I'm seting up a production environment of Hyperldger Fabric 1.4 and one of my concerns is connectivity with third party systems. Since the infrastructure is not running inside a VPN and third party systems available to public are generating load for our network, I am skeptical about allowing for a connection over public network directly into Hyperledger Composer API. I am wondering if anybody has experience with performance when deploying a intermediary host that is solely allowed to communicate with Hyperledger network?
Don't see a problem with that, if you need that kind of setup. If you use composer you will have an API to communicate with your network. Nothing stops you from creating another app that solely communicates with this API.
The performance depends on other factors, like number of requests, size of data, frequency of data.
Also, don't forget that the Hyperledger API needs to be secured. As for public access, there should be any, the whole point of Hyperledger is to allow only known entities to connect and do whatever needs to be done.
Related
I want to make a secure hyperledger fabric infrastructure to manage all nodes based on physical devices.
The front-end user application writes to HL. It asks for a random node and if it answers application sends request and payload.
What is the best way to guarantee private communication between off-chain frontend app and hyperledger?
I have already created private domain secured by SSL certificate for every node but this method doesn’t sound scalable - what if we have 10k nodes? Is there a better approach?
If your intent is to communicate directly with the Peer, the endpoint's already able to be secured with TLS.
However, under an ideal situation, your web app, would communicate with your back-end server (lets say NodeJS Express server). Your Express server would be TLS secured and your web app would communicate via https. Your Express server would then use the Fabric Node SDK to communicate with your network, which is also TLS secured communication. You're not configuring anything more extensively than you would have while building a TLS-secured web server in the first place.
To your last point, who owns the 10k nodes? An organization would only be expected to own a few nodes, and your few nodes would be handling your transactions, you wouldn't be submitting to other organizations peers. You owning so many peer's in a network would defeat the purpose of Fabric's consensus, allowing you to compromise the network by always being able to provide policy quorum.
I am working on setting up a Business Network for Multiple Organizations (two physical machines).
I did the setup of a business network using Hyperledger Composer Playground and achieved querying, rest-server implementation etc.
I have configured a multi-org (multiple organizations) setup for a single business network in a single cloud server (Reference link used: https://hyperledger.github.io/composer/latest/tutorials/deploy-to-fabric-multi-org). But, as in real scenario, I want to configure a multi-org functionality with two separate cloud servers.
I met with an error like below.
Error: Unable to Communicate with Peers. Peers not found.
Version of Composer : latest
Version of Fabric : V1.0
Thanks in Advance.
If you are using Composer latest (v0.19) then you have to use Fabric v1.1.
If you are Running on 2 servers with 2 IP addresses you need to solve the communications (IP Addressing and Routing) between you client and the servers, and between the containers on each server.
For the client to server you need to manage the addresses in the connection.json files for composer.
For the connectivity between the Peers and other containers the correct solution is to use Kubernetes or Docker Swarm to manage the addressing/routing. It is possible to use the extra_hosts feature of docker-compose for a simple demo but you might be restricted to one peer per org because of port conflicts.
I have created an application using "Hyperledger Composer"
https://hyperledger.github.io/composer/tutorials/developer-guide.html
Its working fine on my local machine and I am able to access REST API's over local network.
I would like to setup real network. What I mean is multiple hosts and peers. I have been trying to figure out steps/guideline to setup a real fabric v1 network and deploy application on it, but haven't had any luck yet.
My Questions are
What are the steps of deploying real Fabric 1.0 network with multiple hosts, peers?
How to deploy application in real network (once its setup)?
Appreciate any direction here.
If you have a couple of linux VMs with ssh keys configured so you can ssh without prompting for a password you may try https://github.com/yacovm/fabricDeployment
What kind of API needs to be exposed to allow outside access to a Hyperledger Fabric private network?
Are there any specifications describing this?
Thank you in advance for any enlightenment.
Hyperledger Fabric is designed to develep privated (permissioned) network. So, anyone who wants to acces to the network should have permissions for it. Hyperledger Fabric allows the acces to the network throught certificates, for wich it provides a CA. The CA allows you to control who are going to have acces to the netwotk. You register who you want.
Moreover, Hyperledger Fabric provides you a SDK wich makes it easy to use APIs to interact with a Hyperledger Fabric blockchain. More infor about it here.
I implemented hyperledger composer tutorial and create a simple business network definition and deploy it on through composer and implement it's rest API's through composer-rest-server. Now I want to add one more peer to it on a different local machine which can access blockchain I created previously, so my question is How can I achieve that a different peer node (another local machine) connected to blockchain I created in the composer tutorial?
you can check the S/Overflow link provided by Ahmed Nasser relating to adding your peer to an existing Fabric network.
Once you have your Fabric network up and running, and all of your network configuration / resolution / docker configuration tested and working, you can come to Composer to define the connection info, such as adding additional peers (and therefore create the requisite business network cards that contain that info).
This single organisation tutorial can give you an idea of what's involved - it builds upon a Fabric network that was already created (a simple, one-peer Fabric blockchain Dev environment) ..see here -> https://hyperledger.github.io/composer/tutorials/deploy-to-fabric-single-org.html
It obviously refers to 'localhost' in this scenario - obviously, you are creating something on an IP network, so you will need IP addresses/ host resolution as appropriate.