Service Overview - Huawei · Blockchain Service Service Overview Issue 01 Date 2019-07-30 ... an enterprise-grade blockchain system for upper-layer applications. Blockchain Service

Blockchain Service

Service Overview

Issue 01

Date 2019-07-30

HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2019. All rights reserved.No part of this document may be reproduced or transmitted in any form or by any means without prior writtenconsent of Huawei Technologies Co., Ltd. Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respectiveholders. NoticeThe purchased products, services and features are stipulated by the contract made between Huawei and thecustomer. All or part of the products, services and features described in this document may not be within thepurchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,and recommendations in this document are provided "AS IS" without warranties, guarantees orrepresentations of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute a warranty of any kind, express or implied.

Issue 01 (2019-07-30) Copyright © Huawei Technologies Co., Ltd. i

Contents

1 What Is Blockchain?......................................................................................................................1

2 HUAWEI CLOUD Offering Regarding Blockchain...............................................................4

3 Advantages......................................................................................................................................6

4 Functions......................................................................................................................................... 8

5 Solutions........................................................................................................................................115.1 E-government................................................................................................................................................................115.2 Transactions Between Corporation Subsidiaries.......................................................................................................... 135.3 Supply Chain Logistics ................................................................................................................................................145.4 Healthcare.....................................................................................................................................................................17

6 Key Concepts................................................................................................................................19

7 Permissions Management .........................................................................................................21

8 Restrictions and Note to Quotas...............................................................................................23

9 Edition Specifications.................................................................................................................24

10 Feature Updates......................................................................................................................... 27

11 Note to End of Maintenance....................................................................................................32

Blockchain ServiceService Overview Contents

Issue 01 (2019-07-30) Copyright © Huawei Technologies Co., Ltd. ii

1 What Is Blockchain?

Traditional Business NetworkIn a traditional business network, participants such as business organizations, governments,and financial institutions do not have a shared system and separately maintain their own data.When a transaction is conducted, both parties modify their own ledgers and maintain theledgers locally. This results in a network architecture shown in Figure 1-1.

Figure 1-1 Traditional business network architecture

Such a network faces the challenges of low efficiency, high cost, and being subject to attacksdue to the following facts:

l Each participant maintains its own ledger. The transaction information is nottransparently shared among participants, and it is not easy to discover data tampering, ifany.

l If a transaction involves multiple parties, additional workload and costs are needed toreconcile disparate ledgers for data consistency.

Blockchain ServiceService Overview 1 What Is Blockchain?

Issue 01 (2019-07-30) Copyright © Huawei Technologies Co., Ltd. 1

l Data is scattered among participants, resulting in low efficiency of the overall businessprocess.

l The network relies on a single or multiple central systems. Once the central systemsexperience fraud, attacks, or errors, operation of the entire network will become chaotic.

Basics of BlockchainIn a narrow sense, a blockchain is data blocks chained based on the block generation time anduses cryptography to ensure that distributed ledgers cannot be tampered with or forged. In abroad sense, the blockchain is a distributed architecture and computing mode that uses theblockchain data structure to verify and store data, distributed consensus algorithms to generateand update data, cryptography to ensure data transmission and access security, and smartcontracts compiled by automated script code for programming and data operation.

Blockchain uses a set of technologies including shared ledgers, consensus algorithms, securityand privacy protection, and smart contracts. It features multi-centralization, consensus andtrust, immutability, and traceability. In a blockchain system, all participants share ledgers,which can solve the challenges in traditional business networks. Figure 1-2 shows thearchitecture of a blockchain system.

Figure 1-2 Blockchain systems architecture

All participants in a business network share the ledger and update all the copies of the ledgerupon each transaction.

Cryptography algorithms ensure that participants have access only to the ledger contentrelated to them, thus ensuring transaction security.

Transaction-related contract clauses are embedded into the transaction database to comprisesmart contracts, which are automatically executed when the business conditions are met.

Consensus algorithms ensure that transactions are validated by all involved parties andrequirements of supervision and audit are met.



Benefits of BlockchainTime saving: Shortens transaction duration from days to real-time or quasi-real-timecompletion.

Reduced costs: Reduces extra costs and the participation of third parties required to ensuredata consistency.

Lower risks: Precludes the possibility of tampering to reduce risks of frauds and cybercrimes.

Enhanced trust: Builds up trust between transaction participants using shared ledgers,processes, and records.

More Informationl Data in a blockchain system is generated and stored in blocks, which are chained in a

time sequence. That is why the term "blockchain" is coined.l All nodes in a blockchain system participate in data verification, storage, and

maintenance. Consensus must be reached to create a block. The new block is broadcastto all nodes, ensuring synchronization on the entire network. After this, it cannot bemodified or deleted.

l For more blockchain knowledge, see Key Concepts and Hyperledger Fabricdocumentation.



https://hyperledger-fabric.readthedocs.io/en/release-1.4/

https://hyperledger-fabric.readthedocs.io/en/release-1.4/

2 HUAWEI CLOUD Offering Regarding

Blockchain

HUAWEI CLOUD provides a blockchain technology platform service, called BlockchainService (BCS), based on Hyperledger Fabric for enterprises and developers. BCS helps youquickly deploy, manage, and maintain blockchain networks on HUAWEI CLOUD, reducingthe threshold for using blockchain. In this way, you can focus on the development andinnovation of your own business to quickly implement business using blockchain.

For an introduction to the BCS, click here.

Figure 2-1 BCS architecture

l Infrastructure layerThe infrastructure layer offers underlying resources required for creating a blockchainnetwork, including resources on nodes used to compute and store data in the network.HUAWEI CLOUD enables you to conveniently purchase resources as required anddeploy blockchain networks on either the private cloud or edge cloud.

l Blockchain platformHUAWEI CLOUD provides the blockchain service platform based on the HyperledgerFabric framework. The platform consists of modules such as those for service, channel,and member management. It helps you quickly create, manage, and efficiently maintainan enterprise-grade blockchain system for upper-layer applications.

Blockchain ServiceService Overview 2 HUAWEI CLOUD Offering Regarding Blockchain


https://bbs-video.huaweicloud.com/video/media/20181031/20181031164341_78317.mp4

l Service application layerBCS can be used in multiple scenarios of various industries, such as supply chainfinance, supply chain tracing, digital assets, and notarization for crowdsourcing.Industry-specific applications connect to the blockchain platform to ensure datareliability and security.

l Security managementThe HUAWEI CLOUD security system, Hyperledger Fabric framework, and innovativecryptography algorithms provide comprehensive security assurance for blockchainnodes, ledgers, smart contracts, and upper-layer applications.

Blockchain ServiceService Overview 2 HUAWEI CLOUD Offering Regarding Blockchain


3 Advantages

Easy to UseBuilding an enterprise-grade distributed blockchain network is not easy. It requires not onlyin-depth knowledge of blockchain but also complex design and configuration, which is error-prone and costly.

l The BCS is built based on Hyperledger Fabric. It can help enterprises deploy blockchainnetworks within only 5 minutes, reducing the development and deployment costs by asmuch as 80%.

l BCS hosts functions of full-lifecycle management and GUI-based smart contract coding,commissioning, and deployment. Customers using BCS can focus on the innovation anddevelopment of their own service applications.

Cost-Effectivel The pay-per-use billing mode and functions such as service hibernation and waking at

any time and data aging on orderers reduce costs.l BCS is connected to the Application Operations Management (AOM) service of

HUAWEI CLOUD for comprehensive O&M on BCS services, including system status,performance, and transaction monitoring, maintenance, and alarming to reduce O&Mcosts.

l The peer scaling function allows auto scaling of peers on demands, greatly improving thecost-effectiveness.

Highly Efficient and Reliablel BCS supports multiple efficient consensus algorithms and deeply optimizes existing

algorithms to achieve balance between security and efficiency.l Consensus within seconds (over 5,000 TPS) meets service performance requirements.l Blockchain ledgers are stored in the efficient HUAWEI CLOUD elastic storage files,

satisfying the demand of fast storing massive amount of user data.l Nodes of multiple roles and members can dynamically join or quit consortium

blockchains.

Secure and Privacy ProtectedComprehensive approach to blockchain security:

Blockchain ServiceService Overview 3 Advantages


l The HUAWEI CLOUD security system ensures stable and secure running ofblockchains.

l The Hyperledger-assured security system prevents data tampering and protects privacyby means of certificate management and the blockchain structure of data.

l Innovative algorithms such as homomorphic encryption and zero-knowledge proofsprovide further privacy protection.

l Chinese cryptographic algorithms are used for encryption and decryption.

Expert Service OfferedBCS provides guidance and consultancy for you to develop dedicated blockchain, includingscenario analysis, technical training, architecture design, system development, and systemrollout, help you efficiently and cost-effectively deploy high-quality blockchain applicationsystems.

Blockchain ServiceService Overview 3 Advantages


4 Functions

BCS provides the following functions to help you quickly deploy blockchains featuringsecurity, high efficiency, and cost-effectiveness.

Service DeploymentYou can purchase resources when deploying a blockchain system, without a need to prepareresources required by the system in advance.

l The deployment time is reduced from days to minutes, and the blockchain networkconfiguration is completed during deployment.

l Underlying technological details are masked. You do not need to care about theunderlying technology implementation and platform construction.

l You can create a cross-region consortium blockchain or a private blockchain.

Ledger StorageThree types of databases are available for ledger storage, that is, file database (goleveldb),relational database (MySQL), and NoSQL (CouchDB).

l File database: The Fabric native storage mode is used. Historical transaction data isstored in the blockchain, and status data is stored in the LevelDB.

l Relational database: Status data is stored in the MySQL database. Historical transactiondata is stored in both the blockchain and MySQL database. This allows fast and richquery of relational database and at the same time, ensures data immutability, a feature ofFabric.

l NoSQL: The CouchDB storage mode supported by the Fabric is used to store transactiondata and status data.

Consensus AlgorithmsBCS supports multiple consensus algorithms for diverse scenarios.

l Solo: A simple consensus algorithm. In a Solo ordering service, only one orderer isavailable. Therefore, Solo does not support fault tolerance but features quick startup andresource saving. It is recommended for testing.

l Fast Byzantine consensus algorithm (FBFT): A highly available consensus algorithmwith superb performance. It requires at least four orderers and tolerates faults at a

Blockchain ServiceService Overview 4 Functions


maximum of (N – 1)/3 orderers, where N indicates the total number of orderers. It isrecommended for production environment.

l Kafka (crash fault tolerant): A high-speed consensus algorithm, which tolerates crashfaults on just under half of all orderers. It is recommended for production environment.

Consortium Member and Organization Managementl A consortium initiator can dynamically invite other tenants to conveniently and quickly

set up a consortium blockchain. Peers of each consortium member run in a separate VPCfor independent management, ensuring security and controllability.

l Peer organzations can be dynamically added to a BCS service to avoid impact ofinsufficient peer organizations configured during service deployment.

Auto Scaling of Nodes

Peers and orderers can be scaled out dynamically based on user requirements, which does notrequire system reboot.

Chaincode Management

You can manage chaincodes on the graphical user interface (GUI) throughout the entirechaincode lifecycle, including coding, debugging, installation, and instantiation.

Blockchain Browser

You can query blockchain information required for maintenance in the blockchain browser.The information includes the block quantity, transaction quantity, block details, transactiondetails, performance, and peer statuses.

Application Access

Applications can access blockchain networks using software development kits (SDKs), Javadatabase connectivity (JDBC), and RESTful APIs.

l SDK configuration files can be downloaded. After simple configuration, an applicationcan be connected to a blockchain network.

l The JDBC API simplifies data query of applications while retaining data immutability ofblockchains.

l Applications can invoke chaincodes through the RESTful API. The policy of multi-organization endorsement is supported.

Monitoring and O&M

BCS connects to the monitoring platform to monitor data and resources in real time andgenerate alarms and notifications when necessary.

l Automated O&M: BCS actively upgrades the underlying blockchain platform andupdates patches to seamlessly integrate with the HUAWEI CLOUD O&M system.

l Enterprise-grade monitoring: Multi-dimensional monitoring is performed on clusters24/7, and user-defined alarms can be reported through multiple channels.



Inter-Blockchain Data Interactionl Arbitration is introduced for inter-blockchain transaction results. The blockchain data

structure is used to manage the inter-blockchain transaction results, ensuring atomicity ofthe transactions.

l Arbitration nodes only manage the verification results of inter-blockchain transactionsand does not touch original transaction data, ensuring independency and security of thetransactions.

l Behavior consistency between parties in inter-blockchain transactions is verified,ensuring consistency of the transaction information during distribution (such as in assettransfer).

Currently, only the enterprise and platinum editions support inter-blockchain data interaction. To use thisfunction, submit a service ticket to the customer service.



5 Solutions

5.1 E-governmentThe HUAWEI CLOUD BCS provides an e-government solution, enabling the big data centerand government departments to jointly build a blockchain-based e-government system. In thissystem, electronic certificates can be shared among government departments that areauthorized to access data based on their functions. The blockchain ensures datasynchronization and immutability, protects privacy, and facilitates certificate tracing andaudit, improving efficiency and effectiveness of government affair transactions.

Industry Status Quo and Pain Pointsl Reliability of government affair data

In traditional storage and transaction modes, personal information, such as identities,ownership, and social security records, is prone to be tampered with and cannot beupdated in a timely manner. These disadvantages entail risks of fraud to personalinformation. The departments that collect the information are responsible for dataauthenticity, but lack technical means for authentication.

l Information completenessDepartments that collect data lack mutual trust with those use the data. As a result, it isdifficult to collect all the necessary data.

l Privacy violation and security risksThe responsibility of data security is often taken by data collection departments, but it ishard for them to protect privacy while achieving high efficiency in data management andtracing.

Blockchain ServiceService Overview 5 Solutions


Solution Architecture

Figure 5-1 Solution architecture

l Decentralization for efficient data accessGovernment departments in the same blockchain network share the ledger toconveniently obtain data when needed and avoid problems such as service interruptionand slow response caused by centralization.

l Multi-party endorsements for data controllability and credibilityA blockchain smart contract defines the logic used for consortium members to reachconsensus. Only government departments with definite rights and responsibilities canrequest access to the shared ledger data, and the data access is logged for tracing. Inaddition, encryption and decryption defined by the smart contract prevent data leakage.Endorsements from multiple consortium members ensure the credibility of socialcertificate data.

Solution Highlightsl Improved service stability

Data in a blockchain is shared and distributed, and transaction parties have equal accessto data and jointly maintain the ledger. This ensures that data is immutable and authenticand the blockchain is tolerant to faults on and attacks to certain number of nodes. In thisway, government departments can offer 24/7 stable and reliable services.



l Convenient data collectionThe blockchain technology resolves issues of equal data access and consensus-basedcollaboration for data storage, management, and use. Data collection becomesconvenient, and departments can use the Internet to achieve data and servicetransparency.

l Security guaranteedSmart contracts record the mapping between transactions and required certificates aswell as the functions of transaction parties. They are executed to authorize the decryptioncenter to decrypt data based on the unified permissions management principles. Thismechanism resolves the conflicts between real-time data sharing, authorization changes,and data security, eliminating people's concerns about database management and dataaccess permissions of departments. In addition, smart contracts automatically logcertificate usage in BCS services to facilitate end-to-end tracing and audit.

5.2 Transactions Between Corporation SubsidiariesHUAWEI CLOUD BCS allows for a collaboration consortium composed of subsidiaries andaudit organizations of a multinational corporation for inter-subsidiary transactions.Transaction parties within the consortium can develop trust and eliminate reconciliation anddiscrepancies, which offers end-to-end audit support.

Industry Status Quo and Pain Pointsl Lack of trust between corporation subsidiaries

Transaction parties do not fully trust in each other for ownership and fund transfer duringcontract execution and transactions.

l Delayed financial settlementReconciliation of internal transactions requires a large amount of manpower and longtime. The discrepancy in reconciliation may lead to delayed settlement and reportissuance.

l Low efficiency and high costInternal reconciliation is time-consuming and requires a large number of financialpersonnel's efforts. However, the reconciliation result may still be incorrect, and it ishard to perform supervision.

l No simple method of data sharingThe financial data of corporation subsidiaries is distributed in different types ofenterprise resource planning systems (ERPs), which are not integrated or connected.

l Regulators lacking trust in corporationsA multinational corporation must keep data for many years (usually 10 or more years)and provide evidence to external auditors or authorities, demonstrating that data sourcesare trustworthy and the data has not been tampered with.

l Regulation compliance issuesInter-subsidiary transfer pricing and complex transactions may cause tax base erosionand profit shifting (BEPS) and may result in financial statement restatements.

Solution Architecture

The BCS-based inter-subsidiary transaction solution has the following features:



l Unified ledgerTamper-proof, consistent business transaction records are traceable, eliminating thenecessity of reconciliation and meeting audit requirements.

l Digital assetsTokens are used to record the transaction assets and rights to realize the life-cyclemanagement of digital assets.

l Smart contract fulfillmentAutomated fulfillment ensures the fairness of transactions based on the contract termsand conditions.

Figure 5-2 Solution architecture

Solution Highlightsl Ensuring consistency of inter-subsidiary transaction records and the balance of

accounting without the need for reconciliationl Using tokens to track goods such as the statuses, physical locations, and ownership

changes and strictly adhering to the contract clauses to carry out transactions, whichimproves the trust between transaction parties

l Simplifying and normalizing the inter-subsidiary supply chain processesl Supporting transactions that involve different systemsl Providing end-to-end traceable and immutable information for internal and external

audits

5.3 Supply Chain LogisticsManufacturers, warehousing institutes, logistics providers, and customers can use HUAWEICLOUD BCS to comprise collaboration consortia and use IoT technologies to record all the



logistics information of goods, including production, warehousing, line haul transportation,reselling, and local logistics. The consortia break down information silos, improvescirculation of information, and build trust between parties.

Industry Status Quo and Pain Pointsl Disadvantage of using paper documents

Many phases of logistics still involve manual operations and paper documents. Thiscauses long duration of the process, high costs, slow reconciliation, and risks ofdocument losses or damage. The cost on maintaining and transferring documentsaccounts for 1/5 of the total logistics cost.

l Low efficiencyParticipants in a supply chain have their own information systems, independent fromeach other. There is no unified standard or tracking system. It is difficult for them tocollaborate effectively.

l Long durationElectronic information can be easily tampered with. Therefore, paper documents areused as the only type of proof for settlement, but extend the accounting period and thecarriers' average collection period of receivables.

l Difficult financingMost carriers are small- and medium-sized enterprises, lacking credit records, scores, orcredibility. Financing is difficult and requires high costs.

Solution ArchitectureThe supply chain logistics solution provided by HUAWEI CLOUD BCS can be combinedwith the IT information systems of logistics participants to achieve the following:

l Jointly maintain unified ledgers, which stores immutable and traceable goods transferrecords to meet audit and tracing requirements.

l Provide common APIs for participants' IT systems to access BCS and input data, whichcannot be tampered with. In this way, participants establish their credibility and trust ineach other.

l Automatically store the geo-fence information reported by the driver's app to show inreal time when, where, and by whom goods are processed.

l Fulfill smart contracts to automatically perform signing, settlement, and calculation toobtain the performance data, which is considered fair due to the automation.



Figure 5-3 Solution Architecture

Solution Highlightsl Reduced errors

Distributed, shared ledgers greatly improve the traceability and transparency of thesupply chain and effectively reduce or eliminate changes of fraud and errors.

l Increased efficiencyElectronic proofs of delivery (PODs) are used instead of paper documents to reduce thedelay caused by paper works, and smart contracts allows automatic settlement toimprove efficiency.

l Lower costsQuick settlement, automatic order reception, and goods tracking significantly lower thelogistics costs of all the involved parties.

l Transparent auditImmutability of distributed ledgers and non-repudiation of signatures allow for quickdiscovery of problems in supply chain logistics.

l TrustIn addition to transparent rules and automated settlement, the blockchain technologyenables end-to-end tracking of goods all the way through production and transparent to



final reception. These mechanisms greatly improve the trust between consumers andpartners in the supply chain.

5.4 HealthcareHUAWEI CLOUD BCS helps healthcare institutions, third-party organizations, andsupervision departments to form a collaboration consortium. Healthcare information silos arebroken down using electronic medical records that cannot be tampered with and can protectprivacy. This builds trust between doctors and patients and provides comprehensive healthand medical care information for telemedicine and referral.

Industry Status Quo and Pain Pointsl Insecure data

Most healthcare data is stored in the data center. If a natural disaster or hacking occurspatients' electronic medical records stored in the data center may be lost.

l Information silosThere is no appropriate mechanism for mutual trust and data sharing between healthcareinstitutions, which leads to information silos and makes it difficult to obtain completeand comprehensive data. Data may be modified casually when shared and therefore, isconsidered unreliable.

l Repeated medical treatmentA new electronic medical record is stored each time a patient goes to a different hospitaldue to a lack of data exchange or sharing channels between hospitals and otherhealthcare institutions. In this situation, there is no complete medical record for thepatient, who may need to experience repetitive health checks. This leads to a waste oftime, money, and healthcare resources.

l No access to personal medical dataPatients have no access to their medical care data, which is stored in the hospitalsystems. This affects medical treatment and health management.

Solution ArchitectureA healthcare consortium blockchain is built, comprising healthcare institutions, third parties,physicians, patients, and regulators based on electronic medical records (EMRs). The medicaland healthcare data is stored in the blockchain and offered to patients or for scientificresearch, with security and privacy protected by using encryption and smart contract-basedauthorization mechanisms.



Figure 5-4 Solution Architecture

Solution Highlightsl Information silos broken down

The healthcare consortium blockchain connects information systems of healthcareinstitutions, so that regional inspection as well as ultrasound and radiologicalexamination results can be securely exchanged for online healthcare, two-way referral,and remote consultation.

l Immutable medical dataThe EMRs, physicians' diagnosis process and results, medical record query histories, andpatient identity information are stored in blockchains to ensure that they cannot betampered with and can be traced. This can reduce medical disputes and construct aharmonious healthcare environment.

l Protected privacy and right to knowEncryption and smart contract-based authorization mechanisms offers patients access totheir own healthcare data while protecting their privacy. Others can access the data onlywhen authorized.

l Quick and effective supervisionRegulatory authorities can use the data on blockchains to effectively prevent healthcaretreatment that violates regulations, reducing medical disputes.



6 Key Concepts

Blockchain

In a narrow sense, a blockchain is a list of data records (called blocks) linked in chronologicalorder using cryptography and a distributed ledger to prevent data tampering and forging. In abroad sense, the blockchain technology is a new distributed infrastructure and computingparadigm that uses the blockchain data structure to verify and store data, distributed nodeconsensus algorithms to generate and update data, cryptography to ensure security of datatransmission and access, and smart contracts formed by automated scripts to implementprogramming and operate data.

Distributed Ledger

A distributed ledger is a database shared, replicated, and synchronized among networkmembers. It records transactions between network participants, such as exchange of assetsand data. Use of a distributed ledger eliminates the time and expenditure of ledgerreconciliation.

l Decentralized and trustless: Data copies are stored on nodes. No central node or a third-party organization is responsible for data control.

l Collectively maintaining data consistency: Each participant uses a public key as itsidentity. Nodes independently check the data validity and collectively determine the datato be written to the ledger, by consensus.

l Reliable data, difficult to be tampered with: Data is stored in blocks. Each node stores allblocks. Data access permissions can be customized. Block chaining prevents datatampering.

Smart Contract

A smart contract, also called chaincode, is a code logic that runs on a blockchain and isautomatically executed under a specific condition. It is an important method for a user toimplement service logic when using a blockchain. Thanks to the blockchain features, theexecution results of smart contracts are reliable and cannot be forged or tampered with.

l Cheating is prevented. Smart contracts are automatically triggered when conditions aremet. Execution results are verified independently.

l Results cannot be modified because the data is stored in the blockchain.l Contract content is reliable because it is stored in the blockchain.

Blockchain ServiceService Overview 6 Key Concepts


l Privacy is protected. Only specified participants can obtain contract content and data.

PeerA network node that maintains the ledger.

OrganizationMultiple organizations (members) can join a consortium blockchain (or a blockchainnetwork). Each organization can have multiple peers.

ChannelA channel is a private blockchain built on a blockchain network to ensure data isolation andconfidentiality. Each channel is a logical blockchain. Transactions in a channel are open to thepeers that have joined the channel. A peer can join multiple channels.

Distributed ConsensusA majority of independent participants in a system need to achieve consensus on a transactionor operation, for example, verification of double-spending transactions, verification oftransaction validity, and the decision on whether to write verified data to the existing ledger.

Hash AlgorithmA hash value of a digital content segment can be used to verify data integrity. Any minormodification to digital content leads to a significant change in the hash value. A qualifiedhash algorithm can be used to easily obtain a hash value from digital content, but it is almostimpossible to calculate the original digital content by using a hash value.

Blockchain ServiceService Overview 6 Key Concepts


7 Permissions Management

If you need to assign different permissions to employees in your enterprise to access yourBCS resources, IAM is a good choice for fine-grained permissions management. IAMprovides identity authentication, permissions management, and access control, helping yousecure access to your HUAWEI CLOUD resources.

With IAM, you can use your HUAWEI CLOUD account to create IAM users for youremployees, and assign permissions to the users to control their access to specific resourcetypes. For example, some software developers in your enterprise need to use BCS resourcesbut must not delete them or perform any high-risk operations. To achieve this result, you cancreate IAM users for the software developers and grant them only the permissions requiredfor using BCS resources.

If your HUAWEI CLOUD account does not need individual IAM users for permissionsmanagement, you may skip over this chapter.

IAM can be used free of charge. You pay only for the resources in your account. For moreinformation about IAM, see IAM Service Overview.

Supported System Policies

A policy is a set of permissions defined in JSON format. By default, new IAM users do nothave any permissions assigned. You need to add a user to one or more groups, and assignpermissions policies to these groups. The user then inherits permissions from the groups it is amember of. This process is called authorization. After authorization, the user can performspecified operations on BCS based on the permissions. IAM provides system policies thatdefine the common permissions for different services, such as administrator and read-onlypermissions. You can directly use these system policies to assign permissions.

BCS is a project-level service deployed in specific physical regions. Therefore, BCSpermissions are assigned to users in specific regions and only take effect for these regions. Ifyou want the permissions to take effect for all regions, you need to assign the permissions tousers in each region. When accessing BCS, the users need to switch to a region where theyhave been authorized to use the BCS service.

Table 7-1 lists all the system policies supported by BCS. The Dependencies column lists thepolicies of other services on which the BCS policy depends to take effect. When assigningBCS permissions to users, you need to also assign the dependent policies for the BCSpermissions to take effect.

Blockchain ServiceService Overview 7 Permissions Management


https://support.huaweicloud.com/en-us/productdesc-iam/iam_01_0026.html

Table 7-1 System policy summary

PolicyName

Description Dependencies

BCSAdministrator

Administratorpermissions for BCS.

Dependent on the policies CCE Administrator,SWR Admin, VPC Administrator, SFSAdministrator, BSS Administrator, ECS Admin,AOM Admin, APM Administrator, DMSAdministrator, and RDS Administrator.SWR Admin, ECS Admin, and AOM Admin arefine-grained policies. To obtain the permissions ofthese policies, apply to use the fine-grained accesscontrol function of IAM.These are project-level policies and must beassigned in the same project as the BCSAdministrator policy.

Helpful Linksl IAM Service Overviewl Creating a User and Granting Permissions

Blockchain ServiceService Overview 7 Permissions Management


https://support.huaweicloud.com/en-us/productdesc-iam/iam_01_0026.html

https://support.huaweicloud.com/en-us/usermanual-bcs/bcs_usermanual_0019.html

8 Restrictions and Note to Quotas

To use a HUAWEI CLOUD BCS service, you need to purchase Cloud Cluster Engine (CCE)clusters, bind elastic IP addresses to servers, create a Scalable File Service (SFS) file system,deploy a BCS service, and build a blockchain application.

BCS has quota limitations. You can create a maximum of five BCS services. To create moreservices, see How Do I Apply for a Higher Quota?. Service editions have differentspecifications. For details about the specifications of each edition, see Edition Specifications.

Blockchain ServiceService Overview 8 Restrictions and Note to Quotas


https://support.huaweicloud.com/en-us/usermanual-iaas/en-us_topic_0040259342.html

9 Edition Specifications

HUAWEI CLOUD BCS provides basic, professional, enterprise, and platinum editions, withdifferent specifications.

For the pricing details of each edition, see Product Price Details.

Table 9-1 Comparison between editions

Item BasicEdition

Professional Edition

EnterpriseEdition

PlatinumEdition

Applicable scenario Trial use andtesting (non-commercial)

Small-scalecommercialuse

Medium-scalecommercialuse

Large-scalecommercialuse (forexample,largeenterprises'finances anddigitalgovernmental affairs)

Consortium blockchain Notsupported

Supported Supported Supported

Peak transactionperformance

Not morethan 50 TPS

Not morethan 300TPS

Not morethan 1,000TPS

Not morethan 6,000TPS

Consensusalgorithms

Solo Supported Supported Supported Supported

Kafka (CFT) Notsupported


FBFT Notsupported

Notsupported

Supported Supported

Blockchain ServiceService Overview 9 Edition Specifications


https://www.huaweicloud.com/en-us/pricing.html#/bcs

Item BasicEdition


EnterpriseEdition

PlatinumEdition

Nodemanagement

Maximumnumber oforganizations (only forprivateblockchains)

1 2 5 10

Maximumnumber ofpeers perorganization

2 2 2 5

Maximumnumber oforderers

1 2 4 10

Maximumnumber ofchannels

1 2 4 10

Automaticrecoveryfrom nodefaults

Supported Supported Supported Supported

Node autoscaling

Notsupported


Securityfunctions

ECDSA Supported Supported Supported Supported

Chinesecryptographic algorithms

Notsupported

Notsupported

Supported Supported

Additivehomomorphic encryption

Notsupported

Notsupported

Supported Supported

Zeroknowledgeproof

Notsupported

Notsupported

Supported Supported

Encryptionusing IntelSGX

Notsupported

Notsupported

Notsupported

Supported

Highavailability

InvokingsmartcontractsthroughRESTfulAPIs




Item BasicEdition


EnterpriseEdition

PlatinumEdition

Commondeployment


High-availabilitydeployment

Notsupported

Notsupported

Notsupported

Supported

O&M andmonitoring

O&Mlogging


Node statusmonitoring


Statusalarming


Servicesupport

Namedservicemanager

Notsupported

Notsupported

Notsupported

Supported

Remotetechnicalsupport bythe R&Dteam

Notsupported

Notsupported

Notsupported

Supported(24/7)

Onsitetechnicalsupport

Notsupported

Notsupported

Notsupported

Supported,with nomore thanone personday perquarter



10 Feature Updates

Table 10-1 Feature updates

Release Date What's New

2019-10-30 l Provided versions corresponding to Hyperledger Fabric v1.4.0 forBCS services deployed on the edge cloud.

l Enabled cold storage of ledgers for BCS services deployed on theedge cloud.

2019-09-30 l Enabled selection of existing DMS service instances to purchase BCSservice in quick deployment mode.

l Enabled selection of the MySQL database for quick deployment ofBCS services in the CN North-Beijing4 region.

l Added the inter-blockchain data interaction function.

2019-08-30 l Enabled installation of RESTful APIs during quick deployment of aBCS service.

l Enabled BCS service deployment on edge clusters in quickdeployment mode.

l Added the multi-project management function for enterprises.l Enabled BCS service deployment in Kunpeng clusters.l Added BCS walkthrough functions for CN South-Guangzhou.l Enabled creation and use of SFS Turbo for BCS services.

2019-07-30 l Reduced the prices of existing BCS editions, and added a new editionwith preferential prices for small-scale blockchain applications.

l Provided walkthroughs in the CN North-Beijing1 and CN North-Beijing4 regions for users to experience the BCS service.

l Added support for health check and component upgrade for BCSservices deployed using edge clusters, and for reporting of componentlogs of such services to the AOM service.

l Added support of BCS services deployed using edge clusters forprivate blockchain establishment, and removed the restriction on theorganization quantity of such services.

Blockchain ServiceService Overview 10 Feature Updates



2019-06-30 l Released BCS service versions corresponding to Hyperledger Fabricv1.4.0 in all regions.

l Offered the functions such as organization addition, consortiumblockchains, data aging on orderers, Chinese cryptographicalgorithms, homomorphic encryption, and RESTful APIs to the BCSservices of versions corresponding to Hyperledger Fabric v1.4.0.

l Provided channel topology views to show the relationships betweenconsortium blockchain members.

l Enabled addition of peers to channels and downloading of SDKconfigurations for services deployed using edge clusters.

2019-05-30 l Enabled compliance of BCS services with Hyperledger Fabric v1.4.0on HUAWEI CLOUD International.

l Added support for the FBFT consensus algorithm for BCS servicesdeployed on edge clusters.

l Enabled peer organizations to be bound with edge cluster nodes usedto deploy a BCS service.

l Enabled dynamic addition of organizations, peers, and channels toBCS services deployed on edge clusters.

l Enabled encryption of certificates and private keys for storage forBCS services deployed on edge clusters.

2019-04-30 l Added support for rolling upgrade to avoid service interruption duringupgrades.

l Enabled cross-AZ deployment of a BCS service to improve serviceavailability.

l Enabled BCS service deployment on edge clusters.l Enabled customization of cloud host, DMS instance, and RDS DB

instance specifications during purchase of a BCS service with itsresources.

2019-03-30 l Added support for multi-organization endorsements for RESTful APItransactions.

l Added the function of dynamic organization scale-out for BCSservices that use MySQL to store ledger data.

l Optimized consortium blockchains to allow join-in of multiple serviceinstances of a single member.

2019-02-28 Added support for the following functions:l Deployment of cross-region consortium blockchainsl Data aging on orderers

2019-02-02 Added the functions of hibernating and waking BCS service instances,which help enterprises save costs and improve competitiveness.




2019-01-14 l Terminated free trial, and offered new prices, which took effect from00:00:00 (GMT+08:00) on January 15, 2019.

l Enabled dynamic addition of organizations to a BCS service.

2018-11-24 l Added guidance on enabling alarm generation before web disk spaceexhaustion, so that you can expand the disk space in time to ensuresuccessful ledger writing.

l Optimized the SDK configuration file to support multipleorganizations for a single private blockchain.

l Added the function of deleting the web disk allocated to a BCSservice.

2018-11-09 l Added support for Node.js chaincodes.l Optimized the CouchDB storage function. You can set a CouchDB

login password when creating a BCS service.l Optimized the MySQL storage function. The default chaincode is

installed if you submit only a MySQL schema file.

2018-11-02 l Added function of invoking chaincodes on blockchain clients(programming languages unrestricted) through RESTful APIs.

l Optimized SDK configuration files of consortium blockchains toreduce the configuration complexity for SDK-based chaincodeinvocation.

l Optimized the process of deploying the demo application of openingan interbank category-II account.

2018-10-22 l Added the function of changing elastic IP addresses to ensure highavailability of services.

l Optimized the chaincode and block management system page togreatly shorten the response time and improve the page accessexperience.

2018-10-08 l Added the interactive walkthrough function. You can experience thedeployment of Marbles demo application, including creating a cluster,deploying a BCS service, and installing and instantiating a chaincode.

l Enabled the Marbles demo application for users to experience thesimulated asset transfer process.

2018-09-28 l Added the chaincode editor, which supports online editing,debugging, and deployment of chaincodes.

l Raised the limit on the number of organizations in a single BCSinstance to 20 organizations.

l Enabled the yearly/monthly billing mode for quick deployment.l Optimized the downloading the SDK configuration file of a

consortium blockchain. The organization-specific SDK configurationdata of multiple tenants in a consortium can be downloaded in onefile.




2018-09-14 l Enabled customer-specific application tags to deploy applications andBCS services of different customers in separate VMs in a cluster toavoid resource competition.

l Optimized the BCS service management page to automatically updateservice statuses.

l Added the function of uploading BCS service alarms to the AOMservice alarm center for display.

l Enlarged the maximum size of a compressed chaincode package.Each .zip package can be 20 MB at most. The folder retrieved bydecompression of a package can be 500 MB at most and contain up to1 million files.

2018-09-04 New features:l Enabled quick deployment of BCS services. This deployment mode

simplifies the BCS service purchase process by integrating theprocurement of resources (cluster, EIPs, and storage) required by aservice into the service purchase page.

l Added support for the CouchDB database. LevelDB, MySQL, andCouchDB databases are available to store blockchain statusinformation. If the CouchDB storage mode is used, data is stored inJSON format in files, and chaincodes can use the RESTful APIs/JSON interface to query the status data.

l Added the function of downloading the CA public-private key pair ofa single organization. Users can use the CA public and private keypair to issue the certificate of the next level.

Optimized functions:l Added a cache to the background of the blockchain browser to

increase the browser access speed.l Integrated chaincode management (installation, update, and

instantiation) and information display on the same page.

2018-08-21 l Enabled the pay-per-use billing mode, in addition to the monthly/yearly billing mode. Basic and professional editions of BCS servicesare supported. You can select an edition and billing mode whendeploying a service.

2018-08-14 l Added the blockchain browser. You can query blockchain informationrequired for maintenance, including the block quantity, transactionquantity, block details, transaction details, performance, and peerstatuses.




2018-08-09 l Added support for the relational database (MySQL). You can selectthe relational database type when deploying a BCS service instance. Ifthe MySQL storage mode is used, chaincodes can use SQL statementsto perform complex query on status data, which greatly improves thequery efficiency and simplifies the BCS usage.

l Added support for batch installation and instantiation of chaincodes.You can select multiple peers when installing a chaincode on thechaincode management page.

2018-03-30 First release.



11 Note to End of Maintenance

Maintenance of the BCS versions earlier than 2.1.33 has been terminated. If you are using aversion earlier than 2.1.33, certain operations may be restricted. Upgrade the BCS service tothe latest version as soon as possible.

Blockchain ServiceService Overview 11 Note to End of Maintenance


Documents

Service Overview - Huawei · Blockchain Service Service Overview Issue 01 Date 2019-07-30 ... an enterprise-grade blockchain system for upper-layer applications. Blockchain Service