Page tree

CEF DIGITAL home page

Documentation

Introduction

The EBSI v1.0 Infrastructure Specification gives Member States the infrastructure requirements needed to establish an EBSI v1.0 node. EBSI v1.0 is intended to be a self-contained infrastructure that delivers all components within three computing hosts; a master host and two hosts for blockchain protocols and distributed storage. This release is intended to act as a first iteration of the infrastructure code base targeted at a closed user group evaluation and as a base for the production solution that will be fully deployed in EBSI v2.0. The environment and specifications are simple enough to be run from a reasonable on-premises server or virtual private server, meaning any member state that would like to sign in for the test, can join the program.


The EBSI v1.0 node described in this specification is able to connect to other EBSI v1.0 nodes over the Internet.

Each EBSI Node contains 3 instances/hosts: 

  • Master/Applications host - contains all the containers of the core services, APIs, Wallet, Off-chain Storage, Demo webserver and Proxy
  • Ethereum  BESU Blockchain - contains all the containers of BESU protocol and off-chain local storage (not used in V1.0)
  • Hyperlegedger Fabric Blockchain - contains all the containers of Fabric protocol and off-chain local storage (not used in V1.0

Requirements

Environment Requirements

An EBSI v1.0 node requires a minimum of three computer hosts all with access to the Internet and with individual fixed public IP addresses. These can be either physical server computers or virtual machines running in a self-hosted data-centre infrastructure, a private cloud, or a public cloud.

Hardware

Each computer host – physical or virtual – must have these minimum specifications:

  • 4 Core CPU, 4 vCPU or equivalent,
  • 16 GB of RAM for the BESU and Fabric hosts; 32 GB of RAM for Master/Applications host
  • 80 GB SSD,
  • 256 GB SSD.

Network

All hosts must be in the same subnet, each with a fixed public IP address, and must be connected to the Internet in order to get updated and to communicate with other EBSI nodes. 

The minimum specifications are:

  • 1 GB Ethernet (local network),
  • latency 50ms (internet),
  • 100 Mbits/second for bandwidth (internet)
  • 3 fixed public IPs (one for each host).

Security

The hosts in the EBSI node need to connect – over the Internet. In this sense, some ports need to be opened in the firewall:

Firewall Ports Requirements

Terminology

  MS = Member State
  MS EBSI Node(s) = All EBSI nodes that the MS will put online. Each node is composed of three (3) ComputeUnits (Virtual Machines), each of them with an external IP address mapped to it.
  Management Network = Internal network in the Member State from where secure connections for management purposes are expected.
  Internet = 0.0.0.0/0 


BESUEBSI Nodes (All)MS EBSI NodeTCP 48745Ethereum (Besu) ledger (RPC Service)
BESUEBSI Nodes (All)MS EBSI NodeTCP+UDP 48733Ethereum (Besu) leger (Syncro Service)
Master/ApplicationEBSI Nodes (All)MS EBSI NodeTCP + UDP 24007, 24008 & TCP 49152GlusterFS (not used in V1.0)
Master/Application, BESU, FABRICEBSI Nodes (All)MS EBSI NodeTCP 27017Mongo DB (Redundancy Option) (not used in V1.0)
Master/Application, BESU, FABRICMS management network OR internetMS EBSI NodeTCP 48790Cockpit
FABRICEBSI Nodes (All)MS EBSI NodeTCP 7054Fabric CA Service
FABRICEBSI Nodes (All)MS EBSI Node TCP 7053Fabric Peer External (Even Notification)
FABRICEBSI Nodes (All)MS EBSI Node TCP 7051Fabric Peer Internal (GRPC)
FABRICEBSI Nodes (All)MS EBSI Node TCP 7050Fabric Orderer Service
FABRICInternetMS EBSI Node TCP 48780Fabric Block Explorer
Master/ApplicationEBSI Nodes (All)MS EBSI NodeTCP 7000Cassandra DB
Master/Application, BESU, FABRICInternetMS EBSI NodeTCP 443NGINX (HTTPS Traffic)
Master/Application, BESU, FABRICMS management network OR InternetMS EBSI NodeTCP 48722SSH (for Node Computer Unit admin)
Master/Application, BESU, FABRICinfra.ebsi.xyzMS EBSI NodeTCP 8140For configuration management



The current list of IPs of all EBSI Nodes (that are already online) will be provided via email after the registration process by the CEF Support Team.

In the case that additional ports are needed, the CEF Support Team will communicate this to each registered member via email.  

Each host image will include a running firewall, SELinux in enforcing mode, and with intrusion prevention pre-installed. There is no need for EBSI operators to add any rules or extra configuration.

Deployment

The deployment – independent of the target platform – performs these steps:

  • A process determines if the target platform is suitable to host an EBSI v1.0 host.
  • Ensures that hostname is set appropriately, and that the operator account password is changed.
  • Then, checks that the installed applications start accordingly in each host.
  • A self-health check validates that all components are up and running.

There will be a self-check validation included in the host which verifies that the running applications are correct, ports are available, and connection to other nodes is possible. An external validation method for the API and the Blockchain will be provided separately.

Self Hosted Virtual Environments (Local or Cloud)

The EBSI project will deliver standard VMWare standard OVA/VMDK format images compatible with ESX 5.x/6.x and that are easy to convert to other proprietary formats like VHD, or QCOW2 if needed. The Images will need to be deployed in a network that provides the networking specification requirements and virtual machines that comply with the hardware specification, as a minimum. The image supplied will contain all necessary components to start the node.