Why you should choose Gcloud and Kubernetes to deploy your Hyperledger Fabric Network

by admin

Hyperledger Fabric provides a modular platform to build and run scalable enterprise-grade blockchains. It provides a plug and play solution, which can help you choose:

  • The database technology (LevelDB/CouchDB) you prefer to store the state of your blockchain
  • The kind of endorsement policy (consensus) you want for your network
  • Which organizations or enterprise-level stakeholders will be present within your network
  • The number of peers for each organization
  • Whether the data shared within the network is private or public
This flexibility provided by Hyperledger Fabric leads to very complex network setup, it is difficult to deploy on production environments.

However, slight errors in the understanding of the network can lead to network configuration choices that destroy the purpose of using Blockchain itself. IBM understood this opportunity and has provided a full-fledged solution as IBM Blockchain Platform, referred to as IBM BP within this blog. But, as Hyperledger Fabric is an open-source technology, there are also ways to deploy complex Hyperledger Fabric networks using other open-source tools like- Kubernetes & Gcloud. Many clients at Deqode had to face the dilemma of choosing between the two options. Therefore, we will be comparing both solutions based on a number of considerations, but before we jump to this comparison, let’s understand why we propose Kubernetes + Gcloud among many other open source technologies available.

Why Kubernetes?

Kubernetes is a container orchestration tool, compatible with Docker containers. Many official Hyperledger Fabric tutorials use Docker to create and manage Hyperledger Fabric networks. In addition, Kubernetes provides the following benefits, which can reduce overheads and decrease complexity:

  • Autoscaling
  • Adding fault tolerance
  • Service Discovery within organization cluster
  • Adding a virtual network layer
  • Load balancing
  • Adding multiple cluster mode

Why choose Gcloud over AWS?

We prefer Gcloud to implement Hyperledger Fabric over AWS because of the following reasons:

1. Firstly, Kubernetes in AWS is not mature and is only available in two regions, however sometimes the regions are full, so initiating a new cluster is not possible.
2. Secondly, since Kubernetes is a google pet project they provide various features out of the box- for example, stack driver monitoring and object manipulation from the Gcloud console.
3. Thirdly, there’s a marginal difference in pricing, but Gcloud’s prices are less than AWS, which has been favored by our clients.

IBM BP vs Gcloud + Kubernetes

The information below compares both the options based on a number of considerations:

Note: The importance of each consideration may vary. We are not proposing a single solution for every case in this blog.

Ease of Setting up Hyperledger Fabric Cluster

IBM BP

Single click deploy creates a Hyperledger Fabric ecosystem of 2 Organisations with 1 peer per org. More Orgs can be added post-deployment using a UI, which is simple to use.

Gcloud + Kubernetes

Need to create multiple helm charts and write a custom tool to create a cluster as per our needs.

Cost

IBM BP

We can use a Starter pack for our POC, it will cost $500/month for a simple system with Two Orgs (with a peer for each Org). Adding another Org with a single peer can increase monthly costs up to $375, therefore a total cost of $875 per month. IBM recommends using Enterprise pack for final products, it will cost $1000/month for a simple system with two Orgs (with a peer for each Org). Adding another Org with a single peer can increase monthly costs by $2000. Therefore a total cost of $3000 per month.

Gcloud + Kubernetes

Using Gcloud instances to create our custom cluster would cost around $100 per month as we would be creating our custom Hyperledger Fabric cluster and would be only paying for the instance usage. For the final product, it will increase to $200 per month. (Assuming we have 5-6 organizations). Adding one organization (with two peers) increases our billing by $24.

Security

IBM BP
  • IBP’s Enterprise plan has implemented special measures like end-to-end tamper protection to increase security and isolation of Organizations. For a more detailed description of these policies read the points below:
  • The IBM Blockchain Platform runs in an isolated and highly secured environment. The embedded operating system and all the Hyperledger Fabric components are run in multiple Secure Service Containers (SSC).
  • It can be configured to be EAL5 compliant and certified.
  • Firmware disables access to the memory to prevent data from being dumped. The appliance is booted with a secure boot architecture that ensures that code has not been tampered with. All of the appliance images are signed and encrypted. The appliance is only decrypted in memory, and the encryption keys are protected by Hardware and Firmware means, so administrators do not have access to them.
  • In addition to these features, HSM (Hardware Security Module) safeguards and manages digital keys for strong authentication.

Hyperledger Fabric provides modified and unmodified PKCS11 for key generation, which supports cases like identity management that need more protection.

Gcloud + Kubernetes

Architecture implemented using Gcloud and Kubernetes ensures isolation of organizations, via different Kubernetes cluster’s. This ensures no Org is able to access the certificates of another Org and at the same time is logically independent of other Orgs for functioning. Only controlled communication is enabled within these cluster’s ensuring security. In addition, ingress exposes the required ports for communication so that the applications can be accessed as intended.

But we should keep in mind that some industry standards implemented in IBP’s Enterprise plan may be hard to achieve using Gcloud + Kubernetes, but it is on par with the IBM’s Starter Plan in terms of security.

Support and Maintenance

IBM BP
  • Firstly, 24×7 Support is available.
  • Secondly, rolling migrations with no network outages ensure high availability.
  • Auto-detecting new Chaincode containers.
  • Enterprise plan provides live updates that we will need for a production network.
Gcloud + Kubernetes
  • We have to solve our own problems as we’re in complete control of the network.
  • On par with IBP, in terms of dealing with network outages and availability.

Hyperledger Fabric Version

IBM BP

IBP supports Hyperledger Fabric v1.1, and lower. We will have to wait for Hyperledger Fabric v1.4 support.

Gcloud + Kubernetes

We can choose our Hyperledger Fabric version. Which means we can use the latest Hyperledger Fabric v1.4 and its features.

Conclusion

In conclusion, IBM BP will allow for faster development, better support, and maintenance. With Kubernetes, Gcloud has proven to be less than 1/10th of the cost for the same network configuration. It supports Hyperledger Fabric v1.4 which was not present in IBM at the time this blog was written.

Leave a Reply

Your email address will not be published. Required fields are marked *