The VMware Blockchain Orchestrator deployment descriptor file defines all the available properties to configure for your deployment environment.

Organization Parameters

Parameter

Description

consortiumName

Assign the consortium name for your deployment.

The output file name is generated based on the consortium name. The time stamp of when the output file was created is added next to the consortium name.

A consortium provides a public ledger and operates under group governance instead of an entity. The consortium supports organizational collaboration and security against the existence of rogue actors.

A consortium consists of Replica and Client nodes. You can also optionally deploy Full Copy Client nodes.

This parameter is mandatory.

blockchainType

Use the default Daml contract engine.

This parameter is mandatory.

Client Node Parameters

Parameter

Description

zoneName

Enter the zone name where the Client node must be added after deployment.

This parameter is mandatory.

authUrlJwt

Enter the JWT public key URL.

The authorization URL authenticates with the Daml Ledger.

This parameter is optional.

providedIp

Enter the IP address to be assigned to the Client node after deployment.

Depending on your deployment configuration, you can have single or multiple Client nodes.

This parameter is mandatory.

groupName

Assign a Client group name.

Multiple Client nodes distributed across the zones provide HA and network resiliency.

This parameter is optional.

tlsLedgerData

Configure mutual TLS (mTLS) to allow the Daml Ledger API server to communicate securely with the Client nodes.

As a best practice, secure the communication using mTLS. If these parameters are not implemented, the transmission is unsecured and uses plain text.

This parameter is optional.

Specify the parameter details to secure mTLS communication between the Daml Ledger API and the Client nodes.

  • pem - Enter the contents of the private key file for the Client nodes.

    This parameter is mandatory.

  • crt - Add the trusted CA-signed certificate file for the Client nodes.

    This parameter is mandatory.

  • cacrt - Add the collection of trusted certificate authority (CA) certificates for the Client nodes.

    This parameter is mandatory.

  • clientAuth - Specify the value that denotes the CA certification authentication level for the Client nodes using mTLS. You can use any of the listed values.

    REQUIRE - Private key file (pem), trusted CA-signed certificate (crt), and CA certification authentication (cacrt) for the Client nodes must be used. As a best practice, use the REQUIRE value for secure communication.

    OPTIONAL - CA certification authentication (cacrt) for Client nodes can be used but is not required.

    NONE - CA certification authentication (cacrt) for Client nodes is not required.

    This parameter is mandatory.

backupEnabled

Set the parameter for a Client node to True to back up the deployed node.

The default value is False when not specified. If the parameter value is not specified for a Client node or the value is set to False, backups are deactivated on that node.

This parameter is optional.

Sample backupEnabled configuration with backup enabled on one Client node and deactivated on another.

{
    ...
    "clients": [
        {
            "zoneName": "client-zone-A",
            "providedIp": "10.10.128.110",
            ...
            "backupEnabled": true
        },
        {
            "zoneName": "client-zone-A",
            "providedIp": "10.10.128.111",
            ...
            "backupEnabled": false
        },
        {
            "zoneName": "client-zone-A",
            "providedIp": "10.10.128.112",
        }
    ]
}

Replica Node Parameters

Parameter

Description

zoneName

Enter the zone name where the Replica node is to be added after deployment.

Note:

The zone name must match the zone name defined in the infrastructure descriptor file.

This parameter is mandatory.

providedIp

Enter the IP address to be assigned to the Replica node after deployment.

This parameter is mandatory.

Full Copy Client Node Parameters

Replica nodes share transaction data with the Full Copy Client nodes. The Full Copy Client node does not participate in the BFT consensus process. The Full Copy Client node is optional.

The Full Copy Client node stores VMware Blockchain data on a key-value ObjectStore that uses S3 APIs. The data can be used, for example, for offline data analysis or storing data for an extended period. You can host the ObjectStore on-premises or on Amazon servers.

Parameter

Description

accessKey

Add the AWS access key information to gain access to the stored data.

Note:

Keep the access key information private to safeguard the stored data.

This parameter is mandatory.

bucketName

Specify the unique Amazon S3 bucket name.

Each Full Copy Client node must be configured to communicate with a separate Amazon S3 bucket.

Note:

The S3 bucket must be empty for the Full Copy Client node to write data to the bucket.

The S3 bucket must be up and running before the Full Copy Client node is deployed. The Full Copy Client node starts writing data to the S3 bucket.

This parameter is mandatory.

protocol

Add the Amazon S3 protocol information.

The protocol must use a standard protocol, such as HTTP or HTTPS.

This parameter is mandatory.

secretKey

Add the AWS secret access key or password.

Note:

Keep the secret access key information private to safeguard the stored data.

This parameter is mandatory.

url

Add the Amazon S3 URL where the data is stored.

The URL must be an FQDN or IP address with an optional port number.

This parameter is mandatory.

zoneName

Enter the zone name where the Replica node is to be added after deployment.

Note:

The zone name must match the zone name defined in the infrastructure descriptor file.

This parameter is mandatory.

providedIp

Enter the IP address to be assigned to the Replica node after deployment.

This parameter is optional.

Operator Specification Parameters

Operator specification is required for deployment. Operation specification is used for stopping the VMware Blockchain deployments gracefully.

Parameter

Description

operatorSpecifications

Add the operator Client container specifications required for the new operator container.

This parameter is mandatory.

operatorPublicKey

Copy and paste the operator public key details in a single line. The public keys must be generated using the ECDSA algorithm.

During deployment, the operator public key details are added to all the Replica nodes.

Sample operatorPublicKey configuration.

 "operatorSpecifications": {
        "operatorPublicKey": "-----BEGIN PUBLIC KEY-----
\nMFkwEwYHKoZ\n
-----END PUBLIC KEY-----\n"

This parameter is mandatory.

Client Node Group Specification

The order of precedence from the highest to the lowest CPU, memory, and storage configuration are the clientGroupNodeSpec, clientNodeSpec, and the SMALL form factor values.

Parameter

Description

clientGroupNodeSpec

Configure the Client node size for high-transaction-throughput applications to connect to a Client node group with large CPU, memory, and storage resources in the Client node VMs.

Conversely, the low-transaction-throughput applications on the same blockchain can connect to a Client node group with low CPU, memory, and storage resources in the Client node VMs.

The predefined sizes are small, medium, and large. The following are the default form factor values:

  • Small size - CPU 4, Memory 16 GB, and Storage 64 GB.

  • Medium size - CPU 16, Memory 64 GB, and Storage 512 GB.

  • Large size - CPU 128, Memory 1024 GB, and Storage 10240 GB.

Sample clientGroupNodeSpec with two large Client node groups and one medium Client node group sizing.

In this sample, any Client nodes in groups clientgroup-A and clientgroup-D are provisioned with the LARGE form factor values.

Client nodes in group clientgroup-B are provisioned with the MEDIUM form factor values.

In this example, the clientNodeSpec object is provided, and Client nodes that do not belong to any group are provisioned with values specified in that object.

If the clientNodeSpec is not specified, Client nodes that do not belong to any group are provisioned with the SMALL form factor values.

{
    "clientGroupNodeSpec": [
        {
            "formFactor": "LARGE",
            "groups": [
                "clientgroup-A",
                "Clientgroup-D"
            ]
        },
        {
            "formFactor": "MEDIUM",
            "groups": [
                "clientgroup-B"
            ]
        }
    ],
    "clientNodeSpec": {
        "cpuCount": 4,
        "diskSizeGb": 100,
        "memoryGb": 32
    },

Replica and Client Node VM Node Size Parameters

Specify the keywords replicaNodeSpec and clientNodeSpec in the deployment descriptor file.

Parameter

Description

cpuCount

Set the node CPU resource.

This parameter is optional.

memoryGb

Allocate some memory for the node.

This parameter is optional.

diskSizeGb

Assign a disk size for the node.

This parameter is optional.