Flight Plan: Build private blockchain networks on Hyperledger Fabric

This BoosterPack was created and authored by: Senofi

DAIR BoosterPacks are free, curated packages of cloud-based tools and resources about a specific emerging technology, built by experienced Canadian businesses who have built products or services using that technology and are willing to share their expertise.

Ready for takeoff?

Here’s what you’ll find in this Flight Plan

Overview

What is Hyperledger Fabric?

Hyperledger is an enterprise-grade, open-source distributed ledger framework launched by the Linux Foundation in December 2015. Within the Hyperledger framework, Fabric, a highly-modular, decentralized ledger technology (DLT) platform, can be deployed for industrial enterprise use.

Blockchain and Distributed Ledger Technology (DLT) are terms often associated with cryptocurrency; however, we see them as a technology that solves major problems in the areas of distributed data and applications. To put it broadly, DLT is the general term for the technology and blockchain is one specific implementation type of DLT.

DLT technology has been used successfully to implement production-ready, distributed business applications that automate trust through transactions. The technology also enables secure data sharing between multiple businesses.

There are different definitions of DLT. Some are technical and sophisticated, while others are simple, but incomplete. One of the more accurate descriptions can be found on Wikipedia:

  • A distributed ledger (also called a shared ledger or distributed ledger technology or DLT) is a consensus of replicated, shared, and synchronized digital data geographically spread across multiple sites, countries, or institutions. Unlike with a distributed database, there is no central administrator.
  • A peer-to-peer network is required as well as consensus algorithms to ensure replication across nodes is undertaken. One form of distributed ledger design is the blockchain system, which can be either public or private.

Peer-to-peer networks and distributed database concepts are not new and there are plenty of mature implementations and products available (e.g., P2P file sharing, modern Distributed DBMS).

Peer-to-peer networks enable distributed application architecture that runs loads and tasks among peers. Those peers are equal participants in the application, and they form the so-called peer-to-peer network of nodes.

On the other hand, distributed database stores data across different physical locations, computers, or interconnected computers. Usually, distributed databases require central control and management.

The key breakthrough with DLT is that there is no need for central administration and the data is distributed across the network participants who operate their own network nodes. In other words, there is no central point of control and failure. This concept is extremely important when we use DLT and blockchain technology in the real business world where secure, consistent, and traceable transactions are key to success.

What value will Fabric DLT add to my business?

What is the value of DLT compared to solutions based on other technologies? Let’s focus on a few key problem areas that DLT can help solve.

Trust

If you have trust issues in your business partner network, DLT is a great solution. The DLT applications probably won’t be required to replace existing systems, but instead integrate and work together. A trust issue doesn’t necessarily mean there is no trust among partners or nodes in a business network; it can be a data-related problem where one party receives incorrect information from the other party. In those cases, it is difficult for the receiving party to validate the truthfulness of the received data.

For example, when a company pulls a credit report for a customer from their credit bureau partner, the quality of the received data is not guaranteed and the receiving party has no easy way to validate the consistency of the data. Frequently, companies implement complex and expensive business processes to mitigate those cases – for example, using manual audits and verification.

If there is a struggle to trust the data exchanged within a business network, a DLT-based solution is a great approach!

Transparency and Traceability

Business partners use their own internal software stack based on systems and applications provided and maintained by their software vendors and it is often impractical to have those systems integrated. Most of the solutions and concepts we currently use to make systems talk/exchange data are complex and expensive to implement and maintain (i.e., ETL, Web APIs, message queues, etc.). A single and simple bug in the communication chain may bring production systems down and significantly harm business network operations. One of the major problems in such cases is that business partners lack transparency on the business transactions and data being impacted.

The root cause of the transparency and traceability issue is the missing mechanism of performing deterministic and finite transactions within a business network. A DLT application where the network nodes are owned and operated by the participating partners can deliver full, real-time transparency and traceability of the transactions and data exchanged.

In other words, transparency and traceability are provided and embedded within the DLT technology itself. Best of all, a DLT business network won’t need long and expensive audits. The consistency and transparency of the data is in place in the instant the transaction is committed in the distributed ledger.

DLT has the potential to add value to a variety of industries and operations. A business network is not necessarily only an external network connecting partners; it could also be used internally where data needs to be verified and validated within a single organization. Here are a few industries where DLT could be useful:

  • Supply Chain – Build a supply chain network with real-time data on the orders, shipments, deliveries, and payments.
  • Healthcare – Securely share patient, research, or any other sensitive data among the participants of a single network.
  • Telecom – Enable secure sharing of sensitive customer or business data; use cases include both business-to-business and business-to-consumer.
  • Public Sector – Improve government operations and collaboration with the private sector.
  • Digital Identity & Privacy – Store and keep private any personal data. Enable users to give consent before the data is shared with participants in the network.

Why choose Hyperledger Fabric over the alternatives?

Hyperledger is an open-source community, focused on developing a suite of stable frameworks, tools, and libraries for enterprise-grade blockchain deployments. Hyperledger hosts the most prominent open-source projects under the Linux foundation. Hyperledger Fabric is one of the most popular projects under the Hyperledger hat.

Hyperledger Fabric is intended as a foundation for developing applications or solutions with a modular architecture. Hyperledger Fabric allows components, such as consensus and membership services, to be plug-and-play. Its modular and versatile design satisfies a broad range of industry use cases. It offers a unique approach to consensus that enables performance at scale while preserving privacy.

Best Practices

  • Plan ahead – it’s important to make the correct architectural decisions from the get-go because with Blockchain, it can be difficult to modify the data model and operations.
  • Start small, work on a proof of concept, and learn the technology.
  • Define and document the network structure, participants, and transaction committing rules.
  • Work with network participants to outline the minimum requirements for the nodes, so performance is not hindered by the weakest link.
  • Always use encryption and mutual TLS when it comes to communication among network nodes.
  • Use two separate Certificate Authority (CA) servers per organization. One CA to manage the organization’s identity certificates and one to manage the TLS certificates.
  • Plan to have monitoring and alerting services to avoid problems with the network, and keep it performing as expected. The more participants the network has, the higher the overhead will be.
  • When using CouchDB always consider creating indexes for fetching data from the peer Key Value Store (KVS).

For complete documentation on Hyperledger release 2.2.

Tips and Traps

  • Tip: Always consult HLF and HLF CA documentation on their official websites. Be sure to pick the correct version that corresponds to the version of HL software components used.
  • Tip: When possible, start with the most recent LTS (Long Term Support) release of HLF software. Pick the highest version possible to get the most recent features and bug fixes.
  • Tip: Use Mutual TLS to achieve best security on communication channel level. That way the nodes will verify the TLS client certificates before opening the protocol level communication.
  • Tip: TLS certificates of the nodes (peers/orderers) may have the nodes’ DNS names under their certificate name’s tag. That way the nodes can be easily moved on different IP addresses without a need to change the TLS certificates.
  • Tip: Usually, Kubernetes and Docker are used to orchestrate the network nodes of an organization. Both tools are open-source and well supported by their communities. No need to run the network on a VM OS directly, as this may become a challenge to maintain and operate properly.
  • Tip: A peer can be removed from the network by revoking its identity and destroying its container. When removing a peer, make sure it is not an anchor peer as this may impact cross-organization operations and communications. It is best first to replace the anchor peer on the channels with a new peer and then proceed with the removal process.
  • Trap: Avoid using local VM file system or volumes to store the nodes data (ledger, KVS). Instead, use attachable volumes (persistent storage) to avoid losing data when the VM crashes. Dedicated persistent storage is easily backed up and restored.
  • Trap: The issued TLS certificates usually have a validity date. Make sure you rotate the certificates before they reach the end date so that the nodes and users can continue communicating without interruption. The rotation of the TLS certificates of the ordering service is an extremely important process that must be planned for upfront and executed promptly.

Resources

Consult the tutorials and documentation below for more detail on the technology and how to use it.

Tutorials

The table below provides a non-comprehensive list of links to tutorials that we’ve found to be most useful.

Tutorial ContentSummary
Deploying a Production NetworkA high-level overview of the proper sequence for setting up production Fabric network components. It discusses best practices and a few of the many considerations to keep in mind when deploying.
Deploying a Smart Contract to a ChannelReviews the steps necessary to have a new smart contract deployed onto the Fabric network.
Adding an Org to a ChannelDescribes the step-by-step process of adding a new organization to an existing channel.
HLF Command Line ReferenceList of commands to manage HLF networks and chain codes.
HLF Peer Channel CommandsDetailed command description to manage and operate channels on a peer, e.g., how to join a peer on a channel.
HLF Ordering Channel CommandsDetailed command description to manage and operate channels on an orderer, e.g., how to join an orderer on a channel or create new channels.
How to Upgrade to a New HLF VersionRecommendations for upgrading to the newest release of HLF.
How to Develop Applications on HLFDetailed guideline on how to develop applications to solve a business problem with HLF.
Private Data Collections in HLFWhat Private Data Collections are and how to achieve privacy on the blockchain.
Security Model in HLFOverview of the HLF security model, including topics like policies, permissioning, TLS, HSM, etc.
Hyperledger Certificate Authority User GuideEssential information on how to operate and manage an HL CA serve, including how to register, enroll and revoke an identity.

Documentation

Please see the table below for a set of documentation resources for Hyperledger Fabric.

DocumentSummary
Introduction to Hyperledger FabricLearn about Hyperledger Fabric from the source, in this brief introduction to the product and the technology behind it.

 

Support

Mailing lists are a great way to stay connected to the community and find answers to your technical questions. Subscribe to the Fabric mailing lists.

Got it? Now let us show you how we deployed it on the DAIR Cloud…

Hyperledger Fabric Sample Solution

This sample solution demonstrates how you can use Hyperledger Fabric for a private network by showing a blockchain network of three participants sharing transactional data.

For pharmaceutical companies needing secured trials records, the Sample Solution describes how Hyperledger Fabric is used to record trial cases and allows participants to communicate trial case data in a secure and trustworthy way. Unlike typical centralized solutions where a single source of truth may cause a lack of trust, this Sample Solution distributes all the data among the participants and achieves real-time data sharing to provide transparency to all parties.

This Sample Solution showcases the following technologies:

  • Hyperledger Fabric,
  • JS,
  • Web Application in Java,
  • Chaincode in Java, and
  • Docker.

Please see the Sample Solution to see Hyperledger Fabric in action