The VMware Blockchain Orchestrator deployment descriptor file defines all the available properties to configure for your deployment environment.

Organization Parameters

Parameter

Description

blockchainType

Use the default Daml contract engine.

This parameter is mandatory.

Client Node Parameters

Parameters

Description

zoneName

Enter the zone name where the Client node must be added after deployment.

This parameter is mandatory.

groupName

Assign a Client group name.

Multiple Client nodes distributed across the zones provide HA and network resiliency.

This parameter is optional.

tlsLedgerData

Configure mutual TLS (mTLS) to allow the Daml Ledger API server to communicate securely with the Client nodes.

As a best practice, secure the communication using mTLS. If these parameters are not implemented, the transmission is unsecured and uses plain text.

This parameter is mandatory. However, this parameter is optional when the ENABLE_DAML_OUTGOING_TLS parameter in the infrastructure descriptor is FALSE.

Specify the parameter details to secure mTLS communication between the Daml Ledger API and the Client nodes.

  • pem - Enter the contents of the private key file for the Client nodes.

    This parameter is mandatory.

  • crt - Add the trusted CA-signed certificate file for the Client nodes.

    This parameter is mandatory.

  • cacrt - Add the collection of trusted certificate authority (CA) certificates for the Client nodes.

    This parameter is mandatory.

  • clientAuth - Specify the value that denotes the CA certification authentication level for the Client nodes using mTLS. You can use any of the listed values.

    REQUIRE - Private key file (pem), trusted CA-signed certificate (crt), and CA certification authentication (cacrt) for the Client nodes must be used. As a best practice, use the REQUIRE value for secure communication.

    OPTIONAL - CA certification authentication (cacrt) for Client nodes can be used but is not required.

    NONE - CA certification authentication (cacrt) for Client nodes is not required.

    This parameter is mandatory.

keyName

Enter the AWS key pair used to connect to the Amazon EC2 instance.

This parameter is mandatory.

iamRoleArn

Create an Identity Access Management (IAM) role so that EC2 instances can call AWS services based on your assigned role. A default role is created during deployment if you do not configure a role.

If the provided role does not exist on AWS, the deployment fails, and an error message appears. You can apply the iamRoleArn value to specific Client nodes in the deployment. You can also have certain Client nodes configured with the iamRoleArn value and some not, and the default role is assigned when the role is not configured.

This parameter is mandatory.

Sample iamRoleArn role assigned to Client nodes.

{
  "zoneName": "orchestrator-zone-A",
  "groupName": "g1",
  "keyName": "private-key-name",
  "iamRoleArn":    "arn:aws:iam::732497959762:instance-profile/iam-role-test",
        } 

sideCar Node Group Specification Parameters

Specify the keywords sideCarNodeSpec in the deployment descriptor file.

You must enable the ENABLE_SIDE_CAR_VM_DEPLOYMENT parameter in the infrastructure and deployment descriptor files before deploying the blockchain nodes.

Parameter

Description

zoneName

Enter the zone name where the sideCar node must be added after deployment of the blockchain nodes.

Sample zoneNameconfiguration for a sideCar node.
"sideCar": {
             "zoneName": "zone-A"
           }

This parameter is mandatory.

cpuCount Set the sideCar node CPU resource. You can allocated the recommended 16 GB CPU resource.

This parameter is mandatory

memoryGb Allocate memory for the sideCar node.

The recommended size is 32 GB.

This parameter is mandatory

diskSizeGb Assign a disk size for the sideCar node.

The recommended size is 1 TB.

This parameter is mandatory

Replica Node Parameters

Parameter

Description

zoneName

Enter the zone name where the Replica node is to be added after deployment.

Note:

The zone name must match the zone name defined in the infrastructure descriptor file.

This parameter is mandatory.

keyName

Enter the AWS key pair used to connect to the Amazon EC2 instance.

This parameter is mandatory.

iamRoleArn

Create an Identity Access Management (IAM) role so that EC2 instances can call AWS services based on your assigned role. A default role is created during deployment if you do not configure a role.

If the provided role does not exist on AWS, the deployment fails, and an error message appears. You can apply the iamRoleArn value to specific Replica nodes in the deployment to receive the IAM role. You can also have certain Replica nodes configured with the iamRoleArn value and some not, and the default role is assigned when the role is not configured.

This parameter is mandatory.

Sample iamRoleArn role assigned to Replica nodes.

{
  "zoneName": "orchestrator-zone-A",
   "keyName": "private-key-name",
   "iamRoleArn": "arn:aws:iam::732497959762:instance-profile/iam-role-test"
        },

Full Copy Client Node Parameters

Replica nodes share transaction data with the Full Copy Client nodes. The Full Copy Client node does not participate in the BFT consensus process. The Full Copy Client node is optional.

The Full Copy Client node stores VMware Blockchain data on a key-value ObjectStore that uses S3 APIs. The data can be used, for example, for offline data analysis or storing data for an extended period. You can host the ObjectStore on-premises or on Amazon servers.

Parameter

Description

accessKey

Add the AWS access key information to gain access to the stored data.

Note:

Keep the access key information private to safeguard the stored data.

This parameter is mandatory.

bucketName

Specify the unique Amazon S3 bucket name.

Each Full Copy Client node must be configured to communicate with a separate Amazon S3 bucket.

Note:

The S3 bucket must be empty for the Full Copy Client node to write data to the bucket.

The S3 bucket must be up and running before the Full Copy Client node is deployed. The Full Copy Client node starts writing data to the S3 bucket.

This parameter is mandatory.

protocol

Add the Amazon S3 protocol information.

The protocol must use a standard protocol, such as HTTP or HTTPS.

This parameter is mandatory.

secretKey

Add the AWS secret access key or password.

Note:

Keep the secret access key information private to safeguard the stored data.

This parameter is mandatory.

url

Add the Amazon S3 URL where the data is stored.

The URL must be an FQDN or IP address with an optional port number.

This parameter is mandatory.

zoneName

Enter the zone name where the Replica node is to be added after deployment.

Note:

The zone name must match the zone name defined in the infrastructure descriptor file.

This parameter is mandatory.

providedIp

Enter the IP address to be assigned to the Replica node after deployment.

This parameter is optional.

iamRoleArn

Create an Identity Access Management (IAM) role so that EC2 instances can call AWS services based on your assigned role. A default role is created during deployment if you do not configure a role.

If the provided role does not exist on AWS, the deployment fails, and an error message appears. You can apply the iamRoleArn value to specific Full Copy Client nodes in the deployment to receive the IAM role. You can also have certain Full Copy Client nodes configured with the iamRoleArn value and some not, and the default role is assigned when the role is not configured.

This parameter is mandatory.

Sample iamRoleArn role assigned to Full Copy Client nodes.

{
  "zoneName": "orchestrator-zone-A",
   "keyName": "private-key-name",
   "iamRoleArn": "arn:aws:iam::732497959762:instance-profile/iam-role-test"
        },

Operator Specification Parameters

Operator specification is required for deployment. Operation specification is used for stopping the VMware Blockchain deployments gracefully.

Parameter

Description

operatorSpecifications

Add the operator Client container specifications required for the new Concord operator container.

This parameter is optional.

operatorPublicKey

Copy and paste the operator public key details in a single line. The public keys must be generated using the ECDSA algorithm.

During deployment, the operator public key details are added to all the Replica nodes.

Sample operatorPublicKey configuration.

 "operatorSpecifications": {
        "operatorPublicKey": "-----BEGIN PUBLIC KEY-----
\nMFkwEwYHKoZ\n
-----END PUBLIC KEY-----\n"

This parameter is mandatory.

Client Node Group Specification Parameters

The order of precedence from the highest to the lowest CPU, memory, and storage configuration are the clientGroupNodeSpec, clientNodeSpec, and the SMALL form factor values.

Parameter

Description

clientGroupNodeSpec

Configure the Client node size for high-transaction-throughput applications to connect to a Client node group with large CPU, memory, and storage resources in the Client node VMs.

Conversely, the low-transaction-throughput applications on the same blockchain can connect to a Client node group with low CPU, memory, and storage resources in the Client node VMs.

The predefined sizes are small, medium, and large. The following are the default form factor values:

  • Small size - m4.2xlarge

  • Medium size - m4.4xlarge

  • Large size - m4.16xlarge

Sample clientGroupNodeSpec with two large Client node groups and one medium Client node group sizing.

In this sample, any Client nodes in groups clientgroup-A and clientgroup-D are provisioned with the LARGE form factor values.

Client nodes in group clientgroup-B are provisioned with the MEDIUM form factor values.

In this example, the clientNodeSpec object is provided, and Client nodes that do not belong to any group are provisioned with values specified in that object.

If the clientNodeSpec is not specified, Client nodes that do not belong to any group are provisioned with the SMALL form factor values.

{
    "clientGroupNodeSpec": [
        {
            "formFactor": "LARGE",
            "groups": [
                "clientgroup-A",
                "Clientgroup-D"
            ]
        },
        {
            "formFactor": "MEDIUM",
            "groups": [
                "clientgroup-B"
            ]
        }
    ],

Replica and Client Node VM Node Size Parameters

Specify the keywords replicaNodeSpec and clientNodeSpec in the deployment descriptor file.

Parameter

Description

cpuCount

Set the node CPU resource.

This parameter is mandatory for Replica nodes and optional for Client nodes.

memoryGb

Allocate some memory for the node.

This parameter is optional.

diskSizeGb

Assign a disk size for the node.

This parameter is optional.

instanceType

Enter the Amazon EC2 instance type. For example, m4.2xlarge.

This parameter is mandatory.

volumeType

Set the volume type to gp3, gp2, io1, or io2.

The default gp3 is used if nothing is specified for the volume type.

If the designated volume type is io1 or io2, throughput cannot be specified, and the minimum IOPS value must be set to 100.

This parameter is optional.

iops

Designate the IOPS value for the volume.

The gp3 default IOPS value is 3000.

This parameter is optional.

throughput

Allocate the throughput value per volume.

The gp3 default throughput value per volume is 125 MiB/s.

This parameter is optional.

Other Parameters

Specify the keyword tag in the deployment descriptor file.

Parameter

Description

AWS

Sets the name tag for AWS deployments. The parameter filters EC2 instances by the tag, Name.

For example, Name": "AWS-ver1-deployment-1".

This parameter is optional.