The EBSI v1.0 Infrastructure Specification gives Member States the infrastructure requirements needed to establish an EBSI v1.0 node. EBSI v1.0 is intended to be a self-contained infrastructure that delivers all components within three computing hosts; a master host and two hosts for blockchain protocols and distributed storage. This release is intended to act as a first iteration of the infrastructure code base targeted at a closed user group evaluation and as a base for the production solution that will be fully deployed in EBSI v2.0. The environment and specifications are simple enough to be run from a reasonable on-premises server or virtual private server, meaning any member state that would like to sign in for the test, can join the program.
The EBSI v1.0 node described in this specification is able to connect to other EBSI v1.0 nodes over the Internet.
Each EBSI Node contains 3 instances/hosts:
- Master/Applications host - contains all the containers of the core services, APIs, Wallet, Off-chain Storage, Demo webserver and Proxy
- Ethereum BESU Blockchain - contains all the containers of BESU protocol and off-chain local storage (not used in V1.0)
- Hyperlegedger Fabric Blockchain - contains all the containers of Fabric protocol and off-chain local storage (not used in V1.0
An EBSI v1.0 node requires a minimum of three computer hosts all with access to the Internet and with individual fixed public IP addresses. These can be either physical server computers or virtual machines running in a self-hosted data-centre infrastructure, a private cloud, or a public cloud.
Each computer host – physical or virtual – must have these minimum specifications:
- 4 Core CPU, 4 vCPU or equivalent,
- 16 GB of RAM for the BESU and Fabric hosts; 32 GB of RAM for Master/Applications host
- 80 GB SSD,
- 256 GB SSD.
All hosts must be in the same subnet, each with a fixed public IP address, and must be connected to the Internet in order to get updated and to communicate with other EBSI nodes.
The minimum specifications are:
- 1 GB Ethernet (local network),
- latency 50ms (internet),
- 100 Mbits/second for bandwidth (internet)
- 3 fixed public IPs (one for each host).
The hosts in the EBSI node need to connect – over the Internet. In this sense, some ports need to be opened in the firewall:
Firewall Ports Requirements
MS = Member State
MS EBSI Node(s) = All EBSI nodes that the MS will put online. Each node is composed of three (3) ComputeUnits (Virtual Machines), each of them with an external IP address mapped to it.
Management Network = Internal network in the Member State from where secure connections for management purposes are expected.
Internet = 0.0.0.0/0
|BESU||EBSI Nodes (All)||MS EBSI Node||TCP 48745||Ethereum (Besu) ledger (RPC Service)|
|BESU||EBSI Nodes (All)||MS EBSI Node||TCP+UDP 48733||Ethereum (Besu) leger (Syncro Service)|
|Master/Application||EBSI Nodes (All)||MS EBSI Node||TCP + UDP 24007, 24008 & TCP 49152||GlusterFS (not used in V1.0)|
|Master/Application, BESU, FABRIC||EBSI Nodes (All)||MS EBSI Node||TCP 27017||Mongo DB (Redundancy Option) (not used in V1.0)|
|Master/Application, BESU, FABRIC||MS management network OR internet||MS EBSI Node||TCP 48790||Cockpit|
|FABRIC||EBSI Nodes (All)||MS EBSI Node||TCP 7054||Fabric CA Service|
|FABRIC||EBSI Nodes (All)||MS EBSI Node||TCP 7053||Fabric Peer External (Even Notification)|
|FABRIC||EBSI Nodes (All)||MS EBSI Node||TCP 7051||Fabric Peer Internal (GRPC)|
|FABRIC||EBSI Nodes (All)||MS EBSI Node||TCP 7050||Fabric Orderer Service|
|FABRIC||Internet||MS EBSI Node||TCP 48780||Fabric Block Explorer|
|Master/Application||EBSI Nodes (All)||MS EBSI Node||TCP 7000||Cassandra DB|
|Master/Application, BESU, FABRIC||Internet||MS EBSI Node||TCP 443||NGINX (HTTPS Traffic)|
|Master/Application, BESU, FABRIC||MS management network OR Internet||MS EBSI Node||TCP 48722||SSH (for Node Computer Unit admin)|
|Master/Application, BESU, FABRIC||infra.ebsi.xyz||MS EBSI Node||TCP 8140||For configuration management|
The current list of IPs of all EBSI Nodes (that are already online) will be provided via email after the registration process by the CEF Support Team.
In the case that additional ports are needed, the CEF Support Team will communicate this to each registered member via email.
Each host image will include a running firewall, SELinux in enforcing mode, and with intrusion prevention pre-installed. There is no need for EBSI operators to add any rules or extra configuration.
The deployment – independent of the target platform – performs these steps:
- A process determines if the target platform is suitable to host an EBSI v1.0 host.
- Ensures that hostname is set appropriately, and that the operator account password is changed.
- Then, checks that the installed applications start accordingly in each host.
- A self-health check validates that all components are up and running.
There will be a self-check validation included in the host which verifies that the running applications are correct, ports are available, and connection to other nodes is possible. An external validation method for the API and the Blockchain will be provided separately.
Self Hosted Virtual Environments (Local or Cloud)
The EBSI project will deliver standard VMWare standard OVA/VMDK format images compatible with ESX 5.x/6.x and that are easy to convert to other proprietary formats like VHD, or QCOW2 if needed. The Images will need to be deployed in a network that provides the networking specification requirements and virtual machines that comply with the hardware specification, as a minimum. The image supplied will contain all necessary components to start the node.