Professional Documents
Culture Documents
Manoj S P
Open Source Solution's Specialist
manojs@sg.ibm.com
Agenda for Discussion ..
1
The Buzz ..Every one are talking about them
At the heart of decentralized systems such as Bitcoin is a revolutionary
platform – the “blockchain”
Account owners
Bank balances
Transaction records
New
Transactions
2016
62k+ IBMers contributing to 150+ Open Orgs
1999
Open Source in the Enterprise
https://www.blackducksoftware.com/future-of-open-source
Open Explained
• OPEN is enticing:
– Done correctly: reduce cost base prevent vendor lock in, Open
leverage large community Standards
As with Java, Linux, Open Stack, Node and Spark, industry can advance Hyperledger (open
blockchain) technology and focus it on the requirements of industrial use cases by working
together through an open source foundation
What? How?
• Enterprise grade specification • Community led
– Functional & non-functional • Open Governance
• Help build open source fabric • Promote use and support
• Licensing (Apache / OSS) • Advisory board
Hyperledger Fabric
<is-a>
End User <is-a> Register Issue E-Cert
Users Certificates T-Cert
Chain Transactor Chain Validator
Manage
Chain Network User Certs.
Validating
Construct Node
<node in>
Transactions
Initiate Query Validate
Transactions Transactions Transactions
Forward
Transactions
V
Audit
Transactions <node in>
Non-Validating Maintain
Node Ledger Chain Network
Execute <types of>
Consensus &
Industry Network
<is-a> Update
Regional Network
Network Auditor Chain Auditor Ledger
g
Application Network
Hyperledger Membership Services Note: Deployment Transaction: Transactions that deploy
chaincode to a chain
Invocation Transaction: Transactions that invoke a function on
chaincode
Hyperledger Security Overview
Privacy-
preserving
Authentication Transaction Crypto
Confidentiality Secured
Example:
OpenChainMessage
gRPC
V Discovery Transaction Synchronization Consensus
V
Discover Deploy, Catch up Initiated when
peers in the Invoke and with other chain Tx is
network Query peers received
Nodes
OBC data structures, messages, and services are Message payloads are opaque byte arrays containing either
described using proto3. the Transaction object or Response.
Protocol Buffers serialize data structures for data Transaction is always associated with a chaincode spec that
transfer between peers. defines the chaincode and the execution environment.
Hyperledger Chaincode implements Smart Contract
Chaincode is application code deployed as a transaction to be distributed in the network, managed by validating nodes, and
implemented as Docker containers. Chaincode implemented in Go language.
• Register with Validating Node using • Each Chaincode can define its own • World state refers to collection of
ChainCodeID persistent state variables (key-value) states of all deployed chaincode
• Call Invoke on Chaincode Interface to • Chaincode can update the state • Organized as a bucket-tree to enable
initialize based on Invoke Tx efficient crypto-hash
Hyperledger Ledger
Message Block{
<Hash>
}
Message BlockTransactions{
List of Tx World State Hash
}
Hash of the Block based on FIPS 202
Hyperledger Pluggable Consensus Framework
Identifies consensus
plugin used by SIEVE
validating peers
controller
Extends PBFT to handle non-deterministic
Enables consensus
transactions by leveraging Execute-Verify
plugin to interact with (EVE) replication mechanism.
OBC stack (e.g.
message handling)
helper
Hyperledger Fabric – Sample Application Architecture
Blockchain
application
Monitoring
Dashboards
Control, Search
Blockchain Blockchain
Application Fabric
Certificate
Blockchain Authority
Application
Chaincode Transactions
Non
Validator
REST Smart
Validators
Contrac
(Consensus)
t
Hyperledger
API
Blockchain
Application
Smart Contracts & Containers
LinuxONE Blockchain : Leveraging Open Source
OpenShift Cloud Foundry Juju BlueMix
Platform Connectors
as-a-Service For RedHat For SUSE, Ubuntu For Ubuntu IBM
Physical Storage
Infrastructure
Switches
Each Distro (SUSE, RedHat, Ubuntu) will have its own flavor of a cloud stack
What are Docker basic functions?
Describes steps to build Build Store Run
container automatically
from source
Dockerfile for
Application
Container A
Container N
Image N
Container B
Source Code Get N Run N
(Build) Image
Repository Repository …
Push new
Image to
Repository
Docker Engine
Host OS
Client
z Systems Server
22
High Level View of the Infrastructure
App Layer
Application
Middleware
Docker 1.11
z Systems Hardware
Hyperledger Solutions Architecture…
Protocol REST
Programming
Database
IBM Systems
High level Infrastructure View
Use of Containers in Blockchain
9 We can build blockchain chain code as Docker images that hold your
business logic and automation code.
9 Docker containers can be created from those Docker images to run your
chain codes.
9 Consortium can share those chain code docker images via private registry
Hyperledger Chaincode implements Smart Contract
Chaincode is application code deployed as a transaction to be distributed in the network, managed by validating nodes, and implemented as
Docker containers. Chaincode implemented in Go language.
Deploy • PUT_STATE
V • GET_STATE
Transaction
• DEL_STATE Chaincode
• RANGE-QUERY_STATE States
<launch> Chaincode
<gRPC Link> V
Chaincode
Invoke
Query
• Register with Validating Node using • Each Chaincode can define its own • World state refers to collection of states
ChainCodeID persistent state variables (key-value) of all deployed chaincode
• Call Invoke on Chaincode Interface to • Chaincode can update the state based on • Organized as a bucket-tree to enable
initialize Invoke Tx efficient crypto-hash
Hyperledger Chaincode implements Smart Contract – SWIFT MT700
Container N
Container N
Docker Engine
Secure Service
Container
High-Security
Plan User
Other User
Hyperledger
LinuxONE platform
Overview: https://console.ng.bluemix.net/docs/services/blockchain/etn_ssc.html
HSBN on LinuxONE : Reference Architecture
Security Layer 1
Chaincode 0
Chaincode 1
Chaincode j
Internet
Security Layer 2
Security Layer 3
Internet
Internet
Proxy Proxy
Peer 0 . . . Peer 3
Load
Balance
r
48 GB RAM
48 GB 48 GB
Memor Memor Secure Service Container
y y
• Protection against misuse of privileged user • Hardware accelerators: • Highly auditable operating • Open-source Hyperledger
credentials: Blockchain operating environments and data Crypto optimization environment: Hardware code along with a single,
are protected by secured service containers against supports an environment and firmware audit logs integrated stack.
access and abuse by root users, system administrator that moves hashing and provide information about
credentials and other privileged user access. These symmetric encryption to any critical actions done to
Blockchain instances are locked so they must deployed to accelerators and optimizes system such as replacing
system models configured to our high security settings. digital signatures to reduce hardware or changing
• Malware protection: Blockchain data and software is drain on CPU performance. configurations. This allows
protected from malware being installed. such changes to be audited,
• Protection of peers from one another: Blockchain peers including verification of
are able to run in protected, isolated environments to unauthorized actions.
prevent deliberate or unintentional leakage of information
from one party's environment to another.
• Key safety: Identity, communications, and data privacy
are safeguarded by having all keys in a secure services
container. For our general-availability release, enrollment
key security will be further enhanced by implementing
“secure key” using our tamper-resistant crypto-card.
Additional security and privacy benefits
Prevent Edward Protection against misuse of Our differentiation is that IBM Secure Service Containers prevent system admins with
Snowden-type attack privileged user credentials access to the hardware from disabling the restrictions as it is possible on other
environments:
• No access to the data store
• No ability to modify any of the code in the container
• All data leaving the container is encrypted
HOW: We do this by encrypting all data on the disk; only the machine hardware has the
keys—there are no keys accessible to privileged users. Only authorized APIs are available
(not the underlying software). For example on other systems, system admins can disable
SELinux on the Redhat Enterprise Linux, then get full access to the system.
Data Privacy Participants in a business network Because each peer in the network has a copy of all data from all parties, we do not want
can’t see each other’s private data the owner of each peer to be able to look at the data stored in the peer. The container
prevents the machine owner from peeking /viewing the raw data. The only thing a peer
owner can do is start or stop a peer.
HOW: All peer data and code is encrypted all the time. The peer owner does not have the
keys.
Thank You
Manoj S P
Open Source Solution's Specialist
manojs@sg.ibm.com