Skip to main content

Production Grade Enterprise Deployment of Hyperledger Fabric Whitepaper

Abstract

This whitepaper provides an approach to deploying Hyperledger Fabric, a leading Open-Source blockchain framework, in enterprise environments using Coredge’s Cloud Orbiter platform. Hyperledger Fabric offers a robust and flexible platform for building distributed ledger solutions, enabling organizations to achieve secure, transparent, and efficient business processes. Deploying and managing a Hyperledger Fabric production network spanning multiple organizations was time-consuming. The Cloud Orbiter platform made deployment, management, and operating the network seamless. This whitepaper aims to equip readers with the knowledge and insights to deploy Hyperledger Fabric networks successfully. It explores the core concepts, architectural components, and key considerations involved in the deployment process. Organizations can leverage the power of Hyperledger Fabric to address complex business challenges and unlock new opportunities without worrying about managing the underlying infrastructure.

Introduction

Blockchain technology has emerged as a transformative force, revolutionizing various industries by enabling secure, transparent, decentralized digital transactions. One prominent blockchain framework that has gained significant traction in enterprise settings is Hyperledger Fabric. Built on Open-Source principles and backed by the Linux Foundation, Hyperledger Fabric offers a robust and flexible platform for developing and deploying enterprise-grade blockchain networks. Hyperledger Fabric is preferred for enterprise blockchain solutions due to its unique architectural design and modular approach. Its core features, such as permissioned network governance, support for private channels, and flexible consensus mechanisms, make it well-suited for various use cases across industries. Whether it's supply chain management, financial services, healthcare, or government, Hyperledger Fabric offers a robust foundation for building secure and scalable blockchain networks. Coredge provides a platform for a Hyperledger Fabric network to be deployed on any Kubernetes cluster with a single click. A network can be deployed across multiple Kubernetes clusters, which can span multiple locations and data centers. The Cloud Orbiter provides the following capabilities:

  • Multi-region, multi-data center deployment of Hyperledger Fabric network.
  • Management console for managing the network node, channels, applications etc.
  • Full monitoring and visibility related to network performance.
  • Document storage using a private network of Interplanetary File System (IPFS).
  • Asset tokenization application to easily create and manage assets in the Fabric Blockchain.
  • No code smart contract development using UI-based workflows.
  • REST and GraphQL APIs to integrate with applications.

Coredge’s Cloud Orbiter provides a comprehensive solution to help you manage workloads more effectively. You can manage your entire application stack in one place using Coredge Kubernetes Platform (CKP), which features a powerful automation capability, robust security, and an intuitive user interface. Cloud Orbiter helps you to streamline workflow and reduce complexity by managing applications, infrastructure, edge sites, and devices. It provides centralized management of your application deployment and infrastructure management needs. Coredge’s solution allows you to manage and monitor all your workloads and applications from one convenient location.

Cloud Orbiter provides the following capabilities:

  • Centralized infrastructure management.
  • Application orchestration: Applications can be deployed on any cluster or VM, whether in the cloud, on-premises or at the edge, streamlining workflows and simplifying cluster life cycle management for bare metal servers or virtual machines
  • Monitoring, alert notification, KPIs, event logging, metering, and troubleshooting of workloads on infrastructure and applications with comprehensive observability features.
  • Marketplace of applications and services to enhance flexibility and scalability in deploying and managing workloads.
  • Central IAM and RBAC Controls: Efficiently manage user access and permissions with centralized Identity and Access Management and Role-Based Access Control for enhanced multi-tenancy support.

Architecture Overview

The below diagram shows the overall solution which consists of the Hyperledger Fabric network deployed across multiple data centers and organizations.

Architecture Overview

The Hyperledger Fabric solution and related components are deployed on Kubernetes clusters. Each organization that is a part of the Blockchain network can decide which data center and region they want to host their nodes in. Organizations can also choose to have a dedicated Kubernetes cluster to host their resources or share the underlying cluster with other organizations that are part of the network. The deployment process consists of the following high-level steps.

  • Deploy Kubernetes cluster on your own DC or any public cloud using Cloud Orbiter or organizations can simply import existing Kubernetes clusters and start managing.
  • Connect multiple data center networks using Cloud Orbiter secure connect or any other existing inter-connectivity solutions that already exist.
  • Bootstrap the Kubernetes cluster with the initial network setup. This can be done using the simple step as search for Spydra addon on Cloud Orbiter and install which would install the required components to bootstrap the network.
  • Once the network is bootstrapped, further configuration and maintenance of the network are done through GitOps using Flux which is deployed as a pod during the bootstrapping process.
Hyperledger Fabric Deployment FlowCloud Orbiter · Multi-Data Center · GitOps-DrivenSTEP 1Deploy / ImportKubernetes ClusterCloud Orbiter · CKPSTEP 2Connect NetworksCloud Orbiter SecureConnect · Inter-DC LinksSTEP 3Bootstrap NetworkInstall Spydra Add-Onvia Cloud OrbiterSTEP 4GitOps ManagementFlux · Continuous DeliveryConfig · Maintenance · UpdatesEach organisation chooses its own data centre and Kubernetes clusterVault instance per org · TLS by default · Certificate Authority per organisationSpydra Control Plane & Orchestration Platform · Hyperledger Fabric · Cloud Orbiter

Security

Ensuring robust security and maintaining data privacy are critical considerations when deploying Hyperledger Fabric networks. As enterprise blockchain solutions handle sensitive information and facilitate trusted transactions, it is imperative to implement effective security measures and privacy controls. The Fabric network deployed inherently is secure by default and there are various features inbuilt that can be used to further enhance the security posture of the network:

  • Every cluster or DC added to the network is secure by the Unified RBAC of Cloud Orbiter.
  • Cloud Orbiter helps to achieve a Multi-Tenancy in Kubernetes and allows infrastructure admins to impose granular access permissions even on the namespace level.
  • Every organization decides where its resources are hosted. So, there is data isolation between the organizations in the blockchain by default.
  • Every organization gets a vault instance by default which runs in the corresponding Kubernetes cluster. This vault is used to securely store all the certificates, keys, and credentials needed to run the solution.
  • Organizations can also bring in their own Vault instead of using the default provided vault.
  • All the communications between all the components are protected using TLS by default.
  • Hyperledger Fabric participants (nodes, users, applications) need to authenticate using certificates. A certificate authority is provided by default per organization which is used to issue the certificates required for all entities within an organization.
  • Organizations can bring their own Root certificate also instead of the default provided one.
  • Data Protection: Cloud Orbiter provides essential data security features like pre-backup or post-backup triggers for custom operations, scheduled backups, and retention schedules.
  • Disaster Recovery: lowers the amount of time it takes for infrastructure loss, data leakage, and service interruptions to recover.
  • Data Migration: With Cloud Orbiter’s backup and recovery swiftly migrating the Kubernetes resources from one cluster to another provides cluster portability.
  • Zero Trust Security: Cloud Orbiter ensures a high level of security for the managed infrastructure.
  • Scalable Multi-cluster Management: Cloud Orbiter allows IT teams to efficiently manage multiple clusters at scale with governance and enterprise-grade security.
  • Continuous deployment: Cloud Orbiter supports Continuous Delivery, allowing you to automate the deployment process and quickly roll out updates to your applications, infrastructure, and services.
  • Version control: Cloud Orbiter platform uses Git as the source of truth for your infrastructure and application deployment, enabling version control for your deployments. You can easily track changes, rollbacks, and updates to your deployments with GitOps automation.
  • Application updates: With GitOps automation, you can easily deploy updates to your applications, infrastructure, and services. This enables you to improve application reliability and scalability while reducing downtime and risk.
Security ArchitectureZero-Trust · Multi-Org Isolation · TLS EverywhereOrganisation ADatacenter 1Kubernetes Cluster (CKP)Vault · Certificates · KeysCertificate Authority (CA)Fabric Peers · OrderersRBAC · Namespace IsolationCloud OrbiterUniversal Control PlaneUnified RBAC · Multi-TenancyGitOps (Flux) · Continuous DeliveryBackup · Disaster RecoveryTLS · Zero Trust · MonitoringOrganisation BDatacenter 2Kubernetes Cluster (CKP)Vault · Certificates · KeysCertificate Authority (CA)Fabric Peers · OrderersRBAC · Namespace IsolationTLSTLSEach org controls its own data · Shared ledger via Hyperledger Fabric channels

Conclusion

In conclusion, Hyperledger Fabric offers a robust and flexible framework for enterprises seeking to harness the potential of blockchain technology. Coredge’s Cloud Orbiter platform together provides a simplified, secure and reliable way of deploying production-grade enterprise networks spanning multiple data centers and different organizational boundaries. With a solid understanding of the deployment process, architectural considerations, and security measures, organizations are well-equipped to embark on their own blockchain initiatives, driving digital transformation, and unlocking new possibilities in their respective industries.

Download PDF