We built Kaleido three years ago on a foundation of flexibility and choice. From day one we offered multiple client and consensus mechanism implementations, and have proven our infrastructure for production workloads spanning multiple clouds (AWS and Azure) globally as well as hybrid deployment on-premise.
We went beyond the chain, building the layers that any viable business network needs to be successful developing and running on decentralized blockchain tech:
- API and event enablement of the on-chain logic, at scale
- Private off-chain transfer for messages and files
- Permissioning and multi-party governance
- Digital assets (tokens) as ready-to-use programming model
Until today the only core protocol options were enterprise derivations of the Ethereum blockchain protocol.
In May at Coindesk’s Consensus 2020 Distributed online event, we announced the addition of Corda and a partnership with R3.
So why Corda?
Hopefully you've all read Jim Zhang's blog post comparing the big three enterprise blockchain protocols. You can see there that all three blockchain technologies are valid selections as the core decentralized data backbone of your business network.
For me as an engineer, the most interesting aspects of technology selection are the design goals and intent that lead to the architecture. What we sometimes refer to as the “core architecture” of a technology: The things that are hard to work around or change, because they are the essence, the DNA, of that tech.
Corda and Ethereum are a great pairing for us to enable in Kaleido’s enterprise blockchain platform, precisely because this core architecture is so different. They approach the blockchain problem set from different ends of the spectrum. This provides our customers multiple tradeoffs and considerations to best suit their use case and the desired business outcome.
Ethereum is at its core a single shared ledger, visible to all. Restricting visibility to data is provided by enterprise extensions to the base protocol.
Corda in contrast has no inherent shared ledger. What data and transaction history is shared, and with whom, is chosen by the business logic itself.
Ethereum is built to make unique end user identity as easy as possible to establish, and as anonymous as possible to transact with. Organizational identity and permissioning are extensions (which Kaleido has helped turn into industry standards).
Corda places organization identity at its heart. The sole network-wide fixed construct is the agreed root of identity in that network, and the onboarding into that identity infrastructure.
Both are fantastic technologies, with strong enterprise deployments in production.
So the choice of protocol is not about can I solve my problem with that protocol?, because the answer is almost always yes.
The choice is am I working in the sweet spot of that protocol?, and the answer to that will vary based on your business objectives and constraints.
With Corda and Ethereum now live on the Kaleido enterprise blockchain platform, you can choose the technology that is the closest fit for your use case, and accelerate your business network with enterprise grade managed infrastructure designed for cross-enterprise IT governance, with multi-cloud and hybrid deployments.
So why now?
When we started Kaleido, blockchain complexity had to be addressed.
The technology had to get to the point it could be adopted in production, at scale.
We went after those challenges one by one, in the priority order that production ready customers needed them.
The great news is that now we believe we've made enough progress on the really hard problems in the blockchain space around shared IT governance, managing privacy, and bootstrapping business networks into high SLA production, that we're back to the point the core blockchain technology can become the focus again.
The trail has been blazed. We have the tools.
So bringing the Kaleido platform to the widest range of business cases and solutions is our focus.
Let's get technical
Let me give you an overview of how we've onboarded the Corda technology, and we can drill down into the details in future posts.
Kaleido is about a managed experience, designed for enterprise, and simple to adopt in real projects. Onboarding a new protocol could not compromise that. We've thought hard about what's in our initial public beta of Corda, and made sure you can use the technology in a way that is meaningful.
Our approach was to bring a end-to-end thread of functionality that mirrors common adoption patterns of Corda today, and to work with you and your existing and future production networks to evolve this capability iteratively.
Orchestration of a private Corda network
For the first deployment model we support, we decided to focus on building unique individual networks. With their own root CA (fully managed) and friction-free multi-party onboarding automated via the Kaleido platform. Don't worry, nothing is running in "dev mode", the Kaleido version of the network map server that is built into every environment individually uses the Corda X509 certificate hierarchy to issue unique identities to each node.
A non-validating notary for all network participants
Every network automatically gets one automatically provisioned, as a shared resource for global transaction uniqueness verification to all parties in the network. This mirrors the most common pattern that is established in Corda networks today, where transaction data is visible only to the participants of those transactions, but the integrity of those transactions is assured by protecting the chain of Unspent Transaction Outputs (UTXOs) leading up to that transaction from double-spend.
Highly available managed runtimes
As you would expect, we've built high availability (HA) and disaster recovery (DR) into the nodes as standard. Currently the runtime is Corda OS, and we are actively working with R3 on a roadmap for Corda Enterprise.
Core RPC and P2P networking to and from a Corda node is via the TCP/IP transport of Apache ActiveMQ Artemis. This meant for Kaleido we needed to provide a secure mechanism to allow connectivity into nodes from your own private networks, noting that of course every Kaleido environment has its own isolated firewalled network spanning multiple clouds and regions.
Luckily our existing development of hybrid deployment models for blockchain networks meant we could apply our Kaleido PrivateStack Bridge technology to this challenge. So we allow you to run RPC clients, and the Corda CLI, from behind your firewall and connect into your Kaleido managed environment securely. We do this without exposing those RPC client endpoints directly to the internet.
Once you have your network connection, you need to manage the RPC user permissions of your node. So we provide user and role management for your Corda node out of the box, with strong generated credentials, with real-time updates on the node.
Governance and distribution of business logic, the smart contracts, can be a thorny challenge for a production network. Again here we were able to leverage all of the existing work we've done in Kaleido as part of our Smart Contract Management feature and adapt it to the Corda model of binary distribution of Jar files.
At the business network level you have shared visibility of the assets, tied back to your original source code.
At the individual environment level (dev, staging, prod etc.) you have control of promotion of those assets to the environment, which comes with a signing step that marks that asset as valid within the unique PKI trust chain of that environment.
Distribution of those binary artifacts to every node in the environment is handled automatically.
Then at the individual node level, each administrator as control to accept/reject the individual Jar files from their node by promoting them from a staging area, or moving them back again.
I hope you're as excited as we are about the addition of Corda to the Kaleido platform, and the partnership between Kaleido and R3.
As we hope you can see we've put in the effort to give you an experience that allows you to get started with the Corda blockchain technology in minutes, and a journey all the way to production.
We want to hear from you on your individual use case and requirements, so please get in touch.