While building a Corda network with multiple nodes and parties, how is the certificate renewal managed? Once a new certificate is issued to a node/party, how does that affect the earlier transactions and any ongoing transactions?
What you're asking about depends on the TYPE of corda network right?
So for example:
A bootstrapped network is "hard coded" from the beginning, meaning the certs and network map are all generated by the network bootstrappeer (https://docs.corda.net/docs/corda-os/4.7/network-bootstrapper.html) This is also what's normally used when running the gradle deployNodes task.
A production network usually has a network manager that handles most of the tooling here. That means that your nodes would just connect to the network manager and so you're not going to be as worried. You may need to generate a couple of certs at the beginning but after that you're good. For a good example take a look at this example of kubernetes where the certs are generated on corda firewall: https://github.com/corda/corda-kubernetes-deployment/tree/master/corda-pki-generator
Related
While building an application by python for implementing post-processing in Quantum Key Distribution, I require a server (say Alice) and a client(say Bob) at distant locations to interact and exchange some information while doing the required calculations simultaneously (for which threading is used).
At first, the open-source NGROK service was used as a hosting server but it makes the time required for post-processing very huge mainly due to network congestion.
So, is there a way to establish a direct peer-to-peer connection between Alice and Bob via the internet wherein Alice's system itself acts as a server thereby bypassing a third-party host server? If there is a way out please suggest one otherwise any leads or suggestions for open source services better than NGROK would be highly helpful.
PS: If you need any additional information for providing help, i would be eager to respond.
I am trying to check the HTTP network map protocol in the sample cordapp example, I have used network bootstrapper to generate node info files. But I need to check the Rest API end points mentioned in the docs: /network-map/publish.
Is it necessary to set up the network map for this? If required,I am not able to get the corda-network map jar file for the community edition. How to access those API endpoints ?
The cordapp samples available in the samples repository uses a locally bootstrapped network. The network bootstrapper is used for this purpose to generate the node-info and the certificates of the network participants. It's a quick and easy way to set up a static Corda network for the purpose of local deployment and testing.
It doesn't have a network map service. The node-info files of each participant is dropped into the additional-node-info folder of the nodes which serves as the network map cache for the node.
The REST end-points you mentioned are available in a real network map service running as part of a dynamic Corda network setup (mostly) used for production deployments.
R3 does not provide a community version of the network map.
However, there is a commercial offering called CENM (https://docs.corda.net/docs/cenm/1.2.html). It's not just a Network Map but also takes care of other aspects of Network Management like Identity and Signing.
In case you are looking for an open-source network map you could try out Cordite Network Map (https://marketplace.r3.com/solutions/cordite-network-map) developed by one of our partners.
Corda doc says
"Admission to the network
Unlike traditional blockchain, Corda networks are semi-private. To join a network, a node must obtain a certificate from the network operator. This certificate maps a well-known node identity to:"
I have a few questions about how corda netowrk is desined.
How network is partitioned.
Can all corda instance form one network? Or, are there several networks that can be connected?
Who is network operator?
Is it one party? Can that operator dominate network arbitrary?
Is Notary included in network?
Is Notary a component of network, or can notary notrize several corda netowrks?
Does network operator authorize notary, or trust notary?
A Corda network is a set of well identified legal entities. When you want to join a network you sign a legal document (participation terms of use) and then you submit something called Certificate Signing Request; once it's approved your node automatically downloads the required certificates that identify it on that network and allows it to become discoverable by other nodes so it can interact with them.
Corda network is an example, and I recommend that you go through their website: https://corda.network
In the case of Corda network, the operator is a consortium; not one organization.
That link I shared, will answer all of your questions:
Participation: https://corda.network/participation/index
Governance: https://corda.network/governance/index
Types of networks in Corda network: https://corda.network/participation/network-choice
Notary: https://corda.network/participation/notary-considerations
I m referring Can corda nodes communicate when run from different networks?
I am looking at 3.3 opensource cordapp example and could see the certificates are generated automatically while deployment with devmode=true.
Can I get information - whether it is configured with network type as business network or compatibility zone ?
Can I get more information on how to configure as a business network? is there any example?
If you use deployNodes to create your nodes, you create a mini-compatibility zone of nodes running in devMode. Unlike a traditional compatibility zone, you need to use the Network Bootstrapper tool to manually add nodes to the network, rather than using the dyanmic joining process available in a compatibility zone with a central network map service.
A business network is a sub-group within a compatibility zone of nodes operating for a specific business purpose. A node can be part of multiple business networks. You can read more about business networks here: https://solutions.corda.net/business-networks/what-is-a-business-network.html.
I'm in a high availability project which includes deployment of 2-node high availability cluster for hot replacement of services (applications) running on the cluster nodes. The applications have inbound and outbound tcp connections as well as process udp traffic (mainly for communicating with ntp server).
The problem is pretty standard until one needs to provide a hot migration of services to backup node with all the data stored in RAM. Applications are agnostic of backup mechanisms and it is highly undesirable to modify them.
As only approach to this problem, I've come off with a duplication approach assuming that both cluster nodes will run the same applications repeating calculations of each other. In case of failure the primary server the backup server will become a primary.
However, I have not found any ready solution for proxy which will have synchronous port mirroring. No existing proxy servers (haproxy, dante, 3proxy etc.) support such feature as far as I know. Have I missed something, or I should write a new one from scratch?
A rough sketch of the functionality can be found here:
p.s. I assume that it is possible to compare traffic from the two clones of the same application...