🌴
Guardian
  • Guardian
    • 🌏Getting Started
      • 🏜️Discovering Environmental assets on Hedera
      • πŸŽ“Guardian Glossary
      • πŸ“–Installation Guide
        • πŸ—’οΈPrerequisites
        • πŸ› οΈInstallation
          • πŸ”¨Building from source and run using Docker
            • Deploying Guardian using default Environment
            • Deploying Guardian using a specific Environment ( DEVELOP )
            • Deploying Guardian using a specific Environment (QA)
          • πŸ”¨Building from Pre-build containers
          • πŸ”¨Build executables and run manually
          • ☁️Cloud Deployment
          • ⬆️Upgrading
          • πŸ”™Backup tools
          • 🏑Setting up environment parameters
          • πŸ“Summary of URLs and Ports
          • πŸ’»Launching Guardian
          • πŸ§ͺHow to perform Unit Tests?
        • πŸ”¨How to Configure Hedera Local Node
        • πŸ”¨How to Configure HashiCorp Vault
        • πŸ”¨How to create Operator ID and Operator Key
        • πŸ”¨How to generate Web3.Storage API values
        • πŸ”¨How to Change Explorer URL
        • πŸ”¨How to Restore Account from Database/Hashicorp Vault during Setup
      • πŸ™Contributing
        • πŸš‡Contribute a New Policy
      • πŸ“–Frameworks/Libraries
        • πŸ’»Guardian CLI
      • βš™οΈAPI Guideline
      • πŸ”Guardian Vault
      • 🌎Environments
        • 🌎Multi session consistency according to Environment
        • πŸ”‘Dynamic Vault/KMS path configuration according to the environment
        • 🏑Ecosystem Environments
      • πŸ“ƒChange Log
      • πŸ›£οΈRoadmap
      • 🚨License
      • πŸ“žContact
      • πŸ”Security
      • πŸ”‘Meeco authentication
        • πŸ”‘How it works
    • πŸ‘·Architecture
      • ⬇️Deep Dive Architecture
      • πŸ”ΊHigh Level Architecture
      • πŸ‘Policies,Projects and Topics Mapping Architecture
      • βž—MRV Splitting Logic
      • πŸ”‘Internal (with Vault)Signing Sequence Diagram
      • πŸ”₯FireBlocks Signing Sequence Diagram
    • πŸ“‡Global Indexer
      • πŸ’»Indexer User Guide
      • βš™οΈIndexer APIs
        • Full Text Indexer Search
        • Returns Standard Registries
        • Returns Registry as per MessageID
        • Returns Registry Users
        • Returns Registry User as per MessageID
        • Returns Policies
        • Returns policy as per MessageID
        • Returns Tools
        • Returns Tool as per MessageID
        • Returns Modules
        • Returns Module as per MessageID
        • Returns Schemas
        • Returns Schema as per MessageID
        • Returns Schema Tree
        • Returns Tokens
        • Returns Token as per TokenID
        • Returns Roles
        • Returns Role as per MessageID
        • Returns DIDs
        • Returns DID as per MessageID
        • Returns DID Relationships
        • Returns VP Documents
        • Returns VP Document as per MessageID
        • Returns VP Relationships
        • Returns VC Documents
        • Returns VC Document as per MessageID
        • Returns VC Relationships
        • Returns NFTs
        • Returns NFT as per Serial No.
        • Returns Topics
        • Returns Topic as per TopicID
        • Returns Contracts
        • Returns Contract as per MessageID
        • Returns Landing Page Analytics
        • Returns Project Coordinates
        • Returns Search Policy Results
        • Attempts to refresh linked files for the selected documents
        • Returns Hedera Network
        • Returns Hedera Network Explorer Settings
        • Returns Data Loading Progress Result
        • Returns Registry Relationships
        • Returns Policy Relationships
        • Retrieve the list of formulas
        • Retrieve the formula by message ID
        • Retrieve linked documents which are related to formula
        • Returning Topic Data Priority Loading Progress
        • Adding Topic Data Priority Loading
        • Adding Policy Data for Priority Loading
        • Adding Token Data for Priority Loading
        • Adding Document to Data Priority Loading
    • πŸ—ΊοΈMap Related APIs
      • Returning map API Key
      • Returning Sentinel API Key
    • πŸ—„οΈStandard Registry
      • πŸ› οΈSchemas
        • πŸ“‚Available Schema Types
        • πŸ“‚Property Glossary
        • ℹ️Types of Schemas
        • ℹ️Schema Versioning & Deprecation Policy
        • πŸ“ΉHow to design a Schema of a Methodology
        • πŸ’»Creating Schema using UI
        • βš™οΈSchema APIs
          • Listing of Schema
          • Publishing Schema based on Schema ID
          • Updating Schema
          • Deleting a Schema
          • Schema Preview from IPFS
          • Schema Preview from Zip
          • Export message IDs of Schema
          • Export Files from Schema
          • Creation of Schema related to the topic
          • Returns all Schemas related to the topic
          • Importing Zip file containing Schema
          • Importing Schema from IPFS
          • Returning Schema by SchemaID
        • βš™οΈSystem Schema APIs
          • Returns Schema by Type
          • Creates New System Schema
          • Returns Schema by Username
          • Updates the Schema
          • Delete System Schema
          • Publishes the Schema
          • Schema Type
          • Returns Map API Key
        • βš™οΈSchema APIs for Asynchronous Execution
          • Creation of Schema
          • Publishing Schema
          • Previews the Schema from IPFS
          • Importing Schema from IPFS
          • Importing Schema from .zip
        • πŸ“Schema Differentiation
          • πŸ’»Schema Differentiation using UI
          • βš™οΈSchema Differentiation APIs
            • Compare Schemas
            • Exports Schema Differentiation Results
        • πŸ“Example Data
          • πŸ’»Adding Example data using UI
        • πŸ“‚Schema Tree
          • πŸ’»Schema Tree UI
          • βš™οΈAPI for Returning Schema Tree
        • πŸ“Tag Schema
          • πŸ’»Creating Tag Schemas using UI
          • βš™οΈSchema Tags APIs
            • Returning all Schema Tags
            • Creating new Schema Tag
            • Deleting Schema Tag
            • Updating Schema Tag
            • Publishing Schema
            • Returning list of published schemas
        • Schema Predefined Values using UI
        • Schema Rules
          • Defining Schema Rules using UI
          • APIs related to Schema Rules
            • Creation of the new schema rule
            • Retrieve the schema rules
            • Retrieve the configuration of the rule by its ID
            • Update the configuration of the rule with the corresponding ID
            • Delete the rule by its ID
            • Activate the rule with the specified ID
            • Deactivate the rule with the specified ID
            • List all the schemas and policy relevant to the rule with the specified ID
            • Retrieve all the data needed for evaluating the rules
            • Create a new rule from the file
            • Load the file and return its preview
            • Export the selected rule (by ID) into the file
      • πŸ› οΈPolicies
        • πŸŽ“Policy Glossary
        • πŸ“Versioning and Deprecation Policy
          • ℹ️Policy Versioning & Deprecation Policy
          • ℹ️API Versioning & Deprecation Policy
          • ℹ️Internal APIs Versioning & Deprecation Policy
        • πŸ”©Policy Creation
          • πŸ”„Available Policy Workflow Blocks
            • InterfaceContainerBlock
            • PolicyRolesBlock
            • InterfaceStepBlock
            • requestVCDocumentBlock
            • sendToGuardianBlock
            • reassigningBlock
            • InformationBlock
            • InterfaceDocumentsSourceBlock
            • paginationAddon
            • DocumentsSourceAddOn
            • filtersAddOnBlock
            • InterfaceActionBlock
            • externalDataBlock
            • retirementDocumentBlock
            • calculateContainerBlock & calculateMathAddOnBlock
            • reportBlock & reportItemBlock
            • switchBlock
            • aggregateDocumentBlock
            • TimerBlock
            • revokeBlock
            • setRelationshipsBlock
            • buttonBlock
            • documentValidatorBlock
            • tokenActionBlock
            • tokenConfirmationBlock
            • mintDocumentBlock
            • Events
            • groupManagerBlock
            • multiSignBlock
            • customLogicBlock
            • splitBlock
            • wipeDocumentBlock
            • Create Token Block
            • impactAddon
            • Http Request Block
            • historyAddon
            • selectiveAttributes Block
            • tagsManagerBlock
            • extractDataBlock
            • externalTopicBlock
            • messagesReportBlock
            • notificationBlock
            • Button Block Addon (buttonBlockAddon)
            • Dropdown Block Addon (dropdownBlockAddon)
            • Request Vc Document Block Addon (requestVcDocumentBlockAddon)
            • Data Transformation Addon
          • πŸ’»Creating Policy using UI
          • πŸ’»Creating a Policy through Policy Configurator
            • Getting Started with the Policy Workflows
            • Policy Workflow Step 1
            • Policy Workflow Step 2
            • Policy Workflow Step 3
            • Policy Workflow Step 4
            • Policy Workflow Step 5
            • Policy Workflow Step 6
            • Policy Workflow Step 7
            • Policy Workflow Step 8
            • Policy Workflow Step 9
            • Policy Workflow Step 10
            • Policy Workflow Step 11
            • Policy Workflow Step 12
            • Policy Workflow Step 13
            • Policy Workflow Step 14
            • Policy Workflow Step 15
            • Policy Workflow Step 16
            • Policy Workflow Step 17
            • Policy Workflow Step 18
            • Policy Workflow Step 19
            • Policy Workflow Step 20
            • Policy Workflow Step 21
            • Policy Workflow Step 22
            • Policy Workflow Step 23
            • Policy Workflow Step 24
            • Policy Workflow Step 25
            • Policy Workflow Wrap Up
          • βš™οΈCreating a Policy using APIs
            • Prerequesite Steps
            • Creation of a Policy
            • Policy Listing
            • Import a Policy from IPFS
            • Policy Preview from IPFS
            • Retrieves Policy Configuration
            • Updates Policy Configuration
            • Publish a Policy
            • Policy Validation
            • Retrieval of Data for Root Policy Block
            • Request Block Data
            • Sends Data to Specified Block
            • Returns Block ID by tag
            • Exporting Message ID
            • Export to zip file
            • Import from zip file
            • Retrieves Block Data by Tag
            • Sends Data to specified Block by Tag
            • Returns list of Groups of a particular user
            • Make the selected Group active
            • Creating link between policies
            • Requesting Multi Policy Config
            • Importing Policy from a Zip file with Metadata
          • βš™οΈAPIs for Asynchronous Execution
            • Creates new Policy
            • Publishing a Policy
            • Importing a Policy from IPFS
            • Importing a Policy from file
            • Policy Review
            • Importing Policy from a Zip file with Metadata
        • πŸ“Dry Run
          • πŸ’»Dry Run Mode using UI
          • βš™οΈDry Run Mode using APIs
            • Running Policy without making any changes
            • Returning all Virtual Users
            • Creating Virtual Account
            • Logging Virtual User
            • Restarting the execution of Policy
            • Returns List of Transactions
            • Returns List of Artifacts
            • Returns List of IPFS Files
            • Returning Policy to Editing
            • Create Savepoint
            • Returns Savepoint State
            • Restoring SavePoint
            • Deletes SavePoint
        • πŸ’»Roles and Groups
          • πŸ’»Creating Roles and Groups using Policy Configurator UI
        • πŸ“Record/Replay
          • πŸ’»Policy execution record and replay using UI
          • βš™οΈRecord/Replay APIs
            • Get Recording
            • Start Recording
            • Stop Recording
            • Get Recorded Actions
            • Run record from zip file
            • Stop Running
            • Get Running Results
            • Get Running Details
            • Fast Forward
            • Retry Step
            • Skip Step
        • πŸ“Global Policy Search & Compare
          • πŸ’»Global search and comparison UI
          • πŸ’»Policy Differentiation using UI
          • βš™οΈPolicy Compare and Search APIs
            • Comparing Policies
            • Searching Policies
            • Exports Comparison results
        • πŸ”Block/Policy Discoverability
          • πŸ’»Search Policy using UI
          • βš™οΈSearch Policy APIs
            • Search Policy
          • πŸ’»Search Block using UI
          • βš™οΈSearch Block APIs
            • Searching Same Blocks
        • πŸ“‚Document Comparison
          • πŸ’»Document Comparison using UI
          • βš™οΈDocument Comparison APIs
            • Compare Documents
            • Export Comparison Results
        • πŸ“‚Tools
          • πŸ’»Tools using UI
          • βš™οΈTools APIs
            • Creating new Tool
            • Returns list of tools
            • Creating new tool asynchronously
            • Deletes the Tool
            • Retrieves Tool Configuration
            • Updates Tool Configuration
            • Publishes Tool onto IPFS
            • Publishes Tool into IPFS asynchronously
            • Validates Selected Tool
            • Returns Tools and its artifacts in zip format
            • Retrieves Hedera Message ID
            • Previews Imported Tool from IPFS
            • Imported Tool from IPFS
            • Previews Imported Tool from Zip
            • Importing Tool from Zip
            • Imports new tool from Zip Asynchronously
            • Imports new tool from IPFS Asynchronously
            • Returns List of Tools
            • Importing Tool from a Zip file
            • Importing Tool from a Zip file asynchronously
        • πŸ“Modules
          • πŸ’»Modules using UI
          • βš™οΈModules APIs
            • Returns all Modules
            • Creating new Module
            • Returns Module Menu
            • Retrieves Module Configuration
            • Updates Module Configuration
            • Delete the Module
            • Publishing Module onto IPFS
            • Returns Hedera ID for specific Module
            • Exporting Module in zip format
            • Import Module from IPFS
            • Import module from zip file
            • Preview Module from IPFS
            • Preview Module from zip file
            • Validates Module
          • πŸ“Modules Differentiation
            • πŸ’»Module Differentiation using UI
            • βš™οΈModule Differentiation APIs
              • Returns result of Module Comparison
              • Exports Comparison Result
        • πŸ“Tagging
          • πŸ’»Tagging using UI
          • βš™οΈTagging APIs
            • Creating Tag
            • Searching Tag
            • Deleting Tag
            • Synchronization of tags
        • πŸ“Themes
          • πŸ’»Themes using UI
          • βš™οΈThemes APIs
            • Returning all themes
            • Creating theme
            • Updating theme Configuration
            • Deleting theme
            • Returning zip file containing themes
            • Importing theme
        • πŸ“Policy Wizard
          • πŸ’»Demo on Policy Wizard using UI
          • βš™οΈPolicy Wizard APIs
            • Creating new Policy
            • Getting Policy Configuration
        • πŸ“‚Auto Suggestion
          • πŸ’»Demo using UI
          • βš™οΈAuto Suggestion APIs
            • Get next and nested suggested block types
            • Get suggestions configuration
            • Set suggestions configuration
        • πŸ“Auto Testing of the Policies
          • πŸ’»Auto Testing using UI
          • βš™οΈAuto Testing Policies APIs
            • Adding new Test to the policy
            • Returning Policy Test by ID
            • Running the Policy Test
            • Stopping the Specified Test
            • Deleting the Specified Test
            • Returning details of the most recent test run
        • πŸ“”Library of Policy Examples
          • πŸ’»Creating and using Roles
          • πŸ”’Data input via Forms, using Roles to partition user activities.
          • πŸͺ™Token Operations
          • πŸ”ŽMRV Document Operations
          • ⛓️TrustChain reports
          • βž—MRV aggregation and splitting for minting tokens
        • πŸ’»Demo on Integrating external policies using UI
        • Policy Labels
          • Policy Labels UI
          • βš™οΈAPIs related to Policy Labels
            • Creating new Label definition
            • Retrieve the list of Label definitions
            • Retrieve a label definition configuration by ID
            • Update Label configuration by ID
            • Delete Label definition by ID
            • Publish Label definition by ID
            • Publish Label definition by ID asynchronously
            • Retrieve the list of components for Label configuration (schemas, policies, etc)
            • Import Label configuration from a file
            • Export Label configuration to a file
            • Preview of the imported file
            • Search for Labels and Statistics for importing into Label configuration
            • Retrieve the list of created tokens (VPs) for which a Label document can be created
            • Retrieve token (VP) and all its dependencies by document ID
            • Create a new Label document for token (VP)
            • Retrieve a list of created Label documents
            • Retrieve Label document by ID
            • Retrieve linked Label documents by ID
        • Formula Linked Definitions
          • Formula Linked Definitions using UI
          • βš™οΈAPIs related to Formula Linked
            • Creating a new formula
            • Returns a list of formulas
            • Returns a formula by its ID
            • Update the formula by its ID
            • Delete the formula by its ID
            • Retrieve the list of all schemas and policies linked to a Formula
            • Create a new formula (import) from a file
            • Export selected formulas into a file
            • Loads (import) a file and return its preview
            • Publish a formula
            • Retrieve all data from documents that needed for displaying the formula
      • πŸ”‘Bring your own DIDs
        • πŸ’»Bring your own (BYO) DIDs UI
        • βš™οΈAPIs
          • Validate DID Format
          • Validate DID Keys
      • πŸ“Import/Export in Excel
        • πŸ’»Import and Export Excel file User Guide
        • βš™οΈImport/Export Schemas/Policies APIs
          • Import Schemas in Excel file format into a policy
          • Asynchronously Imports Schemas in Excel file format into a policy
          • Previews Schema from Excel file
          • Returns Schema in Excel file format
          • Returns list of Schemas
          • Exporting Policy to Excel
          • Import Schemas in Excel file format into a Policy
          • Asynchronously Imports Schemas in Excel file format into a policy
          • Policy Preview from Excel file
      • πŸ“Project Comparison
        • πŸ’»Project Comparison using UI
        • βš™οΈProject Comparison APIs
          • Comparing Project Data Documents
          • Comparing VP Documents - V1
          • Retrieves all Properties
          • Search Projects by filters
      • πŸ”‘Selective Disclosure
        • πŸ“”User Guide
        • πŸ”Selective Disclosure Demo
      • πŸ“ˆUsage Statistics
        • πŸ’»Statistics
        • βš™οΈAPIs related to Statistics
          • Returns the status of the current report
          • Update current report
          • Returns all reports
          • Returns report data by report uuid
          • Export report data in a csv file format
          • Export report data in a xlsx file format
          • Returns all dashboards
          • Returns dashboard by uuid
          • Returns Metrics
      • πŸ“’Artifacts
        • πŸ’»Importing/Deleting Artifacts using UI
        • βš™οΈArtifacts APIs
          • Returns all Artifacts
          • (deprecated) Returns all Artifacts
          • Upload Artifacts
          • (deprecated) Upload Artifacts
          • Delete Artifact
          • (deprecated) Delete Artifact
      • πŸ’»Asynchronous Tasks Status
      • Show list of Hedera Transactions
        • Showing List of Hedera Transactions using
        • APIs
          • Returning all transactions for Policy
          • Returning all transactions for Schema
          • Returning all transactions for Token
          • Returning all transactions for Contract
      • πŸ””Notifications
        • πŸ’»User Guide
        • βš™οΈAPIs related to Notification
          • Get All Notifications
          • Get new Notifications
          • Get Progresses
          • Read All Notifications
          • Delete Notifications
      • πŸ“Discontinuing Policy Workflow
        • πŸ’»User Guide
        • βš™οΈAPIs related to Discontinuing Policy workflow
          • Discontinue Policy
          • MigratePolicy Data
          • Migrate Policy Data Asynchronous
          • Get Policy Documents
      • πŸ“Live Project Data Migration
        • ↔️Live Project Data Migration UI
        • βš™οΈAPIs related to Live Project Data Migration
          • Getting Policy Data
          • Uploading Policy Data
          • Getting Policy Tag Block Map
          • Getting Policy Virtual Keys
          • Uploading Policy Virtual Keys
      • πŸ”₯FireBlocks Raw Signing
        • Fireblocks signing in Guardian UI
        • Getting Keys from FireBlocks UI
      • πŸ™Roles & Permissions
        • πŸ’»Roles and Permissions User Guide
        • βš™οΈAPIs related to Roles & Permissions
          • Returns list of all permissions
          • Returns list of all roles
          • Creates a New Role
          • Updates Role Configuration
          • Deletes Role
          • Setting Default Role
          • Returns list of all users for whom the current user can change the role
          • Retrieves information about the user (roles, permissions assigned policies)
          • Updates User Roles (only SR)
          • Returns list of all Policies
          • Assigns Policies to a User - Only SR
          • Updates user roles (for ordinary uses)
          • Assigns policies to a user (for ordinary users)
      • Decentralized Guardian
        • Remote Policy UI
        • APIs
          • Returns the list of requests for adding remote policies
          • Previews the policy from IPFS without loading it into the local DB.
          • Policy Import from IPFS
          • Approves policy Asynchronously
          • Rejects policy Asynchronously
          • Approves Policy
          • Rejects policy
          • Return a list of all policies
          • Approves a request for an action from a remote Guardian
          • Rejects a request for an action from a remote Guardian
          • Return a count of policy requests
      • Change Password
        • Password Security Hardening and Change Password using UI
        • βš™οΈAPI related to Change Password
          • Change Password
      • πŸ“TrustChain
        • βš™οΈTrustChain APIs
          • Requesting
          • Building and returning
      • 🏜️External Events
        • πŸ› οΈMonitoring Tools
          • ⛏️Application-events module
        • βš™οΈSend Data using the External Data APIs
          • Sends Data from an External Source
      • πŸ“±Mobile Support for Data Interface
        • πŸ“±Mobile operation for the Standard Registry
      • πŸ› οΈStandard Registry Operations
        • βš™οΈSettings APIs
          • Displaying Current Settings
          • Adding Settings
        • βš™οΈLogs APIs
          • Returning Logs
          • Returning Log Attributes
        • βš™οΈTask Statuses APIs
          • Returning Task Statuses
      • πŸ“ΉDemo Experience
    • 🀡Users
      • πŸ› οΈUser Operations
        • βš™οΈAccount APIs
          • Authentication Process
          • User listing except Standard Registry and Auditor
          • User Balance
          • User Session
          • User Login
          • Registering new account
          • Returns all Standard Registries
          • Returns Access Token
        • Profile APIs
          • User Account Balance
          • User Account Information
          • Setting User Credentials
          • Setting User Credentials Asynchronously
      • πŸ“±Mobile Support for Data Interface
        • πŸ“±Mobile Operation for the user
      • πŸ› οΈUser Profile Setup
      • πŸ€–AI Search
        • πŸ’»AI Search using UI
        • βš™οΈAI Search APIs
          • Returns response
          • Rebuilds vector based on policy data
      • πŸ”ŽGuided Search of Methodologies
        • πŸ’»Search using UI
        • βš™οΈSearch APIs
          • Retrieves list of all categories
          • List of policies that are best suited for given parameters
      • βœ–οΈMulti Policy
        • πŸ’»Configuring Multi Policy using UI
      • Bottom Up Data Traceability
        • Bottom Up Data Traceability using UI
        • βš™οΈRelated APIs
          • Create new Statistics Definition
          • Get the list of Statistics Definitions
          • Retrieve details of the Statistics Definition by ID
          • Update configuration of the Statistics Definition by ID
          • Delete the Statistics Definition by ID
          • Publish Statistics Definition by ID
          • Retrieve the list of linked schemas and policy
          • Retrieve the list of all documents conforming the rules of the Statistics Definition.
          • Create a new Statistics Assessment based on the Statistics Definition
          • Retrieve the list of existing Statistics Assessment
          • Retrieve the Statistics Assessment by ID
          • Retrieve all VC documents related to the Statistics Assessment
    • πŸͺ™Tokens
      • πŸ’»Creating Token using UI
      • πŸ“’Token Template
        • Creating Token Template using UI
        • Creating Token through UI using Token Template
      • πŸ“–Token Authenticity
        • ℹ️Establishing Token Authenticity
      • Dynamic Token Creation in Policies
        • Dynamic Token Creation in Guardian Policies using UI
      • πŸ› οΈToken Operations
        • βš™οΈToken APIs
          • Token Listing
          • Creation of Token
          • User Info for selected token
          • Associates the user with token
          • Disassociates the user with token
          • Grants KYC for the user
          • Revoke KYC of the user
          • Freeze Tokens of a user
          • UnFreeze Tokens of a user
          • Returns Token Serials
        • βš™οΈAPIs for Asynchronous Execution
          • Token Creation
          • Associating User with the Hedera Token
          • Disassociating User with the Hedera Token
          • Setting KYC for the User
          • Unsetting KYC for the User
      • πŸ“”Token Retirement Contract
        • πŸ’»Creating Contract using UI
        • ⛓️TrustChain representation of token retirement
        • βš™οΈRetirement APIs
          • Returning all contracts
          • Creating new Contract
          • Importing new Contract
          • Get Contract Permissions
          • Removing Contract
          • Returns a list of all Wipe requests
          • Enabling Wipe Requests
          • Disabling Wipe Requests
          • Approving Wipe Requests
          • Rejecting Wipe Requests
          • Clearing Wipe Requests
          • Adding Wipe Admin
          • Removing Wipe Admin
          • Adding Wipe Manager
          • Removing Wipe Manager
          • Adding Wipe Wiper
          • Removing Wipe Wiper
          • Syncing Retire Pools
          • Returning list of all Retire Requests
          • Returning list of all Retire Pools
          • Deleting Retire Requests
          • Deleting Retire Pools
          • Setting Retire Pools
          • Unsetting Retire Pool
          • Unsetting Retire Request
          • Retiring Tokens
          • Approving Retire Request
          • Cancelling Retire Request
          • Adding Retire Admin
          • Removing Retire Admin
          • Returning all Retired VCs
          • Adding Wipe for specific token
          • Remove Wipe request for specific token
          • Deleting Wipe request for Hedera Account
          • Get Retirement VCs from Indexer
    • πŸ‘ΎAutomation Testing
      • πŸ’»Performing API Automation Testing
      • πŸ’»Performing UI Automation Testing
    • πŸ“•Logging Configuration using Pino Library
    • πŸ“”Guidance for Open Source Policy Submissions
    • πŸ“Demo Guide
      • πŸ”‹Renewable Energy Credits
        • πŸ“–Introduction to International Renewable Energy Credit Standard (iREC)
        • βš™οΈiREC API Demo Guide
        • βš™οΈDemo Using APIs and UI
        • πŸ’»iREC 5 Demo UI Guide
        • βš™οΈiREC 5 json
        • πŸ’»iREC 7 User Journey UI Demo Guide
        • πŸ’»iREC 7 Demo UI Guide
      • ☘️Carbon Offsets
        • πŸ“–Introduction to Verra Redd+
        • πŸ’»Verra Redd VM0007 Demo UI Guide
        • πŸ’»Verra Redd_3 User Journey Demo UI Guide
        • 🎍VM0017 Adoption of Sustainable Agricultural Land Management, v1.0
        • 🎍VM0042 Methodology for Improved Agricultural Land Management
        • 🌲Verra VM0047 - Afforestation, Reforestation, and Revegetation (ARR) v0.1
        • 🌲Gold Standard Afforestation and Reforestation (AR) v2.0
        • πŸƒDovu Methodologies
        • πŸ€Dovu MMCM
        • ♨️Improved Cookstove
        • ♨️GoldStandard - Metered Energy Cooking
        • πŸ€Carbon Reduction Measurement - GHG Corporate Standard Policy Guid
        • 🏒VM0044 Methodology for Biochar Utilization in Soil and Non-Soil Applications
        • 🏭CDM AMS-III.AR : Substituting fossil fuel based lighting with LED/CFL lighting systems
        • 🏨CDM AMS II.G: Energy Efficiency Measures in Thermal Applications of Non-Renewable Biomass
        • 🏭CDM AMS III.D: Methane Recovery in Animal Manure Management Systems
        • 🏭CDM AMS III.BB: Electrification of communities through grid extension
        • 🏭CDM AR-ACM0003: Methodology for Afforestation and Reforestation of Lands Except Wetlands
        • 🏭CDM ACM0001: Flaring or Use of Landfill Gas
        • 🏭CDM ACM0002: Grid-Connected Electricity Generation from Renewable Sources
        • 🏭CDM ACM0006: Electricity and Heat Generation from Biomass
        • 🏒CDM ACM0007: Conversion from Single Cycle to Combined Cycle Power Generation
        • 🏭CDM AMS-I.A.: Electricity Generation by the User
        • 🏭CDM AMS-I.C.: Thermal Energy Production with or Without Electricity
        • 🏨CDM AMS-I.F.: Renewable Electricity Generation for Captive Use and Mini-Grid
        • 🏭CDM AMS-II.J.: Demand-Side Activities for Efficient Lighting Technologies
        • 🏨CDM AMS-III.AV.: Low Greenhouse Gas Emitting Safe Drinking Water Production Systems
        • 🏭CDM AMS-III.F.: Avoidance of Methane Emissions Through Composting
        • 🏒CDM AMS-III.H.: Methane Recovery in Wastewater Treatment
        • 🏭CDM ACM0018: Electricity Generation from Biomass in Power-Only Plants
        • ⬇️Verra PWRM0001 :Plastic Waste Collection Methodology
        • 🏭VM0041 Methodology for the Reduction of Enteric Methane Emissions from Ruminants through the Use of
        • πŸ₯‡Carbon Sequestration through Accelerated Carbonation of Concrete Aggregate
        • 🏭AMS-I.D: Grid Connected Renewable Electricity Generation – v.18.0
        • 🏭PWRM0002 : Plastic Waste Recycling Methodology
        • 🍚Methane Emission Reduction by Adjusted Water Management Practice in Rice Cultivation
        • β›½Verra VMR0006: Energy Efficiency and Fuel Switch Measures in Thermal Applications
        • 🌩️AMS-I.E Switch from Non-Renewable Biomass for Thermal Applications by the User
        • GCCM001 v.4 Methodology for Renewable Energy Generation Projects Supplying Electricity to Grid
        • Landfill Gas Destruction and Beneficial Use Projects, Version 2.0
        • Climate Action Reserve’s U.S. Landfill Protocol Version 6.0
        • VM0042 Improved Agricultural Land Management, v2.1
      • 🏭Carbon Emissions
        • 🏑Remote Work GHG Policy
          • πŸ“–Introduction to Remote Work GHG
          • πŸ’»GHG Policy User Journey UI Demo Guide
          • πŸ’»Remote GHG Policy Demo Guide
        • 🏒Carbon Emissions Measurement - GHG Corporate Standard Policy Guide
        • 🏭atma GHG Scope II Carbon Emission Policy
        • 🏭Atma Scope 3 GHG Policy
        • 🏭GHGP Corporate Standard
        • 🏭GHGP Corporate Standard V2
        • Climate Action Reserve’s U.S. Landfill Protocol Version 6.0
        • Landfill Gas Destruction and Beneficial Use Projects, Version 2.0
    • ❓FAQs
    • πŸ‘¬Community Standards
      • Guardian Policy Standards (GPS)
      • Guardian System Standards (GSS)
      • Proposal for Defining Standards
  • Feedback
    • Feedback in Pipelines
  • πŸ“ˆGuardian in Production
    • πŸ“„API Architecture Customization
    • πŸ“‰Monitoring tools
    • Performance Improvement
    • Cloud Infrastructure
    • Independent Packaged Deployment
Powered by GitBook
On this page
  • Cloud agnostic architecture
  • Tools
  • Container orchestration
  • Kubernetes packages
  • Infrastructure as code - IaC
  • Roadmap Proposal
  • Milestones
  • Guardian deployment inside of k8s cluster
  • Improve deployment using Terraform
  • Add support to AWS EKS with terraform
  • Add support to GCP GKE with terraform
  • Add support to Azure AKS with terraform
  • Other considerations and caveats
  • Migrations when the next milestone or provider is available
  • Time to spend on each milestone
  • Wrap up

Was this helpful?

Edit on GitHub
  1. Guardian in Production

Cloud Infrastructure

The following document describes the Infrastructure specification for production ready instances of Hedera Guardian and a proposal of roadmap to achieve the different milestones required.

Cloud agnostic architecture

Cloud agnostic refers to a cloud design strategy in which applications, tools, and services are designed to migrate seamlessly between multiple cloud platforms or between on-premises and cloud in a hybrid model without disruption of service.

This requirement is the main decision factor for the conclusions exposed in this document. The final goal is to provide an out of the box solution at least for the biggest cloud providers and instructions for deployment on other cloud providers or even on On-premises or hybrid clouds

Tools

Container orchestration

A cloud agnostic architecture that is built on containerization and microservices can offer flexibility and portability across multiple cloud platforms. Containers provide a lightweight way to package and deploy software applications, while microservices architecture allows for the creation of independent and modular components that can be easily replaced or updated without affecting the entire system.

There are several container orchestrators available, each with its own strengths and weaknesses. Here is a brief comparison of some of the most popular container orchestrators:

Kubernetes (k8s) is the most widely adopted container orchestration platform. It is open source, highly customizable, and has a large community of contributors. Kubernetes offers robust features for container management, including automatic scaling, rolling updates, self-healing, and load balancing. However, it can be complex to set up and requires a significant amount of resources to manage.

Docker Swarm is a container orchestration platform that is tightly integrated with the Docker ecosystem. It is easy to set up and has a simple and intuitive interface. Docker Swarm is suitable for smaller deployments, but it lacks some of the advanced features offered by Kubernetes.

Apache Mesos is a distributed systems kernel that can manage both containers and non-container workloads. It provides a more low-level API for container management than Kubernetes, making it a more flexible option for certain use cases. However, it is less user-friendly and requires more technical expertise to set up and manage.

Our recommendation

Kubernetes: it can also help to manage and automate container deployments across multiple cloud environments. In fact, Kubernetes has become the standard for services/microservices architecture and our best option for faster support on different cloud providers.

Almost every cloud provider has its own implementation of managed kubernetes clusters, which eases the cluster creation and management, and withdrAWS the responsibility to the final user of maintaining the control plane and the worker nodes.

Kubernetes packages

Kubernetes is essentially driven by manifests, files that define the desired state of Kubernetes objects, such as pods, services, deployments, or config maps. These manifests are used by Kubernetes to create and manage these objects in the cluster.

Those manifests have some limitations when it comes to distribution and therefore their templating, and that is where Helm comes in. Helm is a package manager for Kubernetes that allows you to define, install, and upgrade complex Kubernetes applications. Helm uses a packaging format called charts.

Most of the applications on the Kubernetes universe have a Helm chart that can be used to deploy them. The Helm charts are stored in a repository, and the Helm client can be used to download and install them.

An alternative to Helm is Kustomize, which is a Kubernetes native tool that allows you to parametrize Kubernetes objects without having to create a new chart for each change. The downside of Kustomize is that it is not as mature as Helm, and it is not as widely used.

Our recommendation

When installing Guardian, or almost any other similar project with a microservices architecture, we can differentiate between two types of services, internal services, which are part of the project, and third-party (or external) services, which are required as a dependency, like MongoDB or Hashicorp Vault. Most of these popular services have a Helm package to ease their installation.

Helm is the most mature and widely used, but Kustomize is also a good alternative. One of the advantages of using Helm over Kustomize, is to reduce the number of tools needed to master. In other words, we’ll need Helm to install third party applications in the cluster like MongoDB or Prometheus, so it's easier for the final user to apply the same knowledge to deploy internal Guardian services than learning another technology like Kustomize.

Another advantage of using Helm is how straightforward it will be for an Ops guy to set up a Guardian instance, directly from the terminal without having to download the actual source code.

Code example

Assuming helm is already installed and configured to access the cluster, installing a Guardian install will be as easy as executing these commands among a few others (the urls might not be live at the time of reading this document):

$ helm repo add guardian https://hedera-guardian.github.io/helm-charts/
$ helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
$ helm repo update
$ helm install my-nginx prometheus-community/prometheus-stack
$ helm install my-nginx guardian/guardian-stack

Infrastructure as code - IaC

Infrastructure as Code (IaC) is a process of managing and provisioning infrastructure through code instead of manual processes.

IaC can help to improve infrastructure management by reducing manual work, improving consistency, enabling version control, enhancing scalability, and increasing portability. This can lead to better reliability, security, and cost-effectiveness for organizations that adopt IaC.

This is a brief comparison of some popular cloud agnostic IaC tools:

Terraform is a popular open-source tool that allows users to define infrastructure as code using a declarative language. It supports multiple cloud providers and infrastructure types, including AWS, Azure, GCP, and on-premises infrastructure. Terraform is known for its ability to manage complex infrastructure deployments, and its module system allows for easy reuse of code across projects.

Pulumi is a relatively new tool that allows users to define infrastructure as code using familiar programming languages such as Python, TypeScript, and Go. Pulumi provides a high level of flexibility and is a good choice for organizations that prefer to use programming languages for infrastructure management.

Chef Infra is a configuration management tool that allows users to write code to define and manage infrastructure. Chef Infra can be used to manage infrastructure across multiple cloud providers, as well as on-premises infrastructure.

Our recommendation

Terraform. It is a popular choice for managing complex infrastructure deployments on multiple cloud providers, it has the biggest provider library, with great integration with Kubernetes.

Is our best option to build the cluster and the elements surrounding it. Including networks, permissions, configurations, secrets, initial deployments, connection credentials and so on.

Alternative approach

There are other tools out there that eases the creation of a kubernetes cluster and they work seamlessly on big cloud providers.

Rancher is one of those powerful tools to create and maintain Kubernetes clusters on any infrastructure, including on-premises data centers, public cloud, and hybrid environments. These kinds of tools could be used by clients that require some setup not covered by our IaC and could be listed/detailed on the user guide before the actual IaC codebase milestone is reached.

The reason not to choose one of these tools as the preferred solution for creating a kubernetes cluster is that we want to have full control over the cluster creation process, be able to customize it to our needs and make the process easily reproducible by using infrastructure as code. Another important reason is to keep the project and all the tools used on the open source ecosystem.

Roadmap Proposal

Below is a proposal for the roadmap of the infrastructure part of the project. The idea is to have a clear path to follow and to be able to track the progress of the project. In this way we'll be able to predict the next features to be delivered to the clients and the most important, we can add to project documentation next steps, so a potential client can know what to expect from the project and decide to wait for the next release if it fits their requirements and plans.

Milestones

Guardian deployment inside of k8s cluster

Create the charts for the different services and document the complete setup process starting when the client already has its own cluster previously deployed.

Define the infrastructure variables required for deploying the infrastructure templates. This includes variables for the cloud provider, region, and other configuration parameters.

Define and document the deployment pipeline: in this stage we should define the steps to deploy the application to the cluster, and the steps to upgrade the application to a new version. We could also recommend some tools to automate the deployment process or to create the cluster itself, like rancher, kubespray, kops, eksctl, anthos, etc.

Subtasks:

  1. Create helm manifests for each internal Guardian service in a /charts folder, with some basic set of configuration variables. We should take the current docker compose implementation as reference for the customization allowed at this stage.

  2. Create a β€œstack” chart to install all the services in a single command, this stack will include the global configuration settings and is a key piece for customization and independent package deployment.

  3. Create a documentation page for the whole install process, starting detailing how to install all required third party services using also their helm charts provided by their communities. Add also links to their webpages for detailed tuning.

    • During the process we may find there is no helm chart for some of the packages, or the provider is not reliable enough (lack of maintenance, an individual instead of a company with only few likes, etc). Given that case we could write/host a chart for that package too.

  4. Update project definition of done, to ensure, in the future, every new developed feature, includes chart update if needed. In other words, we don’t want someone in the future adding, for example, a required configuration item on one of the services, and breaking the deployment because they forgot to update the corresponding chart before creating the release.

Improve deployment using Terraform

This milestone will consist of improving the deployment process using terraform. Automating some of the steps defined in the previous milestone. This would still require the user to have a previous cluster deployed, but it would be a more automated process.

Subtasks:

  • Create a terraform project using the command below in /terraform/helm folder in the Guardian repository.

$ terraform init;

  • Create the required manifests to, providing a kubeconfig file, orchestrate the install steps of the previous milestone outcome into a single command. This is a sample of how the main.tf file of this project would look like:

provider "helm" {
  kubernetes {
    host                   = module.eks_cluster.cluster_endpoint
    cluster_ca_certificate = base64decode(module.eks_cluster.cluster_ca_certificate)
    token                  = module.eks_cluster.cluster_token
  }
}
  
resource "helm_release" "vault" {
  count        = var.vault_config.self_host ? 1 : 0
  name         = "vault"
  chart        = "vault"
  repository   = "https://helm.releases.hashicorp.com"
  reuse_values = true
}

resource "helm_release" "mongodb" {
  count        = var.mongo_config.self_host ? 1 : 0
  name         = "mongodb"
  chart        = "mongodb"
  repository   = "https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami"
  version      = "10.30.0"
}

resource "helm_release" "guardian-stack" {
    name = "guardian-stack"
    chart = "./charts/guardian-stack"
}
  • Add the documentation page with instructions to use this installation method.

Add support to AWS EKS with terraform

Subtasks:

  • Create the terraform project under /terraform/aws folder in the Guardian repository.

  • Add the required manifests to deploy a complete kubernetes cluster to AWS.

  • Write a gitbook documentation page with instructions to use this installation method.

Considerations:

  • AWS is the cloud provider with more complexity when it comes to handling permissions to access the cluster. Roles and policies must be created and attached to the different resources.

  1. AmazonEKSWorkerNodePolicy

  2. AmazonEC2ContainerRegistryReadOnly

  3. AmazonEKSClusterPolicy

  4. AmazonEKSFargatePodExecutionRolePolicy

  5. AmazonEKS_CNI_Policy

  • Consider using AWS maintained terraform modules like VPC, EKS or Blueprints to simplify the resources creation.

  • EBS plugin must be enabled to allow persistence on EBS disks for the database.

  • There are projects like karpenter, to simplify node scaling without the need of having auto-scaling groups with complex rules.

Some resource tags and metadata are used internally by Kubernetes as decision makers.

tags = {
    Name = "private-subnet-a"
    "kubernetes.io/role/internal-elb" = "1"
    "kubernetes.io/cluster/eks-cluster" = "owned"
  }

Add support to GCP GKE with terraform

Subtasks:

  • Create the terraform project under /terraform/gcp folder in the Guardian repository.

  • Add the required manifests to deploy a complete kubernetes cluster to GCP.

  • Write a gitbook documentation page with instructions to use this installation method.

Considerations:

  • Permissions model is simpler in GKE, but still needed to be integrated with their IAM permissions system.

  • Control plane and worker nodes are fully managed by GPC, but due to the direct VPC internal IPs allocation on each pod, it’s a bit trickier to set up. Bigger IP ranges must be available in the subnets to avoid running out of ips when scaling out the services.

  • GKE has a native Ingress controller that leverages Google Cloud Load Balancer.

  • For workloads with attached storage, shall be considered implementing Pod Disruption Budgets (PDBs) to ensure a minimum number or percentage of pods with the same label selector are up and running at any given time.

Add support to Azure AKS with terraform

Subtasks:

  • Create the terraform project under /terraform/azure folder in the Guardian repository.

  • Add the required manifests to deploy a complete kubernetes cluster to Azure.

  • Write a gitbook documentation page with instructions to use this installation method.

Considerations:

  • AKS creates a virtual network (VNet) for your Kubernetes cluster, and the cluster networking must be configured to work with a VNet. Additionally, there is the need to configure network security groups and subnet settings to enable inbound and outbound traffic to the cluster.

  • AKS supports Azure Active Directory (AAD) authentication and authorization for Kubernetes clusters. We’ll need to set up AAD roles and policies to control access to cluster resources.

  • Every AKS cluster in Azure must belong to a resource group. Those resource groups must be defined in terraform and will ease resources deletion when decommissioning by deleting the resource group itself. This is a simple snippet for its declaration:

resource "azurerm_resource_group" "example" {
  name     = "example-resources"
  location = "West Europe"
}

Usage of kubenet CNI is the preferred choice at this stage because of its simplicity, even though in future iterations Azure CNI could provide a better integration with other Azure services.

Other considerations and caveats

Migrations when the next milestone or provider is available

We should consider the possibility of having to migrate the infrastructure to the next milestone. Let me put an example: if we have a client using the current deployment process, and we release the terraform support, we could consider to provide a way to migrate the infrastructure to the new deployment workflow. Same applies if the client decides to migrate to a different cloud provider.

This is definitely not an easy task, and it would require a lot of work, but worth mentioning here.

Time to spend on each milestone

Each milestone its a project on its own, we can spend months refining only a single cloud provider, including options to use as much as their services as we want: automated backups, external load balancers, hosted database, advanced monitoring and alerting, reporting, budgeting control, replication and resilience, improved security, etc.

For the scope of this document we’re assuming we’ll provide a simple integration with the cloud providers mentioned above, but it’s important to keep in mind, and properly warn about it in the final client documentation, that terraform is a declarative tool, so changes done manually on the cloud resources after the execution of the supported terraform manifests might be reverted if `terraform apply` is executed again after doing those changes.

Wrap up

Hedera Guardian will be built using a cloud-agnostic microservices architecture, which will enable the potential clients to deploy and manage the application across different cloud providers. Kubernetes, preferably the managed service of each provider, will be used as the orchestration platform to manage the containers and ensure high availability and scalability.

We will use Infrastructure as Code (IaC) to automate the deployment of the infrastructure resources, and Terraform will be used as the primary tool for managing the infrastructure. We will also leverage open-source tools such as Helm to simplify the deployment and management of the Kubernetes clusters.

The infrastructure roadmap includes the initial setup of the cloud infrastructure, including the basic networking elements and permissions, and also deploy and configure the Kubernetes clusters, again, using Terraform. Additionally, we will implement monitoring and logging, to ensure the reliability and security of the infrastructure and application.

All this, putting strong emphasis on documentation, to guide potential clients through the deployment process, and to ensure that the application is easy to maintain and extend.

PreviousPerformance ImprovementNextIndependent Packaged Deployment

Last updated 1 year ago

Was this helpful?

Determine which elements of the infrastructure are likely to be replaced by the client and which are likely to be reused. For example, the client may want to use their own database provider, outside of the cluster or even in a different provider (DBaaS), or they may want to have a dedicated security or SRE team monitoring the application using enterprise level tools. This is defined in more detail in the section.

Host the Helm repository using free github pages (more details in this guide ).

Stack charts (often named umbrella charts) are a common practice to group several charts into one. A great example of this could be Prometheus stack

Modify CI scripts to update chart versions on each new release in a similar way new docker images are pushed to the registry. This github action can help on the process

Add the fully automated workflow to deploy the infrastructure to AWS EKS using terraform. This includes the creation of the cluster, the deployment of the services, and the configuration of the security groups, user permissions and network policies. Terraform has an official guide to deploy to EKS that can be taken as .

Add the fully automated workflow to deploy the infrastructure to GCP GKE using terraform. This includes the creation of the cluster, the deployment of the services, and the configuration of the security groups, user permissions and network policies. Terraform has an official guide to deploy to GKE that can be taken as .

Add the fully automated workflow to deploy the infrastructure to Azure AKS using terraform. This includes the creation of the cluster, the deployment of the services, and the configuration of the security groups, user permissions and network policies. Terraform has an official guide to deploy to AKS that can be taken as .

πŸ“ˆ
Independent Packaged Deployment
https://medium.com/@gerkElznik/provision-a-free-personal-helm-chart-repo-using-github-583b668d9ba4
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack
https://helm.sh/docs/howto/chart_releaser_action/
reference
reference
reference