In recent years, the Security Server has experienced a total external and internal makeover. The process got started in 2019 when support for REST services was added. In 2020, the Security Server got a new user interface (UI) and a management REST API that enabled the automation of common configuration and maintenance tasks. Releasing X-Road 7 in 2021 enhanced the UI's look and feel and brought several other significant changes and improvements under the hood. While all these major changes have been implemented for the Security Server, the Central Server has received only some smaller updates. However, the Central Server has been remembered and will be the star of X-Road 7.3.0.
The beta version of X-Road 7.3.0 is already out, and the official release version will be published at the end of June 2023.
Easier administration and streamlined onboarding process
The most significant change in X-Road version 7.3.0 is the fully renewed Central Server UI. The new UI improves the usability and user experience of the Central Server. The new intuitive UI makes regular administrative tasks easier and supports streamlining the onboarding process of new X-Road members.
For example, complementary management requests for authentication certificates and client registration requests are no longer required. It's enough to send a registration request from the Security Server and approve it with two clicks on the Central Server. And like before, enabling automatic approval of registration requests makes the approval process fully automated.
Management REST API allows to automate tasks
Another significant change in X-Road version 7.3.0 is the brand-new Central Server management REST API. The API provides all the same functionalities as the UI and can be used to automate common maintenance and management tasks. Maintaining and operating the Central Server can be done more efficiently as configuration and maintenance tasks require less manual work. Also, the new UI uses the same API under the hood too.
The Central Server User Guide provides more information about the API, and the API's OpenAPI 3 description is available on GitHub. Access to the API is controlled using API keys that can be managed through the Central Server UI or through the API itself. In addition, access to the API can be restricted using IP filtering.
Changes in the architecture
The new UI and management REST API have also caused changes in the Central Server architecture and packaging. The previously existing Jetty (xroad-jetty) component has been replaced with the new UI and API (xroad-center), registration service (xroad-center-registration-service) and management service (xroad-center-management-service) components. These changes have affected Central Server’s log files, directories, software packages, and services. It’s strongly recommended that Central Server administrators study the details of these changes from the release notes before upgrading to version 7.3.0.
Wait, there’s more!
Even though the new Central Server UI and management REST API are the most significant and most visible changes in version 7.3.0, the new version contains many other new features, improvements, and fixes. Here’s a short overview of other changes included in the latest version.
Security improvements on the Central Server:
Encrypt backup files (opt-in)
Verify the integrity of backup files on restore.
Run all the X-Road components on Java 11. Remove support for Java 8.
Create a separate security hardening guide that provides information about hardening the Central Server and Security Server host configurations.
Implement configurable request rate and size limits for the Central Server REST API and management services.
Changes in allowed characters in X-Road system identifiers and improved validation of the identifiers.
Technology updates and a decrease in technical debt.
The complete list of changes with more detailed descriptions is available in the release notes.
What’s next?
Implementing the new Central Server was a long process that required more time and effort than was initially expected. Unfortunately, it has caused postponing the implementation of some other new features. More changes to the Central Server are scheduled in the upcoming X-Road versions, but the focus will now shift to other roadmap items.
More information about the X-Road development roadmap is available here. More detailed information about the backlog items scheduled for version 7.4.0 is available here.
Third-party security experts have assessed the security of the new Central Server. However, should you have any findings, they can be reported through the newly launched X-Road Bug Bounty program.