Vistory: Main Chain Software Deployment on Oracle Cloud Infrastructure
Vistory specializes in cyber security, blockchain, and cloud infrastructure to improve digital trust and reduce data risk. Vistory was looking to move their workload from Microsoft Azure to a new cloud provider for better performance while reducing the cost.
Vistory migrated their entire production platform, including about 50 virtual machines (VMs), in less than a month and a half from Microsoft Azure. Currently, Vistory's solution Main Chain software is deployed on Oracle Cloud Infrastructure (OCI).
Main Chain is an intellectual property management and distribution platform dedicated to 3D printing and uses a private blockchain, Ethereum.
Vistory's transition to Oracle Cloud Infrastructure was a smooth process, aided by Oracle's support throughout the migration cycle. As a result, Vistory minimized the cost and improved the performance significantly. By switching to Oracle Cloud Infrastructure, Vistory has increased the performance of their private blockchain, Main Chain, by about 20% .
Architecture
Vistory implemented the following architecture to achieve better performance at a lower cost.
Oracle Cloud Infrastructure Load Balancing service directs users to its front end application to access a web portal and API Gateway. Users from ERP systems and Marketplace are connected to the API Gateway directly, and customers are connected by a web portal to the frontend.
Their structure uses two back ends: one for accessing the APIs and the other for traditional back end services. The database consists of a MySQL database cluster.
The blockchain cluster runs the blockchain software, Ethereum. The back end software contains application logic to launch microservice and trigger smart contracts. When smart contracts are triggered, the information is stored on the MySQL database cluster.
Vistory uses Jenkins worker nodes for continuous integration in development and preproduction environments. They also have an Oracle Container Engine for Kubernetes (OKE) cluster and are currently in the process of migrating their entire workload to OKE clusters.
Vistory plans to expand their Oracle Cloud Infrastructure footprint, focus on applying Oracle Container Engine for Kubernetes clusters, and increase Oracle Cloud Infrastructure monitoring across its applications.
The following diagram illustrates this reference architecture.
Description of the illustration vistory-main-chain-oci.png
The architecture has the following components:
- Region
An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).
- Virtual cloud network (VCN) and subnets
A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.
- Compute
The Oracle Cloud Infrastructure Compute service enables you to provision and manage compute hosts in the cloud. You can launch compute instances with shapes that meet your resource requirements for CPU, memory, network bandwidth, and storage. After creating a compute instance, you can access it securely, restart it, attach and detach volumes, and terminate it when you no longer need it.
- Load balancer
The Oracle Cloud Infrastructure Load Balancing service provides automated traffic distribution from a single entry point to multiple servers in the back end.
- API gateway
Oracle API Gateway service enables you to publish APIs with private endpoints that are accessible from within your network, and which you can expose to the public internet if required. The endpoints support API validation, request and response transformation, CORS, authentication and authorization, and request limiting.
- Oracle MySQL Database Service
Oracle MySQL Database Service has an integrated, high-performance analytics engine (HeatWave) to run sophisticated real-time analytics directly against an operational MySQL database.
- Internet gateway
The internet gateway allows traffic between the public subnets in a VCN and the public internet.
- Container Engine for Kubernetes
Oracle Cloud Infrastructure Container Engine for Kubernetes is a fully managed, scalable, and highly available service that you can use to deploy your containerized applications to the cloud. You specify the compute resources that your applications require, and Container Engine for Kubernetes provisions them on Oracle Cloud Infrastructure in an existing tenancy. Container Engine for Kubernetes uses Kubernetes to automate the deployment, scaling, and management of containerized applications across clusters of hosts.
- Monitoring
Oracle Cloud Infrastructure Monitoring service actively and passively monitors your cloud resources using metrics to monitor resources and alarms to notify you when these metrics meet alarm-specified triggers.
Considerations
Vistory considered the following when deploying this reference architecture:
- VCN and gateways
When you create a VCN, determine the number of CIDR blocks required and the size of each block based on the number of resources that you plan to attach to subnets in the VCN. Use CIDR blocks that are within the standard private IP address space.
Select CIDR blocks that don't overlap with any other network (in OCI, your on-premises data center, or another cloud provider) to which you intend to set up private connections.
After you create a VCN, you can change, add, and remove its CIDR blocks.
When you design the subnets, consider your traffic flow and security requirements. Attach all the resources within a specific tier or role to the same subnet, which can serve as a security boundary.
Use regional subnets.
In this architecture, Oracle Container Engine for Kubernetes clusters are hosted in private subnet. Users access the application through the load balancer which is hosted on a public subnet. Virtual route tables contain rules to route traffic from subnets to destinations outside a VCN, typically through gateways. The internet gateway provides the access to public internet from the load balancer public subnet. For each subnet, you can create security rules that specify the source, destination, and type of traffic that must be allowed in and out of the subnet.
- Compute shapes
Vistory created all the compute shapes as the newly launched VM.Standard.E3.Flex.
- Container Engine for Kubernetes
The Kubernetes cluster worker nodes are deployed on VM.Standard.E3.Flex on Oracle Linux OS. This architecture uses two worker nodes in the cluster.
Get Featured in Built and Deployed
Want to show off what you built on Oracle Cloud Infrastructure? Care to share your lessons learned, best practices, and reference architectures with our global community of cloud architects? Let us help you get started.
- Download the template (PPTX)
Illustrate your own reference architecture by dragging and dropping the icons into the sample wireframe.
- Watch the architecture tutorial
Get step by step instructions on how to create a reference architecture.
- Submit your diagram
Send us an email with your diagram. Our cloud architects will review your diagram and contact you to discuss your architecture.