Oracle Blockchain Platform Enterprise Edition Overview
Oracle Blockchain Platform provides a platform for building and running smart contracts and maintaining a tamper-proof distributed ledger.
Oracle Blockchain Platform is a network consisting of validating nodes (peers) that update the ledger and respond to queries by executing smart contract codeāthe business logic that runs on the blockchain. External applications invoke transactions or run queries through specialized inbuilt REST API calls or through their own custom client SDKs, which prompts selected peers to run the smart contracts. Multiple peers endorse (digitally sign) the results, which are then verified and sent to the ordering service. After consensus is reached on the transaction order, transaction results are grouped into cryptographically secured, tamper-proof data blocks and sent to peer nodes to be validated and appended to the ledger. Platform administrators can use the Blockchain Platform Manager to create and manage platform instances, while network administrators can use the Oracle Blockchain Platform console to configure the blockchain and monitor its operation.
Oracle Blockchain Platform Enterprise Edition provides a version of Oracle Blockchain Platform built on Kubernetes clusters and delivered as a set of pre-built container images for multiple Kubernetes distributions including Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) and minikube. The Oracle Blockchain Platform Enterprise Edition downloadable artifact provides a distribution package that includes all the required container images, Helm charts and with executable scripts to help setup Oracle Blockchain Platform services onto a given Kubernetes cluster. Once Oracle Blockchain Platform Enterprise Edition has successfully been installed, Blockchain Platform Manager can be used for configuring and provisioning multiple Blockchain Platform instances, which will run across the available Kubernetes worker nodes. Similar to the cloud offering, this edition enables customers to create new complete blockchain instances in minutes.
The enterprise edition enables users to scale as required to handle the evolving workloads by increasing the replicas for various nodes. Unlike typical applications, Oracle Blockchain Platform's distributed ledger and the distributed metadata database handle data replication out-of-the-box.
Feature parity with the cloud version ensures that customers can deploy chaincode and use the same chaincode APIs and extensive REST APIs across both versions. Oracle innovations in using Berkeley DB for world state with SQL-based queries, built-in transaction synchronization to off-chain rich history database, intuitive and comprehensive console with powerful operations and monitoring tools, and all the other unique enterprise-grade features are shared across the cloud and on-premises versions.
Security, Authentication, and Authorization
Introduction to Oracle Blockchain Platform Enterprise Edition Security
Oracle Blockchain Platform Enterprise Edition deals with security on several levels. At the top level is the security related to the Oracle Blockchain Platform nodes. Next is the security associated with Blockchain Platform Manager that is used to manage the life cycle on Oracle Blockchain Platform instances. Users of Blockchain Platform Manager (the control plane) are able to create, scale out, scale in, and complete other life cycle operations on instances. For each instance there are users authorized for managing, monitoring, and administering an instance. Finally there are users of the instance that access an instance either via the Fabric SDKs or the Oracle Blockchain Platform REST Proxy. All user information including roles and passwords are stored in the built-in LDAP authentication server.
All sensitive data related to Oracle Blockchain Platform services (passwords, certificates and private keys) are stored using Kubernetes Secrets. It's important to ensure Kubernetes Secrets are secured by following their guidelines: Good practices for Kubernetes Secrets.
Managing Security
Securing Data at Rest
You may want to enable disk encryption in Kubernetes to protect data at rest. All Kubernetes APIs that let you write persistent API resource data support at-rest encryption.
See Encrypting Confidential Data at Rest.
Additionally, follow typical Kubernetes best practices for securing access to the components in your cluster, especially for Kubernetes secrets, because Oracle Blockchain Platform stores confidential information there.
Ports Exposed
Oracle Blockchain Platform makes use of Istio as the ingress gateway service to accept external traffic into Oracle Blockchain Platform services. Oracle Blockchain Platform Enterprise Edition uses the https port of the istio-ingressgateway service, as a single point of entry to listen to all external traffic. However, based on the configured service type, the public port number may vary.
| ServiceType | Port Name | Exposed Port Number | Configurable During Installation? |
|---|---|---|---|
| LoadBalancer (default) | https | 443 (default) | Yes |
| NodePort | https | 3xxxx (nodePort value corresponding to https port) | Yes |
Configuring Authentication and Authorization
Authentication in Oracle Blockchain Platform is performed using the included LDAP server. Users must have an account in the authentication server in order to be able to use the service.
Users associated with certain authentication groups are granted specific privileges as defined in User Groups and Roles.