Running blockchains in the cloud: Benefits & lessons learned
If you operationally treat blockchain networks largely the same and then build your continuous integration/continuous deployment and other systems just as you would for software built on previous generations of technology, then you have an ability to leverage all the niceties that cloud environments offer. We talked to Casey Kuhlman, CEO of Monax about the benefits of running blockchains in the cloud, the lessons learned and his blockchain predictions for 2019.
JAXenter: Can blockchain make cloud computing better?
Casey Kuhlman: Blockchains honestly don’t necessarily make cloud computing better. From a developer operations perspective, blockchain nodes are simply another distributed system to run. They do, however, make business systems significantly better by allowing for a cross-company authenticated data and events infrastructure that can (and should) be run across company firewalls. This allows for in cluster access to authenticated, structured data that has been ordered by an ecosystem. In turn, this reduces the need for external coordination web services.
JAXenter: You’ve been running, maintaining, operating, upgrading and monitoring blockchain networks in cloud-based systems for a while now. How does this work exactly?
Casey Kuhlman: On the one hand, no different than other distributed systems such as etcd, zookeeper, elasticsearch, etc. An individual blockchain node is simply a piece of software running within a cloud environment. On the other hand, there are significant differences in how one needs to operationally approach running these pieces of software.
The biggest difference is around management of keys and the individual “identity” of a piece of software (from a network perspective). In simple fault-tolerant systems designed to be housed and operated completely within a single legal entity’s cloud environment, these systems do not need to be strongly identified individually via cryptographic public-private keypairs. They can effectively operate as systems without needing to manage individual keys for a single piece of software. Where SSL/TLS is built into a system within the cluster, operators can leverage cloud-based key management systems as a simple way to handle these keys.
Such systems, however, do not currently support the types of cryptography that blockchain systems leverage (which are advanced elliptical curves such as ed22519 or secp2k1). This exposes to operators of blockchain nodes the biggest difference in running other distributed systems: namely the requirement to manage keys — mostly manually.
JAXenter: What were the immediate benefits? What lessons did you learn while experimenting with blockchains in the cloud?
The biggest lesson our company has learned has been to treat blockchain networks as being not fundamentally different than other systems.
Casey Kuhlman: The immediate benefits of running blockchains in the cloud is the same as for other distributed systems: namely, the ability to boot, connect, and scale your systems with relative ease as compared to on-prem or bespoke operational environments. The biggest lesson our company has learned has been to treat blockchain networks as being not fundamentally different than other systems. If you operationally treat them largely the same and then build your continuous integration/continuous deployment and other systems just as you would for software built on previous generations of technology, then you have an ability to leverage all the niceties that cloud environments offer.
Taking this perspective has required that, as a blockchain client builder, we build our blockchain client such that it operates smoothly with existing operational systems such as Prometheus and Helm.
JAXenter: Do Kubernetes and blockchain technology play nice? When should they be used together?
Casey Kuhlman: We exclusively use Kubernetes to operate our blockchains within Monax. We find that with certain tweaks they work very well together. Kubernetes gives us the ability to abstract away many operational considerations and also gives us the ability to deterministically operate our nodes in a manner that allows those nodes to be resilient within our cluster.
JAXenter: What are the key operational considerations that cluster administrators should keep in mind? How about some dos and don’ts?
Casey Kuhlman: There are three key things that cluster administrators should keep in mind. First, treat your blockchain networks as similarly as possible to other distributed systems that are running within your cluster. Try to ensure that the blockchain client conforms to the monitoring and alerting system, that its logs can be handled by your log management system and that it’s access and ingress systems are treated just as you would for other distributed systems.
Second, remember that, unlike other distributed systems, blockchain clients do not horizontally scale. All the information on the blockchain is – by design – redundantly stored on every full node. It is important for cluster administrators to remember this as it affects storage allocations and how they deal with scaling.
Third, have a strongly detailed plan for how to handle the key management and node identity issue mentioned above. This could be as simple as leveraging Kubernetes secrets or could include more complex HSM solutions. No matter the solution, it is important to understand that a cloud-based KMS is unlikely to be able to handle the operational needs of blockchains.
JAXenter: What are your blockchain predictions for 2019?
Casey Kuhlman: My expectations for 2019 are two-fold. First, we will see the first of the meta-blockchain protocols come online. These will be very important for a range of reasons. Currently, a single blockchain network is more like a cluster or extranet than it is like the internet in that it is fundamentally a closed system. The coming wave of meta-blockchain protocols will offer the ability to move authenticated data and events information across individually sovereign blockchains. If we continue the analogy this will start to look much more like the modern internet which is predominantly a routing layer on top of a huge range of extranets powering what goes through the “internet’s” pipes.
Second, we will see increased convergence between the enterprise blockchain sector of our industry and the public blockchain (cryptocurrency) sector of our industry. We are already seeing increased usage of public blockchains by enterprises and increased reliance on permissioned blockchains (previously only thought of as enterprise tools) deployed publicly. My expectation is that this trend will continue and that we will also see an increase in cross-pollination of ideas between the two sectors of our industry. Towards the latter part of the year, my expectation is that we will even begin to see enterprise blockchain solution be able to connect to public blockchains via some of the meta-blockchain protocols listed above.