# X-Road technologies

Technical Specification

Version: 1.13
19.12.2023 Doc. ID: ARC-TEC


# Version history

Date Version Description Author
02.02.2018 1.0 Initial version Antti Luoma
02.03.2018 1.1 Added uniform terms and conditions reference Tatu Repo
17.04.2019 1.2 Added RHEL7, Ubuntu 18.04, systemd and Postgres 10 Petteri Kivimäki
11.09.2019 1.3 Remove Ubuntu 14.04 support Jarkko Hyöty
12.05.2020 1.4 Add link to X-Road core tech radar Petteri Kivimäki
15.09.2020 1.5 Updated to match Security Server REST API architecture Janne Mattila
02.06.2021 1.6 Backup encryption related updates Andres Allkivi
07.09.2021 1.7 Update technologies Ilkka Seppälä
26.09.2022 1.8 Remove Ubuntu 18.04 support Andres Rosenthal
08.06.2023 1.9 Central Server technologies update Justas Samuolis
05.10.2023 1.10 Update to Java 17 Justas Samuolis
04.10.2023 1.11 Remove Akka references Ričardas Bučiūnas
20.11.2023 1.12 Update version references Ričardas Bučiūnas
19.12.2023 1.13 Added RHEL 9 Justas Samuolis

# Table of Contents

# License

This document is licensed under the Creative Commons Attribution-ShareAlike 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/

# 1 Introduction

This document describes the general technology composition of X-Road components. To better illustrate the role of main technologies in X-Road, the information is collected in to several technology matrices highlighting the technology relationships between components.

Besides, the X-Road Core Tech Radar (opens new window) is a list of technologies used in the implementation of the core components of X-Road.

# 1.1 Terms and abbreviations

See X-Road terms and abbreviations documentation [TA-TERMS].

# 1.2 References

  1. ARC-CP -- X-Road: Configuration Proxy Architecture. Document ID: ARC-CP.
  2. ARC-CS -- X-Road: Central Server Architecture. Document ID: ARC-CS.
  3. ARC-SS -- X-Road: Security Server Architecture. Document ID: ARC-SS.
  4. ARC-OPMOND -- X-Road: Operational Monitoring Daemon Architecture. Document ID: ARC-OPMOND.
  5. ARC-G -- X-Road Architecture. Document ID: ARC-G.
  6. TA-TERMS -- X-Road Terms and Abbreviations. Document ID: TA-TERMS.

# 2 Overview matrix of the X-Road technology

Table 1 presents the list of technologies used in the X-Road and mapping between the technologies and X-Road components.

Table 1. Technology matrix of the X-Road

Technology Security Server Central Server Configuration proxy Operational Monitoring Daemon
Java 17 X X X X
C X X
Logback X X X X
gRPC X X X X
Jetty 11 X[3] X[4]
Ubuntu 20.04 X X X X
Ubuntu 22.04 X X X X
Red Hat Enterprise Linux 7 (RHEL7) X X
Red Hat Enterprise Linux 8 (RHEL8) X X
Red Hat Enterprise Linux 9 (RHEL9) X X
PostgreSQL 12+[5] X X X
nginx X X
PAM X X
Liquibase 4 X X X
systemd X X X X
PKCS #11[2] X X X
Dropwizard Metrics 4 X X
Spring Boot 3 X X
Vue.js 3 X X
Npm 8 X X
Node 18 X X
Typescript X X
OpenAPI 3 X X
Embedded Tomcat 10 X X
GNU Privacy Guard X X

See [ARC-G] for general X-Road architecture details.

[2] The use of hardware cryptographic devices requires that a PKCS #11 driver is installed and configured in the system.

[3] Security Server uses embedded Jetty for clientproxy, serverproxy and OCSP responder.

[4] Central Server uses embedded Jetty for management service and registration service.

[5] PostgreSQL version varies depending on operating system. By default, RHEL7 uses version 9, RHEL8 - 10, RHEL9 - 13, Ubuntu 20.04 - 12, Ubuntu 22.04 - 14. User may also use external PostgreSQL server.

# 3 Central Server technologies

Table 2 presents the list of technologies used in the Central Server and the mapping between technologies and Central Server components.

Table 2. Technology matrix of the Central Server

Technology Signer Password Store Management/Registration Service Database User Interface Rest API Backend Scripts Configuration Client
Java 17 X X X X
C X
Logback X X X X
gRPC X X
Embedded Jetty 11 X
Embedded Tomcat 10 X
Spring Boot 3 X X
Vue.js 3 X
Npm 8 X
Node 18 X
Typescript X
OpenAPI 3 X X X
PostgreSQL 12+[3] X X X
nginx X
PAM X
Liquibase 4 X
systemd X X X X
PKCS #11[2] X
GNU Privacy Guard X

[2] The use of hardware cryptographic devices requires that a PKCS #11 driver is installed and configured in the system.

[3] PostgreSQL version varies depending on operating system. By default, Ubuntu 20.04 uses 12, Ubuntu 22.04 - 14. User may also use external PostgreSQL server.

See [ARC-CS] for the Central Server details.

# 4 Configuration proxy technologies

Table 3 presents the list of technologies used in the configuration proxy and the mapping between technologies and configuration proxy components.

Table 3. Technology matrix of the configuration proxy

Technology Web Server Configuration Processor Signer Configuration Client
Java 17 X X X
Logback X X X
gRPC X X
nginx X
systemd X X X X
PKCS #11[2] X

[2] The use of hardware cryptographic devices requires that a PKCS #11 driver is installed and configured in the system.

See [ARC-CP] for the configuration proxy details.

# 5 Security Server technologies

Table 4 presents the list of technologies used in the Security Server and the mapping between technologies and Security Server components.

Table 4. Technology matrix of the Security Server

Technology Signer Proxy Password Store Message Log Metadata Services Database Configuration Client User Interface frontend REST API Monitor Environmental Monitoring Service Operational Monitoring Buffer Operational Monitoring Services
Java 17 X X X X X X X X X X
C X
Logback X X X X X X X X X
gRPC X X X X X X X
Embedded Jetty 9 X
Javascript X
PostgreSQL 12+[3] X X
PAM X
Liquibase 4 X
systemd X X X X
PKCS #11[2] X
Dropwizard Metrics 4 X
Spring Boot 3 X
Vue.js 3 X
Npm 8 X
Node 18 X
Typescript X
OpenAPI 3 X X
Embedded Tomcat 10 X
GNU Privacy Guard X

[2] The use of hardware cryptographic devices requires that a PKCS #11 driver is installed and configured in the system.

[3] PostgreSQL version varies depending on operating system. By default, RHEL7 uses version 9, RHEL8 - 10, RHEL9 - 13, Ubuntu 20.04 - 12, Ubuntu 22.04 - 14. User may also use external PostgreSQL server.

See [ARC-SS] for the Security Server details.

# 6 Operational monitoring daemon technologies

Table 5 presents the list of the technologies used in the operational monitoring daemon and the mapping between technologies and monitoring daemon components. Note: OP-monitoring daemon is an additional component of the X-Road.

Table 5. Technology matrix of the operational monitoring daemon

Technology Op. Mon.
Daemon Main
Op. Mon.
Database
Op. Mon.
Service
Configuration
Client
Java 17 X X X X
Logback X X X X
gRPC X X
PostgreSQL 12+[1] X X
Liquibase 4 X X
Dropwizard Metrics 4 X X
systemd X X

[1] PostgreSQL version varies depending on operating system. By default, RHEL7 uses version 9, RHEL8 - 10, RHEL9 - 13, Ubuntu 20.04 - 12, Ubuntu 22.04 - 14. User may also use external PostgreSQL server.

See [ARC-OPMOND] for the operational monitoring daemon details.