Your AWS/Azure Account
Add extensibility and heightened control to your blockchain network by optionally integrating a node with native AWS and Azure services, all managed and configured within your own organizationally-controlled cloud suite. Services include key management, log streaming, backups and private data routing. Additionally, Kaleido logins can be delegated to existing directory services and identity providers for customizable user management.
Using Cloud Integrations
Kaleido provides the following cloud services which can be deployed to specific memberships within your environment. For detailed instructions on each, click through the links found below or navigate to the relevant service in the nav bar to the left.
Key Management Integration adds a further layer of security to a node’s private signing materials by encrypting any sensitive keys with a master encryption key controlled by the node owner. Kaleido stores only the signing key cipher text and a single auditable decryption call is sent to the AWS Identity Access Management service when the node needs to initialize.
Node and Service backups perform a snapshot backup into an S3 bucket that provides an added layer of ledger persistence and gives owners full access to a node’s ledger and key materials. Users can orchestrate workflows to call the /backup API on configured intervals or manually extract the node data on a periodic basis.
Log Streaming injects realtime node logs into Cloudwatch, the popular monitoring and management service. Combine the node logs alongside existing applications and business processes to quickly diagnose errors, improve performance and/or gain additional insights.
Advanced Private Networking with a Virtual Private Cloud (VPC) PrivateLink endpoint allows for the Kaleido network to be accessed privately outside of the public internet. Leveraging a node’s private communication layer via PrivateLink ensures that any business critical or sensitive traffic never leaves the AWS backbone. Nodes can be configured with a hybrid ingress (public and private) allowing for users to partition any incoming data streams in accordance with their organizational and consortia mandates.
Blockchain Application Firewall sits between the application layer and your blockchain nodes to enable enhanced control over authentication and permissions for your Blockchain resources.