Business Network Operator project planning

When planning a Corda deployment as a Business Network Operator, there are several considerations:

  • Deployment environments
  • Notary compatibility
  • HSM compatibility
  • Database compatibility
  • Corda Enterprise Network Manager deployment

The Business Network Operator is responsible for all major components of the Corda network. In most enterprise deployments of Corda this includes: Nodes, an HA notary cluster, an HA Corda Firewall, an HSM, the certificate hierarchy of the network, identity manager, and network map.

This likely includes a Corda Enterprise Network Manager as well as Corda Enterprise.

Deployment environments

Business Network Operators will need several deployments of Corda Enterprise, at least including:

  • A development environment including minimal network infrastructure.
  • A testing environment including a basic network, without HA notary, Corda Firewall, or HSMs.
  • A UAT environment, that includes the full network infrastructure, with a shared HSM, and HA Corda Firewall.
  • The production environment, including an HA notary cluster, HA Corda Firewalls on all nodes, HSMs, and network services.

Node sizing and databases

When defining the requirements of a node, it is important to define the resources that the node will require. While every Corda deployment will have different requirements - depending on the CorDapps and business model of the parties - the following table gives approximate sizings for typical node deployments.

SizeJVM Heap# CoresMinimum Host RAM
Small1GB12GB to 3GB
X-Large> 32GB> 32> 64GB

All Corda Nodes have a database. A range of third-party databases are supported by Corda, shown in the following table:

VendorCPU ArchitectureVersionsJDBC Driver
Microsoftx86-64Azure SQL,SQL Server 2017Microsoft JDBC Driver 6.4
Oraclex86-6411gR2Oracle JDBC 6
Oraclex86-6412cR2Oracle JDBC 8
PostgreSQLx86-649.6, 10.10 11.5PostgreSQL JDBC Driver 42.1.4 / 42.2.8

Notary databases

VendorCPU ArchitectureVersionsJDBC Driver
CockroachDBx86-6419.1.2PostgreSQL JDBCDriver 42.1.4
Oracle RACx86-6412cR2Oracle JDBC 8

Hardware Security Modules (HSM)

DeviceLegal Identity & CA keysTLS keysConfidential Identity keysNotary service keys
Utimaco SecurityServer Se Gen2* Firmware version 4.21.1* Firmware version 4.21.1Not supportedNot supported
* Driver version 4.21.1* Driver version 4.21.1
Gemalto Luna* Firmware version 7.0.3* Firmware version 7.0.3Not supportedNot supported
* Driver version 7.3* Driver version 7.3
FutureX Vectera Plus* Firmware version* Firmware version supportedNot supported
* PKCS#11 version 3.1* PKCS#11 version 3.1
* FXJCA version 1.17* FXJCA version 1.17
Azure Key Vault* Driver version 1.2.1* Driver version 1.2.1Not supported* Driver version 1.2.1
Securosys PrimusX* Firmware version 2.7.4* Firmware version 2.7.4* Firmware version 2.7.4* Firmware version 2.7.4
* Driver version 1.8.2* Driver version 1.8.2* Driver version 1.8.2* Driver version 1.8.2
nCipher nShield Connect* Firmware version 12.50.11* Firmware version 12.50.11Not supportedNot supported
* Driver version 12.60.2* Driver version 12.60.2
AWS CloudHSM* Driver version 3.2.1* Driver version 3.2.1* Driver version 3.2.1Not supported