You'd need to pay for RH SSO, which is the downstream version of Keycloak. It's the stable version with the option of paid support. You can see more here: https://access.redhat.com/products/red-hat-single-sign-on. I handle upgrades by upgrading to odd versions. Since I'm on 5.0, I'll jump to 7.0 next. I don't upgrade a lot, unless there is a real need in the next version(s), ie, CVE's, new features, etc. I do use Keycloak in production, it's been rock solid for us and is fast. We handle about 5000 sessions without breaking a sweat. I have a two node cluster setup, with a galera mariadb 3 node cluster on the backend. I also setup a dev environment where I perform upgrades and test before releasing into production. So far it's worked very well. -- *Aaron Echols* On Wed, Aug 28, 2019 at 3:51 PM Paul Edison <paul.finnedison(a)outlook.com&gt; wrote: