Building Blockchain Applications with Corda Enterprise on AWS

By Tony Vattathil, Solutions Architect at AWS
By Lana Kalashnyk, Partner Solutions Architect at AWS

Blockchain presents an open technology layer that enables business platforms to connect and scale. The decentralized architecture of a blockchain can serve as a better foundation for removing inefficiencies in globally distributed networks of value exchange within multiple industries.

Let’s look at an example from trade finance, which is inherently decentralized. Trying to match centralized architecture to this decentralized process has led to data silos and other problems.

By changing the structural foundation of trade finance, blockchain presents an opportunity to narrow gaps in an unconventional way. Learn more about how blockchain on Amazon Web Services (AWS) addresses common trade finance shortfalls.

Blockchain has long been predicted to have the ability to disrupt value chains in finance an other industries. However, permission-less blockchain platforms in which data is shared with all parties may not fit well in enterprise use cases with strict data privacy and compliance requirements.

About Corda Enterprise on AWS

Corda Enterprise from AWS Partner Network (APN) Advanced Technology Partner R3 harnesses the most appropriate elements from the Corda platform—smart contract technology, immutability, and consensus on the shared perception of truth—and fine tunes them for the enterprise market.

Corda Enterprise adds features like a Blockchain Application Firewall, support for SQL Server databases, and easy back-office integrations in a highly available and redundant configuration.

Deploy Corda Enterprise on AWS with New Quick Start >>

R3 is an enterprise blockchain software firm working with a broad ecosystem of more than 200 members and partners across multiple industries from both the private and public sectors to develop on Corda, its open-source blockchain platform, and Corda Enterprise, a commercial version for enterprise usage.

Goals for this Post

In this post, we will go over:

The structure of a Corda Enterprise Network
Launching a production-ready Enterprise Corda deployment via the Corda Enterprise Quick Start
Connecting to Corda TestNet
Deploying a Sample Financial CorDapp (Corda Decentralized Application)
Connecting a remote Corda Explorer to your Corda Enterprise Node on AWS
Sending and tracking a Sample Transaction to the Corda Enterprise Deployment on AWS

Structure of a Corda Enterprise Network

A Corda network is an authenticated peer-to peer network of nodes, where each node is a JVM run-time environment hosting Corda Services and executing applications called CorDapps. All communications between nodes are direct, with TLS-encrypted messages sent over AMQP/1.0.

This means data is shared on a need-to-know basis. There is no global broadcast of messages to ensure any deployment can meet strict data privacy and compliance requirements in regulated industries.

Corda networks are semi-private. Each network has a doorman service that enforces rules regarding the information that a node must provide to satisfy KYC (know-your-customer) requirements before being admitted to the network. In this post, we will use Corda Testnet to provide a root-authority-signed TLS certificate for the network’s permissioning service.

Figure 1 – The structure of a Corda Enterprise Network.

Launching the Corda Enterprise Quick Start

The Corda Enterprise Quick Start allows for automation of repeatable deployments of Enterprise Corda Nodes for any organization participating in a Corda network, all doing it within their own AWS account.

The Quick Start takes the best Corda Enterprise features and adds extra layers of hardened security, ease of configuration, monitoring, and high availability guarantees through native integrations with AWS services like Amazon Relational Database Service (Amazon RDS), Amazon Elastic File System (Amazon EFS), Amazon Virtual Private Cloud (Amazon VPC), and Amazon CloudWatch.

Figure 2 – Architecture of the Corda Enterprise Quick Start.

Setting up a TestNet Account

By design, the provisioned Corda Enterprise Node deployment can connect to any Corda Network. As a default, and to get you up and running quickly, the Quick Start automatically provisions a connection to the Corda Testnet via the addition of a one-time key that can be obtained by logging on to the Corda TestNet website.

Generate a one-time Activation Key here, and then create a Testnet account and login. Select Create New Node, and choose Copy to pull the command into your clipboard. The key will look like this:

sudo ONE_TIME_DOWNLOAD_KEY=c1ffee22-88a8-4ab3-b46f-1a71bc67<your code here> bash -c “$(curl -L https://testnet.corda.network/api/user/node/install.sh)”

In this example, the one-time key is c1ffee22-88a8-4ab3-b46f-1a71bc67xxxx .You will use this key as the ‘OneTimeKey’ parameter passed to the AWS CloudFormation template. Note that each one-time key stays active for 60 minutes, after which you need to generate a new activation code by reloading the Create New Node page in the Corda Testnet portal.

Launching the Corda Enterprise Quickstart

AWS Quick Starts are automated reference deployments that use AWS CloudFormation templates to deploy key technologies on AWS, following AWS best practices. This Quick Start creates a deployment of a single, logical Corda Node within a new or an existing VPC in your AWS account.

To get started, visit the Corda Enterprise Quick Start page. You can find detailed instructions on the Corda Enterprise reference deployment in the Corda Enterprise Blockchain on the AWS Cloud deployment guide.

Here are sample parameters for the Corda Enterprise Quick Start CloudFormation template:

Figure 3 – Sample parameters for the Corda Enterprise CloudFormation template.

For a secure deployment, specify only the remote access IP addresses you would like to have access to your Corda Node (RemoteAccessCIDR, CordaAccessCIDR, CordaRPCAccessCIDR).

Note that Corda Enterprise leverages Amazon EFS as the storage layer. Be sure to choose an Amazon EFS-supported region: US East (N. Virginia), US East (Ohio), US West (Oregon), EU (Ireland), or Asia Pacific (Sydney). The full list of AWS regions can be found here. Once the stacks are finished building, you are ready to deploy Corda Distributed Applications to your node.

Deploying CorDapps to Your Corda Enterprise Node

CorDapps (Corda Distributed Applications) are distributed applications that run on the Corda platform. The goal of a CorDapp is to allow nodes to reach agreement on updates to the ledger. They achieve this by defining flows that Corda Node owners can invoke through RPC calls. Learn more about CorDapps here.

CorDapps are made up of the following components:

States, defining the facts over which agreement is reached
Contracts, defining what constitutes a valid ledger update
Services, providing long-lived utilities within the node
Serialization whitelists, restricting what types your node will receive off the wire

To get you started quickly, let’s deploy a sample Financial CorDapp to our Corda Enterprise Node. As opposed to permissionless blockchain applications, Corda allows for point-to-point communication between parties within a said network. Each node you would like to be able to leverage a given CorDapp needs to deploy that application on their local Corda Node.

From the CloudFomation console, select the Corda Infrastructure Stack and then click on the Outputs tab. Note the Public IP address for CordaInstance and CordaColdInstance.

Figure 4 – Output values for the Corda Infrastucture CloudFormation stack.

Next, open an ssh session to the CordaInstance and CordaColdInstance. For example:

ssh ubuntu@18.144.33.192

ssh ubuntu@54.241.144.222

Now, stop Corda services on both nodes:

sudo systemctl stop corda

On the hot node (CordaInstance), download the binaries for your CorDapp into your home directory:

wget http://downloads.corda.net/cordapps/net/corda/finance/ENT-3.1/corda-finance-3.1.jar \
     http://downloads.corda.net/cordapps/net/corda/finance/ENT-3.1/corda-finance-3.1-sources.jar \
     http://downloads.corda.net/tools/database-manager/corda-tools-database-manager-3.1.jar

Copy the downloads from /home/ubuntu/ to /opt/corda/cordapps/

sudo cp /home/ubuntu/corda-finance-*.jar /opt/corda/cordapps/

Now, execute the database migration. This is required so the node database has the right schema for finance transactions defined in the installed CorDapp.

cd /opt/corda && sudo java -jar /home/ubuntu/corda-tools-database-manager-3.1.jar --base-directory /opt/corda --execute-migration

Add the following line to the bottom of your node.conf:

custom : { issuableCurrencies : [ USD ] }

Make sure the config file is in the correct format by ensuring there is a comma at the end of the line prior to the added config.

Figure 5 – Example node.conf configuration file.

Now, restart the Corda service on both CordaInsance and CordaColdInstance nodes.

sudo systemctl start corda

Your node is now running the Finance CorDapp. You can double-check that the CorDapp is loaded by checking the log file /opt/corda/logs/node-<instance>.log.

Running Corda Explorer to Test Your Corda Node

Now that the highly available Corda Node deployment is set up and a Financial CorDapp installed, you are ready to test the nodes or send “cash” transactions through your Corda decentralized applications.

On your local machine or remote server, download the Corda Node Explorer. The current version of the Node Explorer requires Java 8 as a prerequisite.

wget http://downloads.corda.net/tools/explorer/ENT-3.1/corda-tools-explorer-3.1.jar

echo "java -jar $(pwd)/corda-tools-explorer-3.1.jar" >/usr/local/bin/start_corda_explorer.sh && chmod 755 start_corda_explorer.sh

wget http://downloads.corda.net/tools/explorer/ENT-3.1/corda-tools-explorer-3.1.jar

start_corda_explorer.sh

To log into your node, you need the public IP address of the Logical Corda Node—this is the public IP address of your Corda Node or RPCDnsName IP address output values for the Quick Start CloudFormation, as illustrated in Figure 6—and the RPC interface information for your node: port number, user name, and password, which can be found in the node.conf file. Note that in a production system, it’s never a good idea to store credentials in plain text.

Figure 6 – Network tab in the Corda Node Explorer.

If your Corda Enterprise Node is correctly configured and connected to Corda Testnet, you should be able to see the identities of your node, the Testnet notary, and the network map listing all the counterparties currently on the network.

To test an issuance transaction, click on the Cash tab. Here you can create a new transaction to send some cash to a “bank,” create new issuances, or switch to the Transactions tab to view the transactions in progress or their final outputs.

You are now ready to write enterprise-grade blockchain applications with Corda on AWS.

Figure 7 – Network tab in the Corda Node Explorer.

Next Steps

The Corda Enterprise Quick Start allows customers to derive value and utility from decentralized applications, while doing so in a secure and predicable manner.

Check out the Corda Enterprise Quick Start and start building today >>

R3 – APN Partner Spotlight

R3 is an APN Advanced Technology Partner. They build blockchain technology to transform the way the world does business. R3’s global network of partners works to develop innovative apps for finance and commerce on the Corda blockchain platform.

Contact R3 | Solution Overview | Customer Success

*Already worked with R3? Rate this Partner

*To review an APN Partner, you must be an AWS customer that has worked with them directly on a project.