WO2020106845A1

WO2020106845A1 - Enabling access across private networks for a managed blockchain service

Info

Publication number: WO2020106845A1
Application number: PCT/US2019/062419
Authority: WO
Inventors: Jonathan Andrew FRITZ; Gitesh TYAGI; Anthony A. VIRTUOSO; Turkay Mert Hocanin; Nachimuthu Govindasamy; Ramkumar KAMALAPURAM SUGAVANAM; Rahul Pathak; Anurag Windlass Gupta; Yugandhar MARAM; Mahmoud Salem; Carey Michael CROOK; Montana Norman WONG; Aditya MANOHAR; Rajul MITTAL; Shiyu Sun; Yu Yan
Original assignee: Amazon Technologies, Inc.
Priority date: 2018-11-23
Filing date: 2019-11-20
Publication date: 2020-05-28

Abstract

Access across private networks may be enabled for blockchain networks in a managed blockchain service. Requests to enable access for a node hosted in a private network to one or more nodes hosted in a different private network that hosts the blockchain network as part of a managed blockchain service may be received. Routes to enable the access may be determined and added to networking devices so that communications between the node in the private network to specified nodes in the private network of the managed blockchain service may be correctly routed.

Description

ENABLING ACCESS ACROSS PRIVATE NETWORKS FOR A MANAGED

BLOCKCHAIN SERVICE

BACKGROUND

[0001] Distributed applications are increasingly distributed beyond the boundaries of individually companies or entities but may instead rely upon a network of cooperating entities in order to operate. Blockchain networks have been developed to facilitate a transparent and consistent way to share and update data that can be examined and trusted by participants. Because blockchain networks involve complex consensus algorithms, storage requirement, and networking implementations, services that can remove the management burden of blockchain networks from participants so that participants can instead focus on application development are highly desirable.

BRIEF DESCRIPTION OF THE DRAWINGS

[0002] FIG. 1 illustrates a logical block diagram of enabling access across private networks for a managed blockchain service, according to some embodiments.

[0003] FIG. 2 illustrates a logical block diagram of a multi -framework managed blockchain service, according to some embodiments.

[0004] FIG. 3 is a logical block diagram illustrating a managed blockchain service in a provider network, according to some embodiments.

[0005] FIG. 4 is a logical block diagram illustrating a various features of a managed blockchain service, according to some embodiments.

[0006] FIG. 5 is a logical block diagram illustrating a permissionless blockchain network framework, according to some embodiments.

[0007] FIG. 6 is a logical block diagram illustrating a permissioned blockchain network framework, according to some embodiments.

[0008] FIG. 7 is a logical block diagram illustrating interactions with a node management feature of a control plane of a managed blockchain service, according to some embodiments.

[0009] FIG. 8 is a logical block diagram of enabling access for a node implementing a client application for a blockchain, according to some embodiments.

[0010] FIG. 9 is a logical block diagram of enabling access for a peer node in a private network outside of the private network of the managed blockchain service, according to some embodiments. [0011] FIG. 10 is a logical block diagram of enabling access for a client application with cross attached network interfaces, according to some embodiments.

[0012] FIG. 11 is a high-level flowchart illustrating various methods and techniques to enable access across private networks for a managed blockchain service, according to some embodiments.

[0013] FIG. 12 is a high-level flowchart illustrating various methods and techniques to route traffic across private networks using a network endpoint and load balancer, according to some embodiments.

[0014] FIG. 13 is a high-level flowchart illustrating various methods and techniques route traffic across private networks using a virtual traffic hub, according to some embodiments.

[0015] FIG. 14 is a logical block diagram illustrating interactions with a blockchain network management feature of a control plane of a managed blockchain service, according to some embodiments.

[0016] FIG. 15 is a logical block diagram illustrating interactions with a membership management feature of a control plane of a managed blockchain service, according to some embodiments.

[0017] FIG. 16 is a logical block diagram illustrating interactions with a node management feature of a control plane of a managed blockchain service, according to some embodiments.

[0018] FIG. 17 is logical block diagram illustrating interactions with a distributed governance feature of a control plane of a managed blockchain service, according to some embodiments.

[0019] FIG. 18 is a logical block diagram illustrating interactions with an analytics feature of a control plane of a managed blockchain service, according to some embodiments.

[0020] FIG. 19 is a logical block diagram illustrating interactions with a monitoring feature of a control plane of a managed blockchain service, according to some embodiments.

[0021] FIG. 20 is a high-level flowchart illustrating various methods and techniques to create a blockchain network in a multi -framework managed blockchain service, according to some embodiments.

[0022] FIG. 21 is a high-level flowchart illustrating various methods and techniques to perform modifications to a blockchain network according to a distributed governance policy, according to some embodiments.

[0023] FIG. 22 is a high-level flowchart illustrating various methods and techniques to store and query offline blockchain data, according to some embodiments. [0024] FIG. 23 is a high-level flowchart illustrating various methods and techniques monitor a blockchain network for performance events, according to some embodiments.

[0025] FIG. 24 illustrates an example system configured to implement the various methods, techniques, and systems described herein, according to some embodiments.

[0026] While embodiments are described herein by way of example for several embodiments and illustrative drawings, those skilled in the art will recognize that embodiments are not limited to the embodiments or drawings described. It should be understood, that the drawings and detailed description thereto are not intended to limit embodiments to the particular form disclosed, but on the contrary, the intention is to cover all modifications, equivalents and alternatives falling within the spirit and scope as defined by the appended claims. The headings used herein are for organizational purposes only and are not meant to be used to limit the scope of the description or the claims. As used throughout this application, the word“may” is used in a permissive sense (i.e., meaning having the potential to), rather than the mandatory sense (i.e., meaning must). Similarly, the words“include,”“including,” and“includes” mean including, but not limited to.

[0027] It will also be understood that, although the terms first, second, etc. may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another. For example, a first contact could be termed a second contact, and, similarly, a second contact could be termed a first contact, without departing from the scope of the present invention. The first contact and the second contact are both contacts, but they are not the same contact.

PET ATT, ED DESCRIPTION OF EMBODIMENTS

[0028] Various embodiments of enabling access across private networks for a managed blockchain service are described herein. Blockchain networks offer a wide variety of entities the opportunity to participate in a distributed application that utilizes a blockchain stored and managed by the blockchain network. Given the diversity of entities likely to participate in a blockchain network, networking barriers can arise which can be complex to overcome in order to enable access for differently situate entities participating in the blockchain network. For non- managed blockchain networks, these networking challenges may be overcome using custom solutions, which may involve lots of manual coordination between parties to enable network communication.

[0029] Managed blockchain services may implement various physical and/or logical network controls to ensure the privacy of hosted blockchain networks, hosting a blockchain network in a private network (e.g., a logically isolated network such as may be provided by a virtual private network (VPN)) within the managed blockchain service. While resources for participants in a blockchain network hosted within the private network for the blockchain system at the managed blockchain service can easily communicate without crossing network boundaries, participant resources external to the private network of the managed blockchain service may have to cross the private network boundary. Moreover, participant resources may need to direct requests to particularly specified nodes in the blockchain network, a feature not typically supported by managed services for external which do not typically provide visibility into the location or number of resources implementing the hosted feature (e.g., blockchain). For example, while some services, such as a database service provide access to specific resources (e.g., database services), managed services may instead implement a load balancer or various other network features that hide the underlying nodes performing work for a client of the service.

[0030] Enabling access across private networks for a managed blockchain service may allow for participant resources hosted in other locations (e.g., other private networks) to participate in the blockchain system, increasing the variety of participants that a managed blockchain system can support. Additionally such techniques can allow these participants to implement custom or non-managed participants, instead of moving the resources inside the managed blockchain network’s private network which could limit the capabilities of the resources in order to implement the resources as part of a managed environment.

[0031] FIG. 1 illustrates a logical block diagram of enabling access across private networks for a managed blockchain service, according to some embodiments. A managed blockchain service may host a blockchain network 122 that includes multiple nodes, such as nodes 124a, 124b, and 124c, in a private network 120. Blockchain network 122 may be implemented according to one of multiple different blockchain frameworks (e.g., a permissionless blockchain framework discussed below with regard to FIG. 5 or a permissioned blockchain framework discussed below with regard to FIG. 6). Blockchain network 122 may have been launched or created by one user account and may also include node(s) 124 created by another user account as participant in the blockchain network for a different entity.

[0032] A participant (or potential participant) in the blockchain network may have a resource hosted or otherwise located outside of managed blockchain service private network 120. For example, node 112 may be a node that implements a client application that operates based on data submitted to and received from blockchain network 122 or node 112 could be a peer node that participates with other peer nodes in the blockchain network to determine, accept, or approve updates to the blockchain. [0033] A request 102 may be submitted to a control plane 150 for the managed blockchain service to enable node 112 to communicate with a blockchain network, blockchain network 122, in some embodiments. Control plane 150 may determine route(s) 130 that provide for private communications between node 112 and nodes 124. Moreover, routes 130 may allow node 112 to direct traffic to individual nodes (e.g., send a communication to node 124a) as specified by node 112 (instead of being chosen for node 112 as would happen if a load balancer made the routing decision for the communication). Control plane 150 may then modify networking devices 140 to include the determined route(s) 130. Different types of routes for different types of nodes (and different types of external private networks may be implemented, as discussed below with regard to FIGS. 5-6 and 7-13. Networking devices 140 may be implemented as physical or virtual networking devices (or some combination thereof), as discussed below.

[0034] Please note that the previous description of enabling access across private networks for a managed blockchain service is a logical illustration and thus is not to be construed as limiting as to the implementation of nodes, private networks, a control plane, or networking devices.

[0035] Various embodiments of a multi-framework managed blockchain service are described herein. Different blockchain network frameworks offer different performance advantages according to the applications implemented using the blockchain shared in the blockchain network. Permissioned blockchain network frameworks may offer a high degree of trust as participants are invited in accordance with governance rules, in various embodiments, and may implement optimistic style features for proposing transactions to the blockchain. Permissionless blockchain network frameworks may offer a widely available blockchain network which can allow a distributed application to operate across a large number of different participants that can tolerate a lesser degree of trust than a permissioned blockchain network, making it easier to add or extent blockchain networks to incorporate new entities. Because deployment and management of diverse blockchain frameworks can be costly in terms of development time and resources, utilizing different blockchain service platforms for different applications can slow the pace of development of blockchain based applications. Moreover, advanced tooling, analytics features, and management features may vary from one platform to another, preventing the development of tools that can offer comparative assessments between blockchain frameworks.

[0036] A multi-framework blockchain network service may remove development barriers by implementing a single interface for creating, operating, and managing different blockchains. In this way, management tools can be simplified, removing redundant implementations to operate the same feature on different blockchain service platforms. Moreover, the performance of blockchain networks may be improved as various management features may respond faster to problems or changes that need to be made to the blockchain network, instead of negotiating and coordinating responses and actions amongst various participants. FIG. 2 illustrates a logical block diagram of a multi -framework managed blockchain service, according to some embodiments. Multi -framework managed blockchain service 210 may implement a common service interface 250 and framework independent control plane 220, allowing clients, such as client 260 to manage multiple different blockchains, such as managed blockchain of framework type A 231 and managed blockchain of framework type B 241 in data plane 230. Moreover, data plane 230 may provide a hosting environment, separate from blockchain networks so that framework independent control plane 220, and not data plane 230, may perform the coordination and work to effect changes for blockchain networks, reducing performance impact on blockchain networks which would otherwise have to utilize host resources in data plane 230 to coordinate and execute blockchain management operations.

[0037] Various different management operations, as discussed in detail below with regard to FIGS. 4, 7, and 14 - 23, may be invoked using a common interface. In this way, client applications can perform the same requests for different blockchain frameworks without having to redesign or implement separate applications for each framework. Different user accounts, identity tokens, or other credentials supplied by a client 260 when making a request for a managed blockchain network may allow framework independent control plane 220 to enforce control boundaries so that each entity operating node(s) in a managed blockchain network retains privacy and control over the entity’s node(s), without ceding control to a single organizing or creating entity for the blockchain network.

[0038] Framework independent control plane 220 can manage the respective nodes of each blockchain in data plane 230, such as nodes 232a, 232b, 232c, 232d, and 232e, including externally hosted nodes 234 and nodes 242a and 242b, without implementing separate control mechanisms or data structures, reducing the cost to host different types different frameworks of blockchains within the service. For example, a common distributed governance feature can be implemented, as discussed below with regard to FIGS. 17 and 21, in order to enforce various distributed governance policies without integrating their enforcement directly within the blockchain network framework, allowing for reuse of policy languages or documents to be reused across different blockchain networks without being rewritten or coded for different blockchain networks. Similarly, common features such as monitoring, analytics, node management, membership management, or blockchain network management, also discussed below, provide examples of different control plane features that can reduce the burden of implementing separate applications to control the blockchain networks or access data produced as part of the operation of the blockchain network.

[0039] Please note that the previous description of a multi-framework managed blockchain service is a logical illustration and thus is not to be construed as limiting as to the implementation of clients, multi -framework blockchain services, interfaces, nodes or blockchain frameworks.

[0040] This specification begins with a general description of a provider network that implements a managed blockchain service that enables access across private networks and/or implements multi-framework managed blockchain service. Then various examples of the managed blockchain service (along with other services that may be utilized or implemented) including different components/modules, or arrangements of components/module that may be employed as part of implementing the services are discussed. A number of different methods and techniques to implement enabling access across private networks for a managed blockchain service and multi-framework managed blockchain service are then discussed, some of which are illustrated in accompanying flowcharts. Finally, a description of an example computing system upon which the various components, modules, systems, devices, and/or nodes may be implemented is provided. Various examples are provided throughout the specification.

[0041] FIG. 3 is a logical block diagram illustrating a managed blockchain service in a provider network, according to some embodiments. Provider network 300 may be a private or closed system or may be set up by an entity such as a company or a public sector organization to provide one or more services (such as various types of cloud-based storage) accessible via the Internet and/or other networks to clients 350, in some embodiments. Provider network 300 may be implemented in a single location or may include numerous data centers hosting various resource pools, such as collections of physical and/or virtualized computer servers, storage devices, networking equipment and the like (e.g., computing system 3000 described below with regard to FIG. 24), needed to implement and distribute the infrastructure and storage services offered by the provider network 300.

[0042] In some embodiments, provider network 300 may implement various computing resources or services, such as a virtual compute service(s) 310, data journaling service(s) 320, (e.g.,), data storage service(s) 330, (e.g., relational or non-relational (NoSQL) database query engines, map reduce processing, data flow processing, and/or other large scale data processing techniques, an object storage service, block-based storage service, or data storage service that may store different types of data for centralized access), other services 340 (any other type of network based services (which may include various other types of storage, processing, analysis, communication, event handling, visualization, and security services not illustrated), managed blockchain service 370, key management service 380, and network configuration service 390

[0043] In various embodiments, the components illustrated in FIG. 3 may be implemented directly within computer hardware, as instructions directly or indirectly executable by computer hardware (e.g., a microprocessor or computer system), or using a combination of these techniques. For example, the components of FIG. 3 may be implemented by a system that includes a number of computing nodes (or simply, nodes), each of which may be similar to the computer system 3000 embodiment illustrated in FIG. 24 and described below. In various embodiments, the functionality of a given system or service component (e.g., a component of data storage service 330) may be implemented by a particular node or may be distributed across several nodes. In some embodiments, a given node may implement the functionality of more than one service system component (e.g., more than one data store component).

[0044] Virtual compute service(s) 310 may be implemented by provider network 300, in some embodiments. Virtual compute service(s) 310 may offer software container or other operating system virtualized services, such as Docker containers, in some embodiments. In some embodiments, virtual computing service 310 may offer instances and according to various configurations for client(s) 350 operation. A virtual compute instance may, for example, comprise one or more servers with a specified computational capacity (which may be specified by indicating the type and number of CPUs, the main memory size, and so on) and a specified software stack (e.g., a particular version of an operating system, which may in turn run on top of a hypervisor). A number of different types of computing devices may be used singly or in combination to implement the compute instances and of provider network 300 in different embodiments, including general purpose or special purpose computer servers, storage devices, network devices and the like. In some embodiments instance client(s) 350 or other any other user may be configured (and/or authorized) to direct network traffic to a compute instance.

[0045] Compute instances may operate or implement a variety of different platforms, such as application server instances, Java™ virtual machines (JVMs), general purpose or special-purpose operating systems, platforms that support various interpreted or compiled programming languages such as Ruby, Perl, Python, C, C++ and the like, or high-performance computing platforms) suitable for performing client(s) 350 applications, without for example requiring the client(s) 350 to access an instance. Applications (or other software operated/implemented by a compute instance and may be specified by client(s), such as custom and/or off-the-shelf software. [0046] In some embodiments, compute instances have different types or configurations based on expected uptime ratios. The uptime ratio of a particular compute instance may be defined as the ratio of the amount of time the instance is activated, to the total amount of time for which the instance is reserved. Uptime ratios may also be referred to as utilizations in some implementations. If a client expects to use a compute instance for a relatively small fraction of the time for which the instance is reserved (e.g., 30% - 35% of a year-long reservation), the client may decide to reserve the instance as a Low Uptime Ratio instance, and pay a discounted hourly usage fee in accordance with the associated pricing policy. If the client expects to have a steady-state workload that requires an instance to be up most of the time, the client may reserve a High Uptime Ratio instance and potentially pay an even lower hourly usage fee, although in some embodiments the hourly fee may be charged for the entire duration of the reservation, regardless of the actual number of hours of use, in accordance with pricing policy. An option for Medium Uptime Ratio instances, with a corresponding pricing policy, may be supported in some embodiments as well, where the upfront costs and the per-hour costs fall between the corresponding High Uptime Ratio and Low Uptime Ratio costs.

[0047] Compute instance configurations may also include compute instances with a general or specific purpose, such as computational workloads for compute intensive applications (e.g., high-traffic web applications, ad serving, batch processing, video encoding, distributed analytics, high-energy physics, genome analysis, and computational fluid dynamics), graphics intensive workloads (e.g., game streaming, 3D application streaming, server-side graphics workloads, rendering, financial modeling, and engineering design), memory intensive workloads (e.g., high performance databases, distributed memory caches, in-memory analytics, genome assembly and analysis), and storage optimized workloads (e.g., data warehousing and cluster file systems). Size of compute instances, such as a particular number of virtual CPU cores, memory, cache, storage, as well as any other performance characteristic. Configurations of compute instances may also include their location, in a particular data center, availability zone, geographic, location, etc.... and (in the case of reserved compute instances) reservation term length.

[0048] Data journaling service(s) 320, may include log-based storage and query support databases, data streaming services, or other data storage and processing services that may implement an ordered commit log for storing journal (e.g., log) entries. For example, data journaling service(s) 320 may include may provide strong consistency guarantees and support constraints between committed records, to enable features like deduplication, sequencing, and read-write conflict detection. A log of entries in data journaling service(s) 350 may be used to determine whether or not to commit transactions to a blockchain (e.g., write requests and other modifications) in order to allow to see if a proposed transaction conflicts with other committed transactions data journaling service(s) 320 may maintain a separate log or chain of log records for blockchain network (or portion of a blockchain network, such as a log maintained per channel of a blockchain), serving as an authoritative definition of the changes to the blockchain over time.

[0049] Data storage service(s) 330 may implement different types of data stores for storing, accessing, and managing data on behalf of clients 350 as a network-based service that enables clients 350 to operate a data storage system in a cloud or network computing environment. For example, data storage service(s) 330 may include various types of database storage services (both relational and non-relational) for storing, querying, and updating data. Such services may be enterprise-class database systems that are highly scalable and extensible. Queries may be directed to a database in data storage service(s) 330 that is distributed across multiple physical resources, and the database system may be scaled up or down on an as needed basis. The database system may work effectively with database schemas of various types and/or organizations, in different embodiments. In some embodiments, clients/subscribers may submit queries in a number of ways, e.g., interactively via an SQL interface to the database system. In other embodiments, external applications and programs may submit queries using Open Database Connectivity (ODBC) and/or Java Database Connectivity (JDBC) driver interfaces to the database system.

[0050] One data storage service 330 may be implemented as a centralized data store so that other data storage services may access data stored in the centralized data store for processing and or storing within the other data storage services, in some embodiments. A may provide storage and access to various kinds of object or file data stores for putting, updating, and getting various types, sizes, or collections of data objects or files. Such data storage service(s) 330 may be accessed via programmatic interfaces (e.g., APIs) or graphical user interfaces. A centralized data store may provide virtual block-based storage for maintaining data as part of data volumes that can be mounted or accessed similar to local block-based storage devices (e.g., hard disk drives, solid state drives, etc.) and may be accessed utilizing block-based data storage protocols or interfaces, such as internet small computer interface (iSCSI).

[0051] In at least some embodiments, one of data storage service(s) 330 may be a data warehouse service that utilizes a centralized data store implemented as part of another data storage service 330. A data warehouse service as may offer clients a variety of different data management services, according to their various needs. In some cases, clients may wish to store and maintain large of amounts data, such as sales records marketing, management reporting, business process management, budget forecasting, financial reporting, website analytics, or many other types or kinds of data. A client’s use for the data may also affect the configuration of the data management system used to store the data. For instance, for certain types of data analysis and other operations, such as those that aggregate large sets of data from small numbers of columns within each row, a columnar database table may provide more efficient performance. In other words, column information from database tables may be stored into data blocks on disk, rather than storing entire rows of columns in each data block (as in traditional database schemes).

[0052] Managed blockchain service 370, as discussed below in more detail with regard to FIGS. 3 - 23, may manage the creation and operation of blockchain networks of different frameworks through a common control plane and interface (e.g., API). Key management service 380 may provide centralized encryption key management service to create, import, and rotate encryption keys for encrypting data. Network configuration service 390 may implement various networking features, such as virtual network endpoints, logically isolated networks (e.g., virtual private clouds), network traffic controls, etc.

[0053] Generally speaking, clients 350 may encompass any type of client configurable to submit network-based requests to provider network 300 via network 360, including requests for storage services (e.g., a request to create, read, write, obtain, or modify data in data storage service(s) 330, etc.) or managed blockchain service 370 (e.g., a request to create a blockchain network). For example, a given client 350 may include a suitable version of a web browser, or may include a plug-in module or other type of code module that may execute as an extension to or within an execution environment provided by a web browser. Alternatively, a client 350 may encompass an application such as a database application (or user interface thereof), a media application, an office application or any other application that may make use of storage resources in data storage service(s) 330 to store and/or access the data to implement various applications. In some embodiments, such an application may include sufficient protocol support (e.g., for a suitable version of Hypertext Transfer Protocol (HTTP)) for generating and processing network- based services requests without necessarily implementing full browser support for all types of network-based data. That is, client 350 may be an application may interact directly with provider network 300. In some embodiments, client 350 may generate network-based services requests according to a Representational State Transfer (REST)-style network-based services architecture, a document- or message-based network-based services architecture, or another suitable network- based services architecture. [0054] In some embodiments, a client 350 may provide access to provider network 300 to other applications in a manner that is transparent to those applications. For example, client 350 may integrate with an operating system or file system to provide storage on one of data storage service(s) 330 (e.g., a block-based storage service). However, the operating system or file system may present a different storage interface to applications, such as a conventional file system hierarchy of files, directories and/or folders. In such an embodiment, applications may not need to be modified to make use of the storage system service model. Instead, the details of interfacing to the data storage service(s) 330 may be coordinated by client 350 and the operating system or file system on behalf of applications executing within the operating system environment.

[0055] Clients 350 may convey network-based services requests (e.g., queries or other access requests directed to data in data storage service(s) 330, operations, tasks, or jobs) to and receive responses from provider network 300 via network 360. In various embodiments, network 360 may encompass any suitable combination of networking hardware and protocols necessary to establish network-based-based communications between clients 350 and provider network 300. For example, network 360 may generally encompass the various telecommunications networks and service providers that collectively implement the Internet. Network 360 may also include private networks such as local area networks (LANs) or wide area networks (WANs) as well as public or private wireless networks. For example, both a given client 350 and provider network 300 may be respectively provisioned within enterprises having their own internal networks. In such an embodiment, network 360 may include the hardware (e.g., modems, routers, switches, load balancers, proxy servers, etc.) and software (e.g., protocol stacks, accounting software, firewall/security software, etc.) necessary to establish a networking link between given client 350 and the Internet as well as between the Internet and provider network 300. It is noted that in some embodiments, clients 350 may communicate with provider network 300 using a private network rather than the public Internet.

[0056] FIG. 4 is a logical block diagram illustrating a various features of a managed blockchain service, according to some embodiments. Managed blockchain service 370 may implement control plane 410, which may be framework independent as discussed above with regard to FIG. 2. Control plane 410 may include various features to handle the creation, operation, and end of a blockchain network. Control plane 410 may include interface 412. Interface 412 may provide a programmatic interface (e.g., Application Programming Interfaces (APIs)), graphical user interface (GUI) (e.g., as a service console for administrators), and/or command line interface for various requests and interactions with different control plane features as discussed below.

[0057] Various features of control plane 410, discussed in detail below, may include blockchain network management 414, which handles blockchain network creation among other requests. For example, a user account of the provider network may submit a request to create a blockchain to be hosted by managed blockchain service 370. The request may specify a blockchain framework, as well as various other blockchain features, including networking features such as whether public network traffic may be allowed, governance features, such as distributed governance policy for adding nodes or members to the blockchain network, among others. Blockchain network management 414 may determine a workflow to identify the nodes or services to deploy, such as blockchain nodes 432 and blockchain services 434 in virtual compute service(s) 310.

[0058] Control plane 410 may include membership management 416, which handles membership invitations, among other requests. For example, in order for an entity (e.g., another provider network user account, an external entity, etc.) to be allowed to be a participant in a blockchain network, the entity may be granted membership. Membership management 416 may implement features to send invitations to entities for membership, check whether such invitations are allowed according to a distributed governance policy for the blockchain system, and handle invitation acceptances (or rejections). Membership management 416 may also provide access to membership lists or identify for a user account which blockchain networks the user account is a member of.

[0059] Control plane 410 may include node management 418, which handles node creation, among other requests, and discussed in detail below with regard to FIGS. 7 and 14. For example, entities associated with different user accounts may create, modify, or remove nodes from blockchain networks of which they are a member via different requests handled by node management 418 and may enable network access for the node across private network boundaries.

[0060] Control plane 410 may include distributed governance 422, which handles policy evaluations for modifications to a blockchain network, among other requests. For example, distributed governance policies may be implemented to govern actions taken with respect to a blockchain network. A distributed governance policy may describe criteria, including approval/disapproval mechanisms like a voting system, for determining whether a proposed change (e.g., to add a member, node, evict a member or node, to modify blockchain network configuration, hardware, and/or software, a change to a distributed governance policy, etc.). Distributed governance 422 may evaluate a received proposal in order to determine whether the proposal may be allowed. Distributed governance 422 may initiate a vote, sending vote notifications, evaluating received votes, and approving/fmalizing vote results in order to evaluate a proposal.

[0061] Control plane 410 may include analytics 424, which handles requests to access offline blockchain data, among others. For example, blockchain data (including metadata describing the blockchain, data related to or linked to the blockchain, such as files or other content referenced by the blockchain, and blockchain transactions) may be copied from storage for the blockchain network to another data storage service for performing various analytics operations, including queries and machine learning or other statistical analysis. Analytics feature 424 may manage offline data collection and visibility, allowing individual user accounts to enable or disable data collection, among other configuration options.

[0062] Control plane 410 may include monitoring 426, which may monitor for and respond to performance events, in some embodiments. For example, monitoring feature 426 may performed automated management tasks for managed blockchain service 370 according to detected performance events. Performance data may be collected and evaluated with respect to different event criteria in order to determine whether a performance event is triggered. Monitoring feature 426 may determine and/or initiate responsive actions to detected event, including actions to add, remove, or replace nodes within a blockchain network, increase or decrease service resources (e.g., increase or decrease orderer nodes), or modify blockchain network configuration or other features to respond to detected performance events.

[0063] Control plane 410 may also store and/or maintain various information as service state 430, which may be implemented as one or many data stores (e.g., different types and styles of databases, or one large data store, such as a large document database for storing service state including blockchain networks state). In this way, the progress of workflows, state or membership of blockchain networks, mapping information or other configuration information, among other data used to implement managed blockchain service 370 can be reliably and accessibly maintained.

[0064] Managed blockchain service 370 may control and operate various features in data plane 412. Some or all of data plane 412 may be implemented directly within management blockchain service 370 (not illustrated), in some embodiments. In other embodiments, other provider network services may provide resources that operate in the data plane 412 of managed blockchain service 370. For example, virtual compute service(s) 310 may implement both blockchain node(s) 432 and service(s) 434, data journaling services 320 may implement blockchain data storage 452 (e.g., as an ordered commit log backend for a blockchain), data storage services 330 for tiered or offline blockchain data 454 storage, network configuration service 290 for public/provide network blockchain configurations and key management service 380 for blockchain encryption key(s) 442 for encryption and identity. For example, as discussed in detail below, network configuration service 390 may perform various operations or tasks to configure virtual networking devices 462 on behalf of a blockchain network in order to enable access across private networks.

[0065] FIG. 5 is a logical block diagram illustrating a permissionless blockchain network framework, according to some embodiments. Permissionless blockchain network 510, such as Ethereum, may utilize peer node(s) in one or more organizations, such as peer nodes 520a, 520b, and 520c in organizations 522, 524, and 526 respectively. In such blockchain frameworks, peer nodes 520 may perform the various operations to propose transactions, order transactions, and validate transactions. Because the blockchain network 510 is permissionless, in some scenarios public network access 530 (e.g., to the Internet) may be provided or configured in order to allow external nodes operating on the same blockchain framework to participate in the blockchain network 510. However, in other scenarios, the permissionless blockchain network 510 may remain in a private network without public network access.

[0066] Application nodes may access peer node(s) 520 in order to perform various operations to implement a distributed application using one or more Application Programming Interfaces (APIs) implemented for the blockchain network framework. For example, an application node may submit an update to a record processed by an entity that implements application node (e.g., a government agency that provides a government issued identifier or serial number for a product that is being manufactured by another entity). In some embodiments, application nodes may be implemented on a same server or host as the peer node(s) (not illustrated).

[0067] FIG. 6 is a logical block diagram illustrating a permissioned blockchain network framework, according to some embodiments. Permissioned blockchain network 610, such as Hyperledger Fabric, allow multiple different organizations that are members of a blockchain network to be setup, like organizations 620, 630, and 640. These organizations may implement one or multiple peer nodes, such as peer node(s) 622, 632, and 642, to execute smart contracts and other blockchain operations. Peer node(s) may make use of an orderer service 650. In some embodiments, an orderer service may be separately allocated service nodes that implement an orderer service for transactions proposed to the blockchain network. In one embodiment, orderer service 650 be a multi-tenant orderer service that receives proposed transactions via a network endpoint for the service from peer node(s) from different organizations and/or blockchain networks.

[0068] In some embodiments, orderer service 650 may incorporate a backed commit log service, such as Apache Kafka, in order to provide a commit log for ordered transactions. In other embodiments, orderer service 650 may rely upon another provider network service, which may be a data journal service 320 that can also provide an ordered commit log stored as blockchain data 660 for verifying and committing transactions to the blockchain network. Using an external service may also allow for tiered blockchain data storage. If, for instance, an orderer failed and a new orderer was launched, the orderer may only have to retrieve a set of data maintained in data journaling service that is small (as a result of moving out older blockchain data to other storage service(s) 330, such as an object store and/or another type of database), in some embodiments, significantly reducing recovery time from failures or launching additional orderers.

[0069] In some embodiments, organizations may implement certificate authorities to grant certificates to peer nodes in order to sign communications to be trusted within the blockchain network. Certificate authorities, such as certificate authority 624, 634, and 636 could rely upon a stored certificate at the certificate authority in some embodiments to provide other certificates to peer node(s) 622. These certificates that are stored on the certificate authorities could be stored using a hardware security module (HSM) device in a host system. Alternatively, certificate authorities could utilize an encryption key for certificates 670 provided by key management service 380 to decrypt the certificate for providing the other certificates and then discard the decrypted form when finished so as to not store the decrypted version of the certificate.

[0070] Application nodes, such as application node 682, 684, and 686, may access peer node(s) 622, 632, and 642 respectively in order to perform various operations to implement a distributed application using one or more Application Programming Interfaces (APIs) implemented for the blockchain network framework. As noted above, in some embodiments, application nodes may be implemented on a same server or host as the peer node(s) 622, 632, or 642 (not illustrated), while in other embodiments application nodes may be implemented on separate servers, including servers implemented as part of separate networks or services within provider network 300 or external to provider network 300.

[0071] FIG. 7 is a logical block diagram illustrating interactions with a node management feature of a control plane of a managed blockchain service, according to some embodiments. Client(s) 700 may be external clients (e.g., 350 in FIG. 3) or internal clients of a provider network 300 that are implemented as applications on other services, such as virtual computing service(s) 310. Client(s) 700 may submit a request to create a node 710 associated with a member of a blockchain network via interface 412. Node management 418 may parse the request and perform the appropriate requests to provision the node 730 at the appropriate service(s) 732, such as blockchain node(s) 734. Node management 318 may also update service state 430 to update 740 blockchain network information to reflect the created node(s).

[0072] In some embodiments, the creation request 710 may indicate whether the node is to be managed in blockchain management service 370 or managed independent of managed blockchain service 370 (e.g., in another private network of in provider network 300 or external to provider network 300). Node management 418 may implement node route provisioning 702 to provision or configure route(s) 790 for enabling access for a created node according to whether the node is managed independent of managed blockchain service 370 or within managed blockchain service 370. For example, a request 710 to create an application node in another provider network may be received via interface 412. The request may identify the node’s location and other identifying information, the corresponding member associated with the node, the node’s network configuration (e.g., is located in a logically isolated network of the provider network, an on premise network, in another provider network, etc.), among other information. Node route provisioning 702 may identify routes, networking devices and features, and other tasks to be performed in order to enable access for the requested application node, such as the configuration discussed below with regard to FIGS. 8 or 10. In some embodiments, node route provisioning 702 may evaluate validity criteria (e.g., is the member authorized to add a node, does the network configuration allow the node to be given access, etc.). Node route provisioning 702 may request, direct, initiate, or otherwise cause the various requests 790 to provision and/or configure route(s) 790 to be performed at virtual networking devices 792 via configuration service 390.

[0073] In another example, a request 710 to create a node may identify that node as a peer node. A peer node may perform different types of communications than an application node and may be visible to other peer nodes. For example, a peer node may perform gossip protocol communications via the enabled access. The request may identify the peer node’s location and other identifying information, the corresponding member associated with the node, the node’s network configuration (e.g., is located in a logically isolated network of the provider network, an on premise network, in another provider network, etc.), among other information. Node route provisioning 702 may identify routes, networking devices and features, and other tasks to be performed in order to enable access for the requested application node, such as the configuration discussed below with regard to FIG. 8 or FIG. 9. In some embodiments, node route provisioning 702 may evaluate validity criteria (e.g., is the member authorized to add a node, does the network configuration allow the node to be given access, etc.). Node route provisioning 702 may request, direct, initiate, or otherwise cause the various requests 790 to provision and/or configure route(s) 790 to be performed at virtual networking devices 792 via configuration service 390.

[0074] In some embodiments, configuring and/or provisioning routes to enable access across private networks may be performed when a new member is created for the blockchain network. For example, the member may be asked to identify a location and network configuration of areas in which resources that may access the blockchain network could be hosted (e.g., on premise network configuration, private network within provider network 300, etc.) which may initiate a workflow or operation to provision routes between the network areas from which nodes may be subsequently created. Thus, in some embodiments, enabling network access from one private network to the private network of the managed blockchain service may be performed before any nodes are created.

[0075] Similarly, update node requests 720 (e.g., to change node configuration, change node size or resource allocation, etc.) may be sent via interface 412. Node management 418 may perform similar configuration operations 730 to blockchain node(s) 734, including instructing a management agent (not illustrated) to perform one or more operations to affect the update, in some embodiments. Updates to service state 740 to indicate the updates to the nodes of the blockchain network may be made.

[0076] Similarly, delete node requests 750 to stop, halt, or otherwise remove a node may be sent via interface 412. Node management 418 may perform similar configuration operations 730 to blockchain node(s) 734, including instructing a management agent (not illustrated) to stop performance and or a request to service(s) 720 to shut down one of blockchain node(s) 734. Again, updates to service state 740 to indicate the updates to the nodes of the blockchain network may be made.

[0077] Node management 418 may also handle requests to describe nodes, like get node information request 760. Node management 418 may retrieve configuration information of the node 740 from service state and use the retrieved information to return a result to request 760. Performance metrics or other health information could be combined or included with node information, in some embodiments.

[0078] Various different techniques for enabling access for an application node may be performed responsive to a request to enable access for a node to a private network of blockchain managed service. FIG. 8 is a logical block diagram of enabling access for a node implementing a client application for a blockchain, according to some embodiments. As illustrated in FIG. 8, application nodes 814a and 814b may have access enabled from subnet 812 within logically isolated private network for a user account of the provider network 810 to logically isolated private network for blockchain service 820, both of which are located within provider network 300. A network endpoint for the blockchain service 830 may be created, instantiated, or otherwise implemented within network 810 that points network traffic directed to endpoint 830 to a load balancer 840 for network 820 that handles requests to the blockchain service network 820. Because application nodes 814 direct requests to network endpoint for service 830, the network endpoint for service 830 and load balancer 840 may resolve any unknown domain name service (DNS) errors automatically, without having to update a private DNS for logically isolated private network for user account 810.

[0079] In some embodiments, node route provisioning 602 or other component of control plane 310 may request an operator for user network 810 to send a request to network configuration service 390 to create endpoint 840 to be pointed to load balancer 840. In other embodiments, node route provisioning 702 or other component of control plane 410 may perform the request automatically (as authorization to do so may be included in the request to enable node access). Various other features, such as security groups, firewalls, access control lists, or other network management features of user network 810 may be configured to allow and/or direct communications to network endpoint 830 that are bound for nodes in service network 820.

[0080] In some embodiments, node route provisioning 702 or other component of control plane 310 may request the creation and/or configuration of load balancer 840 (which may be a physical load balancer or virtual load balancer) to listen for and accept traffic directed to network endpoint 830. For example, one or more routes that between a networking device implementing network endpoint 830 and load balancer 840 may be updated to include a route that forwards network traffic to load balancer 840. These networking devices may be internal to provider network 300, preserving the privacy of the communications sent to network endpoint 830. Load balancer 840 may also be modified to listen for traffic directed to individual nodes on different ports, in some embodiments. In this way, application nodes 814 can send a communication to a particular peer node (e.g., one of 826a, 826b in subnet 822, or one of peer nodes 828a or 828b in subnet 824) by specifying the port (e.g., port 60 for peer node 826a, port 61 for peer node 826b, port 62 for peer node 828a, and port 63 for peer node 828b). The port mappings may be provided to the user account 810 (e.g., as replacement for a node discovery communication sent via an API for the framework of the blockchain network). [0081] FIG. 9 is a logical block diagram of enabling access for a peer node in a private network outside of the private network of the managed blockchain service, according to some embodiments. As illustrated in FIG. 9, peer node 924 may have access enabled from subnet 922 within logically isolated private network for a user account A of the provider network 922 to logically isolated private network for blockchain service 910, both of which are located within provider network 300. Also illustrated in FIG. 9, peer node 932 may have access enabled within external private network for user account B of the provider network 930 via a private connection 950 (e.g., a virtual private connection (VPN) to provider network 300. In some embodiments, the VPN connection 950 may be implemented over a dedicated physical connection between provider network 300 and external private network 930 or over a public network connection utilizing VPN 950 alone. Although not illustrated, similar techniques using a VPN could be implemented for a peer node implemented in another provider network separate from provider network 300 (e.g., owned or operated by a different entity).

[0082] In some embodiments, node route provisioning 702 or other component of control plane 310 may request the creation and/or configuration of a virtual traffic hub 940 from networking service 390. In some embodiments, virtual traffic hub 940 may be implemented using a multi-layer packet processing service (PPS) of multiple logically isolated cells that may be used as the underlying framework for the virtual traffic hub. Virtual traffic hub 940 may serve as a hub set up on behalf of respective systems of provider network 300, such as managed blockchain service 390, to which several different types of private networks (e.g., networks 920 and 930) may be programmatically attached in a hub-and-spoke configuration in various embodiments, such that the routing/forwarding of network packets from one attached isolated network to another is managed by nodes of a virtual traffic hub 940 based on metadata and/or policies provided by the creating/using clients, applications, entities, and/or systems. Virtual traffic hub 940 may also be referred to as a transit gateway in some embodiments.

[0083] The private networks attached to virtual traffic hub 940 may, for example, include logically isolated virtual networks because, for example, at least some network configuration settings (e.g., network addresses assigned to resources within a given network, subnet configurations, security settings and the like) may be set independently for the different networks, without having to take other networks’ configuration settings into account. For example, a range of private network addresses selected for resources within one isolated network may happen to overlap with a range of private network addresses selected for resources within another isolated network in various embodiments, since the two address ranges are selected independently. According to some embodiments, the metadata taken into consideration at virtual traffic hub 940 set up on behalf of a given client to manage traffic flowing between various private networks may include multiple route tables provided by the client (and/or route tables generated at the virtual traffic hub 940 based on other input provided by the client, such as forwarding information base (FIB) entries from which route table entries may be derived.) After the appropriate route tables have been associated and populated with entries, traffic may be allowed to start flowing between the private networks via virtual traffic hub 940 in various embodiments.

[0084] Virtual traffic hub 940 may allow network traffic (e.g., gossip communications) between peer node 932 and peer node 924, and as well as with peer node 914a and 914b in subnet 912 of service private network 910.

[0085] Please note that the techniques described above for FIGS. 8 and 9 can be implemented together, in some embodiments.

[0086] Other various types of techniques for enabling access across private networks. FIG. 10 is a logical block diagram of enabling access for a client application with cross attached network interfaces, according to some embodiments. Access for an application node 1012 created in logically isolated private network for user account A 1010 may be enabled using cross attached network interfaces. A cross attached network interface 1014, which may be a logical networking device representing a virtual network card, may be created inside of the private network hosting the blockchain network, such as cross attached network interface 1042, but attached to the application node 1012.

[0087] Attaching a network interface may allow for communications received from and directed to that network interface to behave as if received or sent from the created location, inside of logically isolated private network for blockchain service 1030. In this way, the attached application node can send traffic to cross attached network interface 1014 which will then be able forward the traffic to nodes inside of logically isolated private network for blockchain service 1030 (as the arrows from network interface 1014 to peer nodes 1044, 1054, 1062, and 1064 show). A cross attached network interface 1014 may be implemented using one or more networking devices managed by network configuration service 390 that implement a substrate network for provider network 300. The networking device(s) of the substrate network may be modified to include route(s) that will forward traffic from application node 1012 directed to cross attached network interface 1014 to the specified peer node as if sent from the virtual network card represented by cross attached network interface inside of private network 1030.

[0088] Cross attached network interfaces may be created by node route provisioning upon node creation 702, in FIG. 7, in some embodiments. For example, node route provisioning 702 may send requests to network configuration service 390 to create the cross attached network interface within private network 1030 and attach the device to application node 1012 in private network 1010.

[0089] As discussed above with regard to FIGS. 2 - 10, a managed blockchain service may be implemented as part of a provider network. However, a managed blockchain service could be implemented as a standalone service, which may be a publicly available service, or privately implemented. FIG. 11 is a high-level flowchart illustrating various methods and techniques to enable access across private networks for a managed blockchain service, according to some embodiments. Therefore, the above examples and or any other systems or devices referenced as performing the illustrated method (as well as the methods of FIGS. 11-13), are not intended to be limiting as to other different components, modules, systems, or configurations of systems and devices.

[0090] As indicated at 1110, a request to enable a node hosted in a private network to communicate with a blockchain network that includes existing node(s) that are hosted in a managed blockchain service may be received via an interface for a control plane for the managed blockchain service, in some embodiments. For example the request may identify the blockchain network, a member identifier associated with the request, location and network configuration information for the node, a type of node (e.g., application or peer, or externally managed), or various other information to perform the request. In some embodiments, the request to enable a node may be a request to accept a membership invitation which may include a network for the accepting member so that any node started, launched, or otherwise hosted in the member’s network can communicate with the blockchain network in the private network of the managed blockchain service.

[0091] As indicated at 1120, a determination may be made as to whether the request is valid, in some embodiments. For example, various criteria may be applied which indicate whether or not the node identified in the request can have access. A private network address (e.g., described by one or more Classless Inter-Domain Routing (CIDR) blocks) may not be able to overlap or match an existing private network address in the managed blockchain service network (or other accessible private networks for the blockchain network). If the network address of the node does match, then the node may not be valid for access. If a request is not valid, then as indicated at 1122, the request may be denied. Instead of denying the request remedial action(s) may be taken, such as provisioning or launching a new private network for the node in a provider network which a different and non-conflicting range of private network address and launching or moving the node to the new private network. [0092] As indicated at 1130, route(s) between the private network and a private network for the blockchain network in the managed blockchain service that enable he node to direct private communications to individual ones of the existing nodes in the private network of the managed blockchain service may be determined by the control plane, in some embodiments. For example, as discussed above with regard to the network load balancer, virtual traffic hub, and cross attached network interfaces and below with regard to FIGS. 12 and 13, routes for listening for or redirecting traffic received from the private network for the node to be added may be added to one or more route tables and networking devices to forward traffic to the service private network. In at least some embodiments, the networking devices may implement a substrate network for the provider network.

[0093] As indicated at 1140, networking device(s) may be caused to add the determined route(s) between the private network and the private network for the blockchain network in the managed blockchain service, in some embodiments. Various API requests or other instructions may be sent to the networking devices directly or to a management service, such as network configuration service 390, in some embodiments, to add the routes and configuring the networking devices, physical and/or virtual.

[0094] FIG. 12 is a high-level flowchart illustrating various methods and techniques to route traffic across private networks using a network endpoint and load balancer, according to some embodiments. As indicated at 1210, different ports at a load balancer may be assigned to different nodes in a private network of a managed blockchain service, in some embodiments. For instance, a load balancer may be implemented as virtual load balancer (e.g., implemented on one or more devices, such as servers or hardware load balancer) which may be provisioned for a private network that hosts a blockchain network. When a node is started, launched, provisioned, or otherwise created within the private network of the managed blockchain service for the blockchain network, an available port number of the load balancer may be assigned to the new node.

[0095] As indicated at 1220, a network endpoint that directs received communications to the load balancer may be created within a private network of a node to be given access to the private network of the managed blockchain service, in some embodiments. For example, one or more networking devices managed by network configuration service 390 that implement a substrate network for provider network 300. may be modified to include route(s) that will forward traffic received from within the private network of the node (as other nodes could also use the same network endpoint) to the load balancer. The network endpoint may serve as an interface via which requests directed to that endpoint can reach the specified node in the private network of the managed blockchain service. If, for instance, the network endpoint is reached using a domain name XYZ and a desired node is mapped to port 80, then a request sent to“XYZ:80” may be forwarded to the load balancer.

[0096] As indicated at 1230, the load balancer may be enabled to listen at the different ports for communications directed to the network endpoint and forward communications received at the different ports to the assigned nodes in the private network of the managed blockchain service, in some embodiments. Continuing with the example given above, the network traffic directed to port“80” may be sent to the node in the private network of the managed blockchain service assigned to port“80” by the load balancer. Other network endpoints implemented in other private networks for other nodes could also direct traffic to the same load balancer and using the same assigned ports direct traffic to specific nodes within the private network of the managed blockchain service, in some embodiments.

[0097] FIG. 13 is a high-level flowchart illustrating various methods and techniques route traffic across private networks using a virtual traffic hub, according to some embodiments. As indicated at 1310, a private network that includes a node to be given access to a blockchain network in a service private network of a managed blockchain service may be associated with a virtual traffic hub, in some embodiments. For instance, a register for the virtual traffic hub may be updated to include the private network (e.g., which may be updated to include an identifier generated from a user account identifier and identifier for the private network). The association may allow the virtual traffic hub to utilize the correct routing tables and routing information when handling traffic from the private network of the node or bound to the private network of a node.

[0098] As indicated at 1320, route tables, route table entries, route domains, or other routing information may be created, updated, or associated at the virtual traffic hub to route communications originating from the private network to the service private network, in some embodiments. For instance, the private network address values may be identified as within a range of network address (e.g., a CIDR block) and included in a route table along with corresponding forwarding routes to reach different nodes within the private network of the managed blockchain service. As indicated at 1330, the same or different route tables, route table entries, route domains, or other routing information may be created, updated, or associated at the virtual traffic hub to route communications directed from the service private network to the private network, in some embodiments.

[0099] FIG. 14 is a logical block diagram illustrating interactions with a blockchain network management feature of a control plane of a managed blockchain service, according to some embodiments. Client(s) 1400 may be external clients (e.g., 350 in FIG. 3) or internal clients of a provider network 300 that are implemented as applications on other services, such as virtual computing service(s) 310. Client(s) 1400 may submit requests to create a blockchain network via interface 412 to blockchain network management 414. A blockchain creation request 1450 may specify one of the offered blockchain frameworks of managed blockchain service 370. Additionally, other features may also be specified alone or in various combinations, such as a name, description, selection of governance rules, initial member, subsequent members, nodes, framework specific configuration information (e.g., specify which orderer service backend to use for a permissioned blockchain network framework), etc. Creation request 1450 could submit performance criteria, number of expected members, network configuration or other blockchain network configuration information, in addition to the framework. In some embodiments, blockchain network management 414 may implement a framework recommendation engine (not illustrated) which could recommend or select a blockchain network framework that satisfies the performance criteria (e.g., using rules-based selection, like decision trees). While creation of a blockchain may temporarily grant a creating account sole authority over the blockchain network, distributed governance policies may transfer the control of the network to or among multiple other members in addition to or instead of the account that submitted creation request 1450.

[00100] Blockchain network management may implement deployment workflow identification 1410 to evaluate the specified blockchain network configuration information in order to identify a deployment workflow (or multiple workflows) to achieve the specified blockchain network. For example, deployment workflow identification may identify a workflow (or set of workflows) for a specified blockchain framework, and then may select among various options or versions of that blockchain framework type that would satisfy the other features of the blockchain network specified in the request For instance, blockchain service resources may be deployed on larger and faster host systems if the blockchain system is expected to have high throughput. Configuration errors in request 1450 may result in error indications (not illustrated) which may be identified at deployment workflow identification 1410, in some embodiments.

[00101] Once identified, deployment workflow execution 1420 may perform the identified workflow(s). For example, deployment workflow execution may send one or multiple requests 1460 to other services 1440 of provider network 300 to provision and configure blockchain service(s) 1442 (e.g., orderer service, orderer service backend, backup configuration, monitoring configuration), blockchain networking 1444 (e.g., to enable logically isolated networks, private networks, firewalls, access control lists, routing tables or other networking features to configure a network in which to host the blockchain network), and blockchain storage 1446 (e.g., which may configure data stores for analytics information, orderer backend storage, etc.). Deployment workflow execution 1420 may, in some embodiments, select from a pool of previously allocated (and configured) resources to assemble some (or all) of a blockchain network (e.g., a pool of preconfigured instances that implement orders or certificate authorities). Deployment workflow execution 1420 may interact with other services not illustrated, such as network configuration service 390 to provision or configure a virtual private network for a blockchain, for instance, that could be updated to include the nodes created for different user accounts in the same virtual private network, in some embodiments.

[00102] During the performance of the creation workflow, blockchain network management 1414 may provide creation status indications 1470 (e.g.,“in progress”“X% complete”, etc.). When finished, blockchain network management 1414 may update service state 430 with the appropriate blockchain network state 1462 to record the existence and configuration of the blockchain network. Blockchain network management 414 may provide a completion indication 1480, in some embodiments.

[00103] In some embodiments, blockchain network management 414 may implement blockchain network information service 1430 to handle requests to get 1490 various blockchain network information. For example, a request 1490 to identify configuration parameters, including a blockchain network framework, number of nodes, number of members, or other blockchain network information, may be serviced by blockchain information service 1430 retrieving blockchain network state 1462 from service state 430.

[00104] FIG. 15 is a logical block diagram illustrating interactions with a membership management feature of a control plane of a managed blockchain service, according to some embodiments. Client(s) 1500 may be external clients (e.g., 350 in FIG. 3) or internal clients of a provider network 300 that are implemented as applications on other services, such as virtual computing service(s) 310. Client(s) 1500 may submit requests to create a membership invitation 1510 via interface 412 at membership management 416. Membership management 416 may perform a permission check 1530 by querying distributed governance 422 to verify that the membership invitation can be made. A vote or other proposal evaluation technique may be performed, as discussed below with regard to FIGS. 17 and 21, in some embodiments. In some scenarios, the request 1510 may be associated with a user (e.g., a super user) that can invite as many members as desired (or as part of an initial blockchain creation workflow) and so may avoid a membership action permission check (or the check may be performed without employing a vote but be instead resolved by applying a distributed governance provision that specifies the user’s ability to invite members). [00105] If allowed, membership management 416 may send a membership invitation 1540 to a client associated with the invited member (e.g., as API messages, console notifications, emails, etc.). The membership invitation 1540 may include information to setup or enable a node, either internally hosted by managed blockchain network or externally hosted, as discussed above with regard to FIG. 2. For example, an orderer service endpoint or network address may be provided to configure peer nodes as discussed above with regard to FIG. 6. The invitation response 1550 may be received at membership management 416. If accepted, membership management may initiate operations to provision resources and enable access (e.g., network access) for the new member (not illustrated) and update blockchain membership 1560 in service state 430.

[00106] Client(s) 1500 may also submit a request for membership information 1570 (e.g., to identify memberships with various blockchain networks for a user account, other members not operated or controlled by the requesting user account, etc.). Membership management 416 may get the requested membership information 1560 from service state 430. In some embodiments, access to some membership information may be restricted and thus membership management 416 may perform permission checks 1530 to accept or deny information requests or use an access control list.

[00107] Client(s) 1500 may submit a request to quit membership in a blockchain network 1580 or propose an eviction. Either of these requests may provoke a membership action permission check 1530. If performed, updates 1560 to blockchain membership may be made.

[00108] FIG. 16 is a logical block diagram illustrating interactions with a node management feature of a control plane of a managed blockchain service, according to some embodiments. Client(s) 1600 may be external clients (e.g., 350 in FIG. 3) or internal clients of a provider network 300 that are implemented as applications on other services, such as virtual computing service(s) 310. Client(s) 1600 may submit a request to create a node 1610 associated with a member of a blockchain network via interface 412. The creation request 1610 may specify a type of node (e.g., hardware or other performance capabilities) and/or configuration (e.g., type of virtualization platform, operating system, application to launch/install, etc.). Node management 318 may parse the request and perform the appropriate requests to provision the node 1630 at the appropriate service(s) 1620, such as blockchain node(s) 1622. Node management 318 may also update service state 430 to update 1640 blockchain network information to reflect the created node(s).

[00109] Similarly, update node requests 1650 (e.g., to change node configuration, change node size or resource allocation, etc.) may be sent via interface 412. Node management 318 may perform similar configuration operations 1630 to blockchain node(s) 1622, including instructing a management agent (not illustrated) to perform one or more operations to effect the update, in some embodiments. Updates to service state 1640 to indicate the updates to the nodes of the blockchain network may be made.

[00110] Similarly, delete node requests 1660 to stop, halt, or otherwise remove a node may be sent via interface 412. Node management 318 may perform similar configuration operations 1630 to blockchain node(s) 1622, including instructing a management agent (not illustrated) to stop performance and or a request to service(s) 1620 to shut down one of blockchain node(s) 1622. Again, updates to service state 1640 to indicate the updates to the nodes of the blockchain network may be made.

[00111] Node management 318 may also handle requests to describe nodes, like get node information request 1670. Node management 318 may retrieve configuration information of the node 1640 from service state and use the retrieved information to return a result to request 1670. Performance metrics or other health information (discussed below with regard to FIGS. 19 and 23) could be combined or included with node information, in some embodiments.

[00112] FIG. 17 is logical block diagram illustrating interactions with a distributed governance feature of a control plane of a managed blockchain service, according to some embodiments. Client(s) 1700 may be external clients (e.g., 350 in FIG. 3) or internal clients of a provider network 300 that are implemented as applications on other services, such as virtual computing service(s) 310. Client(s) 1700 can submit blockchain network proposals 1740, such as the various modifications discussed below with regard to FIG. 21, via interface 412 including changes to distributed governance policies. Distributed governance features 422 may implement a proposal governance policy identification 1710 in order to determine if a distributed governance policy applies to the proposal as well as what distributed governance policy applies (as more than one may be implemented or created for a blockchain network). For example, proposal governance policy identification 1710 may parse the proposal to identify an action, feature, or other modification, and compare the modification with an index of distributed governance policies. If the index returns a match, then the identified policy may be retrieved 1780 from service state 430. The proposal governance policy may be applied to the proposal 1740. If a vote is required, then proposal vote notification 1720 may send one or more proposal vote notifications 1750 via interface 412 (e.g., as API messages, console notifications, emails, etc.).

[00113] Proposal vote evaluation 1730 may then evaluate proposal votes 1760 received via interface 412 in order to determine whether the votes satisfy the policy. If so, the proposal may be performed (e.g., by updating service state to reflect the change of the successful proposal 1790). In some embodiments, a result 1770 may be sent (which may allow another control plane component to proceed with performing a proposed modification, in some embodiments. In some embodiments, distributed governance feature 422 could be implemented as a separate system or service from managed blockchain service 370 (not illustrated) and could handle policy proposal and evaluation features for multiple different services in provider network 300, including managed blockchain service 370.

[00114] FIG. 18 is a logical block diagram illustrating interactions with an analytics feature of a control plane of a managed blockchain service, according to some embodiments. Offline blockchain data 1832 may be collected and stored for a blockchain network, as discussed below with regard to FIG. 22, from different sources, in some embodiments. Depending on the type or framework of blockchain network, a different source for the offline blockchain data may be employed. For instance, a backup agent 1834 may be implemented on peer nodes 1802 in a blockchain network that does not maintain a separate log or ledger of transactions in the blockchain. Instead, backup agent 1834 may periodically (or when node workload is low) store blockchain data 1830 to data storage service(s) 330 in a specified storage location, object, database, etc. For those blockchain networks that do use a separate log or ledger of transactions, like data journaling service(s) 320, some of blockchain data 1836 may be copied or stored 1830 to offline blockchain data 1832 as part of a backup mechanism.

[00115] Client(s) 1800 may be external clients (e.g., 350 in FIG. 3) or internal clients of a provider network 300 that are implemented as applications on other services, such as virtual computing service(s) 310. Clients 1800 can submit requests to configure the performance of offline backup 1840 via interface 412. For instance, backup could be enabled or disabled for individual members, nodes, channels, or other portions of a blockchain network. In some embodiments, whether offline backup data is visible to other members may be configured. Analytics feature 424 may implement backup management 1810 to handle configuration requests 1840, and make requested changes, enable or disable backup agents 1834, provision storage space for offline blockchain data 1832 at data storage service(s) 330, among other backup management operations.

[00116] Analytics 424 may implement an interface, such as query interface 1820, to handle requests to access offline blockchain data. In some embodiments, data storage service(s) 330 may be a database optimized to handle queries over a log of entries (e.g., a channel or multiple channels of a blockchain stored as part of offline blockchain data 1832). Query interface 1820 may be implemented to handle queries to offline data 1832, like query 1850, and send requests to access offline blockchain data 1860 in order to return a query result 1870, in some embodiments, as discussed below with regard to FIG. 22.

[00117] Offline blockchain data 1832 may include the content of transactions in the blockchain, metadata describing blockchain content (e.g., when submitted, who proposed, votes, etc.), or related data (e.g., files or other objects referenced by blockchain content). More generally, in some embodiments, client applications of a blockchain hosted in managed blockchain service 370 may utilize links, references, address, or other information to access data objects stored in other services of provider network 300 (e.g., links to data objects stored in a data storage service 330). In this way, applications that access the data objects linked in the blockchain transactions can be assured that the content has been verified.

[00118] FIG. 19 is a logical block diagram illustrating interactions with a monitoring feature of a control plane of a managed blockchain service, according to some embodiments. Client(s) 1900 may be external clients (e.g., 350 in FIG. 3) or internal clients of a provider network 300 that are implemented as applications on other services, such as virtual computing service(s) 310. Monitoring 426 may handle monitoring-related requests via interface 412. For example, a request to get blockchain network health information 1950 may be received via interface 412. The request may specify a particular member(s), node(s), service(s), or other blockchain network resources, or information for the blockchain network as a whole. Monitoring 426 may enforce some access restrictions (e.g., not allowing performance data for nodes and members not associated with a user account that requested). In other embodiments, there may be no access restrictions to performance data. Monitoring 426 may parse the request and get node performance metrics 1970 from service state 430 in order to answer request 1950.

[00119] In some embodiments, monitoring agents 1940 may be implemented on nodes, services, or other blockchain components, like node 1942, in order to collect performance information. The monitoring agent 1940 may push the metrics to service state 430 (or may respond to a request for metrics in a pull-based design).

[00120] Monitoring 426 may also performed automated monitoring and management actions in order to manage the operation of a blockchain network on behalf of members so that little or no management directions are required to maintain blockchain network performance. Event monitoring 1910 may get node performance metrics 1970 and evaluate them with respect to one or multiple criteria, as discussed below with regard to FIG. 23. If an event is detected, event monitoring 1910 may signal to event response handling 1930 the event (e.g., according to an event code, location or scope of event (e.g., one node, multiple nodes, entire network etc., and or any other performance metrics of information needed to determine a responsive action. As discussed below with regard to FIG. 23, a responsive action can include an event notification 1960, in some embodiments. Event response handling 1930 may identify or determine one or more responsive actions, as discussed below with regard to FIG. 23, and perform then 1980. For example, services 1970 may host or implement node(s) for a blockchain so that a new node 1972 can be provisioned, configured, and launched to replace a failing node. Transition or other failover operations to transfer data, adjust network endpoints to redirect traffic or other actions to swap nodes may be performed by event response handling 1930.

[00121] As discussed above with regard to FIGS. 2 - 6 and 14-19, a managed blockchain service may be implemented as part of a provider network. However, a managed blockchain service could be implemented as a standalone service, which may be a publicly available service, or privately implemented. FIG. 20 is a high-level flowchart illustrating various methods and techniques to create a blockchain network in a multi-framework managed blockchain service, according to some embodiments. Various different systems and devices may implement the various methods (as well as methods in FIGS. 21 - 23 below) and techniques described below, either singly or working together. Therefore, the above examples and or any other systems or devices referenced as performing the illustrated method, are not intended to be limiting as to other different components, modules, systems, or configurations of systems and devices.

[00122] As indicated at 2010, a request associated with a user account of a managed blockchain service may be received via an interface for a control plane of the managed blockchain service to create a blockchain network according to a specified blockchain framework of different blockchain frameworks offered by the managed blockchain service, in some embodiments. For example, a management console may allow a user to specify various features of a blockchain network, such as whether or not the blockchain network will connect to a public network (or be only private), the framework type to be used, name, descriptive information, and a first member, in some embodiments. In at least some embodiments, the request may affirm, select, configure, state, or otherwise specify one (or more) distributed governance policies applicable to govern blockchain network actions subsequent to its creation, as discussed below with regard to FIG. 21.

[00123] As indicated at 2020, a workflow to deploy the blockchain network according to the specified blockchain framework may be identified, in some embodiments. For example, a decision tree or other rules-based decision engine may take one or more inputs corresponding to the creation request, including blockchain frame work, for identifying which of multiple different deployment workflows should be used. For example, a private deployment of a permissionless blockchain network may have a different deployment workflow than a public deployment of permissionless blockchain network. In some embodiments, one or multiple sub workflows may be combined based on the features specified in the creation request (e.g., a network configuration workflow, a blockchain service configuration workflow, a distributed governance policy creation workflow, etc.)

[00124] As indicated at 2030, the blockchain network may be deployed by the control plane on computing resource(s) in a data plane for the managed blockchain service according to the identified workflow. For instance, a workflow engine, state machine, or other deployment platform of the control plane may take the workflow and execute, request, instruct, or otherwise cause all of the workflow features to be accomplished. In some embodiments, a control plane agent or host manager implemented on the resources themselves may be instructed to perform some or all of the identified workflow.

[00125] FIG. 21 is a high-level flowchart illustrating various methods and techniques to perform modifications to a blockchain network according to a distributed governance policy, according to some embodiments. As indicated at 2110, a request associated with a user account to perform a modification to a blockchain network in a managed blockchain service may be received. The request, as discussed above may be received via an interface a control plane and may be associated with a user account of the service different than the user account that submitted the request to create the blockchain network. Modification requests could cover any of the changes discussed above with regard to FIGS. 14 - 17, including changes to membership, governance, hardware or software configuration, backup mechanisms, monitoring and responsive actions, and so on, as well as changes to distributed governance policies,. While some actions, like adding and removing nodes could be limited to a single member’s discretion, even those actions could in some scenarios be controlled or managed by a distributed governance policy.

[00126] As indicated at 2120, a distributed governance policy for the blockchain network in effect and applicable to the modification may be identified, in some embodiments. For example, default policies could be specified to cover multiple different modifications (although in some embodiments some modifications may be covered if an additional distributed governance policy is created). In some embodiments, an identifier or label for a modification may serve as an index to an applicable policy (or none if none is applicable).

[00127] As indicated at 2130, a determination may be made as to whether the distributed governance policy requires a vote to proceed. For example, a policy may be stored as a JSON or other text which an enforcement component for the control plane may parse to determine whether criteria to satisfy the policy like voting are used. If yes, then as indicated at 2132, notifications to vote on a proposal to perform the modification as specified by the distributed governance policy may be sent, in some embodiments. For example, the means of notification, the identity of recipients, and other features such as resends, alternates, or other voting notification features may be specified in the distributed governance policy.

[00128] The notification may include a link or user interface element, network endpoint, or other feature that indicates how a vote in response to the notification can be cast. In at least some embodiments, the votes may be sent through one or more voting APIs which may allow for client applications to develop custom voting platforms or communications for receiving votes (e.g., a screen share application where the appropriate users can register a vote in a chat channel, an application that blocks further admin access until a vote is performed (to prevent filibusters), etc.). In this way, the voting API may provide greater flexibility then completely integrated voting solutions which only allow for votes to be cast in a particular manner, in some embodiments.

[00129] As indicated at 2142, votes may be received. A determination may be made as to whether the votes satisfy the policy, as indicated at 2152. For example, voting criteria including quorum rules, vote margin (e.g., majority, plurality, super majority, etc.), voter rolls (e.g., voters with veto authority), abstentions allowed, etc., can be specified by the governance policy. Changes to governance policy may themselves be submitted as a modification, which may not become affective until satisfying a current governance policy. If the votes satisfy the policy, then the modification maybe performed as indicated at 2150. If the votes do not satisfy the policy, then the modification to the blockchain network may be denied, as indicated at 2160.

[00130] Some policies may not require a vote, as indicated by the negative exit from 2130. For example, some modifications may be performed at certain times, or within certain parameters. Consider a policy that allows for a member to implement up to a maximum number of nodes without consulting other members. The policy may be evaluated for a modification to add a node, but may not need a vote if it can be satisfied because the added node is still within the maximum number. If the modification is allowed by the policy, as indicated by the positive exit from 2140, then the modification may be performed to the blockchain network. If the modification is not allowed by the policy, then the modification to the blockchain network may be denied, as indicated at 2160.

[00131] FIG. 22 is a high-level flowchart illustrating various methods and techniques to store and query offline blockchain data, according to some embodiments. As indicated at 2210, blockchain data may be stored from a commit log for a blockchain network to a database, in some embodiments. For example, a backup mechanism for a data journal service discussed above or other ordered commit log services, like Apache’s Kafka, may include options or mechanisms store a copy of the transaction log representing a blockchain (or a channel of a blockchain) in a separate storage location, such as a database. Similarly, for those types of blockchain networks that do not utilize a separate commit log (e.g., Ethereum), a backup agent (or other component) on the peer nodes that receive and maintain the blockchain data on node may store the blockchain data from the peer node of the blockchain network to a database, as indicated at 2220.

[00132] A managed blockchain service may implement an interface for which to provide access to the offline data stored for the blockchain network. The interface could be an interface that allowed for portions (e.g., files or objects) of blockchain data to be downloaded or viewed. In some embodiments, analytical tools, such as various kinds of statistical analysis and/or machine learning analysis could be implemented to provide views and reports of offline blockchain data. As indicated at 2230, a request for data from the blockchain data may be received, in some embodiments. The request may be formatted according to an API with various feature for identifying the data to return (e.g., by chain, members of the transaction, proposer, approvers, date, time, content of the transaction, etc.). In some embodiments, the interface may allow for query languages (e.g., SQL) to be used.

[00133] As indicated at 2240, a query to the database to obtain the requested data may be generated, in some embodiments. For instance, if an API is used, then a query language may be used to translate the API request into the corresponding query language. As indicated at 2250, the query may then be sent to the database, in one embodiments. For example, a database connection between the control plane and the database may be previously established and used to send the query. A result may be received back from the database, including an empty result. As indicated at 2260, a response to the request for the data may be returned based on a result of the query received from the database, in some embodiments. For instance, the format of the results could be modified to fit the API used to submit the request for data and/or to display results (e.g., at a console for the managed blockchain service).

[00134] FIG. 23 is a high-level flowchart illustrating various methods and techniques monitor a blockchain network for performance events, according to some embodiments. As indicated at 2310, performances data collected by monitoring agents for node(s) and/or service(s) of a blockchain network in a managed blockchain service may be monitored. A control plane, as discussed above with regard to FIG. 19, may operate a central data store of performance data which may be evaluated by one or more monitoring nodes, components, or that read data from the central data store. In some embodiments, the monitoring may be performed by the monitoring agents on the hosts, servers, or systems that implement the node(s) and/or service(s) of the blockchain network.

[00135] As indicated at 2320, a determination may be made as to whether a performance event is detected, in some embodiments. Various types of performance events may be monitored for, in some embodiments. For example, capacity or utilization metrics may be collected that indicate use of the processing resources, storage resources, or network resources of the node or service. If the utilization exceeds a threshold (or falls below a threshold), then a corresponding performance event for the resource may be detected (e.g., not enough processor capacity to handle the load on the node or service). Performance data may be a liveness indication, such as a heartbeat message, sent to the monitoring features of the control plane which may detect a failure event (e.g., due to node or network failure) for a node or service that fails to send an indication that the node or service is still alive. In some embodiments, combinations of criteria for different resources may be used to detect a performance event (e.g., if response latency to application requests exceeds a threshold AND network bandwidth consumption exceeds a minimum threshold then a performance event may be detected).

[00136] As indicated at 2330, a responsive action may be determined for the performance event, in some embodiments. For example, a mapping between detected events and responsive action(s) may be maintained so that the action appropriate to respond to the detected event is determined. Some responsive actions may include operations to heal, configure, fix, or otherwise improve the performance of a node or service that triggered the performance event (e., move work to another node, adjust resource allocations on the node, change access control parameters for handling network request, etc.) Some responsive actions may include actions to remove or replace a node or service. If, for instance, a node is underutilized, then a responsive action to remove the underutilized node and shift the work to another node may be performed. In some scenarios the node or service may be failing (or have failed), and thus the responsive action may include provisioning, configuring, and starting a new node or service.

[00137] As indicated at 2340, in at least some embodiments, the responsive action may include a notification (in addition to other actions, as indicated by the dotted arrow from 2342 to 2350 or instead of another responsive action). If a notification is specified, then a notification of the performance event may be sent, as indicated at 2342. For example, an email notification, text notification via a wireless communication network, a message or notification displayed on a user account console of a provider network, may be examples of the types of notifications provided. Notifications may be sent to entities for nodes host external to provider network 300 that are members of a blockchain network service. Such nodes could still implement a monitoring agent (e.g., provided by provider network 300) to collect information used to detect events so that even if an operation would have to be performed from control tools or apparatus of the external network, a control plane for the managed blockchain service could still be aware of and direct the performance of the appropriate responsive action via the notification.

[00138] As indicated at 2350, the responsive action determined at 2330 may be performed, in some embodiments. For example to replace a failing or ailing node or service, one or more requests to launch or provision a new node or service for the blockchain network may be made to those systems or services that host or implement the failing or ailing node or service. In some embodiments, the responsive action may include sending instructions to a monitoring or other control plane agent on a node to perform configuration changes or adjustments to resource allocation at a host device (e.g., at a server).

[00139] The methods described herein may in various embodiments be implemented by any combination of hardware and software. For example, in one embodiment, the methods may be implemented by a computer system (e.g., a computer system 3000 as in FIG. 24) that includes one or more processors executing program instructions stored on a computer-readable storage medium coupled to the processors. The program instructions may be configured to implement the functionality described herein (e.g., the functionality of various servers and other components that implement the network-based virtual computing resource provider described herein). The various methods as illustrated in the figures and described herein represent example embodiments of methods. The order of any method may be changed, and various elements may be added, reordered, combined, omitted, modified, etc.

[00140] Embodiments of enabling access across private networks for a managed blockchain service and embodiments of a multi-framework managed blockchain service, as described herein may be executed on one or more computer systems, which may interact with various other devices. One such computer system is illustrated by FIG. 24. In different embodiments, computer system 3000 may be any of various types of devices, including, but not limited to, a personal computer system, desktop computer, laptop, notebook, or netbook computer, mainframe computer system, handheld computer, workstation, network computer, a camera, a set top box, a mobile device, a consumer device, video game console, handheld video game device, application server, storage device, a peripheral device such as a switch, modem, router, or in general any type of computing device, computing node, compute node, computing system compute system, or electronic device.

[00141] In the illustrated embodiment, computer system 3000 includes one or more processors 3010 coupled to a system memory 3020 via an input/output (EO) interface 3030. Computer system 3000 further includes a network interface 3040 coupled to I/O interface 3030, and one or more input/output devices 3050, such as cursor control device 3060, keyboard 3070, and display(s) 3080. Display(s) 3080 may include standard computer monitor(s) and/or other display systems, technologies or devices. In at least some implementations, the input/output devices 3050 may also include a touch- or multi-touch enabled device such as a pad or tablet via which a user enters input via a stylus-type device and/or one or more digits. In some embodiments, it is contemplated that embodiments may be implemented using a single instance of computer system 3000, while in other embodiments multiple such systems, or multiple nodes making up computer system 3000, may host different portions or instances of embodiments. For example, in one embodiment some elements may be implemented via one or more nodes of computer system 3000 that are distinct from those nodes implementing other elements.

[00142] In various embodiments, computer system 3000 may be a uniprocessor system including one processor 3010, or a multiprocessor system including several processors 3010 (e.g., two, four, eight, or another suitable number). Processors 3010 may be any suitable processor capable of executing instructions. For example, in various embodiments, processors 3010 may be general-purpose or embedded processors implementing any of a variety of instruction set architectures (ISAs), such as the x86, PowerPC, SPARC, or MIPS ISAs, or any other suitable ISA. In multiprocessor systems, each of processors 3010 may commonly, but not necessarily, implement the same ISA.

[00143] In some embodiments, at least one processor 3010 may be a graphics processing unit. A graphics processing unit or GPU may be considered a dedicated graphics-rendering device for a personal computer, workstation, game console or other computing or electronic device. Modern GPUs may be very efficient at manipulating and displaying computer graphics, and their highly parallel structure may make them more effective than typical CPUs for a range of complex graphical algorithms. For example, a graphics processor may implement a number of graphics primitive operations in a way that makes executing them much faster than drawing directly to the screen with a host central processing unit (CPU). In various embodiments, graphics rendering may, at least in part, be implemented by program instructions configured for execution on one of, or parallel execution on two or more of, such GPUs. The GPU(s) may implement one or more application programmer interfaces (APIs) that permit programmers to invoke the functionality of the GPU(s). Suitable GPUs may be commercially available from vendors such as NVIDIA Corporation, ATI Technologies (AMD), and others.

[00144] System memory 3020 may store program instructions and/or data accessible by processor 3010. In various embodiments, system memory 3020 may be implemented using any suitable memory technology, such as static random access memory (SRAM), synchronous dynamic RAM (SDRAM), nonvolatile/Flash-type memory, or any other type of memory. In the illustrated embodiment, program instructions and data implementing desired functions, such as those described above are shown stored within system memory 3020 as program instructions 3025 and data storage 3035, respectively. In other embodiments, program instructions and/or data may be received, sent or stored upon different types of computer-accessible media or on similar media separate from system memory 3020 or computer system 3000. Generally speaking, a non-transitory, computer-readable storage medium may include storage media or memory media such as magnetic or optical media, e.g., disk or CD/DVD-ROM coupled to computer system 3000 via I/O interface 3030. Program instructions and data stored via a computer- readable medium may be transmitted by transmission media or signals such as electrical, electromagnetic, or digital signals, which may be conveyed via a communication medium such as a network and/or a wireless link, such as may be implemented via network interface 3040.

[00145] In one embodiment, I/O interface 3030 may coordinate I/O traffic between processor 3010, system memory 3020, and any peripheral devices in the device, including network interface 3040 or other peripheral interfaces, such as input/output devices 3050. In some embodiments, I/O interface 3030 may perform any necessary protocol, timing or other data transformations to convert data signals from one component (e.g., system memory 3020) into a format suitable for use by another component (e.g., processor 3010). In some embodiments, I/O interface 3030 may include support for devices attached through various types of peripheral buses, such as a variant of the Peripheral Component Interconnect (PCI) bus standard or the Universal Serial Bus (USB) standard, for example. In some embodiments, the function of I/O interface 3030 may be split into two or more separate components, such as a north bridge and a south bridge, for example. In addition, in some embodiments some or all of the functionality of I/O interface 3030, such as an interface to system memory 3020, may be incorporated directly into processor 3010.

[00146] Network interface 3040 may allow data to be exchanged between computer system 3000 and other devices attached to a network, such as other computer systems, or between nodes of computer system 3000. In various embodiments, network interface 3040 may support communication via wired or wireless general data networks, such as any suitable type of Ethernet network, for example; via telecommunications/telephony networks such as analog voice networks or digital fiber communications networks; via storage area networks such as Fibre Channel SANs, or via any other suitable type of network and/or protocol. [00147] Input/output devices 3050 may, in some embodiments, include one or more display terminals, keyboards, keypads, touchpads, scanning devices, voice or optical recognition devices, or any other devices suitable for entering or retrieving data by one or more computer system 3000. Multiple input/output devices 3050 may be present in computer system 3000 or may be distributed on various nodes of computer system 3000. In some embodiments, similar input/output devices may be separate from computer system 3000 and may interact with one or more nodes of computer system 3000 through a wired or wireless connection, such as over network interface 3040.

[00148] As shown in FIG. 24, memory 3020 may include program instructions 3025, may implement the various methods and techniques as described herein, and data storage 3035, comprising various data accessible by program instructions 3025. In one embodiment, program instructions 3025 may include software elements of embodiments as described herein and as illustrated in the Figures. Data storage 3035 may include data that may be used in embodiments. In other embodiments, other or different software elements and data may be included.

[00149] Those skilled in the art will appreciate that computer system 3000 is merely illustrative and is not intended to limit the scope of the techniques as described herein. In particular, the computer system and devices may include any combination of hardware or software that can perform the indicated functions, including a computer, personal computer system, desktop computer, laptop, notebook, or netbook computer, mainframe computer system, handheld computer, workstation, network computer, a camera, a set top box, a mobile device, network device, internet appliance, PDA, wireless phones, pagers, a consumer device, video game console, handheld video game device, application server, storage device, a peripheral device such as a switch, modem, router, or in general any type of computing or electronic device. Computer system 3000 may also be connected to other devices that are not illustrated, or instead may operate as a stand-alone system. In addition, the functionality provided by the illustrated components may in some embodiments be combined in fewer components or distributed in additional components. Similarly, in some embodiments, the functionality of some of the illustrated components may not be provided and/or other additional functionality may be available.

[00150] Those skilled in the art will also appreciate that, while various items are illustrated as being stored in memory or on storage while being used, these items or portions of them may be transferred between memory and other storage devices for purposes of memory management and data integrity. Alternatively, in other embodiments some or all of the software components may execute in memory on another device and communicate with the illustrated computer system via inter-computer communication. Some or all of the system components or data structures may also be stored (e.g., as instructions or structured data) on a computer-accessible medium or a portable article to be read by an appropriate drive, various examples of which are described above. In some embodiments, instructions stored on a non-transitory, computer-accessible medium separate from computer system 3000 may be transmitted to computer system 3000 via transmission media or signals such as electrical, electromagnetic, or digital signals, conveyed via a communication medium such as a network and/or a wireless link. Various embodiments may further include receiving, sending or storing instructions and/or data implemented in accordance with the foregoing description upon a computer-accessible medium. Accordingly, the present invention may be practiced with other computer system configurations.

[00151] It is noted that any of the distributed system embodiments described herein, or any of their components, may be implemented as one or more web services. For example, leader nodes within a data warehouse system may present data storage services and/or database services to clients as network-based services. In some embodiments, a network-based service may be implemented by a software and/or hardware system designed to support interoperable machine- to-machine interaction over a network. A network-based service may have an interface described in a machine-processable format, such as the Web Services Description Language (WSDL). Other systems may interact with the web service in a manner prescribed by the description of the network-based service’s interface. For example, the network-based service may define various operations that other systems may invoke, and may define a particular application programming interface (API) to which other systems may be expected to conform when requesting the various operations.

[00152] In various embodiments, a network-based service may be requested or invoked through the use of a message that includes parameters and/or data associated with the network- based services request. Such a message may be formatted according to a particular markup language such as Extensible Markup Language (XML), and/or may be encapsulated using a protocol such as Simple Object Access Protocol (SOAP). To perform a web services request, a network-based services client may assemble a message including the request and convey the message to an addressable endpoint (e.g., a Uniform Resource Locator (URL)) corresponding to the web service, using an Internet-based application layer transfer protocol such as Hypertext Transfer Protocol (HTTP).

[00153] In some embodiments, web services may be implemented using Representational State Transfer (“RESTful”) techniques rather than message-based techniques. For example, a web service implemented according to a RESTful technique may be invoked through parameters included within an HTTP method such as PUT, GET, or DELETE, rather than encapsulated within a SOAP message.

[00154] Embodiments of the present disclosure can be described in view of the following clauses:

1. A managed blockchain service, comprising:

a first plurality of nodes, respectively comprising at least one processor and a memory, that host a blockchain network in a first logically isolated network; a second plurality of nodes, respectively comprising at least one other processor and another memory, that implement a control plane for the managed blockchain service;

the control plane configured to:

receive, via an interface for the control plane, a request to enable a node hosted in a second logically private network to communicate with the blockchain network;

identify one or more routes between the second logically isolated network and the first logically isolated network that enable the node to direct private communications to individual ones of the first plurality of nodes in the first logically isolated network; and

send requests to cause the one or more networking devices to add the identified one or more routes between the second logically isolated network and the first logically isolated network.

2. The system of clause 1, wherein to send the requests to cause the one or more networking devices to add the identified one or more routes between the second logically isolated network and the first logically isolated network, the control plane is configured to enable a load balancer in the first logically isolated network of the managed blockchain service to:

listen at a plurality of ports for communications directed to a network endpoint created within the second logically isolated network that hosts the node; and forward the communications received at the plurality of ports to the individual ones of the first plurality of nodes individually assigned to different ones of the plurality of ports.

3. The system of clause 1, wherein to send the requests to cause the one or more networking devices to add the identified one or more routes between the second logically isolated network and the first logically isolated network, the control plane is configured to: cause a virtual traffic hub to include the one or more routes to route communications originating from the second logically isolated network to the first logically isolated network of the managed blockchain service and to route communications directed to the second logically isolated network from the first logically isolated network of the managed blockchain service.

4. The system of any one of clauses 1 to 3, wherein the managed blockchain service is implemented as part of a provider network, wherein the blockchain network was created responsive to a request associated with a first user account of the provider network, and wherein the node and the second logically isolated network associated second user account of the provider network.

5. A method, comprising:

receiving, via an interface for a control plane of a managed blockchain service, a request to enable a node hosted in a private network to communicate with a blockchain network comprising one or more existing nodes that are hosted in the managed blockchain service;

determining, by the control plane, one or more routes between the private network and a private network for the blockchain network in the managed blockchain service that enable the node to direct private communications to individual ones of the existing nodes in the private network of the managed blockchain service; and causing, by the control plane, one or more networking devices to add the determined one or more routes between the private network and the private network for the blockchain network in the managed blockchain service.

6. The method of clause 5, wherein causing the one or more networking devices to add the determined one or more routes, comprises:

enabling a load balancer in the private network of the managed blockchain service to: listen at a plurality of ports for communications directed to a network endpoint created within the private network that hosts the node; and

forward the communications received at the plurality of ports to the individual ones of the existing nodes individually assigned to different ones of the plurality of ports.

7. The method of any one of clauses 5 to 6, wherein the node is an application node that sends one or more requests to the existing nodes of the blockchain network according to one or more (Application Programming Interfaces) (APIs). 8. The method of clause 5, wherein causing the one or more networking devices to add the determined one or more routes, comprises:

causing a virtual traffic hub to include the one or more routes to route communications originating from the private network to the private network of the managed blockchain service and to route communications directed to the private network from the private network of the managed blockchain service.

9. The method of clause 8, wherein the node is a peer node that sends one or more communications according to a gossip protocol for the blockchain network.

10. The method of clause 8, wherein the virtual traffic hub includes another one or more routes to route communications originating from another private network to the private network of the managed blockchain service and to route communications directed to the other private network from the private network of the managed blockchain service.

11. The method of clause 5, wherein the method further comprises:

receiving, via the interface for the control plane, a request to enable a second node hosted in a third private network to communicate with the blockchain network;

determining, by the control plane, that a private network address for the second node conflicts with an existing private network address in the private network of the managed blockchain service; and

responsive to determining that the private network address for the second node conflicts with the existing private network address, denying the request to enable the second node to communicate with the blockchain network.

12. The method of clause 11, further comprising:

further responsive to determining that the private network address for the second node conflicts with the existing private network address, providing a range of private network addresses that do not conflict with existing private network address in the private network of the managed blockchain service

13. The method of any one of clauses 5 to 12, wherein the managed blockchain service is implemented as part of a provider network, wherein the private network that hosts the node is an on premise network external to the provider network, and wherein the private communications from the node are sent via a virtual private network (VPN) connection between the on-premise network and the provider network.

14. One or more non-transitory, computer-readable storage media, storing program instructions that when executed on or across one or more computing devices cause the one or more computing devices to implement: receiving, via an interface for a control plane of a managed blockchain service, a request to enable a node hosted in a private network to communicate with a blockchain network comprising one or more existing nodes that are hosted in the managed blockchain service;

identifying, by the control plane, one or more routes between the private network and a private network for the blockchain network in the managed blockchain service that enable the node to direct private communications to individual ones of the existing nodes in the private network of the managed blockchain service; and causing, by the control plane, one or more networking devices to add the determined one or more routes between the private network and the private network for the blockchain network in the managed blockchain service.

15. The one or more non-transitory, computer-readable storage media of clause 14, wherein, in causing the one or more networking devices to add the determined one or more routes, the one or more non-transitory, computer-readable storage media comprise further instructions that further cause the one or more computing to implement:

16. The one or more non-transitory, computer-readable storage media of clause 14, wherein, in causing the one or more networking devices to add the determined one or more routes, the one or more non-transitory, computer-readable storage media comprise further instructions that further cause the one or more computing to implement:

17. The one or more non-transitory, computer-readable storage media of any one clauses 14 to 16, wherein the node is a peer node that sends one or more communications according to a gossip protocol for the blockchain network. 18. The one or more non-transitory, computer-readable storage media of any one of clauses 14 to 17, wherein the one or more non-transitory, computer-readable storage media comprise further instructions that further cause the one or more computing to implement:

determining, by the control plane, that a private network address for the node does not conflict with an existing private network address in the private network of the managed blockchain service before causing the one or more networking devices to add the determined one or more routes,

19. The one or more non-transitory, computer-readable storage media of any one of clauses 14 to 18, wherein the node is both an application node and a peer node.

20. The one or more non-transitory, computer-readable storage media of any one of clauses 14 to 19, wherein the managed blockchain service is implemented as part of a provider network, wherein the private network that hosts the node is hosted within a second provider network external to the provider network, and wherein the private communications from the node are sent via a virtual private network (VPN) connection between the on-premise network and the provider network.

21. A managed blockchain service, comprising:

a first plurality of nodes, respectively comprising at least one processor and a memory, that implement a data plane for the managed blockchain service;

a second plurality of nodes, respectively comprising at least one other processor and another memory, that implement a control plane for the managed blockchain service;

the control plane configured to:

receive a request associated with a user account to create a blockchain network according to a specified blockchain framework of a plurality of different blockchain frameworks offered by the managed blockchain service;

identify a workflow to deploy the blockchain network according to the specified blockchain framework;

provision one or more nodes of the data plane to host the blockchain network; execute the workflow to deploy the blockchain network on the provisioned one or more nodes;

receive a request associated with a different user accounts of the managed blockchain service via the interface to perform a modification to the blockchain network; and modify the blockchain network in the data plane according to the request after a determination that the modification is allowed by a distributed governance policy for the blockchain network.

22. The system of clause 21, wherein the control plane is configured to:

send one or more notifications to vote on a proposal to perform the modification according to the distributed governance policy; and

evaluate received votes according to the distributed governance policy to determine that the modification is allowed.

23. The system of any one of clauses 21 to 22, wherein the control plane is further configured to:

receive a request for data from offline blockchain data stored in a database;

generate a query to the database to obtain the requested data;

send the query to the database; and

return a response to the request for the data based on a result of the query received from the database.

24. The system of any one of clauses 21 to 23, wherein the managed blockchain service is implemented as part of a provider network, and wherein the data store is a storage service implemented as part of the provider network.

25. A method, comprising:

receiving, via an interface at a control plane for a managed blockchain service, a request associated with a user account to create a blockchain network with a specified distributed governance policy according to a specified blockchain framework of a plurality of different blockchain frameworks offered by the managed blockchain service;

deploying, by the control plane, the blockchain network on one or more computing resources provisioned for the blockchain network in a data plane for the managed blockchain service according to a workflow identified for the specified blockchain framework; and

responsive to a request associated with a different user account of the managed blockchain service received via the interface to perform a modification to the blockchain network, performing, by the control plane, the modification to the blockchain network in the data plane after a determination by the control plane that the modification is allowed by a distributed governance policy in effect for the blockchain network. 26. The method of clause 25, further responsive to the request to perform the modification:

sending one or more notifications to vote on a proposal to perform the modification according to the distributed governance policy; and

evaluating received votes according to the distributed governance policy to determine that the modification is allowed.

27. The method of any one of clauses 25 to 26, further comprising:

responsive to another request received via the interface to perform another modification to the blockchain network,

sending one or more notifications to vote on a proposal to perform the modification according to the distributed governance policy;

evaluating received votes according to the distributed governance policy to determine that the modification is not allowed; and

denying the request to perform the other modification.

28. The method of clause 25, further comprising:

receiving, via the interface of the control plane, a request for data from offline blockchain data stored in a database;

generating, by the control plane, a query to the database to obtain the requested data; sending, by the control plane, the query to the database; and

returning, by the control plane, a response to the request for the data based on a result of the query received from the database.

29. The method of clause 28, wherein the offline blockchain data was stored in the database from a peer node of the blockchain network.

30. The method of any one of clauses 25 to 29, further comprising:

monitoring, by the control plane, performance data collected for the blockchain network to detect a performance event for the blockchain network;

responsive to detecting the performance event:

determining, by the control plane, a responsive action to the performance event; and

performing, by the control plane, the responsive action.

31. The method of clause 30, wherein the responsive action replaces a peer node for an organization of the blockchain network.

32. The method of any one of clauses 25 to 31, wherein the specified blockchain framework is a permissioned blockchain framework. 33. The method of any one of clauses 25 to 32, wherein the modification to the blockchain system is a request to add a member to the blockchain system.

34. One or more non-transitory, computer-readable storage media, storing program instructions that when executed on or across one or more computing devices cause the one or more computing devices to implement:

receiving, via an interface at a control plane for a managed blockchain service, a request associated with a user account to create a blockchain network according to a specified blockchain framework of a plurality of different blockchain frameworks offered by the managed blockchain service;

identifying, by the control plane, a workflow to deploy the blockchain network according to the specified blockchain framework;

causing, by the control plane, execution of the workflow to deploy the blockchain network on one or more computing resources provisioned for the blockchain network in a data plane for the managed blockchain service; and

receiving a request associated with a different user account of the managed blockchain service via the interface to perform a modification to the blockchain network; causing, by the control plane, the modification to the blockchain network in the data plane according to the request after determining by the control plane that the modification is allowed by a distributed governance policy for the blockchain network.

35. The one or more non-transitory, computer-readable storage media of clause 34, wherein the one or more non-transitory, computer-readable storage media further comprise program instructions to cause the one or more computing devices to implement:

sending, via the interface, one or more notifications to vote on a proposal to perform the modification according to the distributed governance policy; and

36. The one or more non-transitory, computer-readable storage media of clause 35, wherein the one or more non-transitory, computer-readable storage media further comprise program instructions to further cause the one or more computing devices to implement identifying the distributed governance policy as applicable to the modification.

37. The one or more non-transitory, computer-readable storage media of any one of clauses 34 to 36, wherein the one or more non-transitory, computer-readable storage media further comprise program instructions to further cause the one or more computing devices to implement:

38. The one or more non-transitory, computer-readable storage media of any one clauses 34 to 37, causing blockchain data from the blockchain network to be stored in a separate data store.

39. The one or more non-transitory, computer-readable storage media of any one of clauses 34 to 38, wherein the one or more non-transitory, computer-readable storage media further comprise program instructions to further cause the one or more computing devices to implement:

responsive to detecting the performance event:

performing, by the control plane, the responsive action.

40. The one or more non-transitory, computer-readable storage media of any one of clauses 34 to 39, wherein the specified blockchain framework is a permissionless blockchain framework.

[00155] The various methods as illustrated in the FIGS and described herein represent example embodiments of methods. The methods may be implemented in software, hardware, or a combination thereof. The order of method may be changed, and various elements may be added, reordered, combined, omitted, modified, etc.

[00156] Various modifications and changes may be made as would be obvious to a person skilled in the art having the benefit of this disclosure. It is intended that the invention embrace all such modifications and changes and, accordingly, the above description to be regarded in an illustrative rather than a restrictive sense.

Claims

1. A system, comprising:

at least one processor; and

a memory, storing program instructions that when executed by the at least one processor cause the at least one processor to implement a control plane for a managed blockchain service, the control plane configured to:

receive, via an interface for the control plane, a request to enable a node hosted in a private network to communicate with a blockchain network comprising one or more existing nodes that are hosted in the managed blockchain service;

determine one or more routes between the private network and a private network for the blockchain network in the managed blockchain service that enable the node to direct private communications to individual ones of the existing nodes in the private network of the managed blockchain service; and

cause one or more networking devices to add the determined one or more routes between the private network and the private network for the blockchain network in the managed blockchain service.

2. The system of claim 1, wherein to cause the one or more networking devices to add the determined one or more routes between the private network and the private network for the blockchain network in the managed blockchain service, the control plane is configured to: enable a load balancer in the private network of the managed blockchain service to:

listen at a plurality of ports for communications directed to a network endpoint created within the private network that hosts the node; and

3. The system of claim 1, wherein to cause the one or more networking devices to add the determined one or more routes between the private network and the private network for the blockchain network in the managed blockchain service, the control plane is configured to: cause a virtual traffic hub to include the one or more routes to route communications originating from the private network to the private network of the managed blockchain service and to route communications directed to the private network from the private network of the managed blockchain service.

4. The system of claim 1, wherein the managed blockchain service is implemented as part of a provider network, wherein the blockchain network was created responsive to a request associated with a first user account of the provider network, and wherein the node hosted in the private network is associated with a second user account of the provider network.

5. A method, comprising:

6. The method of claim 5, wherein causing the one or more networking devices to add the determined one or more routes, comprises:

7. The method of claim 6, wherein the node is an application node that sends one or more requests to the existing nodes of the blockchain network according to one or more (Application Programming Interfaces) (APIs).

8. The method of claim 5, wherein causing the one or more networking devices to add the determined one or more routes, comprises:

9. The method of claim 8, wherein the node is a peer node that sends one or more communications according to a gossip protocol for the blockchain network.

10. The method of claim 8, wherein the virtual traffic hub includes another one or more routes to route communications originating from another private network to the private network of the managed blockchain service and to route communications directed to the other private network from the private network of the managed blockchain service.

11. The method of claim 5, wherein the method further comprises:

12. The method of claim 11, further comprising:

further responsive to determining that the private network address for the second node conflicts with the existing private network address, providing a range of private network addresses that do not conflict with existing private network address in the private network of the managed blockchain service.

13. The method of claim 5, wherein the managed blockchain service is implemented as part of a provider network, wherein the private network that hosts the node is an on premise network external to the provider network, and wherein the private communications from the node are sent via a virtual private network (VPN) connection between the on-premise network and the provider network.

14. One or more non-transitory, computer-readable storage media, storing program instructions that when executed on or across one or more computing devices cause the one or more computing devices to implement:

15. The one or more non-transitory, computer-readable storage media of claim 14, wherein, in causing the one or more networking devices to add the determined one or more routes, the one or more non-transitory, computer-readable storage media comprise further instructions that further cause the one or more computing to implement: