p.Sahoja Azure

Key Points


References

Reference_description_with_linked_URLs_______________________Notes______________________________________________________________




https://azure.microsoft.com/en-us/pricing/details/virtual-machines/series/Azure VM types designed for workloads
https://www.intel.com/content/www/us/en/architecture-and-technology/
software-guard-extensions.html
Intel SGX - memory encryption for apps, data




https://www.zdnet.com/article/microsoft-azure-customers-reporting-hitting
-virtual-machine-limits-in-u-s-east-regions/
Azure capacity not increased fast enough in US East













Key Concepts




Azure requirements for Prototype - phase 1



Shane Red 
David Blue
Jim green.
  1. What is the composition of the consortium, like how many members or organizations/departments of an organization are going to be on the consortium? There is only one organization Sahoja for now they are just wanting the blockchain for the sake of blockchain at the moment.   In the future they may bring on others like maybe vendors to be active but not from the beginning.  Agree
    Agree - only 1 org for Sahoja in the blockchain itself
  • Do we expect to have one org responsible for the HLF ordering service? How many nodes (3, 5, or 7) are required for the ordering service for redundancy and HA perspective? Lets just go with 3 as there is only one truth which is Sahoja and no need for anything else.  Agree
    Agree
  1. How many HLF peer nodes (2, 4, 6…) are required by the orgs/depts. of org for the blockchain node? I think we need to 4 and need to be geographically disbursed  Agree
    Agree - 2 per zone
  2. What series of VMs are planned to be used in the AKS clusters running HLF components?   Not knowing all the intricacies involved but I would say just taking a quick look the DC-Series would be needed please chime in here if you see something other.  However looking in the US there is no DC-Series so will need something equivalent as we want to ensure data integrity. Based on the spec I reviewed on the Azure site, I would agree with DC series as well.
    DC Series has SGX support and should be adequate for prototype sites
  3. Is there a requirement for Azure Key vault? Not sure on this as we will be using a database for all user data as we will use a key associated with the user to encrypt data on the blockchain so that if a user wants to be “forgotten” we can delete the record from the database and the information on the blockchain will become inaccessible.  I think Azure key vault would be a nice add on we can consider but not really a hard requirement at this time.  Perhaps this can be priced separately? 
    Agree Key Vault is an option to look at to see how it will add value over basic Fabric key management services
  4. What series of VMs are required for NGINX web server? Again not sure on this will rely on others to let us know what is needed  F series should be sufficient.  Could go with D series as well.   
    Agree D or F series fine for Web servers
    1. And how many VMs are planned to be used for that? We want to have 2 web servers initially running and be able to scale so need to have load balancer in front of them.  I would be interested to know what kind of load balancing solution Azure supports, and what their LB algorithm is, and if it can be configured to use different algorithms.
      Minimum 2 servers in any cluster. Health-check services to be defined that allow automated failover within a transaction timeout. Assume LB is either round-robin to active servers or based on response times?
  5. What is the networking related configuration required, in terms of app gateways, VPN gateways, firewall? Should be firewalled to allow only port 80 and 443 traffic to the web and then firewalled to only allow traffic from web server to API server traffic and then from API to SmartContract access.  Agree    Agree
  6. Which are the regions that are considered for the solution deployment? US East and US West for now  Agree    Agree
  7. What is the requirement for Backup and DR for the solution? Should be backed up but again will rely on input from others.  Yes, we do want backups (both incremental backups and full backups taken at regular intervals) and of course disaster recovery.  We would need to see the cost sheet on these items.
    Agree


Potential Value Opportunities



Potential Challenges



Candidate Solutions



Step-by-step guide for Example



sample code block

sample code block
 



Recommended Next Steps