What are App Creds and how can I use them?
How do I connect to a Node?
Why is my environment paused?
How do I get more nodes?
Why the Ether Pool?
How do I use Truffle with Kaleido?
How do I connect with MetaMask?
Why am I getting "transaction out of gas" errors?
Why is my transaction queued?
CORS request did not succeed
Reconciling timestamps in Quorum-Raft
Kaleido Resource Model
The Kaleido platform exposes several key resources that function in tandem to create bespoke blockchain networks. The orchestration is a logical hierarchy, where provisioned resources maintain a one-to-one relationship with their parent resource and inherit any configurations or specifications defined by the parent. This document summarizes these resources and maps their relationship within the scope of a bootstrapped network. The diagram below shows the Kaleido object model against each of the two available membership approaches - single-org and multi-org.
NOTE: Single-org and multi-org are not consortia parameters. Rather, they are arbitrary terms used in this document to delineate the ownership orchestration of the consortium’s memberships.
An organization is the top level resource that can access the Kaleido platform and is a prerequisite for any administrative operations (e.g. environment creation, node generation, etc). Dependent on the consortium membership approach, resources in a blockchain network exist within the purview of either a single organization or multiple organizations.
Via the Kaleido console, organizations are able to generate “admin credentials” (aka an APIKEY) which can be subsequently leveraged to perform administrative resource management ops through the Kaleido API. The administrator of an organization can extend invitations to additional users, whereby they are granted the same level of administrative authority. Note though that these invitations should be provisioned carefully, as any onboarded users will possess the same root privileges as the organizational admin.
At its core, a consortium is simply a grouping of member organizations that will participate to some degree in the blockchain network. The key configuration of a consortium is the ownership of its underlying memberships.
Single-org means that a single Kaleido Organization will manage ALL network resources on behalf of the consortium’s memberships, granting access to the blockchain through the dispersement of node endpoints and authorization credentials. In other words, this organization will serve as a proxy to the network. The memberships will have a direct relationship to core resources (nodes and auth credentials), however the true control of these resources lays with the Kaleido organization managing the consortium. Single-org ownership means that no invitations have been extended and all existing memberships are bound to the founding Kaleido Organization.
Multi-org ownership entails collective control of the consortium, where the memberships and provisioned resources are managed separately by the individual Kaleido Organizations in the consortium. An organization cannot take resource management actions against another organization in the consortium. In a multi-org orchestration resources are independently managed. Fellow organizations must be invited to the consortium by the founding Kaleido Organization.
An organization can be privy to up to 2 consortia per the resource limitations of the default plan.
Organization -> Consortia
A consortium is comprised of a grouping of member organizations (i.e. memberships), with each membership defined as a unique entity within the context of the consortium. Memberships are used as the distinct identifier when creating nodes and authentication credentials (the member resource ID is in the body of the API call). A consortium must contain at minimum one member, and at maximum up to 4 members per the resource limitations of the default plan.
A helpful phrase for understanding membership - An organization is represented in a consortium through a single membership or a collection of memberships.
Organization -> Consortia (memberships)
An environment is an isolated domain within a consortium that is used to host nodes and provision application credentials. Environments inherit the consortium’s membership list, meaning that any organizations defined within the consortium configuration are whitelisted to the environment. As such, nodes and application credentials can be provisioned against any of the consortium’s memberships. Environments have three pieces of configuration:
- client protocol - Geth or Quorum
- consensus algorithm - Raft, IBFT or PoA
- region - US, EU or AP
Each consortium can host up to 3 total environments per the resource limitations of the default plan.
Organization -> Consortia -> Environments
Nodes are the network entities that maintain the blockchain ledger and accept connections from external applications. The node runtime inherits the protocol and consensus configurations specified in the environment. Every node is created against a specific consortium membership and every node is isolated to the environment within which it is created. Nodes have:
- a name
- a unique Kaleido node ID
- a unique Ethereum node ID
- RPC and web socket endpoints for external connection
- a private address (if Quorum is chosen as the protocol)
- an Ethereum account for sending transactions
Environments can host up to 4 nodes per the resource limitations of the default plan.
Organization -> Consortia -> Environments -> Nodes
Application credentials, specified as
password, are used as a security mechanism to protect external
access to a node’s endpoint. App creds are created against a member of the consortium and
are isolated to the environment within which they are created. The Kaleido platform does not store the
password, ensuring that the secret is confined solely to the member organization that generated the credentials.
Environments can host up to 10 sets of active credentials per the resource limitations of the default plan, with member nodes accepting connections from any credentials correlating to their membership. Application credentials are bundled with a node endpoint and passed to an Ethereum accessible API (e.g.
Organization -> Consortia -> Environments -> app creds
Kaleido resource limitations
The following table serves to outline the current resource allocations across a Kaleido organization. The limitations are hierarchical and use a parent resource ID as the contextual parameter.
|Requests per second||Node||5|