Profile picture
Richard Gendal Brown @gendal
, 11 tweets, 4 min read Read on Twitter
Thread: “What on earth is a blockchain firewall?!” Most common question I’ve had today. @IanAllison123 does a good job in this @coindesk piece on Corda Enterprise: coindesk.com/r3-launches-co…, as does @pennycrosman for @AmerBanker here: americanbanker.com/news/r3-launch…. But here’s more… 1/10
Think about big public blockchains: Bitcoin and Ethereum. How do you “deploy” a node? Install it somewhere, open the relevant port(s) and off you go. Works well: the node is eventually in sync with the network and you’re done. You can trust what it tells you. 2/10
But now imagine you’re a business using blockchain tech to transform how you finance your imports or manage your patients’ records or reinsure your risks. You really don’t *care* about the data in your ‘blockchain node’. Surprising? Maybe. But true. 3/10
The reason businesses don’t care about the data *in* their blockchain nodes is because they run their businesses on their *existing apps*. And it’s the job of their enterprise blockchain nodes to make sure their *apps* are in sync with those of their counterparts. 4/10
So there’s a dilemma: the data that businesses care about is deep inside their secure networks yet the blockchain nodes syncing with their trading partners need to connect to each other over the internet. Yeah… good luck exposing that inner secure network to the internet… 5/10
So we need a way to deploy the enterprise blockchain node right next to the enterprise apps… integrating seamlessly with MQ, JDBC, etc… yet allowing that node to connect to peers across the internet and *receive* connections from peers too. How to resolve the dilemma? 6/10
We thought about this when we designed Corda. A promiscuous gossip network just isn’t going to cut it. And large corporate IT departments are entirely *un*-sanguine about deploying blockchain nodes managing real business data in their DMZs… So how to resolve the tension? 7/10
Part of the answer is in Corda’s core protocol: authenticated point-to-point messaging. AMQP over TLS. No broadcast, easy way to filter inbound connections. We know this works great because LOTS of projects are already live with the Corda open source platform after all. 8/10
The Corda Firewall goes a step further. It separates the peer-to-peer networking into a separate hardened component, ‘floating’ out in the DMZ, with rest of the node nestled next to your corporate apps. The two are linked umbilically. Unauthenticated data blocked. 9/10
So we get best of both worlds. Corda node sits next to your apps, bringing them into total sync in a way you can’t with other architectures. TLS terminated and inspected in DMZ. A ‘bridge’ ensures connections are made in the right direction. *Everybody* I show this to wants it!
Bonus eleventh tweet…. Andrey’s post gives more detail: medium.com/corda/peer-to-… Lots of docs here: docs.corda.r3.com/corda-firewall…. And a picture..!
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Richard Gendal Brown
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!