Addendum 1 - Clarification on deployment strategy
Considering the complexities and challenges encountered during the modernization process, and given that no additional resources could be allocated by ITU, we have concluded that pursuing a cloud-native and production-ready deployment for the X-Road is not feasible at this time.
This stance was further reinforced during discussions with the Architecture Board. The board expressed strong reservations about moving forward with a production-ready deployment at this time.
Instead, we've built upon the existing deployment within The Sandbox. While The Sandbox initially contained a non-production ready version of X-Road, our efforts have significantly enhanced its functionality:
We transitioned from the slim version of the security server(s) to a fully functional deployment, incorporated X-Road Metrics for improved monitoring and statistics, and integrated an Identity and Access Management (IAM) solution in the form of Keycloak. This IAM system not only supersedes the previously used PAM system but also facilitates Single Sign-On (SSO) across the entire IMBB (covering administrative interfaces and APIs for both X-Road and PubSub components).
To encapsulate the primary considerations voiced by the Architecture Board and us for this direction:
Focused Deployment: The main goal for this stage is to maintain The Sandbox as a controlled environment, tailored for specific objectives, without the intricacies and demands of a full-fledged, production-ready setup.
Efficiency in Deployment: By building on and improving the current infrastructure within The Sandbox, we guarantee prompt and efficient deliverables that address the immediate project requirements.
Resource Management: The challenges we encountered during the modernization phase resulted in significant unplanned expenses for the project. In the absence of further resources, refining the current deployment allows us to mitigate losses and work within a more manageable budgetary frame.