docs/archive/DEPLOYMENT_REQUIREMENTS_SCOPE.md

# Deployment Requirements Scope
## 5 Large Projects Analysis

**Date**: 2025-01-27  
**Purpose**: Comprehensive deployment requirements analysis for the 5 largest/complex projects

---

## Executive Summary

This document scopes out deployment requirements for 5 major projects:
1. **dbis_core** - Core Banking System
2. **smom-dbis-138** - DeFi Oracle Meta Mainnet (ChainID 138)
3. **loc_az_hci** - Proxmox VE → Azure Arc Hybrid Cloud Stack
4. **Sankofa** - Sovereign AI Cloud Infrastructure Platform
5. **the_order** - Digital Identity & Verifiable Credentials Platform

**Total Estimated Deployment Timeline**: 12-16 weeks (with parallel execution where possible)

---

## 1. DBIS Core Banking System

### Project Overview
Sovereign-grade financial infrastructure for the Digital Bank of International Settlements and 33 Sovereign Central Banks.

### Infrastructure Requirements

**Compute:**
- **Application Tier**: Multiple instances (N+ redundancy)
- **Load Balancer**: Required for high availability
- **Horizontal Scaling**: Supported with connection pooling

**Database:**
- **PostgreSQL** with:
  - Primary database + 2+ read replicas
  - High availability configuration
  - Automated backup system (daily full + hourly incremental)
  - Multi-region replication support

**Storage:**
- **Redis Cache**: 2+ instances for caching layer
- **Storage Account**: For document/blob storage

**Security:**
- **HSM (Hardware Security Module)**: Required for production
- **Encryption**: TLS 1.2+ for all connections
- **Secrets Management**: Secure credential storage

### Deployment Stack

**Technology:**
- Node.js/TypeScript backend
- Prisma ORM with PostgreSQL
- Express.js/Fastify framework
- Docker containerization

**Deployment Method:**
- Kubernetes (recommended) or VM-based
- Blue-Green deployment strategy
- CI/CD pipeline required

### Key Dependencies

**External Services:**
- ISO 20022 banking message integration
- FX engine integration
- CBDC system integration
- Compliance & governance systems

**Prerequisites:**
- Azure subscription (or equivalent cloud provider)
- Database admin access
- HSM hardware/provisioning
- Network security configuration

### Estimated Timeline
- **Infrastructure Setup**: 1-2 weeks
- **Database Setup & Migrations**: 3-5 days
- **Application Deployment**: 1 week
- **Security Hardening**: 1 week
- **Testing & Validation**: 2 weeks
- **Total**: 5-7 weeks

### Critical Path Items
1. Database cluster setup and replication
2. HSM integration and key management
3. Multi-region deployment configuration
4. Security audit and compliance verification

---

## 2. SMOM-DBIS-138: DeFi Oracle Meta Mainnet

### Project Overview
Production-ready Hyperledger Besu network with QBFT consensus (ChainID 138), deployed on Azure Kubernetes Service. Includes CCIP cross-chain oracle support, comprehensive security scanning, full observability, and MetaMask integration.

### Infrastructure Requirements

**⚠️ Important**: smom-dbis-138 is deployed as a **DBIS tenant** on **Sankofa Phoenix** infrastructure. The deployment uses Phoenix's blockchain orchestration tools on loc_az_hci Proxmox infrastructure.

**Blockchain Infrastructure (via Sankofa Phoenix):**
- **Proxmox VMs** (deployed via Crossplane on loc_az_hci):
  - **18 VMs total**: 16 application VMs + 2 infrastructure VMs
  - **Validator Nodes**: Multiple validator VMs
  - **Sentry Nodes**: DDoS protection nodes
  - **RPC Nodes**: Public API access nodes
  - **Network ID**: 138 (ChainID)
  - **Consensus**: QBFT (Quorum Byzantine Fault Tolerance)

**Deployment Orchestration:**
- **Sankofa Phoenix**: Provides white-label blockchain orchestration
- **Crossplane Provider**: Deploys VMs on loc_az_hci Proxmox hosts
- **Site 1 (ml110-01)**: 192.168.11.10
- **Site 2 (r630-01)**: 192.168.11.11

**Note**: Resources (CPU, RAM, Storage) are counted under **loc_az_hci** since VMs are deployed there.

**Storage:**
- **Persistent Volumes**: For blockchain state data
- **Azure Disk CSI**: Dynamic provisioning
- **Backup Storage**: For node state backups

**Networking:**
- **Application Gateway**: For RPC endpoint exposure
- **Network Security Groups**: For node isolation
- **Private Endpoints**: For secure internal communication

### Deployment Stack

**Technology:**
- Hyperledger Besu (blockchain client)
- Foundry (smart contract deployment)
- Kubernetes + Helm
- Terraform (infrastructure as code)

**Smart Contracts:**
- Mock LINK Token
- CCIP Router
- WETH9 & WETH10
- CCIPWETH9Bridge & CCIPWETH10Bridge
- Oracle Aggregator

### Key Dependencies

**Platform Dependencies:**
- **Sankofa Phoenix**: White-label blockchain orchestration platform (must be deployed first)
- **loc_az_hci**: Proxmox infrastructure for VM deployment (must be deployed first)
- **Crossplane Provider**: For Proxmox VM orchestration via Phoenix

**External Services:**
- CCIP (Cross-Chain Interoperability Protocol)
- Chainlink oracles
- MetaMask wallet integration
- Ethereum mainnet (for cross-chain operations)

**Prerequisites:**
- Sankofa Phoenix platform deployed
- loc_az_hci Proxmox infrastructure operational
- Crossplane provider for Proxmox configured
- Foundry (forge, cast, anvil) for smart contract deployment
- kubectl configured (for Phoenix Kubernetes cluster)

### Deployment Phases

**Note**: Deployment is orchestrated through **Sankofa Phoenix** platform on **loc_az_hci** Proxmox infrastructure.

1. **Platform Prerequisites** (Dependencies):
   - loc_az_hci Proxmox infrastructure deployed (Week 1-8)
   - Sankofa Phoenix platform deployed (Week 7-10)
   - Crossplane provider for Proxmox configured

2. **Tenant Deployment via Phoenix** (1-2 weeks):
   - DBIS tenant creation in Sankofa Phoenix
   - VM provisioning via Crossplane (18 VMs on Proxmox)
   - Network configuration and genesis setup
   - Validator, sentry, and RPC node deployment

3. **Smart Contract Deployment** (1 week):
   - Contract compilation and testing
   - Ordered deployment (CCIP Router → WETH → Bridges → Oracle)
   - Contract verification

4. **Configuration & Integration** (1 week):
   - CCIP chain configuration
   - Bridge destination setup
   - Oracle feed configuration

### Estimated Timeline
- **Platform Dependencies**: 8-10 weeks (loc_az_hci + Sankofa Phoenix)
- **Tenant Deployment**: 1-2 weeks (via Phoenix orchestration)
- **Smart Contracts**: 1 week
- **Integration & Testing**: 2 weeks
- **Total**: 12-15 weeks (including platform dependencies)

### Critical Path Items
1. loc_az_hci Proxmox infrastructure operational
2. Sankofa Phoenix platform deployed and configured
3. Crossplane provider connected to Proxmox
4. DBIS tenant VM provisioning via Phoenix
5. Besu network genesis and validator setup
6. CCIP router configuration and chain registration
7. Oracle aggregator and price feed integration
8. Security scanning and audit completion

---

## 3. LOC_AZ_HCI: Proxmox VE → Azure Arc Hybrid Cloud Stack

### Project Overview
Complete end-to-end implementation package for transforming Proxmox VE hosts into a fully Azure-integrated Hybrid Cloud stack with high availability, Kubernetes orchestration, GitOps workflows, and blockchain infrastructure services.

### Infrastructure Requirements

**Physical Infrastructure:**
- **2+ Proxmox VE Hosts**:
  - Proxmox VE 7.0+ installed
  - Minimum 8GB RAM per node (16GB+ recommended)
  - Static IP addresses configured
  - Network connectivity between nodes
  - Root or sudo access

**Storage:**
- **NFS Server** (optional, for shared storage)
- **Local Storage**: Sufficient for VMs and templates
- **Ceph** (optional, for distributed storage)

**Virtual Infrastructure:**
- **VMs for Kubernetes**: K3s or full K8s cluster
- **VMs for Git**: Gitea/GitLab or Azure DevOps agent
- **Storage VMs**: For NFS or distributed storage

**Azure Integration:**
- **Azure Arc**: For hybrid cloud management
- **Azure Resource Groups**: For Arc resources
- **Azure Monitor**: For hybrid monitoring

### Deployment Stack

**Technology:**
- Proxmox VE (hypervisor)
- K3s or Kubernetes (orchestration)
- Azure Arc (hybrid cloud)
- Terraform (optional, for automation)
- Helm (optional, for GitOps)

**Services:**
- Hyperledger Besu
- Firefly
- Chainlink CCIP
- BlockScout
- Cacti (monitoring)
- Nginx Proxy

### Key Dependencies

**External Services:**
- Azure subscription with Contributor role
- Azure Arc enabled subscription
- Cloudflare (for DNS and tunnels)
- Internet connectivity for Azure Arc

**Prerequisites:**
- Azure CLI installed and authenticated
- SSH access to all nodes
- kubectl installed
- Terraform (optional)
- Helm (optional)

### Deployment Phases

1. **Proxmox Cluster Setup** (1 week):
   - Network configuration on both nodes
   - Repository updates
   - Shared storage (NFS) setup
   - Cluster creation

2. **Azure Arc Integration** (1 week):
   - Azure environment preparation
   - Proxmox host onboarding to Azure Arc
   - VM creation and onboarding
   - Kubernetes onboarding

3. **Kubernetes Setup** (1 week):
   - K3s installation
   - Kubernetes onboarding to Azure Arc
   - Base infrastructure deployment

4. **Git/DevOps Setup** (1 week):
   - Gitea/GitLab deployment OR
   - Azure DevOps self-hosted agent

5. **GitOps Configuration** (1 week):
   - Repository creation
   - Azure Arc GitOps connection
   - Application deployment

6. **HC Stack Services** (2 weeks):
   - Blockchain services (Besu, Firefly)
   - Monitoring (Cacti)
   - Proxy services (Nginx)

### Estimated Timeline
- **Proxmox Setup**: 1 week
- **Azure Arc Integration**: 1 week
- **Kubernetes Setup**: 1 week
- **GitOps & Services**: 3 weeks
- **Testing & Validation**: 2 weeks
- **Total**: 8-10 weeks

### Critical Path Items
1. Proxmox cluster creation and verification
2. Azure Arc agent installation and connectivity
3. Kubernetes cluster deployment
4. GitOps workflow configuration
5. Service deployment and integration

---

## 4. Sankofa Phoenix: Sovereign AI Cloud Infrastructure Platform

### Project Overview
A next-generation, sovereign AI cloud infrastructure platform that provides **white-label blockchain tooling and orchestration** as a service. Sankofa Phoenix combines mythic power, ancestral wisdom, and cultural identity. Features 325-region deployment capability and world-class cloud infrastructure.

**Key Service**: Sankofa Phoenix provides blockchain orchestration platform that enables tenant deployments (such as smom-dbis-138 for DBIS tenant) to be deployed via Crossplane on loc_az_hci Proxmox infrastructure.

### Infrastructure Requirements

**⚠️ Important**: Sankofa leverages **loc_az_hci** Proxmox infrastructure to deploy VMs via Crossplane. The VMs listed below are deployed on loc_az_hci Proxmox hosts and are counted in the loc_az_hci resource totals.

**Edge Sites (Deployed on loc_az_hci Proxmox Infrastructure):**
- **Proxmox VE Infrastructure**: Uses loc_az_hci Proxmox hosts
  - Site 1 (ml110-01): 192.168.11.10 - Operational ✅
  - Site 2 (r630-01): 192.168.11.11 - Operational ✅
  - Network bridge: vmbr0
  - Storage pools: local-lvm
  - OS images: ubuntu-22.04-cloud.img

**VM Deployment via Crossplane (SMOM-DBIS-138):**
- **Total VMs**: 18 (16 application + 2 infrastructure)
- **Total CPU**: 72 cores
- **Total RAM**: 140 GiB
- **Total Disk**: 278 GiB
- **Deployment Method**: Crossplane provider for Proxmox
- **Infrastructure**: Deployed on loc_az_hci Proxmox hosts
- **Note**: These resources are counted under **loc_az_hci** to avoid double-counting

**Kubernetes Control Plane:**
- Kubernetes v1.24+ cluster
- 3 master nodes minimum (for HA)
- 5+ worker nodes (for production)
- Container runtime: containerd or CRI-O
- CNI plugin: Calico, Flannel, or Cilium

**Database Infrastructure:**
- PostgreSQL 14+ (recommended: 15+)
- High availability: Primary + replicas
- Storage: NVMe SSD (2TB+ per node)
- RAM: 64GB+ per node
- Automated daily backups

**Blockchain Infrastructure (Future):**
- Hyperledger Besu Validators: 3-5 nodes per core datacenter
- CPU: AMD EPYC 7763 (64 cores) or Intel Xeon Platinum 8380 (40 cores)
- RAM: 128GB DDR4 ECC
- Storage: 2x 4TB NVMe SSD (RAID 1)
- Network: 2x 25GbE network adapters
- HSM: Hardware Security Module for key storage

### Deployment Stack

**Technology:**
- Next.js 14+ (frontend and portal)
- GraphQL API (Apollo Server + Fastify)
- PostgreSQL 14+
- Keycloak 20+ (identity management)
- Crossplane (infrastructure as code)
- ArgoCD (GitOps)
- Prometheus/Grafana (monitoring)
- Loki (log aggregation)

**Application Components:**
- Frontend (Next.js)
- API (GraphQL)
- Portal (Next.js)
- Crossplane provider for Proxmox

### Key Dependencies

**Infrastructure Dependencies:**
- **loc_az_hci Proxmox Infrastructure**: Sankofa deploys VMs on loc_az_hci Proxmox hosts via Crossplane
  - Site 1 (ml110-01): 192.168.11.10
  - Site 2 (r630-01): 192.168.11.11
  - 18 SMOM-DBIS-138 VMs deployed via Crossplane provider

**External Services:**
- Keycloak for identity management
- Cloudflare for DNS and tunnels (shared with loc_az_hci)
- Blockchain network (Hyperledger Besu)

**Prerequisites:**
- **loc_az_hci Proxmox cluster** operational (deploy loc_az_hci first)
- Kubernetes cluster deployed (for Sankofa applications)
- PostgreSQL database deployed (for Sankofa applications)
- Keycloak deployed and configured
- Crossplane provider for Proxmox configured and connected to loc_az_hci
- Cloudflare account and tunnel configured
- Network connectivity verified

### Deployment Phases

1. **Database Setup** (3-5 days):
   - PostgreSQL deployment
   - Database migrations (26 migrations)
   - Multi-tenancy and billing tables
   - Initial data seeding

2. **Kubernetes Deployment** (1-2 weeks):
   - Namespace creation
   - Crossplane deployment
   - ArgoCD deployment
   - Keycloak deployment
   - API, Frontend, Portal deployment
   - Monitoring stack deployment

3. **Proxmox VM Deployment** (1-2 weeks):
   - Infrastructure VMs (Nginx Proxy, Cloudflare Tunnel)
   - Application VMs (SMOM-DBIS-138)
   - Monitoring and validation

4. **GitOps Setup** (1 week):
   - Repository creation
   - ArgoCD application configuration
   - Sync and verification

5. **Multi-Tenancy Setup** (1 week):
   - System tenant creation
   - Admin user assignment
   - Billing configuration
   - Tenant verification

### Estimated Timeline
- **Database & Infrastructure**: 2-3 weeks
- **Application Deployment**: 2-3 weeks
- **VM Deployment**: 1-2 weeks
- **Configuration & Testing**: 2 weeks
- **Total**: 7-10 weeks

### Critical Path Items
1. Database migrations (26 migrations including multi-tenancy)
2. Keycloak deployment and OIDC configuration
3. Crossplane provider for Proxmox setup
4. Multi-tenant system initialization
5. Billing system configuration
6. Cloudflare tunnel and DNS configuration

---

## 5. The Order: Digital Identity & Verifiable Credentials Platform

### Project Overview
A comprehensive platform for digital identity, verifiable credentials, and legal document management. Features eIDAS/DID-based identity verification, Microsoft Entra VerifiedID integration, legal document management, virtual data rooms, and e-residency services.

### Infrastructure Requirements

**Azure Infrastructure:**
- **Azure Kubernetes Service (AKS)**:
  - Target region: West Europe (no US regions)
  - Azure CNI networking
  - Node pools configured
  - Azure Disk CSI driver

**Database:**
- **Azure Database for PostgreSQL**:
  - Multiple databases (dev, stage, prod)
  - High availability configuration
  - Automated backups
  - Firewall rules configured

**Storage:**
- **Azure Storage Accounts**:
  - Containers: intake-documents, dataroom-deals, credentials
  - Versioning enabled
  - Soft delete enabled

**Security:**
- **Azure Key Vault**:
  - Separate instances per environment
  - Soft delete and purge protection
  - Access policies configured

**Container Registry:**
- **Azure Container Registry (ACR)**:
  - Geo-replication (optional)
  - Managed identity or admin user

**Networking:**
- **Virtual Network**:
  - Subnets configured
  - Network Security Groups
  - Private endpoints (optional)

**Load Balancing:**
- **Application Gateway** OR **NGINX Ingress**:
  - SSL/TLS termination
  - Routing rules
  - WAF rules (if using Application Gateway)

### Deployment Stack

**Technology:**
- Node.js 18+ / TypeScript
- pnpm (package manager)
- PostgreSQL (via Azure Database)
- Docker containerization
- Kubernetes orchestration
- Terraform (infrastructure as code)

**Application Components:**
- Identity Service
- Intake Service
- Finance Service
- Dataroom Service
- Portal Public (Next.js)
- Portal Internal (Next.js)

**Infrastructure Services:**
- External Secrets Operator
- Prometheus & Grafana
- OpenTelemetry
- OpenSearch (optional)

### Key Dependencies

**External Services:**
- **Microsoft Entra ID (Azure AD)**:
  - App registration
  - API permissions (VerifiedID)
  - Client secrets

- **Microsoft Entra VerifiedID**:
  - Service enabled
  - Credential manifest created
  - Issuer DID verified

- **Azure Logic Apps** (optional):
  - eIDAS verification workflow
  - VC issuance workflow
  - Document processing workflow

**Prerequisites:**
- Azure subscription (Contributor role)
- Azure CLI installed and authenticated
- Terraform >= 1.5.0
- kubectl configured
- Docker (for building images)
- Node.js >= 18.0.0
- pnpm >= 8.0.0

### Deployment Phases

1. **Prerequisites** (1-2 days):
   - Development environment setup
   - Azure account setup
   - Tool installation

2. **Azure Infrastructure Setup** (4-6 weeks):
   - Resource provider registration
   - Terraform state storage
   - AKS cluster deployment
   - PostgreSQL database deployment
   - Key Vault deployment
   - Container Registry deployment
   - Virtual Network setup
   - Application Gateway/Ingress setup

3. **Entra ID Configuration** (1-2 days):
   - App registration creation
   - API permissions configuration
   - Client secret creation
   - VerifiedID service enablement
   - Credential manifest creation

4. **Database & Storage Setup** (1-2 days):
   - Database creation (dev, stage, prod)
   - Storage containers creation
   - Firewall rules configuration

5. **Container Registry Setup** (1 day):
   - ACR configuration
   - AKS integration

6. **Application Build & Package** (2-4 hours):
   - Package building
   - Docker image creation
   - Image signing (Cosign)

7. **Database Migrations** (1-2 hours):
   - Migration execution
   - Schema verification
   - Data seeding (if needed)

8. **Secrets Configuration** (2-4 hours):
   - Key Vault secret storage
   - External Secrets Operator setup

9. **Infrastructure Services Deployment** (1-2 days):
   - External Secrets Operator
   - Monitoring stack
   - Logging stack

10. **Backend Services Deployment** (2-4 days):
    - Identity Service
    - Intake Service
    - Finance Service
    - Dataroom Service

11. **Frontend Applications Deployment** (1-2 days):
    - Portal Public
    - Portal Internal

12. **Networking & Gateways** (2-3 days):
    - Ingress configuration
    - DNS setup
    - SSL/TLS certificates
    - WAF rules

13. **Monitoring & Observability** (2-3 days):
    - Application Insights
    - Log Analytics
    - Alerts configuration
    - Dashboards creation

14. **Testing & Validation** (3-5 days):
    - Health checks
    - Integration testing
    - End-to-end testing
    - Performance testing
    - Security testing

15. **Production Hardening** (2-3 days):
    - Resource limits configuration
    - Backup configuration
    - Disaster recovery setup
    - Documentation

### Estimated Timeline
- **Infrastructure**: 4-6 weeks (critical path)
- **Configuration**: 1-2 weeks
- **Deployment**: 2-3 weeks
- **Testing & Hardening**: 2-3 weeks
- **Total**: 8-12 weeks

### Critical Path Items
1. Azure infrastructure provisioning (AKS, PostgreSQL, Key Vault)
2. Entra ID and VerifiedID configuration
3. Database migrations and schema setup
4. Container image building and registry push
5. Service deployment and health verification
6. Networking and ingress configuration
7. SSL/TLS certificate provisioning
8. Monitoring and alerting setup

---

## Comparative Analysis

### Complexity Ranking

| Project | Complexity | Infrastructure | Timeline | Dependencies |
|---------|-----------|----------------|----------|--------------|
| **the_order** | Very High | Azure-native (AKS, PostgreSQL, Key Vault) | 8-12 weeks | Entra ID, VerifiedID |
| **Sankofa** | Very High | Hybrid (Proxmox + Kubernetes + Cloudflare) | 7-10 weeks | Keycloak, Crossplane, Blockchain |
| **smom-dbis-138** | High | Azure Kubernetes Service | 6-8 weeks | CCIP, Chainlink, MetaMask |
| **loc_az_hci** | High | Hybrid (Proxmox + Azure Arc) | 8-10 weeks | Azure Arc, Cloudflare |
| **dbis_core** | Medium-High | Multi-region (K8s or VMs) | 5-7 weeks | HSM, ISO 20022, FX Engine |

### Infrastructure Overlap

**Common Requirements:**
- Kubernetes (4/5 projects)
- PostgreSQL database (4/5 projects)
- Container registry (5/5 projects)
- Monitoring & observability (5/5 projects)
- Secrets management (5/5 projects)

**Unique Requirements:**
- **dbis_core**: HSM, multi-region banking infrastructure
- **smom-dbis-138**: DBIS tenant blockchain (deployed via Sankofa Phoenix on loc_az_hci)
- **loc_az_hci**: Proxmox VE, Azure Arc, hybrid cloud, **hosts smom-dbis-138 VMs**
- **Sankofa Phoenix**: White-label blockchain orchestration platform, Keycloak, Crossplane, multi-tenant SaaS
- **the_order**: Entra ID, VerifiedID, Azure Logic Apps

**Infrastructure Relationships:**
- **loc_az_hci** provides Proxmox infrastructure foundation
- **Sankofa Phoenix** provides blockchain orchestration platform using loc_az_hci Proxmox
- **smom-dbis-138** is a DBIS tenant deployment using Phoenix platform on loc_az_hci infrastructure
- **18 VMs** (smom-dbis-138): Deployed via Phoenix Crossplane on loc_az_hci Proxmox hosts
- Resources properly allocated: VMs counted under loc_az_hci, Phoenix platform K8s/DB counted under Sankofa

### Resource Requirements Summary

**Compute:**
- **dbis_core**: N+ application instances, database replicas
- **smom-dbis-138**: 3+ validators, 2+ sentries, 2+ RPC nodes
- **loc_az_hci**: 2+ Proxmox hosts, K3s cluster, multiple VMs
- **Sankofa**: 18 VMs, Kubernetes cluster, database cluster
- **the_order**: AKS cluster, multiple microservices

**Storage:**
- **dbis_core**: Database replicas, Redis cache, blob storage
- **smom-dbis-138**: Blockchain state (persistent volumes)
- **loc_az_hci**: NFS shared storage, VM storage
- **Sankofa**: 278 GiB disk, database storage, VM storage
- **the_order**: Azure Storage, database storage

**Network:**
- **dbis_core**: Load balancer, multi-region networking
- **smom-dbis-138**: Application Gateway, private networking
- **loc_az_hci**: Azure Arc connectivity, Cloudflare tunnels
- **Sankofa**: Cloudflare tunnels, inter-datacenter links
- **the_order**: Application Gateway/Ingress, DNS, SSL/TLS

---

## Deployment Strategy Recommendations

### Parallel Deployment Opportunities

1. **Infrastructure Setup** (Weeks 1-2):
   - All projects can start infrastructure planning in parallel
   - Resource provisioning can be coordinated

2. **Database Setup** (Weeks 3-4):
   - dbis_core, Sankofa, and the_order can set up databases in parallel
   - Different database instances/environments reduce conflicts

3. **Container Registry** (Week 4):
   - All projects can set up and configure registries simultaneously

4. **Development/Testing** (Weeks 8-12):
   - Parallel testing phases for projects that are ready

### Sequential Dependencies

1. **loc_az_hci** should be deployed first:
   - Provides infrastructure foundation for other projects
   - Can host VMs for Sankofa and other services

2. **Sankofa** leverages loc_az_hci:
   - **Uses loc_az_hci Proxmox infrastructure** to deploy 18 VMs (SMOM-DBIS-138) via Crossplane
   - **Deploys separate Kubernetes cluster and database** for application infrastructure
   - Resources properly allocated: VMs counted under loc_az_hci, K8s/DB counted under Sankofa

3. **smom-dbis-138** (DBIS tenant) deploys third:
   - **Uses Sankofa Phoenix** blockchain orchestration platform
   - **Deploys on loc_az_hci Proxmox infrastructure** via Phoenix Crossplane
   - **18 VMs** (72 cores, 140 GiB RAM, 278 GiB) counted under loc_az_hci
   - **Dependencies**: loc_az_hci + Sankofa Phoenix must be deployed first

4. **dbis_core** and **the_order** are independent:
   - Can be deployed in parallel
   - Different infrastructure requirements

### Risk Mitigation

**High-Risk Items:**
1. **Azure Quota Limits**: Request quota increases early
2. **HSM Provisioning**: Long lead time, order early
3. **Domain/DNS Setup**: Coordinate DNS changes
4. **Security Audits**: Schedule early and allow time for remediation
5. **Third-Party Integrations**: Verify API access and rate limits

**Contingency Planning:**
- Staged rollout approach for each project
- Blue-Green deployments for zero-downtime
- Rollback procedures documented
- Backup and disaster recovery tested

---

## Total Resource Requirements

### Resource Summary: CPU Cores, RAM, and Storage

#### 1. DBIS Core Banking System

**Compute:**
- **Application Instances**: 3+ instances (N+ redundancy)
  - CPU: ~4 cores per instance = **12+ cores**
  - RAM: ~8GB per instance = **24+ GB**
- **Load Balancer**: Included in infrastructure

**Database:**
- **Primary PostgreSQL**: 
  - CPU: 8-16 cores
  - RAM: 32-64 GB
  - Storage: 500 GB - 2 TB
- **Read Replicas** (2+):
  - CPU: 8-16 cores each = **16-32 cores**
  - RAM: 32-64 GB each = **64-128 GB**
  - Storage: 500 GB - 2 TB each = **1-4 TB**

**Cache:**
- **Redis** (2+ instances):
  - CPU: 2-4 cores each = **4-8 cores**
  - RAM: 8-16 GB each = **16-32 GB**
  - Storage: 50-100 GB each = **100-200 GB**

**Total DBIS Core:**
- **CPU**: 32-68 cores
- **RAM**: 104-224 GB
- **Storage**: 1.6-6.2 TB

---

#### 2. SMOM-DBIS-138 (DBIS Tenant on Sankofa Phoenix)

**⚠️ Note**: smom-dbis-138 is deployed as a **DBIS tenant** using **Sankofa Phoenix** blockchain orchestration on **loc_az_hci** Proxmox infrastructure. Resources are counted under **loc_az_hci** (18 VMs: 72 cores, 140 GiB RAM, 278 GiB storage).

**Blockchain Deployment (via Phoenix on Proxmox):**
- **18 VMs** deployed via Crossplane on loc_az_hci Proxmox hosts:
  - **Validator Nodes**: Multiple validator VMs
  - **Sentry Nodes**: DDoS protection nodes  
  - **RPC Nodes**: Public API access nodes
  - **Infrastructure VMs**: Management and monitoring

**Total SMOM-DBIS-138 (Counted under loc_az_hci):**
- **CPU**: 72 cores (included in loc_az_hci totals)
- **RAM**: 140 GiB (included in loc_az_hci totals)
- **Storage**: 278 GiB (included in loc_az_hci totals)

**Platform Infrastructure (Sankofa Phoenix):**
- **Kubernetes Cluster**: For Phoenix orchestration (counted under Sankofa)
- **Crossplane**: For VM provisioning (counted under Sankofa)

---

#### 3. LOC_AZ_HCI (Proxmox VE → Azure Arc)

**Proxmox Hosts:**
- **Physical Hosts** (2+):
  - CPU: 16-32 cores each = **32-64 cores**
  - RAM: 64-128 GB each = **128-256 GB**
  - Storage: 2-4 TB each (local storage) = **4-8 TB**

**Virtual Infrastructure:**
- **K3s/Kubernetes Cluster**:
  - Control Plane: 4-8 cores, 16-32 GB RAM
  - Worker Nodes (3+): 4-8 cores each = **12-24 cores**, 16-32 GB each = **48-96 GB**
- **Git Server VM** (Gitea/GitLab):
  - CPU: 4-8 cores
  - RAM: 8-16 GB
  - Storage: 100-500 GB
- **Infrastructure VMs**:
  - Nginx Proxy: 2-4 cores, 4-8 GB RAM, 50-100 GB storage
  - Cloudflare Tunnel: 2-4 cores, 4-8 GB RAM, 50-100 GB storage
  - Monitoring (Cacti): 2-4 cores, 4-8 GB RAM, 100-200 GB storage

**Blockchain Services (on VMs):**
- **Besu Nodes**: 4-8 cores, 16-32 GB RAM, 200-500 GB storage
- **Firefly**: 4-8 cores, 16-32 GB RAM, 100-200 GB storage
- **BlockScout**: 4-8 cores, 16-32 GB RAM, 200-500 GB storage

**Sankofa VMs (Deployed via Crossplane):**
- **SMOM-DBIS-138 VMs** (18 total: 16 application + 2 infrastructure):
  - CPU: **72 cores** (documented)
  - RAM: **140 GiB** (documented)
  - Storage: **278 GiB** (documented)
  - **Note**: These VMs are deployed by Sankofa Phoenix using Crossplane onto loc_az_hci Proxmox infrastructure

**Total LOC_AZ_HCI (Including Sankofa VMs):**
- **CPU**: 132-192 cores (hosts + loc_az_hci VMs + Sankofa VMs)
- **RAM**: 360-500 GB
- **Storage**: 5.3-10.3 TB

---

#### 4. Sankofa (Sovereign AI Cloud Infrastructure)

**Note**: Sankofa leverages **loc_az_hci** Proxmox infrastructure to deploy VMs via Crossplane. The 18 SMOM-DBIS-138 VMs are counted under loc_az_hci above.

**Platform Infrastructure (Separate from tenant VMs):**
**Kubernetes Cluster (for Phoenix orchestration):**
- **Control Plane** (3 masters):
  - CPU: 4-8 cores each = **12-24 cores**
  - RAM: 16-32 GB each = **48-96 GB**
- **Worker Nodes** (5+):
  - CPU: 8-16 cores each = **40-80 cores**
  - RAM: 32-64 GB each = **160-320 GB**

**Database Infrastructure:**
- **PostgreSQL Primary**:
  - CPU: 16-32 cores
  - RAM: 64-128 GB
  - Storage: 2-4 TB
- **PostgreSQL Replicas** (2+):
  - CPU: 16-32 cores each = **32-64 cores**
  - RAM: 64-128 GB each = **128-256 GB**
  - Storage: 2-4 TB each = **4-8 TB**

**Future Blockchain Infrastructure:**
- **Besu Validators** (3-5 nodes):
  - CPU: 64 cores (AMD EPYC) or 40 cores (Intel Xeon) each = **192-320 cores** (AMD) or **120-200 cores** (Intel)
  - RAM: 128 GB each = **384-640 GB**
  - Storage: 2x 4TB NVMe SSD (RAID 1) each = **24-40 TB**
- **Read Replica Nodes** (2-3):
  - CPU: 32 cores each = **64-96 cores**
  - RAM: 64 GB each = **128-192 GB**
  - Storage: 2x 2TB NVMe SSD each = **8-12 TB**

**Total Sankofa Phoenix (Platform Infrastructure Only - Tenant VMs counted under loc_az_hci):**
- **CPU**: 84-496 cores (Platform K8s + Database) + 184-416 cores (future blockchain) = **268-912 cores**
- **RAM**: 216-396 GB (Platform K8s + Database) + 512-832 GB (future blockchain) = **728-1,228 GB**
- **Storage**: 6-12 TB (Platform K8s + Database) + 32-52 TB (future blockchain) = **38-64 TB**

**Note**: 
- **Tenant deployments** (like smom-dbis-138's 18 VMs: 72 cores, 140 GiB RAM, 278 GiB storage) are deployed via Phoenix on loc_az_hci Proxmox infrastructure and counted under loc_az_hci, not here.
- Sankofa Phoenix provides the **orchestration platform**, tenant blockchain VMs are deployed on loc_az_hci infrastructure.

---

#### 5. The Order (Digital Identity Platform)

**AKS Cluster:**
- **Node Pool (Standard)**:
  - Nodes: 3-5 nodes
  - CPU: 8-16 cores per node = **24-80 cores**
  - RAM: 32-64 GB per node = **96-320 GB**
  - Storage: 100-200 GB per node (OS + system) = **300 GB - 1 TB**

**Application Pods:**
- **Identity Service**: 2-4 replicas, 2-4 cores each = **4-16 cores**, 4-8 GB each = **8-32 GB**
- **Intake Service**: 2-4 replicas, 2-4 cores each = **4-16 cores**, 4-8 GB each = **8-32 GB**
- **Finance Service**: 2-4 replicas, 2-4 cores each = **4-16 cores**, 4-8 GB each = **8-32 GB**
- **Dataroom Service**: 2-4 replicas, 2-4 cores each = **4-16 cores**, 4-8 GB each = **8-32 GB**
- **Portal Public**: 2-3 replicas, 2-4 cores each = **4-12 cores**, 4-8 GB each = **8-24 GB**
- **Portal Internal**: 2-3 replicas, 2-4 cores each = **4-12 cores**, 4-8 GB each = **8-24 GB**

**Database:**
- **Azure PostgreSQL** (dev, stage, prod):
  - CPU: 8-16 cores per instance = **24-48 cores**
  - RAM: 32-64 GB per instance = **96-192 GB**
  - Storage: 500 GB - 2 TB per instance = **1.5-6 TB**

**Storage:**
- **Azure Storage Accounts**:
  - Blob storage: 500 GB - 2 TB
  - Container images: 100-500 GB

**Infrastructure Services:**
- **Monitoring Stack**: 4-8 cores, 16-32 GB RAM
- **External Secrets Operator**: 1-2 cores, 2-4 GB RAM

**Total The Order:**
- **CPU**: 60-156 cores
- **RAM**: 240-480 GB
- **Storage**: 2.1-8.5 TB

---

### Grand Total Resource Requirements

#### Current Deployment (Production-Ready)

| Resource | Minimum | Maximum | Recommended |
|----------|---------|---------|-------------|
| **CPU Cores** | 354 | 1,004 | 600-750 |
| **RAM** | 1,104 GB | 1,968 GB | 1,400-1,700 GB |
| **Storage** | 21.7 TB | 49.0 TB | 30-40 TB |

#### With Future Blockchain Infrastructure (Sankofa)

| Resource | Minimum | Maximum | Recommended |
|----------|---------|---------|-------------|
| **CPU Cores** | 538 | 1,420 | 750-1,000 |
| **RAM** | 1,616 GB | 2,800 GB | 2,000-2,400 GB |
| **Storage** | 53.7 TB | 81.0 TB | 60-75 TB |

**Note**: Sankofa VMs (18 VMs, 72 cores, 140 GiB RAM, 278 GiB storage) are deployed on loc_az_hci Proxmox infrastructure and counted there to avoid double-counting.

### Resource Breakdown by Project

| Project | CPU Cores | RAM (GB) | Storage (TB) |
|---------|-----------|----------|--------------|
| **dbis_core** | 32-68 | 104-224 | 1.6-6.2 |
| **smom-dbis-138** | Included in loc_az_hci (18 VMs: 72 cores, 140 GiB RAM, 278 GiB) | | |
| **loc_az_hci** (incl. smom-dbis-138 VMs) | 132-192 | 360-500 | 5.3-10.3 |
| **Sankofa Phoenix** (Platform infrastructure) | 84-496 | 216-396 | 6-12 |
| **Sankofa (Future Blockchain)** | +184-416 | +512-832 | +32-52 |
| **the_order** | 60-156 | 240-480 | 2.1-8.5 |
| **TOTAL (Current)** | **308-912** | **1,104-1,968** | **21.7-49.0** |
| **TOTAL (With Future)** | **492-1,328** | **1,616-2,800** | **53.7-81.0** |

**Notes**: 
- **smom-dbis-138** is a DBIS tenant deployment on Sankofa Phoenix platform
- **smom-dbis-138 VMs** (18 VMs: 72 cores, 140 GiB RAM, 278 GiB) are deployed via Phoenix on loc_az_hci Proxmox infrastructure and counted there
- **Sankofa Phoenix** provides the white-label blockchain orchestration platform that deploys tenant blockchains

### Notes and Assumptions

**CPU Cores:**
- Assumes modern multi-core processors (Intel Xeon, AMD EPYC)
- Includes Kubernetes overhead and system resources
- Accounts for redundancy and high availability
- Future blockchain infrastructure uses high-end processors

**RAM:**
- Includes application memory, database buffers, and system overhead
- Accounts for caching layers (Redis)
- Database RAM includes buffer pools and connection overhead
- Kubernetes overhead included in node specifications

**Storage:**
- Includes OS, application data, database storage, and blockchain state
- Database storage includes data, logs, and backup space
- Blockchain state storage can grow significantly over time
- Storage redundancy (RAID, replication) not included in totals
- Backup storage not included (estimate 2-3x primary storage)

**Optimization Opportunities:**
- Shared infrastructure (loc_az_hci can host Sankofa VMs)
- Database consolidation possible for dev/staging environments
- Storage deduplication and compression
- Right-sizing based on actual usage patterns

**Risk Factors:**
- Blockchain state growth (can exceed estimates)
- Database growth with transaction volume
- Log retention and audit requirements
- Backup and disaster recovery storage (2-3x primary)

---

### Infrastructure Summary

**Azure Resources:**
- 3 AKS clusters (smom-dbis-138, the_order, potentially others)
- 3+ PostgreSQL instances (dbis_core, Sankofa, the_order)
- 3+ Key Vault instances
- 3+ Container Registries
- Multiple Storage Accounts
- Application Gateways/Load Balancers

**On-Premises/Proxmox:**
- 4+ Proxmox hosts (loc_az_hci, Sankofa)
- 20+ VMs (various projects)
- Kubernetes clusters (K3s or full K8s)
- NFS storage systems

**Network:**
- Multiple virtual networks
- DNS configurations
- SSL/TLS certificates
- Cloudflare tunnels

### Timeline Summary

**Conservative Estimate (Sequential):**
- Total: 35-47 weeks (8.5-11.5 months)

**Optimistic Estimate (Parallel where possible):**
- Total: 12-16 weeks (3-4 months)

**Recommended Approach:**
- **Phase 1** (Weeks 1-6): Infrastructure foundation (loc_az_hci Proxmox infrastructure)
- **Phase 2** (Weeks 7-10): Sankofa Phoenix platform deployment (uses loc_az_hci)
- **Phase 3** (Weeks 11-12): smom-dbis-138 tenant deployment via Phoenix (uses loc_az_hci + Phoenix)
- **Phase 4** (Weeks 4-12): Parallel deployments (dbis_core, the_order - independent)
- **Phase 5** (Weeks 10-14): Integration, testing, hardening
- **Phase 6** (Weeks 12-16): Production readiness, monitoring, documentation

### Cost Estimates

**Infrastructure Costs (Monthly):**
- Azure resources: $5K-$15K/month
- Proxmox hardware: One-time $20K-$100K
- Network bandwidth: $500-$2K/month
- Monitoring/observability: $500-$1K/month
- Third-party services: $1K-$3K/month

**Total First Year**: $100K-$300K+ (including hardware)

---

## Next Steps

### Immediate Actions

1. **Resource Planning**:
   - [ ] Review and approve infrastructure budgets
   - [ ] Request Azure quota increases
   - [ ] Order HSM hardware (if needed)
   - [ ] Procure Proxmox hardware (if needed)

2. **Team Preparation**:
   - [ ] Assign deployment teams per project
   - [ ] Schedule kickoff meetings
   - [ ] Review deployment documentation
   - [ ] Set up development environments

3. **Infrastructure Preparation**:
   - [ ] Create Azure subscriptions/resource groups
   - [ ] Set up Proxmox hosts (if applicable)
   - [ ] Configure DNS and domain names
   - [ ] Set up CI/CD pipelines

4. **Documentation Review**:
   - [ ] Review each project's deployment guide
   - [ ] Identify gaps and dependencies
   - [ ] Create consolidated deployment checklist
   - [ ] Document risk mitigation strategies

### Deployment Priority

**Recommended Order:**
1. **loc_az_hci** (Foundation infrastructure - Proxmox hosts)
2. **Sankofa Phoenix** (Blockchain orchestration platform - uses loc_az_hci)
3. **smom-dbis-138** (DBIS tenant deployment via Phoenix on loc_az_hci)
4. **dbis_core** (Independent, can run in parallel)
5. **the_order** (Independent, most complex, benefits from infrastructure maturity)

---

**Document Status**: Initial Scope Complete  
**Last Updated**: 2025-01-27  
**Next Review**: After project kickoff meetings