Files
Sankofa/docs/phoenix/FAQ.md
defiQUG 33d50fb91e
Some checks failed
API CI / API Lint (push) Successful in 47s
API CI / API Type Check (push) Failing after 47s
API CI / API Test (push) Successful in 1m0s
API CI / API Build (push) Failing after 50s
API CI / Build Docker Image (push) Has been skipped
Build Crossplane Provider / build (push) Failing after 5m51s
CD Pipeline / Deploy to Staging (push) Failing after 29s
CI Pipeline / Lint and Type Check (push) Failing after 36s
CI Pipeline / Build (push) Has been skipped
CI Pipeline / Test Backend (push) Failing after 1m33s
CI Pipeline / Test Frontend (push) Failing after 30s
CI Pipeline / Security Scan (push) Failing after 1m16s
Crossplane Provider CI / Go Test (push) Failing after 3m23s
Crossplane Provider CI / Go Lint (push) Failing after 7m27s
Crossplane Provider CI / Go Build (push) Failing after 3m27s
Deploy to Staging / Deploy to Staging (push) Failing after 30s
Portal CI / Portal Lint (push) Failing after 21s
Portal CI / Portal Type Check (push) Failing after 21s
Portal CI / Portal Test (push) Failing after 21s
Portal CI / Portal Build (push) Failing after 22s
Test Suite / frontend-tests (push) Failing after 30s
Test Suite / api-tests (push) Failing after 49s
Test Suite / blockchain-tests (push) Failing after 30s
Type Check / type-check (map[directory:. name:root]) (push) Failing after 23s
Type Check / type-check (map[directory:api name:api]) (push) Failing after 21s
Type Check / type-check (map[directory:portal name:portal]) (push) Failing after 19s
Validate Configuration Files / validate (push) Failing after 1m52s
CD Pipeline / Deploy to Production (push) Has been skipped
chore: consolidate local WIP (repo cleanup 20260707)
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-07-07 09:41:34 -07:00

473 lines
16 KiB
Markdown

# Phoenix Operating Model - Frequently Asked Questions
**Common questions and answers about Phoenix operating model**
This document provides answers to frequently asked questions about the Phoenix operating model, helping users understand concepts, resolve common issues, and implement best practices.
---
## General Questions
### Q1: What is the Phoenix Operating Model?
**A:** The Phoenix Operating Model is an enterprise-grade operating model for cloud services that separates commercial governance, technical tenancy, and content/devops control into **five orthogonal control planes**:
1. **Commercial Plane** - Who pays (Client/Billing Profile)
2. **Tenancy Plane** - Who owns domains & identity (Tenant)
3. **Subscription Plane** - What is provisioned (Subscription)
4. **Environment Plane** - Where workloads run (Environment)
5. **Content & DevOps Plane** - What is built, governed, and deployed (Enterprise → Portfolio → Product → Application → Component)
Each plane operates independently but references each other through IDs, enabling clean separation of concerns while maintaining interoperability.
**See:** [Operating Model](./OPERATING_MODEL.md)
---
### Q2: How is Phoenix different from Azure or AWS?
**A:** Phoenix offers several key advantages:
1. **Superior Multi-Tenancy**: Finer-grained control than Azure/AWS
2. **Superior Billing**: Per-second granularity vs Azure's hourly
3. **Sovereign Identity**: Keycloak-based, no Azure/AWS dependencies
4. **Multi-Region Native**: Built for international/multi-national deployments
5. **Decentralized Architecture**: Supports distributed sovereignty
6. **Landing Zone Patterns**: Sovereign cloud deployments per region
7. **Hard Data Residency**: Enforced data residency per region
8. **Air-Gapped Support**: Native support for classified workloads
**See:** [Cloud Provider Mapping](./CLOUD_PROVIDER_MAPPING.md)
---
### Q3: What is a Landing Zone?
**A:** A Landing Zone is a **sovereign cloud deployment per region/nation** that provides:
- Complete regional control over infrastructure and data
- Regional data residency enforcement
- Regional compliance and audit capabilities
- Network isolation with controlled cross-region connectivity
- Identity federation with regional control
Landing zones enable sovereign governments to maintain complete regional autonomy while enabling coordination across regions.
**See:** [Multi-Region Landing Zones](./MULTI_REGION_LANDING_ZONES.md)
---
## Entity Model Questions
### Q4: What is the difference between Client and Tenant?
**A:**
- **Client (Billing Profile)**: Represents the legal entity that contracts with Phoenix for cloud services. It is the **financial and contractual boundary** for billing and invoicing. A Client can own multiple Tenants.
- **Tenant**: Represents the **identity and domain boundary**. It is the **security blast-radius boundary** and owns all identity, domain, and security configuration. A Tenant cannot span multiple Clients.
**Key Rule:** A Client can own multiple Tenants, but a Tenant cannot span multiple Clients.
**See:** [Operating Model - Commercial Plane](./OPERATING_MODEL.md#i-commercial-plane--clients-billing-profiles) and [Tenancy Plane](./OPERATING_MODEL.md#ii-tenancy-plane--tenants-domains)
---
### Q5: How do Subscriptions relate to Tenants and Clients?
**A:**
- **Subscriptions** live inside a **Tenant** (one Tenant → many Subscriptions)
- **Subscriptions** are mapped to one **Client** billing profile (via the Tenant's Client)
- **Subscriptions** define what services are available, quotas, limits, and policy packs
**Key Rules:**
- Subscriptions live inside a Tenant
- Subscriptions are mapped to one Client billing profile
- Billing aggregates at Client level, not directly tied to Subscriptions
**See:** [Operating Model - Subscription Plane](./OPERATING_MODEL.md#iii-subscription-plane--subscriptions)
---
### Q6: What are the different Environment Types?
**A:** Phoenix supports 8 environment types:
**Standard Environments:**
- **DEV** - Development
- **INT** - Integration testing
- **UAT** - User acceptance testing
- **STAGING** - Pre-production validation
- **PROD** - Production
**Specialized Environments:**
- **REGULATED** - Regulated workloads (HIPAA, PCI-DSS, etc.)
- **SOVEREIGN** - Sovereign workloads with data residency
- **AIR-GAPPED** - Classified workloads with no external connectivity
**See:** [Operating Model - Environment Plane](./OPERATING_MODEL.md#iv-environment-plane--environments)
---
## Multi-Region Questions
### Q7: How does multi-region deployment work?
**A:** Phoenix supports multi-region deployments through:
1. **Landing Zones**: Sovereign cloud deployment per region/nation
2. **Multi-Region Tenants**: Tenants that span multiple regions with regional data residency
3. **Cross-Region Connectivity**: Controlled connectivity between regions
4. **Federated Identity**: Identity federation across regions
5. **Coordinated Governance**: Governance policies that span regions
**See:** [Multi-Region Landing Zones](./MULTI_REGION_LANDING_ZONES.md)
---
### Q8: How is data residency enforced?
**A:** Phoenix enforces data residency at multiple levels:
1. **Hard Enforcement**: Data cannot leave region (enforced at storage, network, and application layers)
2. **Soft Enforcement**: Data preferred in region, warnings if outside
3. **Advisory**: Recommendations for data placement
Data residency is configured per Tenant and enforced per Landing Zone.
**See:** [Multi-Region Landing Zones - Regional Data Residency](./MULTI_REGION_LANDING_ZONES.md#v-regional-data-residency)
---
### Q9: What is decentralized architecture?
**A:** Decentralized architecture means:
- **Distributed Control Planes**: Control planes deployed per region
- **Federated Governance**: Governance policies federated across regions
- **Regional Autonomy**: Regional control with coordination
- **No Single Point of Control**: No centralized control plane
This enables sovereign governments to maintain complete regional control while enabling coordination.
**See:** [Operating Model - Decentralized Architecture](./OPERATING_MODEL.md#ix-decentralized-architecture)
---
## Identity and Access Questions
### Q10: How does identity management work?
**A:** Phoenix uses Keycloak for identity management:
- **One Tenant = One Keycloak Realm**: Each tenant gets its own Keycloak realm
- **Sovereign Identity**: No Azure/AWS dependencies
- **Federated Identity**: Can federate with Azure AD, Okta, etc.
- **Multi-Region Identity**: Federated identity across regions
**See:** [Operating Model - Tenancy Plane](./OPERATING_MODEL.md#ii-tenancy-plane--tenants-domains) and [Identity Setup](../tenants/IDENTITY_SETUP.md)
---
### Q11: How does RBAC work across planes?
**A:** RBAC is scoped per plane:
- **Commercial Plane**: Finance Admin, Billing Viewer, Cost Center Owner
- **Tenancy Plane**: Tenant Owner, Security Admin, Identity Admin, Compliance Officer
- **Subscription Plane**: Subscription Owner, Platform Admin, Service Operator, Auditor
- **Environment Plane**: Environment Owner, Release Manager, Operator, Observer
- **Content & DevOps Plane**: Enterprise Architect, Portfolio Lead, Product Owner, Dev Lead, Contributor, Reviewer, Release Approver
**Key Rule:** No role crosses planes by default. Cross-plane access requires explicit delegation.
**See:** [Operating Model - Hierarchical Access Model](./OPERATING_MODEL.md#vi-hierarchical-access-model-rbac)
---
## Billing Questions
### Q12: How does billing work in the new model?
**A:** Billing operates at the **Client (Billing Profile)** level:
- **Client** aggregates billing from all associated Tenants and Subscriptions
- **Subscriptions** track costs per subscription
- **Billing** is never tied directly to environments or repos
- **Cost Centers** enable chargeback to internal departments
**Key Rule:** Billing is never tied directly to environments or repos.
**See:** [Operating Model - Commercial Plane](./OPERATING_MODEL.md#i-commercial-plane--clients-billing-profiles) and [Billing Guide](../tenants/BILLING_GUIDE.md)
---
### Q13: How does billing compare to Azure?
**A:** Phoenix billing is superior to Azure:
- **Granularity**: Per-second vs Azure's hourly
- **Real-Time Tracking**: Full real-time vs Azure's limited
- **Cost Forecasting**: ML-based vs Azure's basic
- **Optimization**: Automated recommendations vs Azure's manual
- **Blockchain**: Optional blockchain billing vs Azure's none
- **Multi-Currency**: Full support vs Azure's limited
**See:** [Cloud Provider Mapping - Feature Comparison](./CLOUD_PROVIDER_MAPPING.md#vi-feature-comparison-matrix)
---
## Content & DevOps Questions
### Q14: How does the Content & DevOps plane work?
**A:** The Content & DevOps plane is **separate from billing and tenancy**:
- **Enterprise Content Hierarchy**: Enterprise → Portfolio → Product → Application → Component
- **Git Integration**: Repositories mapped to Applications
- **CI/CD Integration**: Pipelines with policy gates
- **Policy-Driven Promotion**: Automated promotion with approval workflows
**Critical Principle:** Git never directly deploys to PROD without environment + subscription authorization.
**See:** [Operating Model - Content & DevOps Plane](./OPERATING_MODEL.md#v-content--devops-plane-separate-but-integrated)
---
### Q15: How does promotion flow work?
**A:** Promotion flow is **policy-driven**:
1. **Code Commit** → CI (Test, Scan) → Artifact Registry
2. **Environment Promotion** (Policy-Driven)
3. **Subscription Deployment**
**Policy Rules:**
- DEV → INT → UAT: Automated if tests pass
- UAT → STAGING: Requires approval
- STAGING → PROD: Requires multiple approvals and compliance checks
**See:** [Operating Model - Promotion Flow](./OPERATING_MODEL.md#b-git--devops-integration-model)
---
## Migration Questions
### Q16: How do I migrate from the current tenant-based model?
**A:** Migration involves:
1. **Create Client Structure**: Group existing tenants by billing entity
2. **Restructure Tenants**: Update tenants with new attributes
3. **Create Subscriptions**: Map tenant resources to subscriptions
4. **Create Environments**: Map resources to environments
5. **Content & DevOps Migration**: Create content hierarchy and update CI/CD
**See:** [Migration Guide - From Existing Model](./MIGRATION_GUIDE.md#i-migration-from-existing-phoenix-model)
---
### Q17: How do I migrate from Azure to Phoenix?
**A:** Migration from Azure involves:
1. **Assessment**: Inventory Azure resources and map to Phoenix model
2. **Setup**: Create Phoenix Client, Tenants, Subscriptions
3. **Identity Migration**: Export Azure AD users, import to Keycloak
4. **Resource Migration**: Export Azure resources, convert and import to Phoenix
5. **Application Migration**: Migrate applications to Phoenix
6. **Cutover**: Final validation, cutover, decommission Azure
**See:** [Migration Guide - From Azure](./MIGRATION_GUIDE.md#ii-migration-from-azure)
---
### Q18: How long does migration take?
**A:** Migration timeline depends on scale:
- **Small-Scale** (< 100 resources): 1-3 months
- **Medium-Scale** (100-1000 resources): 3-6 months
- **Large-Scale** (> 1000 resources): 6-12 months
- **Sovereign/Air-Gapped**: 6-18 months (additional complexity)
**See:** [Migration Guide - Timeline Estimates](./MIGRATION_GUIDE.md#vii-timeline-estimates)
---
## Compliance Questions
### Q19: What compliance standards are supported?
**A:** Phoenix supports:
- **ISO**: ISO 27001, ISO 27017, ISO 27018
- **SOC**: SOC 2, SOC 3
- **Healthcare**: HIPAA
- **Financial**: PCI-DSS
- **Privacy**: GDPR, CCPA
- **Government**: FedRAMP, ITAR
- **Custom**: Government-specific standards
Compliance profiles are configured per Tenant and enforced per Landing Zone.
**See:** [Operating Model - Compliance](./OPERATING_MODEL.md#ii-tenancy-plane--tenants-domains)
---
### Q20: How does air-gapped deployment work?
**A:** Air-gapped deployment provides:
- **Complete Network Isolation**: No external connectivity
- **No Cross-Region Connectivity**: Complete isolation per region
- **Local Identity Only**: Independent Keycloak realm
- **Local Governance Only**: Independent governance
- **AIR-GAPPED Environment Type**: Specialized environment type
**See:** [Multi-Region Landing Zones - Air-Gapped](./MULTI_REGION_LANDING_ZONES.md#pattern-2-air-gapped-landing-zone)
---
## Technical Questions
### Q21: What APIs are available?
**A:** Phoenix provides APIs for all five control planes:
- **Commercial Plane API**: Client and billing operations
- **Tenancy Plane API**: Tenant and identity operations
- **Subscription Plane API**: Subscription and quota operations
- **Environment Plane API**: Environment and deployment operations
- **Content & DevOps Plane API**: Content and Git operations
APIs support both GraphQL (primary) and REST (alternative) interfaces.
**See:** [API Specification](./API_SPECIFICATION.md)
---
### Q22: How do I integrate with existing infrastructure?
**A:** Phoenix integrates with:
- **Proxmox**: Environment → Proxmox resource pool mapping
- **Kubernetes**: Environment → Kubernetes namespace mapping
- **Cloudflare**: Tenant → Cloudflare Access Policy mapping
- **Keycloak**: Tenant → Keycloak realm (1:1)
- **ArgoCD**: Application → ArgoCD Application mapping
- **Crossplane**: Subscription → Crossplane Composite Resource mapping
**See:** [Operating Model - Integration](./OPERATING_MODEL.md#x-integration-with-existing-infrastructure)
---
### Q23: What is the MVP scope?
**A:** MVP includes:
- All five control planes (core functionality)
- Client, Tenant, Subscription, Environment entities
- Keycloak integration (1:1 Tenant to Realm)
- Basic infrastructure integration (Proxmox, Kubernetes)
- Basic CI/CD integration
- Policy-driven promotion
- Basic multi-region support
- Basic compliance support
**See:** [MVP Control Plane](./MVP_CONTROL_PLANE.md)
---
## Best Practices
### Q24: What are best practices for landing zone design?
**A:** Best practices:
1. **Start with Standard Pattern**: Begin with standard sovereign landing zone
2. **Plan for Growth**: Design landing zones to scale
3. **Regional Autonomy**: Ensure regional autonomy while enabling coordination
4. **Data Residency**: Enforce data residency from the start
5. **Compliance First**: Design compliance into landing zones
**See:** [Multi-Region Landing Zones - Best Practices](./MULTI_REGION_LANDING_ZONES.md#xiv-best-practices)
---
### Q25: What are best practices for promotion flows?
**A:** Best practices:
1. **Policy-Driven**: Use policy-driven promotion, not manual
2. **Approval Workflows**: Require approval for PROD deployments
3. **Validation**: Validate policies before promotion
4. **Audit Logging**: Log all promotion activities
5. **Rollback**: Plan for rollback procedures
**See:** [Operating Model - Promotion Flow](./OPERATING_MODEL.md#b-git--devops-integration-model)
---
## Troubleshooting
### Q26: Tenant creation fails. What do I do?
**A:** Troubleshooting steps:
1. Check Keycloak connectivity
2. Verify Keycloak admin access
3. Check tenant creation logs
4. Verify input data
5. Retry with verbose logging
**See:** [Operational Runbooks - Troubleshooting](./OPERATIONAL_RUNBOOKS.md#issue-1-tenant-creation-fails)
---
### Q27: Promotion fails. What do I do?
**A:** Troubleshooting steps:
1. Check promotion status
2. Review policy validation results
3. Check approval status
4. Review deployment logs
5. Verify environment configuration
**See:** [Operational Runbooks - Troubleshooting](./OPERATIONAL_RUNBOOKS.md#issue-2-promotion-fails)
---
### Q28: Billing aggregation fails. What do I do?
**A:** Troubleshooting steps:
1. Check billing aggregation job status
2. Verify subscription cost tracking
3. Check billing service logs
4. Trigger manual aggregation
5. Verify data integrity
**See:** [Operational Runbooks - Troubleshooting](./OPERATIONAL_RUNBOOKS.md#issue-3-billing-aggregation-fails)
---
## References
- **[Operating Model](./OPERATING_MODEL.md)** - Complete operating model
- **[Architecture Diagrams](./OPERATING_MODEL_DIAGRAMS.md)** - Visual diagrams
- **[Cloud Provider Mapping](./CLOUD_PROVIDER_MAPPING.md)** - Azure/AWS comparison
- **[Migration Guide](./MIGRATION_GUIDE.md)** - Migration guides
- **[API Specification](./API_SPECIFICATION.md)** - API reference
- **[Implementation Examples](./IMPLEMENTATION_EXAMPLES.md)** - Code examples
- **[Operational Runbooks](./OPERATIONAL_RUNBOOKS.md)** - Operational procedures
---
**Last Updated**: 2025-01-09
**Version**: 1.0
**Status**: Complete FAQ