# X-Road technologies
Technical Specification
Version: 1.13
19.12.2023
Doc. ID: ARC-TEC
# Version history
Date | Version | Description | Author |
---|---|---|---|
02.02.2018 | 1.0 | Initial version | Antti Luoma |
02.03.2018 | 1.1 | Added uniform terms and conditions reference | Tatu Repo |
17.04.2019 | 1.2 | Added RHEL7, Ubuntu 18.04, systemd and Postgres 10 | Petteri Kivimäki |
11.09.2019 | 1.3 | Remove Ubuntu 14.04 support | Jarkko Hyöty |
12.05.2020 | 1.4 | Add link to X-Road core tech radar | Petteri Kivimäki |
15.09.2020 | 1.5 | Updated to match Security Server REST API architecture | Janne Mattila |
02.06.2021 | 1.6 | Backup encryption related updates | Andres Allkivi |
07.09.2021 | 1.7 | Update technologies | Ilkka Seppälä |
26.09.2022 | 1.8 | Remove Ubuntu 18.04 support | Andres Rosenthal |
08.06.2023 | 1.9 | Central Server technologies update | Justas Samuolis |
05.10.2023 | 1.10 | Update to Java 17 | Justas Samuolis |
04.10.2023 | 1.11 | Remove Akka references | Ričardas Bučiūnas |
20.11.2023 | 1.12 | Update version references | Ričardas Bučiūnas |
19.12.2023 | 1.13 | Added RHEL 9 | Justas Samuolis |
# Table of Contents
# License
This document is licensed under the Creative Commons Attribution-ShareAlike 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/
# 1 Introduction
This document describes the general technology composition of X-Road components. To better illustrate the role of main technologies in X-Road, the information is collected in to several technology matrices highlighting the technology relationships between components.
Besides, the X-Road Core Tech Radar (opens new window) is a list of technologies used in the implementation of the core components of X-Road.
# 1.1 Terms and abbreviations
See X-Road terms and abbreviations documentation [TA-TERMS].
# 1.2 References
- ARC-CP -- X-Road: Configuration Proxy Architecture. Document ID: ARC-CP.
- ARC-CS -- X-Road: Central Server Architecture. Document ID: ARC-CS.
- ARC-SS -- X-Road: Security Server Architecture. Document ID: ARC-SS.
- ARC-OPMOND -- X-Road: Operational Monitoring Daemon Architecture. Document ID: ARC-OPMOND.
- ARC-G -- X-Road Architecture. Document ID: ARC-G.
- TA-TERMS -- X-Road Terms and Abbreviations. Document ID: TA-TERMS.
# 2 Overview matrix of the X-Road technology
Table 1 presents the list of technologies used in the X-Road and mapping between the technologies and X-Road components.
Table 1. Technology matrix of the X-Road
Technology | Security Server | Central Server | Configuration proxy | Operational Monitoring Daemon |
---|---|---|---|---|
Java 17 | X | X | X | X |
C | X | X | ||
Logback | X | X | X | X |
gRPC | X | X | X | X |
Jetty 11 | X[3] | X[4] | ||
Ubuntu 20.04 | X | X | X | X |
Ubuntu 22.04 | X | X | X | X |
Red Hat Enterprise Linux 7 (RHEL7) | X | X | ||
Red Hat Enterprise Linux 8 (RHEL8) | X | X | ||
Red Hat Enterprise Linux 9 (RHEL9) | X | X | ||
PostgreSQL 12+[5] | X | X | X | |
nginx | X | X | ||
PAM | X | X | ||
Liquibase 4 | X | X | X | |
systemd | X | X | X | X |
PKCS #11[2] | X | X | X | |
Dropwizard Metrics 4 | X | X | ||
Spring Boot 3 | X | X | ||
Vue.js 3 | X | X | ||
Npm 8 | X | X | ||
Node 18 | X | X | ||
Typescript | X | X | ||
OpenAPI 3 | X | X | ||
Embedded Tomcat 10 | X | X | ||
GNU Privacy Guard | X | X |
See [ARC-G] for general X-Road architecture details.
[2] The use of hardware cryptographic devices requires that a PKCS #11 driver is installed and configured in the system.
[3] Security Server uses embedded Jetty for clientproxy, serverproxy and OCSP responder.
[4] Central Server uses embedded Jetty for management service and registration service.
[5] PostgreSQL version varies depending on operating system. By default, RHEL7 uses version 9, RHEL8 - 10, RHEL9 - 13, Ubuntu 20.04 - 12, Ubuntu 22.04 - 14. User may also use external PostgreSQL server.
# 3 Central Server technologies
Table 2 presents the list of technologies used in the Central Server and the mapping between technologies and Central Server components.
Table 2. Technology matrix of the Central Server
Technology | Signer | Password Store | Management/Registration Service | Database | User Interface | Rest API | Backend Scripts | Configuration Client |
---|---|---|---|---|---|---|---|---|
Java 17 | X | X | X | X | ||||
C | X | |||||||
Logback | X | X | X | X | ||||
gRPC | X | X | ||||||
Embedded Jetty 11 | X | |||||||
Embedded Tomcat 10 | X | |||||||
Spring Boot 3 | X | X | ||||||
Vue.js 3 | X | |||||||
Npm 8 | X | |||||||
Node 18 | X | |||||||
Typescript | X | |||||||
OpenAPI 3 | X | X | X | |||||
PostgreSQL 12+[3] | X | X | X | |||||
nginx | X | |||||||
PAM | X | |||||||
Liquibase 4 | X | |||||||
systemd | X | X | X | X | ||||
PKCS #11[2] | X | |||||||
GNU Privacy Guard | X |
[2] The use of hardware cryptographic devices requires that a PKCS #11 driver is installed and configured in the system.
[3] PostgreSQL version varies depending on operating system. By default, Ubuntu 20.04 uses 12, Ubuntu 22.04 - 14. User may also use external PostgreSQL server.
See [ARC-CS] for the Central Server details.
# 4 Configuration proxy technologies
Table 3 presents the list of technologies used in the configuration proxy and the mapping between technologies and configuration proxy components.
Table 3. Technology matrix of the configuration proxy
Technology | Web Server | Configuration Processor | Signer | Configuration Client |
---|---|---|---|---|
Java 17 | X | X | X | |
Logback | X | X | X | |
gRPC | X | X | ||
nginx | X | |||
systemd | X | X | X | X |
PKCS #11[2] | X |
[2] The use of hardware cryptographic devices requires that a PKCS #11 driver is installed and configured in the system.
See [ARC-CP] for the configuration proxy details.
# 5 Security Server technologies
Table 4 presents the list of technologies used in the Security Server and the mapping between technologies and Security Server components.
Table 4. Technology matrix of the Security Server
Technology | Signer | Proxy | Password Store | Message Log | Metadata Services | Database | Configuration Client | User Interface frontend | REST API | Monitor | Environmental Monitoring Service | Operational Monitoring Buffer | Operational Monitoring Services |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Java 17 | X | X | X | X | X | X | X | X | X | X | |||
C | X | ||||||||||||
Logback | X | X | X | X | X | X | X | X | X | ||||
gRPC | X | X | X | X | X | X | X | ||||||
Embedded Jetty 9 | X | ||||||||||||
Javascript | X | ||||||||||||
PostgreSQL 12+[3] | X | X | |||||||||||
PAM | X | ||||||||||||
Liquibase 4 | X | ||||||||||||
systemd | X | X | X | X | |||||||||
PKCS #11[2] | X | ||||||||||||
Dropwizard Metrics 4 | X | ||||||||||||
Spring Boot 3 | X | ||||||||||||
Vue.js 3 | X | ||||||||||||
Npm 8 | X | ||||||||||||
Node 18 | X | ||||||||||||
Typescript | X | ||||||||||||
OpenAPI 3 | X | X | |||||||||||
Embedded Tomcat 10 | X | ||||||||||||
GNU Privacy Guard | X |
[2] The use of hardware cryptographic devices requires that a PKCS #11 driver is installed and configured in the system.
[3] PostgreSQL version varies depending on operating system. By default, RHEL7 uses version 9, RHEL8 - 10, RHEL9 - 13, Ubuntu 20.04 - 12, Ubuntu 22.04 - 14. User may also use external PostgreSQL server.
See [ARC-SS] for the Security Server details.
# 6 Operational monitoring daemon technologies
Table 5 presents the list of the technologies used in the operational monitoring daemon and the mapping between technologies and monitoring daemon components. Note: OP-monitoring daemon is an additional component of the X-Road.
Table 5. Technology matrix of the operational monitoring daemon
Technology | Op. Mon. Daemon Main | Op. Mon. Database | Op. Mon. Service | Configuration Client |
---|---|---|---|---|
Java 17 | X | X | X | X |
Logback | X | X | X | X |
gRPC | X | X | ||
PostgreSQL 12+[1] | X | X | ||
Liquibase 4 | X | X | ||
Dropwizard Metrics 4 | X | X | ||
systemd | X | X |
[1] PostgreSQL version varies depending on operating system. By default, RHEL7 uses version 9, RHEL8 - 10, RHEL9 - 13, Ubuntu 20.04 - 12, Ubuntu 22.04 - 14. User may also use external PostgreSQL server.
See [ARC-OPMOND] for the operational monitoring daemon details.