Jatin Bhadra - One Year of Running Blockchain Applications in Production at Vakt

Transcript

1. 1

2. What is VAKT?

3. VAKT has been formed through initial investment from nine of

   the largest and most innovative companies operating across the global commodity trading landscape today. In Q4 2018 we brought on an additional 3 energy majors as shareholders. The formation of VAKT constitutes an unprecedented level of collaboration between market participants to solve industry-wide problems in post-trade processing for commodities. VAKT aims to transform the commodity trading industry. We are ambitious. Our remit...build the future. On the shoulders of giants VAKT is not a typic start up

4. Trade Logistics Confirm Contract Deal Recap Settlement Invoicing Initial Scope

   VAKT is focused on delivering value through enhancing the efficiency of post trade processing activities. Digitisation will enable expanded trade finance opportunities Potential Future Scope Trade Finance Confirmation of LOIs & LCs Discounted ARs Focused value proposition Anatomy of a deal

5. VAKT’s 6 types of clients Emerging multisided platform built as

   a digital backbone for bilateral transactions - Charter party’s confirmation - Oil trade confirmations Ability to confirm trades Charter party’s booking Trade Finance komgo Traders Brokers Ship Owners Instructions data feeds Inspectors Capacity trading Terminals & Pipelines Banks

6. 6 Trade Processing Problems Our Solution Cyber Security Information is

   often communicated via insecure channels such as email and physical mail. This opens the door to malicious attacks and fraud. The VAKT platform eliminates the need for communications via email as key information is committed to a secure platform. Efficiency The industry operates many manual, paper-based, duplicative processes that are prone to errors. VAKT will digitise post trade processing unlocking up to 40% saving§s across operations, accounting, settlements and IT. Trade Finance Commodity trade finance is expensive. The current process is labour intensive for risk assessment and transaction processing. VAKT aims to provide more surety over transaction execution, which enables lower premiums, faster settlements and more financing options.

7. How does VAKT work?

8. Private Transactions Customers will have access to and ownership of

   their own data VAKT will have no access to any private data Enterprise Grade Platform Enterprise grade security and cryptography High availability during business hours No data loss during transactions or following a disaster recovery situation Permanent Logging of Transactions Transaction records will be immutable Tamper Evident VAKT Business Promises Our solution

9. PODs and their data are wholly owned by the customer

   • Each customer has their own blockchain node • All transaction data is held locally • Identity and Key management are “POD local” • Each POD has its own corporate identity which signs transactions VAKT provide some necessary central services but does not participate in the blockchain or in transactions • Reference data • Document Storage • Messaging with komgo for Trade Finance • It has no participating blockchain node Security under your control – We offer a trusted network of known participants for post trade processing where only trade participants will have access to their relevant trade data. Platform overview

10. A pod is a self contained and provides all services

    necessary to participate in the platform Identity management • Keycloak - supports single sign on and Open ID User interface • Dynamic, Web browser based API • For ETRM integration Key management • Cryptographic Private key management Logging and monitoring Database • Local data storage

11. VAKT provides some necessary central services • Reference data •

    Centrally managed and distributed reference data necessary for ETRM mapping and UI driop downs • Document Storage • Central, secure, private robust document management • Messaging with komgo • Document presentation and messaging to komgo for trade finance

12. • Implemented security layers • Virtual Private Cloud • Identity

    and access management at application and infrastructure level • Key management locally • High levels of cryptography • Blockchain inherent security • Active monitoring • Controls and policies Security of the platform is paramount, and is managed at multiple layers AWS Security/ Access control POD VPC Encryption in transit Encryption at rest

13. Single use Pod architecture – designed for one organisation and

    multiple legal entities Quorum Legal Entity 1 (Identity) [Quorum keys 1] Quorum Legal Entity 2 (Identity) [Quorum keys 2] Quorum Legal Entity 3 (Identity) [Quorum keys 3] Database (Local Data) Schema Legal Entity 1 Schema Legal Entity 2 Schema Legal Entity 3 API (Business Logic) KeyCloak (Authorisation/ Access) AMQP (Messaging/ Communications)

14. Multi Tenant Pod - designed for multiple organisations Quorum Organisation

    1 (Quorum keys 1) Quorum Organisation 2 (Quorum keys 2) Quorum Organisation 3 (Quorum keys 3) Database (local Data) Schema Organisation 1 Schema Organisatio n 1 Schema Organisatio n 1 API KeyCloak Organisation 1 (Realm 1) KeyCloak Organisation 2 (Realm 2) KeyCloak Organisation 3 (Realm 1) AMQP Organisation 3 (key-pair 1) AMQP Organisation 3 (key-pair 2) AMQP Organisation 3 (key-pair 3)

15. High Level Cloud Accounts

16. AWS Public Cloud AWS Account Member 1 – Prod/Preview VPC

    AWS Account Member 2 – Prod/Preview VPC POD POD Internet AWS Account Member 2 – Prod/Preview VPC Multi Tenant POD Multi Tenant POD AWS Account Prod/Preview VPC Vakt Services

17. Blockchain encryption

18. Key Management Service Partner KeyStore (AWS S3) Encrypted Partner POD

    Access Cloudtrail logs VAKT Managed Account and Secured Keys Permissions Member VAKT Managed Account Only POD can decrypt Only POD can read Role • Keys Security concerns • Key policy restricts access to the key for member POD only • Access logs will provide audit on the usage of keys • Operational • Single account and ownership make setup and maintenance simple CI Server Dynamic key generation

19. Blockchain monitoring

20. AWS Public Cloud AWS Prod Account 01 AWS Prod Account

    01 VPC POD Internet VPC Release Multi Tenant POD AWS Account VPC Prometheus Graffana Q Exporter Q Exporter Cloudwatch Exporter Cloudwatch Exporter CW CW

21. CI CD tools

22. Initial CI Stack • Initial Stack • Concourse • Shell/Rake

    • Ruby • Terraform

23. Initial CI Stack • Challenge with initial stack • Concourse

    • Knowledge • Too Opinionated • Slow • Not easy branch detection • Not real Docker support • Pros with initial stack • Concourse • Looks Pretty • Mid stage restarts • Better support for linking pipeline stages

24. New CI Stack CI principles • Make file should simple

    wrapper only no logic in make file • Ansible to be used only for orchestration of Infra Code i.e. which terraform modules to be called and in which order • Ansible to be used for configuration management like configure DB, Keycloak • Terraform to be used only for Cloud automation

25. New CI Stack • New Stack • Jenkins • Make

    • Ansible • Terraform • Features • Concourse • Multi Branch pipelines • Nest Jobs • Flexible • Docker support

26. Reduced Build time • New Stack • Jenkins • Make

    • Ansible • Terraform • Features • Concourse • Multi Branch pipelines • Nest Jobs • Flexible • Docker support CI principles • Make file should simple wrapper only no logic in make file • Ansible to be used only for orchestration of Infra Code i.e. which terraform modules to be called in which order • Ansible to be used for configuration management like configure DB, Keycloak • Terraform to be used only for Cloud automation

27. Build step in Jenkins

28. More Challenges

29. More Challenges • Blockchain events are used and hence API

    has to be singleton • Possibly add messaging layer • Smart contract version management • Smart contract change management • Key smart contract as simple as possible • Cost Cost to run various test environments • Each test environment must have 3 PODs, hence VPCs etc • Cost optimisation is being achieved by • Use of Spot instances • Nightly shutdown of instances using ASG • Nightly Shut of RDS using Jenkins jobs • Nightly Deletion of Load balancers

30. 30 This publication has been written in general terms and

    we recommend that you obtain professional advice before acting or refraining from action on any of the contents of this publication. VAKT Global Ltd accepts no liability for any loss occasioned to any person acting or refraining from action as a result of any material in this publication. VAKT Global is a limited company registered in England and Wales with registered number 11295972 and its registered office at 24th Floor One Canada Square, London, E14 5AB, United Kingdom. © 2019 VAKT Global Ltd. All rights reserved.