Technical Product Information - ADONIS 19
Overview
Starting with ADONIS 19, the product is delivered to on-premise customers in a fully containerised form. This marks an important step toward improved scalability, portability and operational flexibility. By adopting a modern container-based delivery model, ADONIS can be deployed more efficiently in current and future IT environments while preserving the familiar capabilities of earlier versions.
Architecture
With ADONIS 19, the application is distributed as a set of OCI-compliant container images. This approach maintains the functional architecture of previous ADONIS versions while enabling a flexible and modern deployment model.
The main application components are executed as two separate containers:
web server container
application server container
The corresponding images are made available through an OCI-compliant registry.
ADONIS supports two deployment variants:
Kubernetes deployment, using the supplied Helm chart
Docker Compose deployment, using the supplied Compose configuration
Both deployment options orchestrate the same two containerised application components. Kubernetes offers advanced orchestration capabilities with specialized resource types and integration features and in general enterprise-grade cluster architecture, while Docker Compose provides a simpler setup for environments that do not require full Kubernetes capabilities.
The ADONIS database is typically operated outside the Kubernetes cluster or Docker environment. Customers continue to manage their existing database server independently.
Kubernetes Deployment
The following diagram illustrates how ADONIS 19 is deployed in a Kubernetes environment. The application components run in a dedicated namespace, while supporting infrastructure components are typically provided in other namespaces.
Prerequisites on Kubernetes
The Kubernetes cluster in which ADONIS will run must provide:
An Ingress controller or Gateway API controller for routing end-user traffic
A StorageClass for provisioning persistent volumes
allowVolumeExpansion=trueis highly recommended
It is recommended that the cluster also provides:
cert-manager for automating TLS certificate handling for ingress or HTTPRoute
ClamAV, exposing a TCP endpoint for malware scanning during file upload/download
Architectural Details
ADONIS Namespace
The ADONIS application components run in their own namespace and consist of:
HttpRoute / Ingress, which acts as the entry point for external traffic into the ADONIS namespace.
web server tier, where the web server is exposed through a Kubernetes service and uses a persistent volume for storing local logs.
application server tier, where the application server runs as a separate deployment with its own service and persistent storage for the full-text search index and local logs.
Other Namespaces
Cluster-level components that support the ADONIS deployment:
Ingress controller / gateway API controller for routing external traffic
StorageClass used to provision persistent volumes
cert-manager (optional) for TLS certificate automation
ClamAV (optional) for malware scanning
Deployment Behaviour
Both the web server and application server deployments support vertical scaling through memory and CPU requests/limits.
From Kubernetes 1.35 onwards, requests and limits can be adjusted at pod level without recreating the Pod.
Each deployment uses a single replica; ADONIS 19 does not support horizontal scaling with multiple replicas.
Local logs are required to enable creation of a Support Information Package (SIP) within the application, which is necessary for technical support.
External Database
ADONIS uses an external PostgreSQL or Microsoft SQL Server database, which runs outside the Kubernetes cluster and is managed independently.
ADONIS 19 does not support Windows Authentication for Microsoft SQL Server databases. Use SQL Server Authentication instead.
Docker Compose Deployment
The following diagram illustrates how ADONIS 19 can be deployed on a single host using Docker Compose-compatible tooling such as Docker or Podman.
In this setup, the ADONIS web server and application server containers run on the same machine. Persistent data is stored using Docker volumes, and external access is typically provided through a reverse proxy.
Architectural Details
ADONIS Docker Compose Stack
The Compose stack consists of:
reverse proxy (e.g. nginx), which handles incoming HTTP(S) requests and forwards them to the ADONIS web server
web server container
application server container
volumes, used to store local logs and the full-text search index
Deployment Behaviour
Both the web server and application server run on a single host.
Container volumes ensure persistence for logs and search index data.
Scaling is limited to a single-node setup; multi-replica or distributed deployment is not supported.
Local logs stored in volumes enable the creation of a Support Information Package (SIP) for hotline support.
External Database
ADONIS uses an external PostgreSQL or Microsoft SQL Server database, which runs outside the Kubernetes cluster and is managed independently.
ADONIS 19 does not support Windows Authentication for Microsoft SQL Server databases. Use SQL Server Authentication instead.
Registry and Updates
ADONIS 19 is distributed in a container-based format. The following release artefacts are provided.
Container Images
The ADONIS application is distributed as a set of container images, including:
web server image – provides the web interface and handles HTTP(S) requests
application server image – executes the ADONIS application logic and backend operations.
Helm Charts
For Kubernetes-based deployments, ADONIS provides a Helm chart for each released ADONIS version. This chart defines the Kubernetes resources and configuration parameters required to run ADONIS components in a containerised environment.
The delivery includes an umbrella chart that defines the full ADONIS deployment.
The umbrella chart contains a central values.yaml file, which specifies:
container image references
resource settings
service configuration
environment-specific parameters
These values can be customised to suit the target environment.
The Helm chart contains only deployment configuration, such as:
container image definitions
Kubernetes resource specifications
configuration parameters
The Helm chart does not contain or preload application data.
Application data is stored persistently in the configured database and is therefore not affected by deploying, upgrading, or redeploying the Helm chart. This ensures that deployments remain stateless at the application layer, while persistent data is managed independently via the database and configured persistent storage.
Artifact Distribution
Container Registry
All container images and Helm charts are distributed through an official, BOC-managed OCI-compliant registry.
Customers receive an email invitation to onboard to the registry.
Registry access is secured using authenticated, role-based access control.
Once onboarded, customers can manage their own access credentials (e.g. access keys or tokens).
These credentials can be used to securely authenticate and pull the required ADONIS artifacts from the registry via:
container runtimes (e.g. Docker, containerd, Podman)
Kubernetes environments
CI/CD pipelines or deployment automation tools
Air-Gapped Environments
Container images may be mirrored into internal registries to support restricted or air-gapped environments.
Examples of internal registry solutions include:
JFrog Artifactory
Harbor
Nexus Repository
Updates
Updates for container images and Helm charts follow the standard ADONIS release and maintenance process. New versions of the images are published to the OCI container registry as part of official product releases, maintenance updates, or security fixes.
Customers are notified about new releases through the usual communication channels (such as release notes and customer information). Updated images can then be pulled from the registry and deployed according to the customer’s internal deployment and update procedures.
Customers retain full control over when updates are applied in their environments.
System Requirements
Client Requirements
The software requirements for the ADONIS web client remain unchanged compared to previous ADONIS versions.
Supported Browsers
| Browser Type | Supported Browser |
|---|---|
| Desktop Browser (64-bit) | Microsoft Edge (latest) on Windows |
| Mozilla Firefox (latest) on Windows | |
| Google Chrome (latest) on Windows | |
| Safari (latest) on macOS | |
| Mobile Browser | Safari (latest) on iPad (graphical modelling is not supported on the iPad) |
Using the latest browser versions is recommended to ensure full functionality and security.
Server Requirements
Container Runtime
ADONIS 19 supports OCI-compliant container runtimes on AMD64 (x86_64) architecture. The following platforms are supported or expected to work:
| Platform | Status |
|---|---|
| Kubernetes (x86_64) | Supported |
| Docker and Docker Compose (x86_64) | Supported |
| Other Kubernetes-conformant platforms (x86_64) | Expected to be compatible |
| Other OCI-compliant container runtimes (x86_64) | Expected to be compatible |
The BOC Group operates ADONIS in its own SaaS environment using Kubernetes, and uses Docker and Docker Compose for internal development, testing, and validation. These environments are therefore fully validated.
Platforms classified as "expected to be compatible" are not individually tested or validated but are expected to function correctly if they conform to the respective Kubernetes and OCI standards.
Operating System
ADONIS 19 can run on modern Linux distributions that support Kubernetes or Docker/containerd, such as:
Ubuntu
Debian
Red Hat Enterprise Linux (RHEL)
SUSE Linux Enterprise Server (SLES)
Any modern Linux distribution capable of running the chosen container runtime is expected to be compatible.
Kubernetes and Deployment Tooling
ADONIS 19 deployments are typically performed using Kubernetes and Helm.
| Component | Requirement |
|---|---|
| Kubernetes | Kubernetes version 1.32 and higher |
| Helm | Helm 3.x for deployment |
| Container Registry Access | HTTPS access to OCI registry (port 443) |
Database
ADONIS requires an external database to store all persistent repository data. Database requirements remain unchanged compared to the previous ADONIS version. Database requirements are documented in the ADONIS 19 Hardware/Software Requirements.
Persistent Storage
Persistent storage is required for the full-text search index and for application log files. Storage is typically provided using Kubernetes Persistent Volumes (PV) and Persistent Volume Claims (PVC), configured via the delivered Helm chart.
| Storage Component | PVC Required | Backup Required | Purpose | Notes |
|---|---|---|---|---|
| Full-text search index | Yes | No | Storage of the full-text search index used by the application server pod | Requires a dedicated PVC mounted to the application server pod. Storage may be backed by block storage such as Ceph RBD. The index can be recreated at any time. |
| Application logs | Yes | Optional | Storage of application log files and generation of the ADONIS Support Information Package (SIP) | Logs may be written to this persistent volume in addition to, or instead of, the standard container log stream via stdout/stderr. |
Networking
Container images are distributed via an OCI-compliant registry and accessed over HTTPS.
Typical networking requirements include:
| Port | Purpose |
|---|---|
| 443 | Access to container registry |
| 80 / 443 | Web access to ADONIS |
| Database port | Connection to external database |
ADONIS is typically exposed via a Kubernetes Ingress controller, Gateway API controller or an external reverse proxy.
The ADONIS web server container exposes port 8080 and does not terminate HTTPS connections itself.
For encrypted access (HTTPS), TLS termination must therefore be performed by the Ingress/gateway component in Kubernetes or by a reverse proxy in Docker Compose deployments.
Hardware Requirements
General Principles
Hardware requirements for ADONIS 19 running in containers are broadly comparable to previous Windows-based deployments. The ADONIS 19 Hardware/Software Requirements provide general hardware sizing recommendations.
Containerisation does not reduce the required compute resources; the underlying hosts or virtual machines must provide sufficient CPU and memory capacity.
Typical Component Resources
The following values provide typical CPU and memory requirements for each ADONIS container.
| Component | CPU | Memory |
|---|---|---|
| Web server container | 2 CPUs or more |
|
| Application server container | 3 CPUs or more |
|
| Database server | Unchanged to previous versions | Unchanged to previous versions. |
Actual resource usage depends on factors such as:
number of concurrent users
size and complexity of the repository
modelling and reporting activity
application workload patterns
Example Resource Configuration
The values below show how typical ADONIS sizing can be mapped to Kubernetes resource settings. They are based on the recommended values above and should be adjusted according to real workload.
Web Server Container
| Parameter | Example Value |
|---|---|
| CPU request | 2 CPUs |
| CPU limit | 4 CPUs |
| Memory request | 4 GB |
| Memory limit | 8 GB |
Application Server Container
| Parameter | Example Value |
|---|---|
| CPU request | 3 CPUs |
| CPU limit | 6 CPUs |
| Memory request | 8 GB |
| Memory limit | 16 GB |
Deployment Configuration and Setup
Configuration Approach
Configuration of ADONIS 19 follows two complementary mechanisms:
Settings and Configuration Stored Within the Application
These settings are managed either individually by users or centrally through the ADONIS Administration. They are stored in the ADONIS database.
Examples include:
authentication configuration
rights administration
REST API settings
application-level preferences
Settings and Configuration Read From the Environment
These settings are read by the application from the runtime environment.
In earlier ADONIS versions, such settings were stored in .properties or .conf files inside the application server (e.g. server.conf) or web application (e.g. adoxx_web.properties) directories.
With ADONIS 19, the application is distributed as container images for the application server and the web server. Because containers are ephemeral, file-based configuration is no longer supported.
Instead, all deployment-specific configuration is now injected via environment variables:
Kubernetes: variables are defined in the
values.yamlfile and passed to containers when the Helm chart is deployed.Docker: variables are defined in
docker-compose.ymland applied when the containers start.
Configuration of the Application Server
Configuration properties for the application server are provided as environment variables via either:
the Helm values.yaml file (Kubernetes deployments), or
the docker-compose.yml file (Docker deployments)
All application server variables are prefixed with ADOXX_.
The following examples show how to configure the database name and the application worker (aworker) ports.
Kubernetes:
aserver:
env:
- name: ADOXX_SERVER_DBNAME
value: adodb
- name: ADOXX_SERVER_PORTS
value: 5432,5432
Docker:
aserver:
image: adonis.image/aserver
container_name: aserver
...
environment:
- ADOXX_SERVER_DBNAME=adodb
- ADOXX_SERVER_PORTS=54321,54322
Configuration of the Web Server
Configuration properties for the web server are also provided as environment variables via the values.yaml (Kubernetes) or docker-compose.yml (Docker) files.
Web server variables are prefixed with AXW_PROPERTIES_.
The following examples show how the used application server and aworker processes are configured and how the maximum size for REST log files is increased to 300MB.
Kubernetes:
webserver:
env:
- name: AXW_PROPERTIES_aservers
value: AS1:adonis.host
- name: AXW_PROPERTIES_aworkers
value: AS1:54321,AS1:54322
- name: AXW_PROPERTIES_axw_logger_appender_rest_maxfilesize
value: 300MB
Docker:
webserver:
image: adonis.image/webserver
container_name: webserver
...
environment:
- AXW_PROPERTIES_aservers=AS1:adonis.host
- AXW_PROPERTIES_aworkers=AS1:54321,AS1:54322
- AXW_PROPERTIES_axw_logger_appender_rest_maxfilesize=300MB
For a list of commonly used environment variables, refer to the Commonly Used Environment Variables section in the ADONIS 19 Installation Manual.
Kubernetes Configuration Example
The following values.yaml example shows a minimal configuration for deploying ADONIS with:
one application server instance
multiple aworkers
database connection settings
logging configuration
runtime parameters
It defines the environment variables for both the application server (aserver) and web server (webserver) components, along with resource settings and optional features such as mail and lifecycle endpoints, serving as the input for Kubernetes-based deployment via Helm.
aserver:
env:
- name: ADOXX_SERVER_DBNAME
value: adodb
- name: ADOXX_SERVER_DBTYPE
value: PostgreSQL
- name: ADOXX_SERVER_DBPORT
value: 5432
- name: ADOXX_SERVER_DBHOST
value: postgres.company.com
- name: ADOXX_SERVER_WEBTIERAUTH_TRUSTED_HOSTS
value: 127.0.0.*
- name: ADOXX_LOG_MODE
value: MIXED
resources:
limits:
memory: 4096Mi
requests:
cpu: 500m
memory: 2048Mi
workerConf:
count: 2
instance:
name: adonis19
webserver:
env:
- name: AXW_PROPERTIES_mail_enabled
value: 'true'
- name: AXW_PROPERTIES_mail_server
value: smtp.company.com
- name: AXW_PROPERTIES_mail_server_port
value: '25'
- name: AXW_PROPERTIES_mail_sender
value: ADONIS <no-reply@company.com>
- name: AXW_PROPERTIES_mail_reply_to
value: no-reply@company.com
- name: JAVA_OPTS
value: -Xms512m -Xmx2048m
- name: AXW_PROPERTIES_base_url
value: https://adonis19.company.com
- name: AXW_PROPERTIES_lifecycleops_endpoint_enable
value: 'true'
- name: AXW_PROPERTIES_axw_logger_console_enabled
value: 'true'
- name: AXW_PROPERTIES_axw_logger_root_level
value: INFO
httpRoute:
hostnames:
- adonis19.company.com
resources:
limits:
memory: 4096Mi
requests:
cpu: 100m
memory: 2048Mi
Docker Compose Configuration Example
This Docker Compose setup deploys ADONIS with:
one application server instance
two aworker ports
external database connection
local volume-based logging
a shared bridge network
services:
aserver:
image: <boc-registry>/adonis/aserver:19.0.0
container_name: aserver
user: ado
ports:
- 54321:54321
- 54322:54322
environment:
- ADOXX_SERVER_PORTS=54321,54322
- ADOXX_SERVER_DBNAME=adodb
- ADOXX_SERVER_DBTYPE=PostgreSQL
- ADOXX_SERVER_DBHOST=postgres.company.com
# - ADOXX_SERVER_DBPORT=5432
- ADOXX_SERVER_WEBTIERAUTH_TRUSTED_HOSTS=*.*.*.*
- ADOXX_LOG_MODE=MIXED
- TZ=Europe/Vienna
volumes:
- ./logs/aserver:/aserver/logs
shm_size: "300mb"
networks:
aserver_webserver:
webserver:
image: <boc-registry>/adonis/webserver:19.0.0
container_name: webserver
user: ado
ports:
- 8888:8080
environment:
- JAVA_OPTS=-Xms512m -Xmx2048m -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:8000
- AXW_PROPERTIES_aworkers=AS1:54321,AS1:54322
- AXW_PROPERTIES_aservers=AS1:aserver
- AXW_PROPERTIES_axw_logger_console_enabled=true
- AXW_PROPERTIES_axw_webserver_debug_enabled=false
- AXW_PROPERTIES_axw_logger_root_level=INFO
- AXW_PROPERTIES_base_url=https://adonis19.company.com
- AXW_PROPERTIES_lifecycleops_endpoint_enable=true
- AXW_PROPERTIES_mail_enabled=true
- AXW_PROPERTIES_mail_server=smtp.company.com
- AXW_PROPERTIES_mail_server_port=25
- AXW_PROPERTIES_mail_sender=ADONIS <no-reply@company.com>
- AXW_PROPERTIES_mail_reply_to=no-reply@company.com
- TZ=Europe/Vienna
volumes:
- ./logs/webserver:/tomcat/logs
networks:
aserver_webserver
networks:
aserver_webserver:
driver: bridge
enable_ipv6: true
Authentication and Identity Integration
Authentication in ADONIS is handled at the web application layer and is independent of the underlying operating system. The web application has historically supported operation on multiple platforms, including Linux, Solaris, and Windows.
LDAP and SAML Authentication
LDAP and SAML authentication are unaffected by the migration to a Linux-based, containerised deployment.
Communication with identity systems uses standard network protocols (LDAP, HTTP, HTTPS), which are operating system-agnostic.
Existing LDAP or SAML configurations can be reused without OS-specific changes.
Configuration Impact
Because authentication is handled in the web application and relies on OS-independent communication, the move to containerised deployment introduces no functional changes for supported authentication mechanisms.
Only environment-specific adjustments (e.g. hostnames or network settings) may be required.
Upgrade from ADONIS 16.x/17.x to ADONIS 19
The Installation Manual contains a migration guide that will help you upgrade ADONIS from an older version to version 19.0. The guide contains all the steps that need to be taken, with everything explained in detail:
Migration from All Other Versions to ADONIS 19.0
ADONIS 18.0 is available only for SaaS customers hosted on AWS. As all upgrades from 18.0 to 19.0 are performed by the BOC Cloud Operations team, no migration guide is provided for this version. If you are using ADONIS 15.0 or an earlier version, please contact your ADONIS consultant for assistance with the required upgrade steps.
Security
Rights and Permissions
ADONIS container images do not require root privileges.
All processes inside the containers run under a predefined non-root user (ADO).
No additional host-level permissions or elevated Kubernetes privileges are required.
Minimal Image Principle
ADONIS container images follow a distroless approach.
Unnecessary operating system components and utilities are removed, reducing the attack surface and enforcing the principle of minimalism.
Cluster Resources
The ADONIS deployment does not require privileged containers or global Kubernetes resources. In particular:
no privileged mode
no NodePorts
no Kubernetes Operators
no cluster-wide access rights
This allows deployment in restrictive enterprise clusters with strict security policies.
Namespaces and Resource Isolation
All required Kubernetes resources can be deployed and operated entirely within a single namespace.
This supports namespace-level isolation, role-based access control (RBAC), and organisation-specific security frameworks.
Storage Permissions
Persistent storage is required only for specific components, such as the full-text search index and application logs.
The required Persistent Volumes and Persistent Volume Claims are defined through the Helm chart and do not require elevated cluster permissions.
Access is limited to the ADONIS application server and web server containers.
Operations
Scaling
Horizontal Pod Autoscaling (HPA) is not supported in ADONIS 19.
Scaling is therefore performed primarily through vertical scaling, by adjusting the CPU and memory resources assigned to the application containers.
The delivered Helm charts support deploying multiple application server instances. As with previous ADONIS releases, running two or more application servers is supported and recommended to distribute the workload across multiple servers.
Resource allocation should be sized according to:
expected workload
number of concurrent users
overall system usage
Logging and Monitoring
Logging
Both the web server and application server containers generate log information for system events and errors.
To enable creation of the Support Information Package (SIP) within ADONIS, log files are written to persistent storage. A dedicated persistent volume is required for these logs.
The SIP is required for support and troubleshooting.
In addition to file-based logging, ADONIS also outputs logs via standard container logging streams (stdout/stderr).
This enables integration with external logging solutions such as central log collectors, SIEM platforms, or data lakes.
Log Storage and Retention
Log files are stored on the configured persistent volume.
Retention, rotation, and rollover behaviour can be configured through the logging setup.
The effective retention period depends on:
logging configuration
customer infrastructure
organisational operational policies
Log Levels
ADONIS uses the following log levels:
| Log Level | Description |
|---|---|
| INFO | General operational information |
| WARN | Warnings indicating potential issues |
| ERROR | Errors that affect functionality |
| SEVERE | Errors that severely affect functionality |
| DEBUG | Detailed diagnostic information (only enabled in debug mode) |
Log levels behave the same way as in previous Windows-based versions of ADONIS (ADONIS 17 and earlier).
Log Configuration
Logging behaviour can be configured using environment variables provided through:
values.yaml(Kubernetes)docker-compose.yml(Docker)
Configurable parameters include:
log level
maximum file size
maximum history
total log size limits
Details on available parameters are described in the configuration section.
Data Protection in Logs
Sensitive values and personal data written to logs are pseudonymised wherever applicable.
This behaviour is consistent with earlier ADONIS versions.
Log Output Format
The general structure of log output remains largely consistent with previous releases.
Some adjustments have been made to improve consistency across different log types.
For information about the log output format, refer to the Log Output Format section in the ADONIS 19 Installation Manual.
Monitoring
Logs Monitoring
ADONIS does not provide a built-in logging stack.
Customers are expected to integrate ADONIS logs into their existing observability or monitoring infrastructure.
ADONIS supports this through:
log output via standard container logging mechanisms (stdout/stderr)
compatibility with common log collection agents (e.g. Fluent Bit)
forwarding logs to systems such as OpenSearch, Elasticsearch, or similar platforms
In Kubernetes environments, container logs are typically stored temporarily on the node and collected by a log processor before being forwarded to the organisation’s central log system.
Metrics and operational monitoring can be integrated into existing tools such as Prometheus, Grafana, or other enterprise monitoring platforms.
Monitoring Mechanisms
ADONIS provides built-in monitoring mechanisms for platform-level health checks.
The delivered container images include functionality used for Kubernetes liveness and readiness probes.
For more information about logging and monitoring, refer to the Logging and Monitoring section in the ADONIS 19 Installation Manual.
Licensing
Existing ADONIS licensing remains valid for all current usage scenarios.
The deployment model, whether Windows-based or containerised, does not affect the applicable licensing terms.
Support & lifecycle
The introduction of the containerised deployment model does not change the existing ADONIS support or product lifecycle policies.
All support terms, maintenance services, and lifecycle rules continue to apply as they did for previous ADONIS versions.