Should number of applications and number of peer nodes be equal? - hyperledger-fabric

I was reading the documentation of hyperledger (https://hyperledger-fabric.readthedocs.io/en/release-2.2/network/network.html) and I have a question from this paragraph
We can see that the careful addition of peers to the network can help support increased throughput, stability, and resilience. For example, more peers in a network will allow more applications to connect to it; and multiple peers in an organization will provide extra resilience in the case of planned or unplanned outages.
Does the sentence more peers in a network will allow more applications to connect to it mean that one application should be communicating with one peer node and thus number of nodes should be equal to the number of applications on the channel?
If so why can't multiple applications just communicate directly to one node instead?

As part of planning to create a peer, you will need to consider your strategy at an organization level in order to ensure zero downtime of your components. This means building redundant components, and specifically redundant peers. To ensure zero downtown, you need at least one redundant peer in a separate virtual machine so that peers can go down for maintenance while client applications go on submitting endorsement proposals uninterrupted.
Along similar lines, client applications should be configured to use Service Discovery to ensure that transactions are only submitted to peers that are currently available. As long as at least one peer from each organization is available, and service discovered is being used, any endorsement policy will be able to be satisfied. It is the responsibility of each organization to make sure their high availability strategy is robust enough to ensure that at least one peer owned by their organization is available at all times in every channel they’re joined to.

Related

Specify endorsing peer when Service Discovery is disabled

I have a Hyperledger-Fabric network with two organisations: Org1 and Org2.
The service discovery is disabled.
When organization 1 submits a transaction in a channel, can he designate endorsing peer of other organizations in the channel to endorse it?
How to do it? Since the service discovery is disabled, organization1 may generate peer info from the channel config block?
It would help to say which client API and/or language you are using.
With discovery disabled, your client is only going to know about the nodes defined in the connection profile that it uses to connect to the network. For a Node client, you can use setEndorsingOrganizations() or setEndorsingPeers() on the Transaction object. For Java you can use setEndorsingPeers() on the Transaction object. For Go you can use the WithEndorsingPeers option.
I would recommend configuring discovery in your network and using it in your clients. You will need to have discovery enabled to use the new Fabric Gateway service and Fabric Gateway client API introduced with Fabric v2.4. If you can use that, I would highly recommend it instead of the legacy SDKs.

Should Hyperledger Fabric be with a host in DMZ

I'm seting up a production environment of Hyperldger Fabric 1.4 and one of my concerns is connectivity with third party systems. Since the infrastructure is not running inside a VPN and third party systems available to public are generating load for our network, I am skeptical about allowing for a connection over public network directly into Hyperledger Composer API. I am wondering if anybody has experience with performance when deploying a intermediary host that is solely allowed to communicate with Hyperledger network?
Don't see a problem with that, if you need that kind of setup. If you use composer you will have an API to communicate with your network. Nothing stops you from creating another app that solely communicates with this API.
The performance depends on other factors, like number of requests, size of data, frequency of data.
Also, don't forget that the Hyperledger API needs to be secured. As for public access, there should be any, the whole point of Hyperledger is to allow only known entities to connect and do whatever needs to be done.

Are channels in hyperledger fabric independent private blockchains?

I am trying to understand the fabric architecture. If channels are independent blockchains then how is it connected to other blockchains in different channels in the same network? Also, can members of the same networks see the blockchain of a different channel?
Answer to first question: They are not connected. The different channel runs on the same network i.e. they may share peers/orgs/orderers, but that's it.
Second, yes, they can, if the members have subscribed to both the channels.

Hyperledger Fabric/Composer: Architecture for a multi-org network

I'm doing a POC that involves 4 types of entities. All of them will have different types of participants in the network. I have drafted out an architecture that needs validations and considerations that I might be missing out.
Architecture:
Created 4 Orgs on the Fabric. One for each of the entities.
The first org contains 1 CA, 1 Orderer, and 2 Peers.
The other three org contains 1 CA and 2 Peers.
All the Orgs will run on a different host machine.
All the Orgs are on the same channel.
Employ docker swarm to create an overlay and make these containers talk to each other.
Next, setup composer REST server on each of these machines, such that the PeerAdminCard and BusinessAdminCard are logically mapped to its own Org.
Use permissions.acl to control access to the participant's data.
A central server will get the requests from all these Org's client and pass it to the respective composer REST server.
Questions that I have pertaining this one:
Is this feasible to implement or am I missing any crucial point?
If we use docker swarm, then there will be a kind of master-slave communication. Does it break the essence of the blockchain?
There are different interactions happening between the clients and that is the purpose of using a central server. Is there other way to handle this without a central server?
Is the acl file enough to control access to the data? If someone has a physical access to the peer's couchdb, he'll be able to see the other participant's data?
Any guidance or references will be helpful.

Peer discovery in multiple Org network

We are setting up a multi-Org network, and have Anchor Peers defined and installed. We understand that Anchor Peers are used in peer discovery, but one question remains open: When a client needs to collect endorsements, how does it discover peers in the other Org to direct proposals to for endorsement? Is the Anchor Peer a "directory service" (and if so, how do we read the directory from the client SDK), or is it a "gateway" (and if so, how do we say how many endoresments we are trying to gather)?
When a client needs to collect endorsements, how does it discover
peers in the other Org to direct proposals to for endorsement?
Excellent question. There is a document for that.
Pasting below the relevant part:
The service runs on peers – not on the application – and uses the network metadata information maintained by the gossip communication layer to find out which peers are online. It also fetches information, such as any relevant endorsement policies, from the peer’s state database.
With service discovery, applications no longer need to specify which peers they need endorsements from. The SDK can simply send a query to the discovery service asking which peers are needed given a channel and a chaincode ID.
In a nutshell, starting from Fabric v1.2, the SDK can query a peer for the peers it needs to request endorsements from.
Is the Anchor Peer a "directory service"
No, it is not. The idea is that starting from Fabric v1.2, every peer that you trust as a client (i.e - a peer that belongs to your own organization) can serve your SDK as a discovery service endpoint.
There is also a brand new (friendly to use!) CLI tool that is included in v1.2 and can be used to query the discovery service on a peer.
There should be documentation published for the various SDKs once v1.2 is released.
or is it a "gateway" (and if so, how do we say how many endoresments
we are trying to gather)?
It is also not a gateway, it's only used for peers to bootstrap their membership view when they startup or join a channel.

Resources