between technologies and monitoring daemon components. Note: OP-monitoring daemon is an additional component of the X-Road.

Table 5. Technology matrix of the operational monitoring daemon

Technology Op. Mon.
Daemon Main
Op. Mon.
Database
Op. Mon.
Service
Configuration
Client
Java 11 X X X X
Logback X X X X
Akka 2 X X
PostgreSQL 10 X X
Liquibase 3 X X
Dropwizard Metrics 4 X X
systemd X X

See [ARC-OPMOND] for the operational monitoring daemon details.