Corda Enterprise notary service overview

In addition to the single-node notary available in Corda, Corda Enterprise provides two notary implementations that support high-availability mode:

  • MySQL notary (deprecated)
  • JPA notary

For a list of databases supported by the MySQL and JPA notaries, please refer to the Platform support matrix.

Notary high-availability mode

The JPA and MySQL Corda notary services achieve high-availability (HA) by being are made up of two components:

  • The notary workers: A set of Corda nodes configured in HA notary mode. Each node has a separate legal identity, but shares a single notary identity. These nodes are configured to work together in high-availability mode
  • The notary state database: A single logical database, itself configured to be highly-available, that all the notary workers connect to

We can visualise this set-up as follows, with the regular Corda nodes in green, the Corda notary worker nodes in red, and the standard node databases and notary state database replicas in blue.

ha notary overview2 Nodes requesting notarisation from a highly-available notary will connect to the notary workers in round-robin fashion.

Provided there are multiple notary workers and the notary state database is configured to be highly-available, the overall notary service will be highly-available. This is because the notary service can continue processing notarisation requests even if individual database replicas and/or notary workers fail. For example, a three-node notary cluster can tolerate one crash fault.

If desired, you can choose to run each database server and its Corda notary worker on the same machine:

ha notary colocated

Notary configuration

Nodes are configured as single-node notaries or notary workers via their node.conf files. For more information, please refer to ../corda-configuration-file.

For a single-node notary, each notary only requires its own legal name, specified in the node’s configuration file.

The MySQL and JPA notary implementation require every notary worker node to be configured with two legal names:

  • The worker’s legal name, specified in the node’s configuration file as myLegalName (e.g O=Worker 1, C=GB, L=London). This is worker-specific
  • The notary legal name, specified in the node’s configuration file by notary.serviceLegalName (e.g. O=HA Notary,C=GB, L=London). This is shared by all workers in the notary cluster

Only the notary legal name and public key are included in the network parameters.

Keys and certificates

As described above, every notary worker is configured with both its own legal name and the shared service legal name. These names correspond to identities that have their own key pair and certificate, which should be accessible by the notary worker.

Both worker identity and notary service keys and certificates are stored in the same way as for regular Corda nodes. That is, if using local key stores, the worker identity, worker node CA and notary service key pairs and certificates are stored in files within the certificates directory. If an HSM is being used to generate and store the keys then only the certificate chains will be stored in the local files. You can find out more in the ../permissioning document.

Expected data volume

Non-validating notaries store roughly one kilobyte per transaction.