Getting started using the Enterprise File Fabric with BlockChain for Secure Governance and Compliance of Company Files

The purpose of this post is to outline how the Enterprise File Fabric can be used with a BlockChain HyperLedger solution to provide guaranteed non tamper audit reports for the corporate file estate.

Blockchain is a distributed databased for maintaining records (called blocks) in which the data in the block cannot be altered retrospectively.  HyperLedger is one of a number of projects that use blockchain at its core and is a specification for how a trusted network should work. In this example we use Fabric but there are others such as Sawtooth Lake, Corda R3 and Iroha.

The Enterprise File Fabric provides a unified multi-cloud content repository for all company data, whether stored on-cloud or on-premises. The solution supports over 60s storage endpoints including object storage such Amazon S3, IBM COS, Google Storage, Microsoft Azure, as well as traditional on-premises storage such as Windows Filers, NAS / SAN, and other more common storage solutions such as Box, DropBox, Office 365 etc.

The Enterprise File Fabric (EFF) event auditing enables companies to have complete audit logs for all file events across all corporate data sets. This can include file access, file modification, file deletion, why a file was was shared, to whom, who shared the document, and the date and time of the share and access.

The Enterprise File Fabric can also provide these audit events as a real time stream. Audit Streams can be used to send events to external systems or solutions.

Some of our customers have a requirement that the audited events cannot be modified. Where this is a requirement BlockChain can be used for non-repudiated audit events.

This post demonstrates how to write Audit Events to HyperLedger Fabric. HyperLedger is a Linux Foundation project. The objective of the project is to develop blockchains and distributed ledgers, with a particular focus on improving the performance and reliability of these systems for business transactions.

If you follow these steps you will be able to write the File Fabric audit events to HyperLedger. The audit events will be available from the File Fabric:

and also in the  Hyperledger blockchain:

The following is the flow of the events:

  • A user takes an action on the Enterprise File Fabric.
  • The audit event is logged and also sent to Redis.
  • A subscriber receives the event and publishes to the HyperLedger block chain:

Setting up the environment

You will require the following:

(The instructions assume your development environment is Mac OS)

Enterprise File Fabric configuration

Deploy StorageMadeEasy Enterprise File Fabric and follow the guide to create a user

Install Redis on Enterprise File Fabric

yum install redis

By default Redis listens on the local port change to listen on all interfaces.

Note for production you should password protect Redis and also use an encrypted connection.

sed -i -e 's/^bind 127.0.0.1/bind 0.0.0.0/g' /etc/redis.conf

Restart Redis

systemctl restart redis
systemctl enable redis

Open the Redis port in the firewall

Out of box EFF uses iptables to block ports. Here we open port 6379 for Redis

Edit /etc/sysconfig/iptables 

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 6379 -j ACCEPT

and restart iptables

systemctl restart iptables

Enable Audit Streams

SSH to Appliance and su to smestorage user

create a file RedisAuditEventHandlerInterface.php in /var/www/smestorage/auditevents/ ( if the folder does not exist, create the folder) and copy the contents below to the file


<?php

class RedisAuditEventHandlerInterface implements AuditEventHandlerInterface

{

private $redis;

/**

Connect to Redis

*/

function __construct() {

$this->redis = new Redis();

$this->redis->connect(‘127.0.0.1’, 6379);

}
/**

Handles an event from the audit stream

@param SMEAPP_Audit_Event $auditEvent

*/

public function handleEvent(SMEAPP_Audit_Event $auditEvent)

{

$message = json_encode(array(

'actor' => $auditEvent->getActor(),
'eventtype' => $auditEvent->getEventType(),
'ip' => $auditEvent->getIp(),
'date' => $auditEvent->getDate()->format(DATE_RFC822),
'tool' => $auditEvent->getTool(),
'log' => $auditEvent->getLog(),
));

$this->redis->publish(‘audit_events_channel’, $message);

}

/**

Connect to Redis

*/

function __destruct() {

$this->redis->close();

}
}

Add the following line to /var/www/smestorage/public_html/config.inc.php


var $audit_event_handler_path = '/var/www/smestorage/auditevents/RedisAuditEventHandlerInterface.php';

HyperLedger

Install the Development environment on a separate machine following the instructions here.

It will be helpful if you follow the tutorials before starting SME EFF integration

Playground Tutorial

Developer Tutorial

Create a Composer Project

We will use composer to publish our blockchain business network.

Open a command prompt and enter

> yo hyperledger-composer:businessnetwork
Welcome to the business network generator
? Business network name: sme-network
? Description: sme audit log network
? Author name:  sme
? Author email: sme@storagemadeeasy.com
? License: Apache-2.0
? Namespace: org.sme.audit
? Do you want to generate an empty template network? No: generate a populated sample network
   create package.json
   create README.md
   create models/org.sme.audit.cto
   create permissions.acl
   create .eslintrc.yml
   create features/sample.feature
   create features/support/index.js
   create test/logic.js
   create lib/logic.js

Defining a business network

Edit org.sme.audit.cto file and replace with following


/**
 * Write your model definitions here
 */

namespace org.sme.audit

asset SampleAsset identified by id {
  o String id
  o String actor
  o String eventType
  o String ip
  o DateTime time
  o String tool
  o String log
}

Edit permissions.acl and add the following


/**
 * Access control rules for sme-network
 */
rule Default {
	description: "Allow all participants access to all resources"
	participant: "ANY"
	operation: ALL
	resource: "org.sme.audit.*"
	action: ALLOW
}

rule SystemACL {
  description:  "System ACL to permit all access"
  participant: "ANY"
  operation: ALL
  resource: "org.hyperledger.composer.system.**"
  action: ALLOW
}

 

remove the file lib/logic.js for this we do not need transactions or smart contracts

Generate a Business Network Archive

From the sme-network directory, run the following command:

  • composer archive create -t dir -n .

    Deploy the Business Network

    composer network install --card PeerAdmin@hlfv1 --archiveFile sme-network@0.0.1.bna
    

    Start Business network

    composer network start --networkName sme-network --networkVersion 0.0.1 --networkAdmin admin --networkAdminEnrollSecret adminpw --card PeerAdmin@hlfv1 --file networkadmin.card
    

    Import Business network card

    composer card import --file networkadmin.card
    

    View the model in Composer Playground

    composer-playground
    

    You should see the following in your browser Peer Admin card and the deployed sme business network

    Generate and Restart the Composer REST Server

    1. To create the REST API, navigate to the tutorial-network directory and run the following command:
      composer-rest-server
      
    2. Enter admin@sme-network as the card name.
    3. Select never use namespaces when asked whether to use namespaces in the generated API.
    4. Select No when asked whether to secure the generated REST API.
    5. Select No when asked whether to secure the generated REST API using Passport.
    6. Select Yes when asked whether to enable event publication.
    7. Select No when asked whether to enable TLS security.

    The generated API is connected to the deployed blockchain and business network.

    *Note to restart network composer-rest-server -c admin@sme-network -n never -w true

    Subscribe to Audit Logs from Redis and Add to HyperLedger

    Pre-Requisites:

    Copy the attached code and compile the jar

     ./gradlew fatjar
    

    Execute the following

    java -jar ./build/libs/sme-hyperledger-all-0.1.jar [EFF IP} 6379 audit_events_channel http://localhost:3000/api/AuditEvent
    
    
    java -jar ./build/libs/sme-hyperledger-all-0.1.jar 192.168.210.131 6379 audit_events_channel http://localhost:3000/api/AuditEvent
    

    End-to-End-Test

    Login to the Enterprise File Fabric using the team account you created.

    Upload a file and you will the audit event in Organisation —> Audit Logs and also the event in the Composer Playground.

    Summary

    This post outlined how the Enterprise File Fabric can be used with a Blockchain HyperLedger for the securing of a companies file audit trail.

    The source code for this example is available from this Github repository.

     

     

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather
The following two tabs change content below.