Overview of the Kaleido Platform, and one-slide summaries of the Kaleido services.
Learn more about our full-stack services at:
https://marketplace.kaleido.io
Get started today at:
https://console.kaleido.io
Access our docs at:
https://docs.kaleido.io
3. BLOCKCHAIN NETWORK
LEDGER & SMART CONTRACTS
OFF-CHAIN STACK
DECENTRALIZED TECH
APPLICATION
APPS & MIDDLEWARE
The chain is
of a complete
blockchain solution 5%
45%
50%
Typical projects have over 40 components
Modernizing Business Networks
4. Enterprise IntegrationCollaboration Services
Digital Assets Cryptography API Gateway
Data Feeds B2B Messaging Connectors
Off Chain On Chain Data BusData
The new B2B tech stack for Modern Business Networks
Middleware
App
Blockchain Network
Privacy Blockchain First EventsTransaction
Consortia
Operations
DevOps
6. Enterprise IntegrationCollaboration Services
Privacy Blockchain First Events
Full Stack Blockchain
Transaction
Transaction
Event StreamPublic Chain
State Pinning
Private Tx Manager
Transaction
Gateway
Smart Contract
Management
Key Management
Blockchain
Firewall
7. Enterprise IntegrationCollaboration Services
Data Feeds B2B Messaging ConnectorsMiddleware
Full Stack BlockchainMiddleware
Back OfficeApp to App
Messenger
Configurable
Oracles
ESB and iPaaSDocument StoreCurated Oracles
Custom
8. Enterprise IntegrationCollaboration Services
Digital Assets Cryptography API GatewayApp
App Full Stack Blockchain
Secure GatewaySigning WalletsTokens
Smart Contract
to Swagger
Zk PrivacyAtomic Swaps
Cross chain
transfers
Identity
Federation
ID Masking
11. dedicated disk
Isolated Virtual Network
One per environment
Node
Multi-Availability Zone
HA + DR
VM: shared or
dedicated
Network Load Balancers
TLS Security
DDOS protection
Application Load Balancers
Strong Application Credentials
HTTPS & Websockets
Private VPC Peering
Node Admin Interface
Elastic Storage
Multi-AZ durable
P2P Interface
Private Cloud Account
Key Management
Backups
Logs and Metrics
Federated Identity
Tenancy Overview
12. Chain Layer Primed for
Enterprise Projects
Identity
Registry
Smart Contract
Verification
Block &
Transaction
Index
Distributed
File-store
Blockchain
Node
Encrypted
Off-chain
Messaging
Managed
Firewall
Isolated
Network
P2P
Networking
Key-based
& Network
Security
Private
Files/DataPrivate
Transactions
Managed
Per-member
App Services
API Security
REST Gateway / Integration tier
ID Mapping & Masking
Events &
Data
Caching
Key-based
& Network
Security
Private
Files/Data
P2P
Networking
Consortium View
Consortium
Governance
Member on-boarding Tiered participation Multiple Operator Models
Your Keys
Your Data
Your Cloud
13. Anatomy of a Node
• Each node is a self-contained, managed
and highly-available
• Admin agent allows orchestration of
permissioned nodes into chain &
consensus
• Integration services are collocated and
scaled with the nodes
• Dedicated per-node Ops logs and metrics
streaming
• Key materials are generated in-place on
the dedicated storage, and never leave
Multiple Docker containers fail-over as a group
Ethereum Node
Private TX
Manager
Orchestration APIsAgent
Protocol
REST API
Gateway
Integration
Kafka
TX Streaming
Backup APIsOperations
Metrics APIs
Isolated Per-Node Data
Private Enclave
Key materials
(KMS encrypted)
Ledger &
Shared State
Log Management
& Streaming
14. AZ1 AZ2 AZ3
High Availability and Scale
Node 1
Strong Per-member App Credentials
Ledger
Private
State
Ledger
Private
State
Ledger
Private
State
HA fail-over and distribution across hardware in multiple availability zones within a region
Resilient elastic filesystem available across all AZs
Node 2
Node 3
Automated
HA Failover
15. Private Networking
• Network connectivity to Kaleido nodes over private VLANs
Apps APIs Data EAI/ESB
Private/On-premise Network/DC of one member
Private AWS VPC
Owned by member’s AWS account
AWS Direct Connect
AWS Private Link
Member’s
node 1
Member
node 2
Other Member’s
node A
Other Member’s
node B
Isolated Consortia
Virtual Network
within Kaleido
AWSNetwork
LoadBalancer
VPC
Endpoint
A VPC endpoint is a virtual device that enables AWS customers to create a private
connection between their VPC and another AWS service without requiring access
over the internet, through a NAT device, a VPN connection, or AWS Direct Connect.
16. Key-management Service (KMS) Integration
• When enabled - node key materials are not persisted in clear text within Kaleido
• ENODE key – for p2p comms and IBFT block signing
• Constellation private keys – for private state transmission
• Accounts in Wallet – for node txn signing and Clique/PoA block signing
• Unlocked in-memory only when the node starts
• Follows the same pattern as AWS infrastructure services
Node (Geth & Constellation)
1. Generate key in memory
2. Send to KMS to encrypt
4. Receive encrypted key
3. Encrypts with master key
Node
Storage
5. Store encrypted key
Node (Geth & Constellation)
1. Load encrypted key from storage
2. Send to KMS to decrypt
4. Receive decrypted key
3. Decrypts with master key
Node
Storage
5. Pass in-memory to process
One Time Node
Initialization
On Each
Startup Memory-only Storage
AWS Key Management Service
AWS Key Management Service
17. Kaleido Maintenance - Overview
VM & Kubernetes Infrastructure
Kaleido Managed
Rolling updates via infrastructure-as-code delivery automation.
Kaleido SaaS Platform
Kaleido Managed
Continuous Delivery pipeline
Up to two updates per week
Releases Versions
Kaleido Tested & Published
New services, fixes, and protocol updates
Multiple optional updates released per month
Common Infrastructure components (Kafka, MongoDB)
Kaleido Managed
Zero-downtime updates
Blockchain Environments
Customer Controlled
Orchestrated rolling upgrades on your schedule
https://status.kaleido.io
18. Kaleido Continuous Delivery Pipeline
• More than 100 CI builds
• Over 3000 tests, and growing daily
• 100% code coverage of key Microservices
• Javascript, Golang and Java
Integration
Promotion Pipeline for Docker Images
Kubernetes environments with multiple regions
Continuous Integration Builds
Dockerized Microservices & OSS Components
Build UT
Component
Test
Build
Component
Test
Build UT
Component
Test
UT
Shared
Dev
Staging Production
Continuous test in all environments – inc. Production
End-to-end test – all protocols, all components.
Lifecycle + transactions + migration
Test & Promote UI, soak & stress
Manual Ops
Procedures
19. Ops Model
• DevOps model
• SRE is a specialism within development
• Infrastructure is code – standup/teardown of whole regional deployments
• 24x7 Automated callout for continuous test failures & support tickets
• Production access only via audited “jump box”
• Authorized operators only route to production infrastructure
• All commands executed on the jump box are logged
• Includes production deployments and remote commands
• Manual infra-level administration is a rare event
• Production Ops limited to a small subset of the team
• Multi-factor Authentication on Cloud Accounts
• Multi-factor (yubikey) control of operator SSH keys
21. Regional Subnet
Auto-scaling Kubernetes Cluster
VM VM VM VM
K8s Namespace
K8s Namespace
K8s Namespace
K8s Namespace
Pod Pod Pod
PodPod
Pod Pod
Firewall Isolation
Firewall Isolation
Firewall Isolation
Kaleido Network Isolation
Each Blockchain network is a dedicated
Kubernetes namespace, containing all their pods
Pods can run on any VM and are interconnected
over TCP/IP and UDP within their namespace
Isolated Network Subnet per Region
Firewall Isolation between namespaces prevents
any crosstalk between environments
Scale tested to large environments
Running at scale in production
Pre-emptive auto-scaling.
VMs are added and removed automatically.
22. Kaleido Private Stack
Run a Kaleido node anywhere:
• Kaleido provides and supports software stack
• Kaleido manages entire network
• All from a single experience
On-prem
Private cloud
Org C: Kaleido Private
Stack
Kaleido Network
Org A: AWS Org B: Azure
23. Multi-Region Borderless Blockchain
AWS Regional VPC Azure Regional VNET
Auto-scaling Kubernetes Cluster Auto-scaling Kubernetes Cluster
VM VM VM 100+ … 100+VMVMVM
K8s Namespace
K8s Namespace
K8s Namespace
K8s Namespace
K8s Namespace
K8s Namespace
Pod Pod
Pod Pod
Cross-region TCP/IP & UDP Traffic
Firewall isolated to this k8s namespace
Pod Pod
Pod Pod Pod
PodPod
Pod Pod
Firewall Isolation
Firewall Isolation
26. Kaleido Infrastructure as Code
• Nothing can be done in the UI that can’t also
be automated via our API
• Create & teardown complete env in ~90secs
• Download, tail or stream your logs
• Access indexed Block data for your chain
• Access Ops metrics
• Tools for rapid CI integration
• Command Line Interface (CLI)
• Backed by OSS Go SDK
• Scripting examples in python and shell/curl
• Terraform provider
• For Blueprinted deployments
https://api.kaleido.io
Kaleido Infrastructure as Code
• Nothing can be done in the UI that can’t also
be automated via our API
• Create & teardown complete env in ~90secs
• Download, tail or stream your logs
• Access indexed Block data for your chain
• Access Ops metrics
• Tools for rapid CI integration
• Command Line Interface (CLI)
• Backed by OSS Go SDK
• Scripting examples in python and shell/curl
• Terraform provider
• For Blueprinted deployments
https://api.kaleido.io
27. ethconnect
Managed Wallet
ethconnect
- Solidity compilation
- ABI type mapping
- RLP encoding
- High throughput
- Concurrency management
- Nonce management
- Throttling
- Txn receipt polling
ethconnect
Kafka Topic Partitions
Ordered delivery by sender
KafkaConsumerGroup
ScaleandHighAvailability
API
Gateway
Kakfa direct
JSON/RPC
JSON/RPC
Off-platform
Keys
Receipt store
Ethereum Nodes
Transaction Submission
28. Subscription
Event Streams
HTTP Webhook
JSON/RPC
Topic Subscriptions
Subscription
Subscription
Checkpointing
for at-least-once
delivery
App 2 App
Messaging
- ABI type mapping
- RLP decoding
- Concurrency management
- Throttling
- Exponential back-off retry
- Batching
API Gateway
Subscription
Management
Event Stream
Serverless Function
31. Enumerate the number of
current active signers
Provides a clean and simple
experience for securely uploading,
retrieving and viewing files.
Set the rotation interval
specified in minutes
Environmental administrators can
configure this interval in accordance
with agreed upon network mandates.
The minimum interval is 5 minutes.
Scale IBFT
consensus
algorithm for
broader
participation
Enumerate the number of signers
to be added and removed in each
batch
Multiple signers can be batched into each
rotation interval as a way to offer more
consistent participation. Alternatively, the
rotation pool can be set at the lowest
threshold of 1 as a way to offer more
prolonged periods of participation.
Rotating Signers
33. Customized Data Views
Create customized views of data on
the chain. Drill down into block detail
and extract patterns from relevant
subsets of information.
Fully Transparent Dashboard
View on-chain activities by easily
browsing blocks, transactions, smart
contracts, gas rates, gas consumption
and more in your environment.
Source Code Verification
Turn indecipherable byte code of a
smart contract into plain text that
can be verified by a counterparty
prior to the issuance of a transaction
or query.
Block Explorer
Get more insights
through real-time &
historical
snapshots of your
blockchain
35. Deploy Your First Smart
Contract in Minutes
With one click, you can deploy your
first contract, then explore that API to
send transactions, and read data in a
convenient web experience. No special
blockchain expertise required.
REST API’s for your on-chain
Logic & Data
OpenAPI (Swagger) definitions are
generated for the Solidity Smart
Contracts you enable on the REST API
Gateway. The Blockchain becomes as
simple to code against as any modern
Web based system.
Reliable Transaction
Streaming, Over Apache Kafka
Handles smart contract compilation,
nonce management, RLP encoding and
more. The same convenient APIs take
you from first use, through to
Enterprise Grade production use cases
at scale.
REST API Gateway
API’s for all your
Smart Contracts,
backed by reliable
Kafka streaming
37. Public Pinning Made Easy
The Kaleido Public Tether service
supports sending the state hash
reports to the Ethereum MainNet, or
for testing purposes, one of the test
networks where free Ethers can be
acquired.
Full Control of Your Account,
Keys and Ether Balance
You supply the Ethereum account used
by the service via a secured workflow,
and maintain full control of the private
signing key.
Configurable Reports and
Flexible Transaction Intervals
Easily control the service to start and
stop sending the state hash reports
and change the interval of sending
reports, based on the business needs
and to accommodate transaction
volume fluctuation.
Public Ethereum
Tether Service
Pin state proofs
from your private
chain to public
Ethereum
networks for
ultimate
immutability
39. Unlimited, Unique Accounts &
Associated Private Keys
Mask your identity on a per-
transaction basis via an unlimited
supply of account addresses, each
with their own unique, untraceable
private key.
Regeneration
Easily backup and restore an exact
replica of your wallet when you need it.
Using a 12-word mnemonic “seed
phrase” (entropy), each account can be
recreated identically
Multiple Wallets
Partition separate wallets across
your organization to avoid key reuse
and duplicate signing.
Identity Masking
HD Wallet
Submit
transactions
anonymously, mask
your identity &
manage accounts
41. Simplified Sharing
Provides a clean and simple
experience for securely uploading,
retrieving and viewing files.
Censorship Resistant
Prevent the ability to unilaterally alter
or delete with data sharding and peer-
to-peer file storage techniques.
Retrieve What You Want
Identify pieces of an uploaded file and
access only those pieces that are
relevant for you.
IPFS File Store
Securely store data
through a
censorship
resistant file
sharing protocol
43. The Only Restriction is Your
Imagination
Increase versatility with token economy
use cases, such as enforcing smart
contract costs, prioritizing transaction
mining, account to account transfers,
incentive mechanisms or any other
usage or application you conceive.
Add flexibility to your
blockchain solution
Leverage the intrinsic value of the
Ethereum token in your private
network. Ether is not required in a
private network, but having ether
allows for more functionality
More Governance
Enjoy the flexibility to use and
allocate Ether anyway you want,
with governance of the Ether Pool at
the sole discretion of the consortium.
Ether Pool
Enable token
economy use cases
without developing
your own token
45. Atomic Swaps
Trade tokens securely knowing that
both parties will either succeed or fail,
ensuring peace of mind without
having to trust your trading partners
to act in good faith.
Hash Time-Lock Contract
Use a hash to lock the tokens into a
smart contract. Proper secret must be
present to claim the tokens. A timeout
is also used to allow refund if either
party fails to accept the terms of the
trade offer.
Cross-Token Swapping
Trade ERC20 (fungible) tokens,
ERC721 (non-fungible) tokens, or a
mix of ERC20 and ERC721. This
allows for use cases to pay for a non-
fungible asset trade using fungible
tokens.
Token Swap
Easily and securely
trade tokens with
other members in
your environment
47. Fungible and Non-Fungible
Supports ERC20 (fungible) or
ERC721 (non-fungible) tokens.
Token Lifecycle Actions
Gives you control over the entire token
lifecycle, including: Transfer, Mint, Burn,
Delegate.
API Enabled
Everything you can do in the console
with tokens can be done using simple
RESTful APIs.
Token Factory
Define and deploy
token contracts
with click-button
simplicity
49. Automatic Discovery
Automatically discovers both types of
token contracts, whether deployed by
factory service or deployed by users.
Transfers
Displays all transfer operations for a
token.
Token Attributes
Easily access token attributes like
total supply and whether they are
able to be minted or burned.
Token Explorer
Easy access to
details about all of
the tokens in your
environment
51. Key Ownership
Extends key ownership to members of
an organization, allowing each member
to sign transactions with their own
private keys. Provides greater audit-
ability, especially for networks making
use of proxy memberships.
Ethereum JSON-RPC Endpoint
Provides JSON-RPC endpoints to send
transactions to, which the service will
use the designated signing key to sign
and submit to the Ethereum blockchain.
Integration with Signing
Services
Seamlessly integrates with HSM-based
signing services. Prevent key leakage
by providing an additional layer of
security that protects the secret keys.
Eth Wallet
A simple and secure
way to manage key
ownership for
signing
transactions
53. Easily Share Documents
Securely forward a copy of a document in
your private library to the document
store of another participant using our
encrypted App2App Messaging Service.
Conveniently Connect to Your
External Storage
Doc store provides APIs for managing
the lifecycle of documents and the ability
to connect your private store to an
external storage system such as AWS’ S3
or Azure Blob.
Pin On-Chain Transactions to
Off-Chain Documents
Many blockchain use cases require the
pinning of on-chain transactions to
securely stored documents that cannot
be held on-chain, either because they are
too large or the information is too
sensitive to put into your immutable
shared ledger.
Document Store
Store, manage and
share information
from your own
private document
store
55. Your Choice in Key Management
Kaleido uses PKCS #7 (Public Key
Cryptography) standards with strong
encryption keys, which you can manage
yourself or have Kaleido manage on your
behalf. We pin the identity associated
with the keys to both your organization
and your on-chain identity.
Remain Confident in Your
Confidentiality
The end-to-end encryption ensures that
only your recipient receives your
intended message and your data
remains secure.
Develop in Your Preferred
Language
It’s easy to develop your Dapp in the
language of your choice using modern
APIs for data transfer on top of the core
Kafka protocol using the industry
standard Socket.IO.
App2App Messaging
Communicate
securely and
reliably with end-
to-end encrypted
messaging from
Dapp to Dapp
57. Reliable Batched Delivery of
Events
Events from multiple subscriptions are
batched and streamed efficiently
together on a single event stream, with
checkpointing on each subscription to
ensure reliable at-least-once delivery.
Bind to AWS Kinesis with an AWS
Lamda Serverless Function
No transformation required. Just receive
the payload, pre-batched, and pass it on to
create a firehose into your analytics data
lake.
Bind to Microsoft Azure Event
Hubs with an Azure Functions
functionless server
No transformation required. Just receive
the payload, pre-batched, and pass it on
to create a firehose into your analytics
data lake.
Event Streams
Trigger business
processes and
stream data to off-
chain caching or
analytics
59. Innovative & Proven ZKP
Technology
Zero Knowledge Token Transfer makes
use of the latest technologies around
zero-knowledge proofs and advanced
cryptography.
Fully integrated with ERC20
Incorporate ERC20 (fungible) tokens
for any use case requiring privacy and
anonymity.
Anonymous Token Transfers
Transact with members of your
network without disclosing the details
of token amounts or parties involved.
Zero Knowledge
Token Transfer
An ERC20 Token
solution for private
transfers
61. Relationship Mapping
Register associated user identities and
logically bind them to their organization.
This allows external users to sign
transactions with their own private keys,
while still being unambiguously
associated with the parent organization.
Convenience Translator
Easily find addresses of users and
companies by exposing a plain text
representation of targetable and
indecipherable hex strings. Using reverse
lookup, you can map nonsensical
Ethereum account addresses (represented
as indecipherable hex strings) to human
readable identity assertions.
Profile Service
Store relevant public information
associated with parent organizations
and registered users in a fully
transparent database, allowing for a
historical snapshot of information to be
captured indelibly on the blockchain for
future audits or validation.
On Chain Registry
Bind verified digital
certificates to org
Ethereum
addresses via on-
chain registry
65. Fast Integration
In just a few clicks, you can integrate,
automate and build processes that help
you get more value out of your existing
systems. Popular Zapier app
integrations include Gmail, Dropbox,
DocuSign, and Slack.
Automate
Pass info between your apps with
workflows called Zaps.
Innovate
Build processes faster and get more
done—no code required
Zappier
Automate
workflows and
exchange data to
and from the chain
66. Automate Operations and
Administration
Conveniently listen to events that happen
in smart contracts on the chain and easily
translate those events into create, read,
update and delete (CRUD) operations in
your Salesforce instance.
Customizable
Individual consortium participants can
connect their blockchain project to their
Salesforce system as they see fit.
Salesforce
Exchange chain
data to and from
your Salesforce
CRM and
applications
68. Connect to your Kaleido node
through an API
Integrate applications and devices with
blockchain networks in an easy, fast and
secure manner.
Secure key management
Setup the connection to your node, store
your keypair securely, upload and deploy a
new smart contract or point to an existing
one and secure the API endpoint –less than 5
minutes to have a secure API available.
Quick prototyping or
production, your choice
Ideal for quick prototyping with
Ethereum smart contracts and more
stringent non-functional requirements.
Unchain.io
Interact with an
Ethereum smart
contract on Kaleido
via a simple API
69. Store, Search and Analyze
Contract Data
Easily sort through contract data
Connects with Other Tools
Connect contracts to your existing tools,
such as Xero, HelloSign and Stripe, so that
you can automate business processes and
contract management — all in one place.
Real-Time Status
View your contract events in real-time,
even after signature, backed by secure audit
trails. Get notified of requirements and
changes to the state of your contracts.
Clause
Store audit trail
events from your
Smart Clauses™ on
your Kaleido
blockchain.
70. Provide External Data to
Ethereum Smart Contracts
Leverage information from real-
world external events, APIs, and other
blockchains into your smart contracts.
Connect to any External API
Connect your smart contracts to the
inputs and outputs it needs to reach
its full potential.
Send Payments Anywhere
Send payments from your smart
contract to payment networks and bank
accounts with ease.
Chainlink
Provide external
data to Ethereum
smart contracts via
oracle network
71. Automate Legal Agreements
Reduce time and money spent
preparing legal agreements with our
documentation automation.
Signatures & Storage
Evidence of “state” of agreement and
electronic signatures are stored on the
Ethereum blockchain.
Incorporate Smart Contracts in a
Private Environment
Securely execute smart contracts in a
private environment that you control.
Once signed, agreements trigger smart
contracts in secure and private execution
environment and users retain the ability to
halt/stop smart contracts.
OpenLaw
Create, store and
execute legal
agreements for
blockchain assets
72. Strict Sourcing & Complex
Computation
Access to trillions of data primitives.
Off-chain execution of machine-learned
classifiers, image processing, and
statistical analysis.
Multiple Delivery Methods
Choose between direct delivery for
rare events reporting and lighthouse
contracts for maintaining an on-
chain cache of updating metrics.
Complete Data Mastery
Combine with third-party data to
create the custom information streams
that your business requires.
Rhombus
Connect your smart
contract with real-
world data
73. Truffle Boxes
Helpful boilerplates that allow you to
focus on what makes your dapp unique. In
addition to Truffle, Truffle Boxes can
contain other helpful modules, Solidity
contracts & libraries, front-end views and
more; all the way up to complete example
d’Apps.
Drizzle Boxes
A collection of front-end libraries that
make writing d’App front-ends easier
and more predictable. Truffle takes
care of synchronizing your contract
data, transaction data and more.
Kaleido Boxes
Pre-integrated to work with Kaleido.
Stand up your full encompassed d’App
in minutes. Kaleido does all of the
heavy lifting to secure connection.
Truffle
Truffle gets
developers from
idea to Dapp as
comfortably as
possible
74. Remix Editor
The Remix editor recompiles the code
each time the current file is changed or
another file is selected. It also provides
syntax highlighting mapped to solidity
keywords. It displays opened files as tabs.
Automatic Compilation
Remix triggers a compilation each time the
current file is changed or another file is
selected. After each compilation, a list is
updated with all the newly compiled
contracts. Details modal dialog displays
detailed information about the current
selected contract.
Analysis
By default, a new analysis is run at each
compilation. The analysis tab gives
detailed information about the contract
code. It can help you avoid code
mistakes and enforce best practices.
Remix
Quickly and easily
write, compile and
debug smart
contracts
75. Strict Sourcing & Complex
Computation
Access to trillions of data primitives. Off-
chain execution of machine-learned
classifiers, image processing, and statistical
analysis.
Multiple Delivery Methods
Choose between direct delivery for
rare events reporting and lighthouse
contracts for maintaining an on-chain
cache of updating metrics.
Complete Data Mastery
Combine with third-party data to create
the custom information streams that your
business requires.
Open Zeppelin
Reduce the risk of
vulnerabilities in
your applications
using standard,
tested community-
based smart
contract code
76. Secure Identity Vault
Provides an in-browser UI to manage
identities on the distributed web and
sign transactions with your own
external accounts.
Bring Your Own Browser
Available via browser extension for
Chrome, Firefox, Opera, or Brave
New or Existing Accounts
Create new, or import existing accounts
via private key or JSON File
Metamask
Run Ethereum
dApps right in your
browser without
running a full
Ethereum node
77. Enterprise-Grade Quality
Keep transaction details private while
maintaining high availability and
performance with a robust, production
ready solution.
Standard Complaint Cryptography
Future-proof your blockchain with a privacy
solution that adheres to specifications
defined by ZKProof.org, an open initiative of
industry and academia to standardize the
use of zero-knowledge proofs.
Controlled Transparency & Scaling
Use permissioned auditing tools and stay
compliant with GDPR, CCPA and other local
data privacy regulations. Generate zero-
knowledge proofs using proprietary proof
chaining (parallel proofing) technology that
keeps pace with your transaction volume.
QEDIT Private Asset
Transfer
Keep sensitive
transactional data
off the blockchain
with zero-
knowledge proof
cryptography
79. Centralized Management
Provides centralized control of your
encryption keys with a single view into all
of the key usage in your organization. You
can easily create, import and rotate keys.
Encryption for All Your Applications
Easy management of encryption keys used to
encrypt data stored by your applications
regardless of where you store it.
Security & Compliance
Send payments from your smart
contract to payment networks and
bank accounts with ease.
AWS KMS
Create and control
the keys used to
encrypt your data
81. Access All Your Data from a Single
Platform
Enables you to collect metrics and logs
from all your AWS resources, applications,
and services that run on AWS and on-
premises servers, helping you break down
data silos so you can easily gain system-
wide visibility.
Visibility Across Applications,
Infrastructure and Services
Visualize key metrics like CPU utilization and
memory. You can also correlate a log pattern,
e.g. error to a specific metric to quickly get the
context and go from diagnosing the problem to
understanding the root cause.
Reduce Time to Resolution and
Improve TCO
Set high resolution alarms and take
automated actions. This means freeing up
important resources to focus on adding
business value.
AWS Log Streaming
View and monitor
your Kaleido
resources in AWS
CloudWatch
82. Durability, Availability & Scalability
Runs on the world’s largest global cloud
infrastructure and designed to deliver
99.999999% durability. Data is automatically
distributed across a minimum of 3 physical
Availability Zones.
Comprehensive Security and
Compliance
Supports three different forms of
encryption and uses machine learning
to automatically discover, classify, and
protect sensitive data in AWS.
Flexible Management
Storage administrators can classify,
report, and visualize data usage
trends to reduce costs and improve
service levels.
AWS S3
Backup your
Ledger Data and
Transactions to
AWS S3 Blob
Storage
83. Secure and Scalable User
Directory
Provides a secure user directory that scales
to hundreds of millions of users without the
worries of standing up server
infrastructure.
Standards-Based Authentication
Easy management of encryption keys
used to support identity and access
management standards such as Oauth
2.0, SAML 2.0, and OpenID Connect.
Security for Your Apps and Users
Supports multi-factor authentication and
encryption of data-at-rest and in-transit.
AWS Cognito
Implement simple
and secure user
sign-up, sign-in and
access control
84. Flexible Configurations
Gain complete control over your
networking layers by configuring
securely partitioned private and public
streams.
Secure Your Traffic
Use private IP connectivity and
security groups so your services
function as though they were hosted
directly on your private network.
Simplify Network Architecture
Provides private connectivity between
virtual private clouds (VPCs), AWS
services, and on-premise applications on
the Amazon network, making it easy to
connect services across different
accounts and VPCs.
AWS PrivateLink
Leverage secure
network
connectivity for
sensitive data
sharing
87. Increase Security and Meet
Compliance Standards
Microsoft processes your keys as FIPS 140-
2 Level 2 validated so you can rest assured
your data is secured to the highest levels.
Key Management at Your Fingertips
Because Azure supports the ethereum
cryptography SECP256k1 curve, Kaleido is
able to offload transactions signed to the
Azure Key Vault so you can back a Kaleido
Managed Wallet by keys —and your keys
never have to leave your Azure Key Vault so
you retain full control.
Create and Import
Encryption Keys with Ease
Provision new vaults or import
existing keys in minutes all within a
centralized place. You can encrypt
authentication keys, storage
account keys, data encryption keys,
passwords and more.
Azure Key Vault
Enhance Kaleido’s
Built-In Protection
of Your Private Key
Materials with a
Master Encryption
Key Stored in Your
Azure Key Vault
Service
89. Enhance Visibility
From CPU usage to error codes, you’ll
gain a 360-view of activities and usage.
Gain Real-Time Insights
Understand how your applications are
performing and proactively find issues
affecting them as well the resources they
depend on so you can quickly resolve them.
Continuously Optimize
Be proactive and optimize the
performance of your application by
tracking KPIs that are important to you
and making adjustments accordingly.
Azure Monitor
View and monitor
your Kaleido
resources in Azure
Monitor
90. Ensure Consistency and
Redundancy
You always have access to the latest
version of your data, as changes to
objects are verified everywhere for data
integrity. YAlso, you can automatically
configure geo-replication options for
business continuity.
Highly Accessible
Access objects in the Data Backup via
HTTP/HTTPS, from anywhere across
the globe. Objects in the storage are
accessible via the Azure Storage REST
API or an Azure Storage client library.
Flexible Backup Configurations
Configure your own fully-controlled blob
storage as the backup store for a node, and
initiate backups on-demand, or run
scheduled backups against our simple REST
API. securely collect, store and analyze your
data at massive scale with comprehensive
security and compliance capabilities that
meet even the most stringent regulatory
requirements.
Azure Blob Storage
Backup your
Ledger Data and
Transactions to
Azure Blob Storage
92. Permissioning
Allow only trusted nodes to
participate in the blockchain.
Transaction / Contract Privacy
Quorum allows contracts to be deployed
and transactions to be sent to a subset of
participating nodes in the blockchain.
Choice in Consensus Mechanism
IBFT - proof of authority based consensus
which provides immediate block finality,
reduced time between blocks and high data
integrity and fault tolerance.
RAFT - Proof of authority based consensus
which creates blocks “on-demand,” faster
block times in the order of milliseconds
instead of seconds and transaction finality
(absence of forking)
Quorum
Established
enterprise
Ethereum
implementation
with privacy
extensions
93. Clique / POA Consensus
Proof of authority based consensus.
Instead of miners racing to find a
solution to a difficult problem,
authorized signers create new blocks
in a synchronized manner.
Hardened and Tested
Built to sustain the security requirements
of a large network of anonymous
participants, and hardened through
thousands of deployments running
worldwide for a number of years, it
provides a rugged and proven solution for
running a private blockchain network.
Transactions
In Kaleido we configure Geth by default
with a zero minimum gas price, and high
block gas limit. Three options are provided
when you deploy a node, with different
transaction pool, memory and CPU
limitations – ready for the demands of a
production permissioned network.
Geth
The most popular
Ethereum client,
configured for a
private network
94. Permissioning
Allow only trusted nodes and accounts to
participate in the blockchain. Permissioned
networks can have node permissioning
enabled, account permissioning enabled, or
both. Onchain permissioning uses smart
contracts to store and maintain the node
whitelist.
Transaction / Contract Privacy
Privacy in Pantheon refers to the ability to
keep transactions private between the
involved parties. Other parties cannot
access the transaction content or list of
participating parties. Pantheon’s private
transaction manager, Orion, is designed to
manage transactions and prevent double
spend.
Choice in Consensus Mechanisms
IBFT - Proof of authority based consensus
provides immediate block finality, reduced
time between blocks and high data integrity
and fault tolerance. Pantheon’s IBFT
implementation guarantees immediate
finality.
Clicque / POA - Proof of authority based
consensus. Authorized signers create new
blocks in a synchronized manner.
Hyperledger Besu
Ethereum
implementation
built from scratch
to meet Enterprise
requirements