d-bis/docs
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
docs/archive/DEPLOYMENT_REQUIREMENTS_SCOPE.md
defiQUG 4bb0b6ffa4 Initial commit: add .gitignore and README
2026-02-09 21:51:46 -08:00

37 KiB
Raw Permalink Blame History

Deployment Requirements Scope

5 Large Projects Analysis

Date: 2025-01-27
Purpose: Comprehensive deployment requirements analysis for the 5 largest/complex projects

Executive Summary

This document scopes out deployment requirements for 5 major projects:

  1. dbis_core - Core Banking System
  2. smom-dbis-138 - DeFi Oracle Meta Mainnet (ChainID 138)
  3. loc_az_hci - Proxmox VE → Azure Arc Hybrid Cloud Stack
  4. Sankofa - Sovereign AI Cloud Infrastructure Platform
  5. the_order - Digital Identity & Verifiable Credentials Platform

Total Estimated Deployment Timeline: 12-16 weeks (with parallel execution where possible)

1. DBIS Core Banking System

Project Overview

Sovereign-grade financial infrastructure for the Digital Bank of International Settlements and 33 Sovereign Central Banks.

Infrastructure Requirements

Compute:

  • Application Tier: Multiple instances (N+ redundancy)
  • Load Balancer: Required for high availability
  • Horizontal Scaling: Supported with connection pooling

Database:

  • PostgreSQL with:
    • Primary database + 2+ read replicas
    • High availability configuration
    • Automated backup system (daily full + hourly incremental)
    • Multi-region replication support

Storage:

  • Redis Cache: 2+ instances for caching layer
  • Storage Account: For document/blob storage

Security:

  • HSM (Hardware Security Module): Required for production
  • Encryption: TLS 1.2+ for all connections
  • Secrets Management: Secure credential storage

Deployment Stack

Technology:

  • Node.js/TypeScript backend
  • Prisma ORM with PostgreSQL
  • Express.js/Fastify framework
  • Docker containerization

Deployment Method:

  • Kubernetes (recommended) or VM-based
  • Blue-Green deployment strategy
  • CI/CD pipeline required

Key Dependencies

External Services:

  • ISO 20022 banking message integration
  • FX engine integration
  • CBDC system integration
  • Compliance & governance systems

Prerequisites:

  • Azure subscription (or equivalent cloud provider)
  • Database admin access
  • HSM hardware/provisioning
  • Network security configuration

Estimated Timeline

  • Infrastructure Setup: 1-2 weeks
  • Database Setup & Migrations: 3-5 days
  • Application Deployment: 1 week
  • Security Hardening: 1 week
  • Testing & Validation: 2 weeks
  • Total: 5-7 weeks

Critical Path Items

  1. Database cluster setup and replication
  2. HSM integration and key management
  3. Multi-region deployment configuration
  4. Security audit and compliance verification

2. SMOM-DBIS-138: DeFi Oracle Meta Mainnet

Project Overview

Production-ready Hyperledger Besu network with QBFT consensus (ChainID 138), deployed on Azure Kubernetes Service. Includes CCIP cross-chain oracle support, comprehensive security scanning, full observability, and MetaMask integration.

Infrastructure Requirements

⚠️ Important: smom-dbis-138 is deployed as a DBIS tenant on Sankofa Phoenix infrastructure. The deployment uses Phoenix's blockchain orchestration tools on loc_az_hci Proxmox infrastructure.

Blockchain Infrastructure (via Sankofa Phoenix):

  • Proxmox VMs (deployed via Crossplane on loc_az_hci):
    • 18 VMs total: 16 application VMs + 2 infrastructure VMs
    • Validator Nodes: Multiple validator VMs
    • Sentry Nodes: DDoS protection nodes
    • RPC Nodes: Public API access nodes
    • Network ID: 138 (ChainID)
    • Consensus: QBFT (Quorum Byzantine Fault Tolerance)

Deployment Orchestration:

  • Sankofa Phoenix: Provides white-label blockchain orchestration
  • Crossplane Provider: Deploys VMs on loc_az_hci Proxmox hosts
  • Site 1 (ml110-01): 192.168.11.10
  • Site 2 (r630-01): 192.168.11.11

Note: Resources (CPU, RAM, Storage) are counted under loc_az_hci since VMs are deployed there.

Storage:

  • Persistent Volumes: For blockchain state data
  • Azure Disk CSI: Dynamic provisioning
  • Backup Storage: For node state backups

Networking:

  • Application Gateway: For RPC endpoint exposure
  • Network Security Groups: For node isolation
  • Private Endpoints: For secure internal communication

Deployment Stack

Technology:

  • Hyperledger Besu (blockchain client)
  • Foundry (smart contract deployment)
  • Kubernetes + Helm
  • Terraform (infrastructure as code)

Smart Contracts:

  • Mock LINK Token
  • CCIP Router
  • WETH9 & WETH10
  • CCIPWETH9Bridge & CCIPWETH10Bridge
  • Oracle Aggregator

Key Dependencies

Platform Dependencies:

  • Sankofa Phoenix: White-label blockchain orchestration platform (must be deployed first)
  • loc_az_hci: Proxmox infrastructure for VM deployment (must be deployed first)
  • Crossplane Provider: For Proxmox VM orchestration via Phoenix

External Services:

  • CCIP (Cross-Chain Interoperability Protocol)
  • Chainlink oracles
  • MetaMask wallet integration
  • Ethereum mainnet (for cross-chain operations)

Prerequisites:

  • Sankofa Phoenix platform deployed
  • loc_az_hci Proxmox infrastructure operational
  • Crossplane provider for Proxmox configured
  • Foundry (forge, cast, anvil) for smart contract deployment
  • kubectl configured (for Phoenix Kubernetes cluster)

Deployment Phases

Note: Deployment is orchestrated through Sankofa Phoenix platform on loc_az_hci Proxmox infrastructure.

  1. Platform Prerequisites (Dependencies):

    • loc_az_hci Proxmox infrastructure deployed (Week 1-8)
    • Sankofa Phoenix platform deployed (Week 7-10)
    • Crossplane provider for Proxmox configured

  2. Tenant Deployment via Phoenix (1-2 weeks):

    • DBIS tenant creation in Sankofa Phoenix
    • VM provisioning via Crossplane (18 VMs on Proxmox)
    • Network configuration and genesis setup
    • Validator, sentry, and RPC node deployment

  3. Smart Contract Deployment (1 week):

    • Contract compilation and testing
    • Ordered deployment (CCIP Router → WETH → Bridges → Oracle)
    • Contract verification

  4. Configuration & Integration (1 week):

    • CCIP chain configuration
    • Bridge destination setup
    • Oracle feed configuration

Estimated Timeline

  • Platform Dependencies: 8-10 weeks (loc_az_hci + Sankofa Phoenix)
  • Tenant Deployment: 1-2 weeks (via Phoenix orchestration)
  • Smart Contracts: 1 week
  • Integration & Testing: 2 weeks
  • Total: 12-15 weeks (including platform dependencies)

Critical Path Items

  1. loc_az_hci Proxmox infrastructure operational
  2. Sankofa Phoenix platform deployed and configured
  3. Crossplane provider connected to Proxmox
  4. DBIS tenant VM provisioning via Phoenix
  5. Besu network genesis and validator setup
  6. CCIP router configuration and chain registration
  7. Oracle aggregator and price feed integration
  8. Security scanning and audit completion

3. LOC_AZ_HCI: Proxmox VE → Azure Arc Hybrid Cloud Stack

Project Overview

Complete end-to-end implementation package for transforming Proxmox VE hosts into a fully Azure-integrated Hybrid Cloud stack with high availability, Kubernetes orchestration, GitOps workflows, and blockchain infrastructure services.

Infrastructure Requirements

Physical Infrastructure:

  • 2+ Proxmox VE Hosts:
    • Proxmox VE 7.0+ installed
    • Minimum 8GB RAM per node (16GB+ recommended)
    • Static IP addresses configured
    • Network connectivity between nodes
    • Root or sudo access

Storage:

  • NFS Server (optional, for shared storage)
  • Local Storage: Sufficient for VMs and templates
  • Ceph (optional, for distributed storage)

Virtual Infrastructure:

  • VMs for Kubernetes: K3s or full K8s cluster
  • VMs for Git: Gitea/GitLab or Azure DevOps agent
  • Storage VMs: For NFS or distributed storage

Azure Integration:

  • Azure Arc: For hybrid cloud management
  • Azure Resource Groups: For Arc resources
  • Azure Monitor: For hybrid monitoring

Deployment Stack

Technology:

  • Proxmox VE (hypervisor)
  • K3s or Kubernetes (orchestration)
  • Azure Arc (hybrid cloud)
  • Terraform (optional, for automation)
  • Helm (optional, for GitOps)

Services:

  • Hyperledger Besu
  • Firefly
  • Chainlink CCIP
  • BlockScout
  • Cacti (monitoring)
  • Nginx Proxy

Key Dependencies

External Services:

  • Azure subscription with Contributor role
  • Azure Arc enabled subscription
  • Cloudflare (for DNS and tunnels)
  • Internet connectivity for Azure Arc

Prerequisites:

  • Azure CLI installed and authenticated
  • SSH access to all nodes
  • kubectl installed
  • Terraform (optional)
  • Helm (optional)

Deployment Phases

  1. Proxmox Cluster Setup (1 week):

    • Network configuration on both nodes
    • Repository updates
    • Shared storage (NFS) setup
    • Cluster creation

  2. Azure Arc Integration (1 week):

    • Azure environment preparation
    • Proxmox host onboarding to Azure Arc
    • VM creation and onboarding
    • Kubernetes onboarding

  3. Kubernetes Setup (1 week):

    • K3s installation
    • Kubernetes onboarding to Azure Arc
    • Base infrastructure deployment

  4. Git/DevOps Setup (1 week):

    • Gitea/GitLab deployment OR
    • Azure DevOps self-hosted agent

  5. GitOps Configuration (1 week):

    • Repository creation
    • Azure Arc GitOps connection
    • Application deployment

  6. HC Stack Services (2 weeks):

    • Blockchain services (Besu, Firefly)
    • Monitoring (Cacti)
    • Proxy services (Nginx)

Estimated Timeline

  • Proxmox Setup: 1 week
  • Azure Arc Integration: 1 week
  • Kubernetes Setup: 1 week
  • GitOps & Services: 3 weeks
  • Testing & Validation: 2 weeks
  • Total: 8-10 weeks

Critical Path Items

  1. Proxmox cluster creation and verification
  2. Azure Arc agent installation and connectivity
  3. Kubernetes cluster deployment
  4. GitOps workflow configuration
  5. Service deployment and integration

4. Sankofa Phoenix: Sovereign AI Cloud Infrastructure Platform

Project Overview

A next-generation, sovereign AI cloud infrastructure platform that provides white-label blockchain tooling and orchestration as a service. Sankofa Phoenix combines mythic power, ancestral wisdom, and cultural identity. Features 325-region deployment capability and world-class cloud infrastructure.

Key Service: Sankofa Phoenix provides blockchain orchestration platform that enables tenant deployments (such as smom-dbis-138 for DBIS tenant) to be deployed via Crossplane on loc_az_hci Proxmox infrastructure.

Infrastructure Requirements

⚠️ Important: Sankofa leverages loc_az_hci Proxmox infrastructure to deploy VMs via Crossplane. The VMs listed below are deployed on loc_az_hci Proxmox hosts and are counted in the loc_az_hci resource totals.

Edge Sites (Deployed on loc_az_hci Proxmox Infrastructure):

  • Proxmox VE Infrastructure: Uses loc_az_hci Proxmox hosts
    • Site 1 (ml110-01): 192.168.11.10 - Operational
    • Site 2 (r630-01): 192.168.11.11 - Operational
    • Network bridge: vmbr0
    • Storage pools: local-lvm
    • OS images: ubuntu-22.04-cloud.img

VM Deployment via Crossplane (SMOM-DBIS-138):

  • Total VMs: 18 (16 application + 2 infrastructure)
  • Total CPU: 72 cores
  • Total RAM: 140 GiB
  • Total Disk: 278 GiB
  • Deployment Method: Crossplane provider for Proxmox
  • Infrastructure: Deployed on loc_az_hci Proxmox hosts
  • Note: These resources are counted under loc_az_hci to avoid double-counting

Kubernetes Control Plane:

  • Kubernetes v1.24+ cluster
  • 3 master nodes minimum (for HA)
  • 5+ worker nodes (for production)
  • Container runtime: containerd or CRI-O
  • CNI plugin: Calico, Flannel, or Cilium

Database Infrastructure:

  • PostgreSQL 14+ (recommended: 15+)
  • High availability: Primary + replicas
  • Storage: NVMe SSD (2TB+ per node)
  • RAM: 64GB+ per node
  • Automated daily backups

Blockchain Infrastructure (Future):

  • Hyperledger Besu Validators: 3-5 nodes per core datacenter
  • CPU: AMD EPYC 7763 (64 cores) or Intel Xeon Platinum 8380 (40 cores)
  • RAM: 128GB DDR4 ECC
  • Storage: 2x 4TB NVMe SSD (RAID 1)
  • Network: 2x 25GbE network adapters
  • HSM: Hardware Security Module for key storage

Deployment Stack

Technology:

  • Next.js 14+ (frontend and portal)
  • GraphQL API (Apollo Server + Fastify)
  • PostgreSQL 14+
  • Keycloak 20+ (identity management)
  • Crossplane (infrastructure as code)
  • ArgoCD (GitOps)
  • Prometheus/Grafana (monitoring)
  • Loki (log aggregation)

Application Components:

  • Frontend (Next.js)
  • API (GraphQL)
  • Portal (Next.js)
  • Crossplane provider for Proxmox

Key Dependencies

Infrastructure Dependencies:

  • loc_az_hci Proxmox Infrastructure: Sankofa deploys VMs on loc_az_hci Proxmox hosts via Crossplane
    • Site 1 (ml110-01): 192.168.11.10
    • Site 2 (r630-01): 192.168.11.11
    • 18 SMOM-DBIS-138 VMs deployed via Crossplane provider

External Services:

  • Keycloak for identity management
  • Cloudflare for DNS and tunnels (shared with loc_az_hci)
  • Blockchain network (Hyperledger Besu)

Prerequisites:

  • loc_az_hci Proxmox cluster operational (deploy loc_az_hci first)
  • Kubernetes cluster deployed (for Sankofa applications)
  • PostgreSQL database deployed (for Sankofa applications)
  • Keycloak deployed and configured
  • Crossplane provider for Proxmox configured and connected to loc_az_hci
  • Cloudflare account and tunnel configured
  • Network connectivity verified

Deployment Phases

  1. Database Setup (3-5 days):

    • PostgreSQL deployment
    • Database migrations (26 migrations)
    • Multi-tenancy and billing tables
    • Initial data seeding

  2. Kubernetes Deployment (1-2 weeks):

    • Namespace creation
    • Crossplane deployment
    • ArgoCD deployment
    • Keycloak deployment
    • API, Frontend, Portal deployment
    • Monitoring stack deployment

  3. Proxmox VM Deployment (1-2 weeks):

    • Infrastructure VMs (Nginx Proxy, Cloudflare Tunnel)
    • Application VMs (SMOM-DBIS-138)
    • Monitoring and validation

  4. GitOps Setup (1 week):

    • Repository creation
    • ArgoCD application configuration
    • Sync and verification

  5. Multi-Tenancy Setup (1 week):

    • System tenant creation
    • Admin user assignment
    • Billing configuration
    • Tenant verification

Estimated Timeline

  • Database & Infrastructure: 2-3 weeks
  • Application Deployment: 2-3 weeks
  • VM Deployment: 1-2 weeks
  • Configuration & Testing: 2 weeks
  • Total: 7-10 weeks

Critical Path Items

  1. Database migrations (26 migrations including multi-tenancy)
  2. Keycloak deployment and OIDC configuration
  3. Crossplane provider for Proxmox setup
  4. Multi-tenant system initialization
  5. Billing system configuration
  6. Cloudflare tunnel and DNS configuration

5. The Order: Digital Identity & Verifiable Credentials Platform

Project Overview

A comprehensive platform for digital identity, verifiable credentials, and legal document management. Features eIDAS/DID-based identity verification, Microsoft Entra VerifiedID integration, legal document management, virtual data rooms, and e-residency services.

Infrastructure Requirements

Azure Infrastructure:

  • Azure Kubernetes Service (AKS):
    • Target region: West Europe (no US regions)
    • Azure CNI networking
    • Node pools configured
    • Azure Disk CSI driver

Database:

  • Azure Database for PostgreSQL:
    • Multiple databases (dev, stage, prod)
    • High availability configuration
    • Automated backups
    • Firewall rules configured

Storage:

  • Azure Storage Accounts:
    • Containers: intake-documents, dataroom-deals, credentials
    • Versioning enabled
    • Soft delete enabled

Security:

  • Azure Key Vault:
    • Separate instances per environment
    • Soft delete and purge protection
    • Access policies configured

Container Registry:

  • Azure Container Registry (ACR):
    • Geo-replication (optional)
    • Managed identity or admin user

Networking:

  • Virtual Network:
    • Subnets configured
    • Network Security Groups
    • Private endpoints (optional)

Load Balancing:

  • Application Gateway OR NGINX Ingress:
    • SSL/TLS termination
    • Routing rules
    • WAF rules (if using Application Gateway)

Deployment Stack

Technology:

  • Node.js 18+ / TypeScript
  • pnpm (package manager)
  • PostgreSQL (via Azure Database)
  • Docker containerization
  • Kubernetes orchestration
  • Terraform (infrastructure as code)

Application Components:

  • Identity Service
  • Intake Service
  • Finance Service
  • Dataroom Service
  • Portal Public (Next.js)
  • Portal Internal (Next.js)

Infrastructure Services:

  • External Secrets Operator
  • Prometheus & Grafana
  • OpenTelemetry
  • OpenSearch (optional)

Key Dependencies

External Services:

  • Microsoft Entra ID (Azure AD):

    • App registration
    • API permissions (VerifiedID)
    • Client secrets

  • Microsoft Entra VerifiedID:

    • Service enabled
    • Credential manifest created
    • Issuer DID verified

  • Azure Logic Apps (optional):

    • eIDAS verification workflow
    • VC issuance workflow
    • Document processing workflow

Prerequisites:

  • Azure subscription (Contributor role)
  • Azure CLI installed and authenticated
  • Terraform >= 1.5.0
  • kubectl configured
  • Docker (for building images)
  • Node.js >= 18.0.0
  • pnpm >= 8.0.0

Deployment Phases

  1. Prerequisites (1-2 days):

    • Development environment setup
    • Azure account setup
    • Tool installation

  2. Azure Infrastructure Setup (4-6 weeks):

    • Resource provider registration
    • Terraform state storage
    • AKS cluster deployment
    • PostgreSQL database deployment
    • Key Vault deployment
    • Container Registry deployment
    • Virtual Network setup
    • Application Gateway/Ingress setup

  3. Entra ID Configuration (1-2 days):

    • App registration creation
    • API permissions configuration
    • Client secret creation
    • VerifiedID service enablement
    • Credential manifest creation

  4. Database & Storage Setup (1-2 days):

    • Database creation (dev, stage, prod)
    • Storage containers creation
    • Firewall rules configuration

  5. Container Registry Setup (1 day):

    • ACR configuration
    • AKS integration

  6. Application Build & Package (2-4 hours):

    • Package building
    • Docker image creation
    • Image signing (Cosign)

  7. Database Migrations (1-2 hours):

    • Migration execution
    • Schema verification
    • Data seeding (if needed)

  8. Secrets Configuration (2-4 hours):

    • Key Vault secret storage
    • External Secrets Operator setup

  9. Infrastructure Services Deployment (1-2 days):

    • External Secrets Operator
    • Monitoring stack
    • Logging stack

  10. Backend Services Deployment (2-4 days):

    • Identity Service
    • Intake Service
    • Finance Service
    • Dataroom Service

  11. Frontend Applications Deployment (1-2 days):

    • Portal Public
    • Portal Internal

  12. Networking & Gateways (2-3 days):

    • Ingress configuration
    • DNS setup
    • SSL/TLS certificates
    • WAF rules

  13. Monitoring & Observability (2-3 days):

    • Application Insights
    • Log Analytics
    • Alerts configuration
    • Dashboards creation

  14. Testing & Validation (3-5 days):

    • Health checks
    • Integration testing
    • End-to-end testing
    • Performance testing
    • Security testing

  15. Production Hardening (2-3 days):

    • Resource limits configuration
    • Backup configuration
    • Disaster recovery setup
    • Documentation

Estimated Timeline

  • Infrastructure: 4-6 weeks (critical path)
  • Configuration: 1-2 weeks
  • Deployment: 2-3 weeks
  • Testing & Hardening: 2-3 weeks
  • Total: 8-12 weeks

Critical Path Items

  1. Azure infrastructure provisioning (AKS, PostgreSQL, Key Vault)
  2. Entra ID and VerifiedID configuration
  3. Database migrations and schema setup
  4. Container image building and registry push
  5. Service deployment and health verification
  6. Networking and ingress configuration
  7. SSL/TLS certificate provisioning
  8. Monitoring and alerting setup

Comparative Analysis

Complexity Ranking

Project Complexity Infrastructure Timeline Dependencies
the_order Very High Azure-native (AKS, PostgreSQL, Key Vault) 8-12 weeks Entra ID, VerifiedID
Sankofa Very High Hybrid (Proxmox + Kubernetes + Cloudflare) 7-10 weeks Keycloak, Crossplane, Blockchain
smom-dbis-138 High Azure Kubernetes Service 6-8 weeks CCIP, Chainlink, MetaMask
loc_az_hci High Hybrid (Proxmox + Azure Arc) 8-10 weeks Azure Arc, Cloudflare
dbis_core Medium-High Multi-region (K8s or VMs) 5-7 weeks HSM, ISO 20022, FX Engine

Infrastructure Overlap

Common Requirements:

  • Kubernetes (4/5 projects)
  • PostgreSQL database (4/5 projects)
  • Container registry (5/5 projects)
  • Monitoring & observability (5/5 projects)
  • Secrets management (5/5 projects)

Unique Requirements:

  • dbis_core: HSM, multi-region banking infrastructure
  • smom-dbis-138: DBIS tenant blockchain (deployed via Sankofa Phoenix on loc_az_hci)
  • loc_az_hci: Proxmox VE, Azure Arc, hybrid cloud, hosts smom-dbis-138 VMs
  • Sankofa Phoenix: White-label blockchain orchestration platform, Keycloak, Crossplane, multi-tenant SaaS
  • the_order: Entra ID, VerifiedID, Azure Logic Apps

Infrastructure Relationships:

  • loc_az_hci provides Proxmox infrastructure foundation
  • Sankofa Phoenix provides blockchain orchestration platform using loc_az_hci Proxmox
  • smom-dbis-138 is a DBIS tenant deployment using Phoenix platform on loc_az_hci infrastructure
  • 18 VMs (smom-dbis-138): Deployed via Phoenix Crossplane on loc_az_hci Proxmox hosts
  • Resources properly allocated: VMs counted under loc_az_hci, Phoenix platform K8s/DB counted under Sankofa

Resource Requirements Summary

Compute:

  • dbis_core: N+ application instances, database replicas
  • smom-dbis-138: 3+ validators, 2+ sentries, 2+ RPC nodes
  • loc_az_hci: 2+ Proxmox hosts, K3s cluster, multiple VMs
  • Sankofa: 18 VMs, Kubernetes cluster, database cluster
  • the_order: AKS cluster, multiple microservices

Storage:

  • dbis_core: Database replicas, Redis cache, blob storage
  • smom-dbis-138: Blockchain state (persistent volumes)
  • loc_az_hci: NFS shared storage, VM storage
  • Sankofa: 278 GiB disk, database storage, VM storage
  • the_order: Azure Storage, database storage

Network:

  • dbis_core: Load balancer, multi-region networking
  • smom-dbis-138: Application Gateway, private networking
  • loc_az_hci: Azure Arc connectivity, Cloudflare tunnels
  • Sankofa: Cloudflare tunnels, inter-datacenter links
  • the_order: Application Gateway/Ingress, DNS, SSL/TLS

Deployment Strategy Recommendations

Parallel Deployment Opportunities

  1. Infrastructure Setup (Weeks 1-2):

    • All projects can start infrastructure planning in parallel
    • Resource provisioning can be coordinated

  2. Database Setup (Weeks 3-4):

    • dbis_core, Sankofa, and the_order can set up databases in parallel
    • Different database instances/environments reduce conflicts

  3. Container Registry (Week 4):

    • All projects can set up and configure registries simultaneously

  4. Development/Testing (Weeks 8-12):

    • Parallel testing phases for projects that are ready

Sequential Dependencies

  1. loc_az_hci should be deployed first:

    • Provides infrastructure foundation for other projects
    • Can host VMs for Sankofa and other services

  2. Sankofa leverages loc_az_hci:

    • Uses loc_az_hci Proxmox infrastructure to deploy 18 VMs (SMOM-DBIS-138) via Crossplane
    • Deploys separate Kubernetes cluster and database for application infrastructure
    • Resources properly allocated: VMs counted under loc_az_hci, K8s/DB counted under Sankofa

  3. smom-dbis-138 (DBIS tenant) deploys third:

    • Uses Sankofa Phoenix blockchain orchestration platform
    • Deploys on loc_az_hci Proxmox infrastructure via Phoenix Crossplane
    • 18 VMs (72 cores, 140 GiB RAM, 278 GiB) counted under loc_az_hci
    • Dependencies: loc_az_hci + Sankofa Phoenix must be deployed first

  4. dbis_core and the_order are independent:

    • Can be deployed in parallel
    • Different infrastructure requirements

Risk Mitigation

High-Risk Items:

  1. Azure Quota Limits: Request quota increases early
  2. HSM Provisioning: Long lead time, order early
  3. Domain/DNS Setup: Coordinate DNS changes
  4. Security Audits: Schedule early and allow time for remediation
  5. Third-Party Integrations: Verify API access and rate limits

Contingency Planning:

  • Staged rollout approach for each project
  • Blue-Green deployments for zero-downtime
  • Rollback procedures documented
  • Backup and disaster recovery tested

Total Resource Requirements

Resource Summary: CPU Cores, RAM, and Storage

1. DBIS Core Banking System

Compute:

  • Application Instances: 3+ instances (N+ redundancy)
    • CPU: ~4 cores per instance = 12+ cores
    • RAM: ~8GB per instance = 24+ GB
  • Load Balancer: Included in infrastructure

Database:

  • Primary PostgreSQL:
    • CPU: 8-16 cores
    • RAM: 32-64 GB
    • Storage: 500 GB - 2 TB
  • Read Replicas (2+):
    • CPU: 8-16 cores each = 16-32 cores
    • RAM: 32-64 GB each = 64-128 GB
    • Storage: 500 GB - 2 TB each = 1-4 TB

Cache:

  • Redis (2+ instances):
    • CPU: 2-4 cores each = 4-8 cores
    • RAM: 8-16 GB each = 16-32 GB
    • Storage: 50-100 GB each = 100-200 GB

Total DBIS Core:

  • CPU: 32-68 cores
  • RAM: 104-224 GB
  • Storage: 1.6-6.2 TB

2. SMOM-DBIS-138 (DBIS Tenant on Sankofa Phoenix)

⚠️ Note: smom-dbis-138 is deployed as a DBIS tenant using Sankofa Phoenix blockchain orchestration on loc_az_hci Proxmox infrastructure. Resources are counted under loc_az_hci (18 VMs: 72 cores, 140 GiB RAM, 278 GiB storage).

Blockchain Deployment (via Phoenix on Proxmox):

  • 18 VMs deployed via Crossplane on loc_az_hci Proxmox hosts:
    • Validator Nodes: Multiple validator VMs
    • Sentry Nodes: DDoS protection nodes
    • RPC Nodes: Public API access nodes
    • Infrastructure VMs: Management and monitoring

Total SMOM-DBIS-138 (Counted under loc_az_hci):

  • CPU: 72 cores (included in loc_az_hci totals)
  • RAM: 140 GiB (included in loc_az_hci totals)
  • Storage: 278 GiB (included in loc_az_hci totals)

Platform Infrastructure (Sankofa Phoenix):

  • Kubernetes Cluster: For Phoenix orchestration (counted under Sankofa)
  • Crossplane: For VM provisioning (counted under Sankofa)

3. LOC_AZ_HCI (Proxmox VE → Azure Arc)

Proxmox Hosts:

  • Physical Hosts (2+):
    • CPU: 16-32 cores each = 32-64 cores
    • RAM: 64-128 GB each = 128-256 GB
    • Storage: 2-4 TB each (local storage) = 4-8 TB

Virtual Infrastructure:

  • K3s/Kubernetes Cluster:
    • Control Plane: 4-8 cores, 16-32 GB RAM
    • Worker Nodes (3+): 4-8 cores each = 12-24 cores, 16-32 GB each = 48-96 GB
  • Git Server VM (Gitea/GitLab):
    • CPU: 4-8 cores
    • RAM: 8-16 GB
    • Storage: 100-500 GB
  • Infrastructure VMs:
    • Nginx Proxy: 2-4 cores, 4-8 GB RAM, 50-100 GB storage
    • Cloudflare Tunnel: 2-4 cores, 4-8 GB RAM, 50-100 GB storage
    • Monitoring (Cacti): 2-4 cores, 4-8 GB RAM, 100-200 GB storage

Blockchain Services (on VMs):

  • Besu Nodes: 4-8 cores, 16-32 GB RAM, 200-500 GB storage
  • Firefly: 4-8 cores, 16-32 GB RAM, 100-200 GB storage
  • BlockScout: 4-8 cores, 16-32 GB RAM, 200-500 GB storage

Sankofa VMs (Deployed via Crossplane):

  • SMOM-DBIS-138 VMs (18 total: 16 application + 2 infrastructure):
    • CPU: 72 cores (documented)
    • RAM: 140 GiB (documented)
    • Storage: 278 GiB (documented)
    • Note: These VMs are deployed by Sankofa Phoenix using Crossplane onto loc_az_hci Proxmox infrastructure

Total LOC_AZ_HCI (Including Sankofa VMs):

  • CPU: 132-192 cores (hosts + loc_az_hci VMs + Sankofa VMs)
  • RAM: 360-500 GB
  • Storage: 5.3-10.3 TB

4. Sankofa (Sovereign AI Cloud Infrastructure)

Note: Sankofa leverages loc_az_hci Proxmox infrastructure to deploy VMs via Crossplane. The 18 SMOM-DBIS-138 VMs are counted under loc_az_hci above.

Platform Infrastructure (Separate from tenant VMs): Kubernetes Cluster (for Phoenix orchestration):

  • Control Plane (3 masters):
    • CPU: 4-8 cores each = 12-24 cores
    • RAM: 16-32 GB each = 48-96 GB
  • Worker Nodes (5+):
    • CPU: 8-16 cores each = 40-80 cores
    • RAM: 32-64 GB each = 160-320 GB

Database Infrastructure:

  • PostgreSQL Primary:
    • CPU: 16-32 cores
    • RAM: 64-128 GB
    • Storage: 2-4 TB
  • PostgreSQL Replicas (2+):
    • CPU: 16-32 cores each = 32-64 cores
    • RAM: 64-128 GB each = 128-256 GB
    • Storage: 2-4 TB each = 4-8 TB

Future Blockchain Infrastructure:

  • Besu Validators (3-5 nodes):
    • CPU: 64 cores (AMD EPYC) or 40 cores (Intel Xeon) each = 192-320 cores (AMD) or 120-200 cores (Intel)
    • RAM: 128 GB each = 384-640 GB
    • Storage: 2x 4TB NVMe SSD (RAID 1) each = 24-40 TB
  • Read Replica Nodes (2-3):
    • CPU: 32 cores each = 64-96 cores
    • RAM: 64 GB each = 128-192 GB
    • Storage: 2x 2TB NVMe SSD each = 8-12 TB

Total Sankofa Phoenix (Platform Infrastructure Only - Tenant VMs counted under loc_az_hci):

  • CPU: 84-496 cores (Platform K8s + Database) + 184-416 cores (future blockchain) = 268-912 cores
  • RAM: 216-396 GB (Platform K8s + Database) + 512-832 GB (future blockchain) = 728-1,228 GB
  • Storage: 6-12 TB (Platform K8s + Database) + 32-52 TB (future blockchain) = 38-64 TB

Note:

  • Tenant deployments (like smom-dbis-138's 18 VMs: 72 cores, 140 GiB RAM, 278 GiB storage) are deployed via Phoenix on loc_az_hci Proxmox infrastructure and counted under loc_az_hci, not here.
  • Sankofa Phoenix provides the orchestration platform, tenant blockchain VMs are deployed on loc_az_hci infrastructure.

5. The Order (Digital Identity Platform)

AKS Cluster:

  • Node Pool (Standard):
    • Nodes: 3-5 nodes
    • CPU: 8-16 cores per node = 24-80 cores
    • RAM: 32-64 GB per node = 96-320 GB
    • Storage: 100-200 GB per node (OS + system) = 300 GB - 1 TB

Application Pods:

  • Identity Service: 2-4 replicas, 2-4 cores each = 4-16 cores, 4-8 GB each = 8-32 GB
  • Intake Service: 2-4 replicas, 2-4 cores each = 4-16 cores, 4-8 GB each = 8-32 GB
  • Finance Service: 2-4 replicas, 2-4 cores each = 4-16 cores, 4-8 GB each = 8-32 GB
  • Dataroom Service: 2-4 replicas, 2-4 cores each = 4-16 cores, 4-8 GB each = 8-32 GB
  • Portal Public: 2-3 replicas, 2-4 cores each = 4-12 cores, 4-8 GB each = 8-24 GB
  • Portal Internal: 2-3 replicas, 2-4 cores each = 4-12 cores, 4-8 GB each = 8-24 GB

Database:

  • Azure PostgreSQL (dev, stage, prod):
    • CPU: 8-16 cores per instance = 24-48 cores
    • RAM: 32-64 GB per instance = 96-192 GB
    • Storage: 500 GB - 2 TB per instance = 1.5-6 TB

Storage:

  • Azure Storage Accounts:
    • Blob storage: 500 GB - 2 TB
    • Container images: 100-500 GB

Infrastructure Services:

  • Monitoring Stack: 4-8 cores, 16-32 GB RAM
  • External Secrets Operator: 1-2 cores, 2-4 GB RAM

Total The Order:

  • CPU: 60-156 cores
  • RAM: 240-480 GB
  • Storage: 2.1-8.5 TB

Grand Total Resource Requirements

Current Deployment (Production-Ready)

Resource Minimum Maximum Recommended
CPU Cores 354 1,004 600-750
RAM 1,104 GB 1,968 GB 1,400-1,700 GB
Storage 21.7 TB 49.0 TB 30-40 TB

With Future Blockchain Infrastructure (Sankofa)

Resource Minimum Maximum Recommended
CPU Cores 538 1,420 750-1,000
RAM 1,616 GB 2,800 GB 2,000-2,400 GB
Storage 53.7 TB 81.0 TB 60-75 TB

Note: Sankofa VMs (18 VMs, 72 cores, 140 GiB RAM, 278 GiB storage) are deployed on loc_az_hci Proxmox infrastructure and counted there to avoid double-counting.

Resource Breakdown by Project

Project CPU Cores RAM (GB) Storage (TB)
dbis_core 32-68 104-224 1.6-6.2
smom-dbis-138 Included in loc_az_hci (18 VMs: 72 cores, 140 GiB RAM, 278 GiB)
loc_az_hci (incl. smom-dbis-138 VMs) 132-192 360-500 5.3-10.3
Sankofa Phoenix (Platform infrastructure) 84-496 216-396 6-12
Sankofa (Future Blockchain) +184-416 +512-832 +32-52
the_order 60-156 240-480 2.1-8.5
TOTAL (Current) 308-912 1,104-1,968 21.7-49.0
TOTAL (With Future) 492-1,328 1,616-2,800 53.7-81.0

Notes:

  • smom-dbis-138 is a DBIS tenant deployment on Sankofa Phoenix platform
  • smom-dbis-138 VMs (18 VMs: 72 cores, 140 GiB RAM, 278 GiB) are deployed via Phoenix on loc_az_hci Proxmox infrastructure and counted there
  • Sankofa Phoenix provides the white-label blockchain orchestration platform that deploys tenant blockchains

Notes and Assumptions

CPU Cores:

  • Assumes modern multi-core processors (Intel Xeon, AMD EPYC)
  • Includes Kubernetes overhead and system resources
  • Accounts for redundancy and high availability
  • Future blockchain infrastructure uses high-end processors

RAM:

  • Includes application memory, database buffers, and system overhead
  • Accounts for caching layers (Redis)
  • Database RAM includes buffer pools and connection overhead
  • Kubernetes overhead included in node specifications

Storage:

  • Includes OS, application data, database storage, and blockchain state
  • Database storage includes data, logs, and backup space
  • Blockchain state storage can grow significantly over time
  • Storage redundancy (RAID, replication) not included in totals
  • Backup storage not included (estimate 2-3x primary storage)

Optimization Opportunities:

  • Shared infrastructure (loc_az_hci can host Sankofa VMs)
  • Database consolidation possible for dev/staging environments
  • Storage deduplication and compression
  • Right-sizing based on actual usage patterns

Risk Factors:

  • Blockchain state growth (can exceed estimates)
  • Database growth with transaction volume
  • Log retention and audit requirements
  • Backup and disaster recovery storage (2-3x primary)

Infrastructure Summary

Azure Resources:

  • 3 AKS clusters (smom-dbis-138, the_order, potentially others)
  • 3+ PostgreSQL instances (dbis_core, Sankofa, the_order)
  • 3+ Key Vault instances
  • 3+ Container Registries
  • Multiple Storage Accounts
  • Application Gateways/Load Balancers

On-Premises/Proxmox:

  • 4+ Proxmox hosts (loc_az_hci, Sankofa)
  • 20+ VMs (various projects)
  • Kubernetes clusters (K3s or full K8s)
  • NFS storage systems

Network:

  • Multiple virtual networks
  • DNS configurations
  • SSL/TLS certificates
  • Cloudflare tunnels

Timeline Summary

Conservative Estimate (Sequential):

  • Total: 35-47 weeks (8.5-11.5 months)

Optimistic Estimate (Parallel where possible):

  • Total: 12-16 weeks (3-4 months)

Recommended Approach:

  • Phase 1 (Weeks 1-6): Infrastructure foundation (loc_az_hci Proxmox infrastructure)
  • Phase 2 (Weeks 7-10): Sankofa Phoenix platform deployment (uses loc_az_hci)
  • Phase 3 (Weeks 11-12): smom-dbis-138 tenant deployment via Phoenix (uses loc_az_hci + Phoenix)
  • Phase 4 (Weeks 4-12): Parallel deployments (dbis_core, the_order - independent)
  • Phase 5 (Weeks 10-14): Integration, testing, hardening
  • Phase 6 (Weeks 12-16): Production readiness, monitoring, documentation

Cost Estimates

Infrastructure Costs (Monthly):

  • Azure resources: $5K-$15K/month
  • Proxmox hardware: One-time $20K-$100K
  • Network bandwidth: $500-$2K/month
  • Monitoring/observability: $500-$1K/month
  • Third-party services: $1K-$3K/month

Total First Year: $100K-$300K+ (including hardware)

Next Steps

Immediate Actions

  1. Resource Planning:

    • Review and approve infrastructure budgets
    • Request Azure quota increases
    • Order HSM hardware (if needed)
    • Procure Proxmox hardware (if needed)

  2. Team Preparation:

    • Assign deployment teams per project
    • Schedule kickoff meetings
    • Review deployment documentation
    • Set up development environments

  3. Infrastructure Preparation:

    • Create Azure subscriptions/resource groups
    • Set up Proxmox hosts (if applicable)
    • Configure DNS and domain names
    • Set up CI/CD pipelines

  4. Documentation Review:

    • Review each project's deployment guide
    • Identify gaps and dependencies
    • Create consolidated deployment checklist
    • Document risk mitigation strategies

Deployment Priority

Recommended Order:

  1. loc_az_hci (Foundation infrastructure - Proxmox hosts)
  2. Sankofa Phoenix (Blockchain orchestration platform - uses loc_az_hci)
  3. smom-dbis-138 (DBIS tenant deployment via Phoenix on loc_az_hci)
  4. dbis_core (Independent, can run in parallel)
  5. the_order (Independent, most complex, benefits from infrastructure maturity)

Document Status: Initial Scope Complete
Last Updated: 2025-01-27
Next Review: After project kickoff meetings

Reference in New Issue View Git Blame Copy Permalink