Building Blockchain Applications with Corda Enterprise on AWS
By Tony Vattathil, Solutions Architect at AWS
By Lana Kalashnyk, Partner Solutions Architect at AWS
Blockchain presents an open technology layer that enables business platforms to connect and scale. The decentralized architecture of a blockchain can serve as a better foundation for removing inefficiencies in globally distributed networks of value exchange within multiple industries.
Let’s look at an example from trade finance, which is inherently decentralized. Trying to match centralized architecture to this decentralized process has led to data silos and other problems.
By changing the structural foundation of trade finance, blockchain presents an opportunity to narrow gaps in an unconventional way. Learn more about how blockchain on Amazon Web Services (AWS) addresses common trade finance shortfalls.
Blockchain has long been predicted to have the ability to disrupt value chains in finance an other industries. However, permission-less blockchain platforms in which data is shared with all parties may not fit well in enterprise use cases with strict data privacy and compliance requirements.
About Corda Enterprise on AWS
Corda Enterprise from AWS Partner Network (APN) Advanced Technology Partner R3 harnesses the most appropriate elements from the Corda platform—smart contract technology, immutability, and consensus on the shared perception of truth—and fine tunes them for the enterprise market.
Corda Enterprise adds features like a Blockchain Application Firewall, support for SQL Server databases, and easy back-office integrations in a highly available and redundant configuration.
R3 is an enterprise blockchain software firm working with a broad ecosystem of more than 200 members and partners across multiple industries from both the private and public sectors to develop on Corda, its open-source blockchain platform, and Corda Enterprise, a commercial version for enterprise usage.
Goals for this Post
In this post, we will go over:
- The structure of a Corda Enterprise Network
- Launching a production-ready Enterprise Corda deployment via the Corda Enterprise Quick Start
- Connecting to Corda TestNet
- Deploying a Sample Financial CorDapp (Corda Decentralized Application)
- Connecting a remote Corda Explorer to your Corda Enterprise Node on AWS
- Sending and tracking a Sample Transaction to the Corda Enterprise Deployment on AWS
Structure of a Corda Enterprise Network
A Corda network is an authenticated peer-to peer network of nodes, where each node is a JVM run-time environment hosting Corda Services and executing applications called CorDapps. All communications between nodes are direct, with TLS-encrypted messages sent over AMQP/1.0.
This means data is shared on a need-to-know basis. There is no global broadcast of messages to ensure any deployment can meet strict data privacy and compliance requirements in regulated industries.
Corda networks are semi-private. Each network has a doorman service that enforces rules regarding the information that a node must provide to satisfy KYC (know-your-customer) requirements before being admitted to the network. In this post, we will use Corda Testnet to provide a root-authority-signed TLS certificate for the network’s permissioning service.
Figure 1 – The structure of a Corda Enterprise Network.
Launching the Corda Enterprise Quick Start
The Corda Enterprise Quick Start allows for automation of repeatable deployments of Enterprise Corda Nodes for any organization participating in a Corda network, all doing it within their own AWS account.
The Quick Start takes the best Corda Enterprise features and adds extra layers of hardened security, ease of configuration, monitoring, and high availability guarantees through native integrations with AWS services like Amazon Relational Database Service (Amazon RDS), Amazon Elastic File System (Amazon EFS), Amazon Virtual Private Cloud (Amazon VPC), and Amazon CloudWatch.
Figure 2 – Architecture of the Corda Enterprise Quick Start.
Setting up a TestNet Account
By design, the provisioned Corda Enterprise Node deployment can connect to any Corda Network. As a default, and to get you up and running quickly, the Quick Start automatically provisions a connection to the Corda Testnet via the addition of a one-time key that can be obtained by logging on to the Corda TestNet website.
Generate a one-time Activation Key here, and then create a Testnet account and login. Select Create New Node, and choose Copy to pull the command into your clipboard. The key will look like this:
sudo ONE_TIME_DOWNLOAD_KEY=c1ffee22-88a8-4ab3-b46f-1a71bc67<your code here> bash -c “$(curl -L https://testnet.corda.network/api/user/node/install.sh)”
In this example, the one-time key is c1ffee22-88a8-4ab3-b46f-1a71bc67xxxx .You will use this key as the ‘OneTimeKey’ parameter passed to the AWS CloudFormation template. Note that each one-time key stays active for 60 minutes, after which you need to generate a new activation code by reloading the Create New Node page in the Corda Testnet portal.
Launching the Corda Enterprise Quickstart
AWS Quick Starts are automated reference deployments that use AWS CloudFormation templates to deploy key technologies on AWS, following AWS best practices. This Quick Start creates a deployment of a single, logical Corda Node within a new or an existing VPC in your AWS account.
To get started, visit the Corda Enterprise Quick Start page. You can find detailed instructions on the Corda Enterprise reference deployment in the Corda Enterprise Blockchain on the AWS Cloud deployment guide.
Here are sample parameters for the Corda Enterprise Quick Start CloudFormation template:
Figure 3 – Sample parameters for the Corda Enterprise CloudFormation template.
For a secure deployment, specify only the remote access IP addresses you would like to have access to your Corda Node (RemoteAccessCIDR, CordaAccessCIDR, CordaRPCAccessCIDR).
Note that Corda Enterprise leverages Amazon EFS as the storage layer. Be sure to choose an Amazon EFS-supported region: US East (N. Virginia), US East (Ohio), US West (Oregon), EU (Ireland), or Asia Pacific (Sydney). The full list of AWS regions can be found here. Once the stacks are finished building, you are ready to deploy Corda Distributed Applications to your node.
Deploying CorDapps to Your Corda Enterprise Node
CorDapps (Corda Distributed Applications) are distributed applications that run on the Corda platform. The goal of a CorDapp is to allow nodes to reach agreement on updates to the ledger. They achieve this by defining flows that Corda Node owners can invoke through RPC calls. Learn more about CorDapps here.
CorDapps are made up of the following components:
- States, defining the facts over which agreement is reached
- Contracts, defining what constitutes a valid ledger update
- Services, providing long-lived utilities within the node
- Serialization whitelists, restricting what types your node will receive off the wire
To get you started quickly, let’s deploy a sample Financial CorDapp to our Corda Enterprise Node. As opposed to permissionless blockchain applications, Corda allows for point-to-point communication between parties within a said network. Each node you would like to be able to leverage a given CorDapp needs to deploy that application on their local Corda Node.
From the CloudFomation console, select the Corda Infrastructure Stack and then click on the Outputs tab. Note the Public IP address for CordaInstance and CordaColdInstance.
Figure 4 – Output values for the Corda Infrastucture CloudFormation stack.
Next, open an ssh session to the CordaInstance and CordaColdInstance. For example:
Now, stop Corda services on both nodes:
sudo systemctl stop corda
On the hot node (CordaInstance), download the binaries for your CorDapp into your home directory:
R3 – APN Partner Spotlight
R3 is an APN Advanced Technology Partner. They build blockchain technology to transform the way the world does business. R3’s global network of partners works to develop innovative apps for finance and commerce on the Corda blockchain platform.
*Already worked with R3? Rate this Partner
*To review an APN Partner, you must be an AWS customer that has worked with them directly on a project.