Create your Network

You can elect for one of two routes to build your first consortium and the underlying environment. The first approach relies solely on the user interface, while the second option allows you to exercise the Kaleido REST API to send privileged calls to the backend server. Regardless of your selection, you must visit the Kaleido Dashboard and create an account prior to continuing.

Account Creation

An account is the access point to your Kaleido Organization. Before starting, select a Geo where your account information will be stored. The current geographies are US, Europe and Asia Pacific, with Sydney and Seoul available as sub-locales for the APAC geo.

Email

  • Supply a delegate email for your organization. This email will receive notifications related to your organization and will serve as the username for your login.

Password

  • Generate a strong password to secure access to your organization. The password must be eight characters and contain at least one capital letter and special character.

Kaleido Organization

  • Supply a name to identify your organization on the platform. This name will be your default membership identification within a consortium. Note that your Kaleido Organization name can be edited after creation and your membership identification within a consortium can be configured. For example, if your Kaleido Organization is Bank A you could edit the default membership value to exist in two consortia as Bank A commodities and Bank A currencies. The memberships for Bank A commodities and Bank A currencies are simply bound to the Kaleido Organization - Bank A.
  • Confirm that you are not a robot and click Next.

Personal

  • Input your first and last names. Use the dropdown menus and select applicable values for Job Title, Industry and Company Size. Click Next

Confirm

  • Navigate to the delegate email you supplied for your Kaleido Organization and retrieve the verification code. Enter the code and click Verify Account to complete your registration.

User Interface

This is the recommended route for first time users. Interacting through the UI is a straightforward process, however for the sake of clarity the basic flow is outlined below:

Login

  • Enter your email and password and click Sign In to access your organization through the Kaleido console.
  • You will be redirected to the Kaleido home screen. Click the Get Started button at the bottom of the page to begin crafting the charter for your first consortium.

Overview

  • The Establish a Charter screen provides a high level overview of the charter DNA - mission and members/operator model . Click Get Started to proceed.

Mission

  • First, define the mission. Enter a name for the consortium and describe the overarching purpose. Lastly, select a Geo and region for this consortium. This Geo + region will be the default location for environments created against the consortium. Once these fields are populated, click Complete Charter.

Membership

  • As the founding member of the consortium, your Kaleido Organization will automatically be allocated the first membership. Click the Add dropdown in the upper right portion of the screen to build out the membership for the consortium.
  • The two potential selections for the consortium’s membership are - New Member and Invite Organization. Note that these are not mutually exclusive decisions, and you have the option of selecting both to craft a hybrid ownership model. More on the two membership approaches below.

A Word on Membership Models

As described in the Kaleido Resource Model, memberships have a one to one correlation with a Kaleido Organization and exist as individual objects within the context of a consortium. Any environmental resources (i.e. nodes and application credentials) will persist a direct relationship to one of the consortium’s memberships. The salient differentiator with the two membership approaches is the Kaleido Organization controlling the membership(s):

New Member

  • Any new memberships will exist as sub-resources of your Kaleido Organization. The memberships will possess their own unique resource identifiers and can be distinctly bound to nodes and security credentials within an environment. These memberships will be the ostensible owners of environmental resources, however the true root control will exist with the owning Kaleido Organization (i.e. you). This means that you are responsible for managing the nodes and authentication credentials on behalf of the provisioned memberships, and ultimately control access to the network. For example, take a consortium with Kaleido Organization ABC as the founding member. Memberships could be constructed for ABC Europe and ABC APAC and resources could be provisioned against any of the three memberships. The administrator for Kaleido Organization ABC, or any co-administrators, can manage the lifecycle for any of these memberships and their underlying resources.

Invite Organization

  • External organizations will receive an email allowing them to join the consortium. A snapshot of the consortium’s state (existing memberships and outbound invitations) will be presented to the recipient, allowing for an informed decision to be reached. Upon acceptance, any resources created by the “external” organization will exist under the sole control of their Kaleido account. Your Kaleido Organization will be unable to take lifecycle management actions against their resources. Additionally, any invited orgs will be afforded the same ability to establish multiple memberships within the consortium and they will also have the authority to issue their own external invitations. While this is likely the preferred model for true enterprise orchestrations, you should still be prudent when issuing the invitations so as to avoid excess access to the consortium. Membership aliases can be altered dynamically by the controlling Kaleido Organization and memberships cannot be revoked once the invitee has provisioned resources against the membership object.

NOTE: Each consortium can host up to 4 memberships per the resource limitations of the default plan.

Environment:

The consortium needs an environment to host nodes and run blockchain transactions. Click Setup Environment to provision the first domain.

  • Supply a name for the new environment.
  • The environment will inherit the Geo + region configuration in the consortium.
  • Choose a node client protocol - Quorum and Geth are the available implementations.
  • Choose a consensus algorithm. PoA, Raft and IBFT are the available implementations, but are dependent on your choice of node client. Visit the Consensus Algorithms blog post to learn more about each choice. Click Next: Mainnet and Deployment.
  • Optionally choose to tether the environment’s chain to the Rinkeby Test Net or Ethereum Main Net. An aggregated root hash of synchronized state snapshots will be signed by each node and proxied to the selected network every six hours. For additional details on the main net tethering implementation, please refer to the paper on Enhanced Immutability of Permissioned Blockchain Networks.
  • Click Create to launch your environment.

Nodes:

The environment is simply an empty namespace until it is populated with nodes. Click the Add Node button at the bottom of the screen to provision your first node. Follow the Default instructions below to deploy your node with the standard security measures and no log streaming. Refer to the Using AWS Integration Services topic for detailed instructions on configuring and implementing the services.

Default

  • Select a membership to bind the node to. You can only provision nodes against memberships under your Kaleido Organization’s control.
  • Provide a name for the node and click Add.
  • You will be redirected to a screen indicating a “Successful creation” of your node.
  • Click Add Another Node to provision an additional node or click Done.
  • Click Generate App Credentials to create the authentication credentials for the node.

NOTE: Each environment can host up to 4 nodes per the resource limitations of the default plan.

App credentials:

  • From the environment home screen, click the Create dropdown and select New App Credentials
  • Select a membership and supply a name for the credentials. Click Next.
  • You will be supplied with a USERNAME and PASSWORD. Make sure to store the password somewhere safe. The Kaleido backend does not hold this key and it is not retrievable. You can however generate new authentication credentials if need be.
  • Each membership bound to a node requires its own set of app credentials in order to achieve external connection to said node.

NOTE: Each environment can host up to 10 sets of active app credentials per the resource limitations of the default plan

The upcoming Connect to your node section describes in detail how to leverage these credentials to secure access to your node(s). Note that these credentials are NOT OPTIONAL and must be used by any external clients or applications attempting a connection.

Services

Each environment exposes a set of services that offer supplementary functionality with the blockchain. These services are listed in a table at the bottom of your environment’s home screen.

  • Block Explorer - a system level console that offers varying levels of chain analytics. See the Kaleido Explorer documentation for more information on its features.
  • Ether Pool - a pre-funded wallet allowing for ether to be added to internal or external user accounts. Certain transactions using the Geth client require gas and users can optionally choose to integrate the native Ethereum currency into smart contracts and applications.
  • Mainnet Tether - a network relay responsible for aggregating a collectively signed root hash of synchronized state snapshots and proxying the hash to a smart contract on the Ethereum main net. Protects against historical rewrites and retroactive collusion attempts.

Kaleido home

The homepage of the Kaleido console will display all consortia associated with your organization. Click the Create Consortium button at the top right of the page to create an additional consortium. Alternatively, click on an existing consortium to visit its overview page.

Click the Support tab to discover different avenues for technical support. Additionally, you can utilize the Kaleido feedback tool located in the bottom right portion of all console screens.

Click the API tab at the top of the screen to manage API Keys associated with your organization. Click the Settings tab at the top of the screen to manage personal and organizational settings. You can use the Settings screen to update the name of your Kaleido Organization, change account password, link AWS accounts, onboard co-administrators, etc.

Consortia home

The overview page of a consortium lists out all provisioned environments, as well as the current and pending memberships. To create additional environments, click the Add dropdown and select New Environment. To add additional members, click the Add dropdown and select New Member. To invite an external organization to the consortium, click the Add dropdown and select Invite Organization. To add a node within an existing environment, click the Create dropdown and select New Node.

Environment home

The overview page of an environment lists out all provisioned nodes, active configurations and active security credentials. To provision additional nodes, click the Add dropdown and select New Node. To provision additional application credentials, click the Add dropdown and select New App Credentials. To see low-level details of a node (e.g. endpoints, addresses, etc.) click the node name or the expandable dropdown at the far right of the node’s row.

REST API

The alternative approach for generating a consortium + environment is to utilize the Kaleido REST API to administratively build out your network. The comprehensive API 101 tutorial walks you through the process of calling these APIs to create your consortium, configure an environment, provision nodes and generate app credentials. If you elect for this approach, you will still need to briefly visit the UI in order to obtain an API key for these privileged calls.