The purpose of this post is to outline how the Enterprise File Fabric can be used with a BlockChain HyperLedger solution to provide guaranteed non tamper audit reports for the corporate file estate.
Blockchain is a distributed databased for maintaining records (called blocks) in which the data in the block cannot be altered retrospectively. HyperLedger is one of a number of projects that use blockchain at its core and is a specification for how a trusted network should work. In this example we use Fabric but there are others such as Sawtooth Lake, Corda R3 and Iroha.
The Enterprise File Fabric provides a unified multi-cloud content repository for all company data, whether stored on-cloud or on-premises. The solution supports over 60s storage endpoints including object storage such Amazon S3, IBM COS, Google Storage, Microsoft Azure, as well as traditional on-premises storage such as Windows Filers, NAS / SAN, and other more common storage solutions such as Box, DropBox, Office 365 etc.
The Enterprise File Fabric (EFF) event auditing enables companies to have complete audit logs for all file events across all corporate data sets. This can include file access, file modification, file deletion, why a file was was shared, to whom, who shared the document, and the date and time of the share and access.
The Enterprise File Fabric can also provide these audit events as a real time stream. Audit Streams can be used to send events to external systems or solutions.
Some of our customers have a requirement that the audited events cannot be modified. Where this is a requirement BlockChain can be used for non-repudiated audit events.
This post demonstrates how to write Audit Events to HyperLedger Fabric. HyperLedger is a Linux Foundation project. The objective of the project is to develop blockchains and distributed ledgers, with a particular focus on improving the performance and reliability of these systems for business transactions.
If you follow these steps you will be able to write the File Fabric audit events to HyperLedger. The audit events will be available from the File Fabric:
and also in the Hyperledger blockchain:
The following is the flow of the events:
- A user takes an action on the Enterprise File Fabric.
- The audit event is logged and also sent to Redis.
- A subscriber receives the event and publishes to the HyperLedger block chain:
Setting up the environment
You will require the following:
(The instructions assume your development environment is Mac OS)
- Deploy SME Enterprise File Fabric – you can request a trial from here.
- Install and configure SME Enterprise File Fabric and enable audit streams
- Install Docker on your Mac
- Install Java JDK on your mac following the instructions here
- Install Hyper Ledger and Hyper Ledger Composer
Enterprise File Fabric configuration
Deploy StorageMadeEasy Enterprise File Fabric and follow the guide to create a user
Install Redis on Enterprise File Fabric
yum install redis
By default Redis listens on the local port change to listen on all interfaces.
Note for production you should password protect Redis and also use an encrypted connection.
sed -i -e 's/^bind 127.0.0.1/bind 0.0.0.0/g' /etc/redis.conf
Restart Redis
systemctl restart redis
systemctl enable redis
Open the Redis port in the firewall
Out of box EFF uses iptables to block ports. Here we open port 6379 for Redis
Edit /etc/sysconfig/iptables
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 6379 -j ACCEPT
and restart iptables
systemctl restart iptables
Enable Audit Streams
SSH to Appliance and su to smestorage user
create a file RedisAuditEventHandlerInterface.php in /var/www/smestorage/auditevents/ ( if the folder does not exist, create the folder) and copy the contents below to the file
<?php
class RedisAuditEventHandlerInterface implements AuditEventHandlerInterface
{
private $redis;
/**
Connect to Redis
*/
function __construct() {
$this->redis = new Redis();
$this->redis->connect(‘127.0.0.1’, 6379);
}
/**
Handles an event from the audit stream
@param SMEAPP_Audit_Event $auditEvent
*/
public function handleEvent(SMEAPP_Audit_Event $auditEvent)
{
$message = json_encode(array(
'actor' => $auditEvent->getActor(),
'eventtype' => $auditEvent->getEventType(),
'ip' => $auditEvent->getIp(),
'date' => $auditEvent->getDate()->format(DATE_RFC822),
'tool' => $auditEvent->getTool(),
'log' => $auditEvent->getLog(),
));
$this->redis->publish(‘audit_events_channel’, $message);
}
/**
Connect to Redis
*/
function __destruct() {
$this->redis->close();
}
}
Add the following line to /var/www/smestorage/public_html/config.inc.php
var $audit_event_handler_path = '/var/www/smestorage/auditevents/RedisAuditEventHandlerInterface.php';
HyperLedger
Install the Development environment on a separate machine following the instructions here.
It will be helpful if you follow the tutorials before starting SME EFF integration
Create a Composer Project
We will use composer to publish our blockchain business network.
Open a command prompt and enter
> yo hyperledger-composer:businessnetwork
Welcome to the business network generator
? Business network name: sme-network
? Description: sme audit log network
? Author name: sme
? Author email: sme@storagemadeeasy.com
? License: Apache-2.0
? Namespace: org.sme.audit
? Do you want to generate an empty template network? No: generate a populated sample network
create package.json
create README.md
create models/org.sme.audit.cto
create permissions.acl
create .eslintrc.yml
create features/sample.feature
create features/support/index.js
create test/logic.js
create lib/logic.js
Defining a business network
Edit org.sme.audit.cto file and replace with following
/**
* Write your model definitions here
*/
namespace org.sme.audit
asset SampleAsset identified by id {
o String id
o String actor
o String eventType
o String ip
o DateTime time
o String tool
o String log
}
Edit permissions.acl and add the following
/**
* Access control rules for sme-network
*/
rule Default {
description: "Allow all participants access to all resources"
participant: "ANY"
operation: ALL
resource: "org.sme.audit.*"
action: ALLOW
}
rule SystemACL {
description: "System ACL to permit all access"
participant: "ANY"
operation: ALL
resource: "org.hyperledger.composer.system.**"
action: ALLOW
}
remove the file lib/logic.js for this we do not need transactions or smart contracts
Generate a Business Network Archive
From the sme-network directory, run the following command:
-
composer archive create -t dir -n .
Deploy the Business Network
composer network install --card PeerAdmin@hlfv1 --archiveFile sme-network@0.0.1.bna
Start Business network
composer network start --networkName sme-network --networkVersion 0.0.1 --networkAdmin admin --networkAdminEnrollSecret adminpw --card PeerAdmin@hlfv1 --file networkadmin.card
Import Business network card
composer card import --file networkadmin.card
View the model in Composer Playground
composer-playground
You should see the following in your browser Peer Admin card and the deployed sme business network
Generate and Restart the Composer REST Server
- To create the REST API, navigate to the tutorial-network directory and run the following command:
composer-rest-server
- Enter admin@sme-network as the card name.
- Select never use namespaces when asked whether to use namespaces in the generated API.
- Select No when asked whether to secure the generated REST API.
- Select No when asked whether to secure the generated REST API using Passport.
- Select Yes when asked whether to enable event publication.
- Select No when asked whether to enable TLS security.
The generated API is connected to the deployed blockchain and business network.
*Note to restart network
composer-rest-server -c admin@sme-network -n never -w true
Subscribe to Audit Logs from Redis and Add to HyperLedger
Pre-Requisites:
Copy the attached code and compile the jar
./gradlew fatjar
Execute the following
java -jar ./build/libs/sme-hyperledger-all-0.1.jar [EFF IP} 6379 audit_events_channel http://localhost:3000/api/AuditEvent
java -jar ./build/libs/sme-hyperledger-all-0.1.jar 192.168.210.131 6379 audit_events_channel http://localhost:3000/api/AuditEvent
End-to-End-Test
Login to the Enterprise File Fabric using the team account you created.
Upload a file and you will the audit event in Organisation —> Audit Logs and also the event in the Composer Playground.
Summary
This post outlined how the Enterprise File Fabric can be used with a Blockchain HyperLedger for the securing of a companies file audit trail.
The source code for this example is available from this Github repository.
- To create the REST API, navigate to the tutorial-network directory and run the following command:







Latest posts by Storage Made Easy (see all)
- File Fabric File Encryption Update - May 23, 2022
- How to Obtain a Multi-Cloud Asset File Listing for the File Fabric - April 25, 2022