What is Kubernetes? | green plus

kubernetes

What is Kubernetes?

In simple words, Kubernetes (aka. K8s) automates many of the processes involved in deploying, managing, and scaling containerized applications. But that’s what it does and not what it is. In fact, Kubernetes is an open-source container orchestration platform. This means it helps the organization/company to cluster together groups of hosts running Linux® containers and manage them easily and efficiently. This may answer one or two of your questions, but no you probably ended up having more questions at this point. Here are some of them that we assumed the reader needs the answer to.

What is a Kubernetes cluster?

A set of nodes that run containerized applications. Containerized applications are applications that run in a container (isolated runtime environments). These isolated environments encapsulate an application with all its dependencies, including system libraries, binaries, and config files. Containers are more lightweight and flexible than virtual machines. Thus if the containerized applications use Kubernetes, development, movement, and management of the applications can become much easier.

Kubernetes clusters let containers run across multiple machines in different environments – such as physical, cloud-based, virtual, and on-premises. K8s containers – unlike virtual machines – are not limited to a specific operating system. They can share operating systems across machines and run on various operating systems simultaneously.

The structure of Kubernetes clusters

API server: It exposes a REST interface to all the resources. In other words, it is the front end of the K8s control panel.

Scheduler: Checks the required resources and metrics of each container and places them accordingly. Checks Pods to ensure that they are assigned to a node. If not, it will select the nodes for them so they can run on them.

Controller manager: Runs controller processes. Reconciles the cluster’s initial state with its desired specifications. And manages controllers such as replication controllers, node controllers, and endpoint controllers.

Kubelet: Makes sure that each container is running in a Pod. This is done by an interaction with the Docker Engine. Docker Engine is the default program for creating and managing containers. We won’t dive too deep into this process as it makes the article complicated and is not relevant enough to the title anyway.

Kube-proxy: Maintains network rules across nodes and manages network connectivity. It implements the “Kubernetes Service” concept in all nodes of the cluster.

ETCD: Stores all the data of a given cluster.

What is container orchestration?

Containerized workloads and services require a lot of operational effort to run well. With container orchestration, a big part of the required work to run such services will be automated. Without that, those works should be done manually; which takes more time, more human resources, and more money.

Containers are ephemeral. Running them in production can easily become a challenge due to the high amount of required effort. If one pairs them with micro-services – which usually run in their own individual containers – this can easily lead to having a big tree of thousands of nested containers. This can be the main reason why a large-scale system needs to automate tasks such as the management and scaling of containerized applications. Kubernetes is one of the best solutions for this problem. And here is why:

Why should we use Container Orchestration?

Simply saying, the key to working with containers is container orchestration. With it, an organization can unlock the full benefit of containers. In addition to this benefit, orchestration has its own benefits as well:

Simplifying the operations: Literally the most important benefit of container orchestration and the main reason why Kubernetes adopted it. As said, the amount of complexity containers have is not controllable without orchestrating them.

Boosting resilience: Orchestrating containers allows them to automatically restart or scale (up or down), increasing the resilience of them significantly.

Adding more security: The automatic nature of container orchestration allows containerized applications to get rid of human errors by eliminating the need for manual management of the container. Thus increasing security and stability.

What are containers?

Containers are a method to build, package, and deploy softwares. Although they are not exactly the same thing, they are still similar to virtual machines (VMs) regarding their use case. One of the most important differences is the fact that containers are isolated and abstracted away from the infrastructure and the underlying operating system that they are running on. Or in simpler terms, a container, in addition to the application itself, also includes everything that the code requires to run properly. This is how it is isolated from the OS and the rest of the infrastructure.

But why do we have to do such a thing? Well, this isolation has several benefits which some of them are:

Portability: As you might already have guessed, the main benefit and the main reason to use containers is that they make the application portable. They are built to run in any environment. This makes containerized apps and workloads easier to move between different cloud platforms. One of the ways it achieves this simplicity is that there is no need to rewrite a large part of the application in order to port it to a new operating system and or a new cloud platform. In fact, the application does not care that much about the platform as it is isolated from it anyway.

Simplifying the development: Containers remove the need to ensure that the application is compatible and works properly across all platforms. This saves a lot of time for developers, letting them spend it on the core of the application. And making it easier and faster to patch issues and merge pulls without making extra development branches for each platform.

Reducing resource utilization and Optimizing the execution: As said, containers are lightweight. It allows a single machine to solely run many of them at the same time. Saving resources and optimizing the execution of the app.

Kubernetes advantages

Kubernetes is all about optimization. By automating many of the DevOps processes, it gets rid of the necessity of manually doing them. K8s services provide load balancing and simplification of container management on multiple hosts. It makes it easy for an enterprise to provide wider scalability, more flexibility, and better portability for its apps. By its automatically managed containerization, it saves the time of the software developers to better it spend for productive development.

In fact, after Linux, Kubernetes is the fastest-growing open-source software project in history (link to https://www.cncf.io/reports/kubernetes-project-journey-report/) according to a 2021 study by the Cloud Native Computing Foundation (CNCF). Numerically speaking, the number of Kubernetes engineers grew by 67 percent to 3.9 million from 2020 to 2021. This means 31 percent of the whole 12.6 million backend developers in the world were Kubernetes engineers in 2021.

But this is not all of the benefits of Kubernetes. The following is a list of the top 7 benefits of using Kubernetes:

Container Orchestration savings

Many types and sizes of companies found themselves saving on their ecosystem management by automating manual processes using K8s. Kubernetes automatically provisions and fits containers into nodes to utilize various resources in the best way possible. Some public cloud platforms calculate the management fees in relevance to the number of clusters used by the application and its workload. This means running fewer clusters can reduce the number of API servers and other redundancies in use. Leading to less overall fees and the saving of money. So it saves on developer operations, resource usage, and money. The first two actually also save money indirectly.

After configuring Kubernetes clusters, apps will run with minimal downtime and maximal performance. They will require less support when a node or pod fails as K8s can repair most problems automatically and without human interference. This container orchestration solution increases workflows’ efficiency by getting rid of the need for doing repetitive processes. This not only leads to needing fewer servers but also reduces the clunkiness of and increases the efficiency of administration.

Increasing DevOps efficiency (especially for microservices architectures)

Development, deployment, and testing of an application across multiple cloud platforms with different environments – operating systems and infrastructures – is not an easy task. Implementing microservices architectures in such ecosystems can make things even harder. A developer team should constantly check every platform and environment they use to ensure that the application is running correctly, efficiently, and safely. Such multi-platform ecosystems can lead to an extremely branched development roadmap with a lot of repetitive tasks and QAs for each platform. All these issues make creating virtual machines inefficient and illogical compared to instead creating containers; Specially orchestrated containers.

This is a literal disaster for a development team. So the sooner a dev team deploys Kubernetes during the development cycle, the better. The sooner they do it, the fewer will be mistakes down the road as they can test the code early on. They waste less time scrimmaging with traditional solutions such as virtual machines.

Apps based on microservices architecture are made of separate functional units that communicate with each other through the APIs. This makes the IT department of an organization able to separate itself into small teams, each working on single features, which leads to more efficiency in the end.

Deploying apps and workloads in multi-cloud environments

Thanks to Kubernetes, workloads can exist in a single cloud or be on multiple could services no matter what, and easier than ever. Kubernetes clusters allow the migration of applications from on-premises infrastructures to hybrid deployment across any cloud provider’s cloud. No matter if the cloud is public or private. no matter what operating system it is using. It just works; Without losing any of the performance and functionalities of the application. This lets an enterprise or an organization easily move their workload or application to a closed source or proprietary system without facing any lock-in in the process. GreenWeb offers straightforward integrations with Kubernetes-based applications with no need to refactor the code in most cases.

More portability – Less vendor lock-in

Using containers for your app is more agile to handle and more lightweight for handling virtualization than virtual machines. That is because containers only contain the resources that the application actually needs. For the rest, it uses the features and resources of the host operating system thanks to its abstract nature. Containers are smaller, faster, and easier to port as already mentioned. For example, using four virtual machines to host four applications requires four instances of a guest operating system to run on that server. But using containers as the approach means the developer can contain them all within a single container where they share one version of the host OS.

Automating deployment and scalability

Kubernetes schedules and automates container deployment across multiple compute nodes. It does not matter if it is on a public cloud, on-site virtual machines, or physical on-premises machines. Its automatic scaling feature allows teams to scale up or scale down the application effortlessly to faster meet the demand. Automatic scaling starts up new containers on demand when a heavy load or a spike happens. It observes the CPU usage, memory allocations, and other custom metrics in real-time to find the demand for higher computing power. As an example, in times of online events – such as Black Friday offers in an online shop –  the requests increase massively in a second, making manual management inefficient. When the demand spike is over, K8s automatically scales down resources to avoid wasting resources. But it can also roll back as fast as possible if something goes wrong.

Improving apps’ stability and availability in a cloud environment

Kubernetes automatically places and balances containerized workloads and appropriately scales the cluster to accommodate the increase and decrease of demand and keep the system live and efficient. This lets the developers run their containerized applications more reliably. If one node of a multi-node cluster fails, K8s automatically redistributes the workload to other nodes without disrupting the availability of the application to users. It also has self-healing features such as restarting, rescheduling, and or replacing a container when it fails or when a node dies. It allows developers and engineers to roll updates and patches without downing the app.

Being open-sourced

Kubernetes is a project led by a community rather than a company with limited human resources and knowledge base. It is fully open source, which means the developers can customize it however they want. And more importantly, it means the solution is free for everyone, forever! The open-source license allows it to have a huge ecosystem of other open-source tools and plug-ins designed to use with it. The platform’s strong support means there is constant innovation and improvement to K8s, which protects your free investment in the platform. It means you are not locked into a technology that may become outdated anytime soon.

Kubernetes history and ecosystem

Announced by Google in mid-2014, Kubernetes was created by Joe Beda, Brendan Burns, and Craig McLuckie. Very soon, other Google engineers joined them, including Tim Hockin. The development and the design of Kubernetes were influenced by Google’s Borg cluster manager. In fact, many of the developers of K8s had previously worked on Borg. The seven-spoked wheel logo of it is inherited from its initial name, Project 7 – from the Star Trek’s ex-borg character Seven of Nine -. Kubernetes is written in Golang (Google’s alternative to C++).

Released on July 21, 2015, Kubernetes continued its development as a seed technology in the Cloud Native Computing Foundation (CNCF); A foundation formed by Google in collaboration with the Linux Foundation. In February 2016, the Helm package manager was released for Kubernetes.

Although Google was already offering managed K8s services, and Red Hat was also supporting it – as a part of the OpenShift family – since the announcement of the Kubernetes project in 2014, In 2017, the others rallied around it and announced adding native support for Kubernetes via cluster managers such as Pivotal Cloud Foundry (VMWare), Marathon and Mesos (Mesosphere), Docker (Docker, Inc.), Azure (Microsoft), and EKS (Amazon Web Services).

As of March 6, 2018, Kubernetes was the 9th project in the list of projects with the highest number of commits in GitHub, and 2nd in the list of issues (Issues let you track your work) as well as the list of the number of authors; Placing it right after the Linux kernel.

Kubernetes in Green plus

 

 

 

Private Blockchain VS Public Blockchain

Blockchain is a digitally distributed ledger, which eases the process of tracking assets and recording transactions in a business network. In terms of accessibility, there are two general forms of blockchain networks; Public Blockchain and Private Blockchain. In a Public model of a Blockchain network, anyone can join and participate in the core activities of the network. While in a private blockchain, only a single organization has authority over the network and also, accessibility can be permission per participant. We will compare “Public Blockchain vs Private Blockchain” deeper in the following article.

Public Blockchain

A Public Blockchain is one with public accessibility. It means anyone can participate in the core activities of the network. One can read, write, and audit an ongoing activity of such network. Basically, there is absolutely no restriction on participation. This is what makes the self-governing, and fully decentralized nature of blockchain networks a possibility. This type of network was in fact, the first type of Blockchain network to come out of the hands of the authors of Bitcoin.

Once people found the benefits of the technology used in Bitcoin, they started to utilize it for various uses. Although as expected, they eventually found some issues and limitations depending on how they wanted to use it and where they wanted to implement it. This made them come up with new types of Blockchain networks, each to get rid of different issues.

In a Public Blockchain, all participants have equal rights; no matter what. They have the highest level of security and the highest level of transparency. Thus making them the most trustworthy type of network for what they are designed for.

Still, nothing is perfect and so are these kinds of networks. They have their own flaws. They are mostly slower than other networks. Also, one can use them for illegal activities and remain anonymous without even worrying about it.

Pro – High Security

Public Blockchain companies always design their platforms with maximum security in mind. Vulnerability against hacks is something every company and organization that does not use Blockchain networks suffers from. In some cases, it can cause billions of dollars of loss.

Security protocols used in these networks can easily secure such companies against hacks and prevent lots of losses. Each platform has different security protocols but one can say almost all of them are robust.

Pro – Open Environment

As the name says, a Public Blockchain is open to everyone. Meaning, you can enjoy all the benefits of these services, no matter when, and no matter where you are, and also no matter who you are. All you need is a computer with internet access. 

Pro – Full Decentralization

Putting public Blockchain VS private Blockchain, the first one wins here. Unlike the other ones, public ones are fully and truly decentralized. Considering that every participant has a copy of the ledger, the nature of the public Blockchain is distributed as well.

Basically, such Blockchains don’t have any centralized entity. So the network completely relies on the nodes for its maintenance. Thanks to consensus algorithms, ledgers will be updated in a fair way.

Pro – Immutability

Once someone adds a block to the network, it cannot be deleted nor can be edited/changed. Even if someone tries to change a block, they are in fact creating a separate chain different than the original one.

Pro – User Freedom

As there is no top authority, there is no set of rules for a user to follow. No one controls what a user does and no one can regulate their deeds. No organization can stop you from downloading a node. A user can join a consensus whenever they want.

Once again, putting public Blockchain VS private Blockchain, public ones are the only ones to allow users to have this much freedom. A private Blockchain user cannot say that they have the same amount of freedom in their network.

Pro/Con – Anonymous Nature

In a public Blockchain, despite being open and transparent, you can always keep your identity hidden. And no one can track you using that. Public access to these networks could otherwise leave participants vulnerable, Thus the main purpose of this nature in such networks is the safety of participants. But still, flaws are flaws.

This “Pro” could be considered a “Con” by some people in the past. Until recently, criminals abused this anonymousness to their advantage and to do their illegal activities using platforms utilizing such Blockchains. In the end, it can be considered a general problem for almost everything. Everything can be used for good, or abused for bad, depending on its user.

Pro/Con – No Regulation

Public Blockchains do not have any regulations for the nodes to follow. This means the users are open to using it in whatever way that is better for them. However, this makes it unusable for Enterprises as they need a regulated environment.

Enterprises need this because their projects have specific requirements which can be followed much better in a regulated network. Making such Blockchains a bad choice for their internal uses. Although it still can be used for their external affairs with their customers. So having no regulation can also be an issue.

Con – High Energy Consumption

Maintenance of highly secured Blockchains usually consumes a lot of power. That’s because their consensus mechanisms mostly require participants to compete in order to validate the information. And they will give the participants rewards for letting the network use their machines’ processing power. However not all public Blockchains have this problem. Some of them use different approaches which are more power efficient and don’t need energy-intensive validation processes.

Con: Data leak

This is a side effect of full transparency. The identity of participants is always hidden in the network. However, all records in the network, including transactions and the addresses involved, are visible to everyone. This means if someone somehow finds the network address of someone in real life, they can see all their transactions in that network. So even though the participant was completely anonymous until that moment, they may completely lose their anonymity at a glance. But the chances of such scenarios happening are justifiably low.

Con: Attracting Criminals

This one is a side effect of participant anonymity. If we consider that the possibility of a real-life data leak is low, then the anonymity of criminals can be the next problem. Public Blockchains are attractive for criminals as they can transfer money in a safe route without the fear of getting caught by authorities.

Private Blockchain

A private Blockchain, unlike its public counterpart, is not as fully decentralized. But it is still a distributed ledger and still considered decentralized. This type of network operates as a closed database. It is secured with cryptographic concepts depending on an organization’s needs.

A private Blockchain requires an invitation for participants which must be validated. This validation should either be done by the network starter or the set of rules the starter made for the network. This is the case if the organization or the company sets up a permissioned network – which is the usual case – such as Hyperledger Fabric.

The access control mechanism can vary depending on the needs of the company or the organization. A regulatory authority can be the one to grant access to the new participants. A consortium can be the one to grant this access. Or the existing participants could decide the future entrants.

The aforementioned Hyperledger Fabric network is an example of the implementation of permissioned private Blockchain. This project is one of the Hyperledger projects hosted by the Linux Foundation. It has been designed as a solution for the requirements of enterprises that demand Blockchain networks. Particularly talking, digital identity, as a fundamental need for enterprises, is a good example of such needs. It can be used for handling supply chains challenges, facilitating security-rich provider/patient data exchanges in healthcare, or disrupting the financial industry.

Only the entities who are the participants of a specific transaction will have knowledge and access to it. Permissioned private networks allow the user to have much greater scalability in terms of transactional throughput.

Pro: Full Privacy

Unlike the counterpart Blockchain model, private Blockchain solutions have a serious focus on privacy concerns. It can easily be said that if someone wants the highest level of privacy, the perfect choice for them is would be private Blockchain. As privacy is one of the most important challenges for enterprises, this solution can solve a lot of their problems once and for all.

Pro: Empowering the Enterprise

Private blockchains, in contrast to public ones, work in a way to empower the enterprises as a whole instead of individual employees.

Pro: Stability

Private Blockchains are much more stable compared to public ones. This is because the number of participants is in a specific and expected range. This means the pressure on the network doesn’t fluctuate depending on the active participants and ongoing transactions. Simply, in every Blockchain platform, there is a fee for completing a transaction.  But if the Blockchain is public, this fee can increase and decrease due to the unpredictable nature of the number of active nodes.

In other words, when the number of transactions increases, the time it takes to process them increases as well. Which results in an increase in the fee. But this is only the case if the Blockchain is public. When utilizing a private Blockchain, only a limited group of people can request transactions. Thus there is not any form of delay or slowdown in the process. Keeping the fee in a stable range.

Pro: Low Fees

Private Blockchains have extremely low transaction fees. As mentioned above, and unlike their public counterpart, in private Blockchains, the transaction fee does not increase by the number of requests and remains the same all the time. It does not matter how many people request transactions, the fees always remain fairly low and accurate. Thus any hidden cost will be eliminated.

Pro: Economy Friendly

A private Blockchain can, in fact, save an enterprise a lot of money. Maintenance of such Blockchains is quite simple compared the public ones. Blockchain platforms that are private only take up a few resources. While on the other hand, the public ones demand a lot of resources to support the big crowd of participants they have. This alone can save up a lot of money. Even though it still does not mean that private Blockchains are hugely cheap.

Pro: Regulation

Enterprises have a lot of rules and regulations that need to be followed almost perfectly by every member. And if someone does not follow a rule, there will be consequences for them according to the same set of rules. The regulation needs to happen in their network as well. Which makes private Blockchain a perfect choice for enterprises. In a private Blockchain, the exact same thing is possible. It allows the regulator to outline all the rules, and the participants have to follow them accordingly.

Con: Security

Private Blockchain in contrast to their public counterpart, are susceptible to data breaches and other security threats. The concern comes from the fact that there are only a limited number of validators used to reach a consensus about data and transactions – if there is a consensus mechanism involved anyway-.

Conclusion

As we reach the ending point of “public blockchain vs private blockchain” we feel the need for a conclusion. With all the differences and similarities between the two, they are both suitable for enterprise use cases if the company or the organization estimates their needs correctly.

Concluding the comparison, a public blockchain is accessible by anyone while a private blockchain can be accessed from inside the organization. The same goes for their read/write access. While it is true that both types are decentralized, there is still a difference between them in this regard. Public ones are fully decentralized, but private ones are only partially decentralized. The same goes for their immutability.

Public implementations of blockchain, while having high costs for transactions, are slow in terms of processing speed. While on the other hand, private implementations are the exact opposite; Fast and cheap.

In the end, by finding the right requirements of your company, and considering this comparison, you can choose the right type of blockchain for your company. Thus getting the most out of the features of your chosen blockchain. However, if your company needs a private blockchain, you can use Green Plus services, just contact us.

FAQ

  • What is an example of a public blockchain?
    1. Bitcoin, Ethereum, Litecoin, etc.
  • What is an example of a private blockchain?
    1. Quorum, Hyperledger Fabric, R3, Corda, …
  • Who uses a private blockchain?
    1. Businesses across several sectors, such as retail, healthcare, insurance, financial services, and even governments.
  • How do private Blockchains make money?
    1. Transactional fees. Institutions or businesses that use blockchain infrastructure have to pay a subscription fee and transaction fee to the developers.
  • Can blockchain be hacked?
    1. An attacker—or group of attackers—could take over a blockchain by controlling a majority of the blockchain’s computational power, called its hashrate.

What is Hyperledger Fabric and how it works?

Hyperledger Fabric is an open source and modular framework thats  was launched by the Linux Foundation in 2015. follow us in this article to more know about Hyperledger fabric, its usecases  and how it works.

What is Hyperledger Fabric?

Hyperledger Fabric is one of the most popular distributed ledger (aka. Blockchain) protocols. It provides support for private transactions and confidential contracts, unlike traditional blockchain networks. These issues are of utmost importance for businesses, which resulted in the design of Hyperledger fabric as a response. Being a modular, scalable, open-source, and secure foundation is the key for this blockchain protocol to become a global solution for businesses.

What makes Hyperledger Fabric different from some other blockchain systems is the fact that it is private. The support for membership-based permission system allows the ability to verify the identity of participants. This ability is a primary requirement for a business sector, as it allows them to control data access for each member specifically. A lot of business sectors, like health care, finance, and education, need this ability, and if a protocol system doesn’t support it, it’s enough for them to not use it.

How does Hyperledger Fabric work?

Modular architecture

Transaction processing workflow

 Hyperledger Fabric uses a three-stage transaction processing workflow. These stages are:

1-            distributed logic processing and agreement of the system

2-            transaction ordering

3-            transaction validation and commitment

Smart contract: This processing workflow is a smart contract system called chaincode. Smart contract is a self-executing contract system with the terms of agreement being directly written into the code. The code – which exists in the blockchain network – controls the execution of the transaction. It’s irreversible and trackable.

Benefits of this workflow

 This workflow segregates the aforementioned steps for multiple reasons, including:

  • A reduced number of trust levels and verification that keeps the network and processing clutter-free
  • Improved network scalability
  • Better overall performance

Plug-and-Play

 Hyperledger Fabric supports the Plug-and-Play of different components, which allows the reuse of already existing features and ready-made integration of various modules. This means, for example, if an enterprise-level network already has a function for a specific action – like verification of a participant’s identity – they don’t have to make the function from the scratch. Instead, they only have to plug the existing module and reuse it.

Roles of participants in the network

 There are 3 different roles for participants of the network. Endorser, Committer, and Consenter. The process of a transaction has 4 levels in the first stage, 2 levels in the second stage, and 1 level in the final stage. These 7 stages are:

  • Application submits a proposal to the endorsing peer.
  • Chaincode (the smart contract) will be executed to simulate the proposal in peer.
  • Endorsing peer sends the response of the proposal back to the application.
  • The application submits the transaction to the ordering service.
  • The ordering service creates a batch of transactions.
  • The ordering service sends the batch to the committing peer.
  • Committing peer validates transactions and commits block to the blockchain.

This system also enhances the performance and scalability of the network thanks to only sending confirming instructions – signatures, read/write sets, … – across the network. Only committers and endorsers can access the transaction, which further increases security by limiting the participants who have access to key data points.

Benefits of Hyperledger Fabric

There is always a reason why someone designs/invents something new. And this technology is not an exception. Finding the issues and improvement headroom of the predecessor technologies and solving them, will lead to the benefits of using the successor technology. Hyperledger Fabric has several benefits over traditional some other blockchain services which some of which are in the list below:

Permissioned network 

A traditional blockchain is built upon several anonymous participants of an open network. While Hyperledger Fabric Establishes decentralized trust in a network of known participants. This means the blockchain is not publicly accessible and only verified users have access to it. The users can only perform specific actions that the administrator granted them their access.

Confidential Transactions

 Confidential Transactions keep the amount and type of assets transferred visible only to participants in the transaction. In other words, it makes you able to expose only the data you want, only to the parties you want.

Pluggable architecture

 You can tailor your blockchain network to your needs thanks to the plug-and-play structure of Hyperledger Fabric. This means you don’t have to make a one-size-fits-all network. And also means you don’t have to make all the functions from the scratch – as said before -.

Easy to get started with Hyperledger Fabric

 Program the required smart transactions the way you want. With the language you and your team work with. There is no need to learn new/custom languages for the sake of working with this service.

You can get some of these benefits with traditional centralized networks unlike some other types of blockchain networks. But you have to leave the base benefits of blockchain behind. With Hyperledger Fabric you can get the most benefit from both types of networks.

Industry Use Cases for Hyperledger Fabric

Like any other innovation or new technology, it takes time for the value of Hyperledger Fabric to finally emerge. But at the moment, there are still a lot of real-life uses for this private blockchain network.

Tamper-proof audit trail

Tamper-proof audit trail – as the name explains – means your data is secured against tampering. But when does tamper-proof auditing matters? For example, when tracking invoices, settling internal payments, managing referrals, managing access to records, or tracking supply, tamper-proof auditing plays its role.

Managing data access

 Keeping track of records and who has access to them, is one of the many use cases of the feature – Tamper-proof audit trail -. In an example implementation, consider an app that manages medical record storage for patients and doctors utilizing Hyperledger Fabric. Patients use their private key to access a “patient” portal and can grant and revoke access to doctors. Doctors also use their private keys to enter their “doctor” portal and add or edit records and procedures of a patient who previously granted them the access.

Tracking supply chain network and origin

 One can also use tamper-proof audit trail to track a supply chain. Blockchain can be a big technological leap for supply chain related businesses. Take a pharmaceutical supply chain as an example. In this example, we will explore the role of a blockchain-based platform in digital interactions that allow us to track the shipping of a product. We have to make sure the product has been shipped from a valid source and has traveled through the supply chain in the right condition. Counterfeited drugs and or mishandling of them cause billions of dollars of loss to big pharmaceutical companies each years; Thus making the tracking of supply chain an important process.

Hyperledger Fabric in Financial settlement

 One of the very first use cases of blockchain was amongst the payment related businesses. Transferring money as quick and as cheap as possible is one of the simple examples of utilization of Hyperledger Fabric for financial settlement. Cryptocurrency enables real-time money transfers anywhere in the world. Thanks to cryptographic guarantees, blockchain simplifies the process of peer-to-peer payment by making sure the users can’t spend their tokens twice. Double-spending is problem that if not using blockchain, needs the use of third-party financial institutions – like banks and credit rating agencies – to be avoided.

This advantage, thanks to removing the need of third party, makes the process of transaction of money much faster and saves your money from being paid for operating costs. And here come things like hyperledger fabric for things like internal settlements.  This service offers a way to carry out and manage payments between an organization’s branches or between close partners. An open and transparent blockchain solution helps organizations to ensure trust and create a transparent record. So the participants of the network can see where a transaction goes and why it goes there.

Invoice processing

 Invoice processing, due to its complexity, can cause trouble for large organizations that have a lot of offices around the globe. Yet to this day, some organizations or some of their branches still do it manually. Which of course, can get too complicated and take a lot of time; And we are not even talking about the potential errors within the process. On the other hand, centralized record-keeping software can reduce the transparency of the process, and even cause chaos when the organization doesn’t grant the access to other related participants of the network. Meanwhile, using Blockchain enterprise systems such as Hyperledger Fabric brings a perfect level of transparency, allowing all participants to observe any modification on the records or any addition/removal.

Commission Management

 Hyperledger permissioned blockchain projects can also help with the tracking of commissions and show a clear history of accepted works and its payments, just as good as it helps with the processing of invoices in an efficient manner. Especially for conglomerate companies that operate in multiple countries across the world, this can be a useful network system as the solution; Because such companies always struggle with referral payments and the management of their commissions. Whether a company has a partner who uses a different accounting system, or the partner provides the data in a low-quality (probably with a lot duplicates) shape, or maybe even intentionally misrepresents the commissions, an application which utilizes Hyperledger Fabric can help the company to establish the order.

Enterprise blockchain for contract validation

 Companies that have many branches and a lot of partners can make their ecosystem using a private blockchain network such as Hyperledger Fabric. Today, doing things like issuing an invoice or renewing a contract, it’s either manual or a semi-manual automation. Companies who don’t use blockchain have to integrate multiple systems and fight data silo problems (= when one information system or subsystem is not capable of reciprocal operation with others). While with blockchain, you will get a unified place to store all your information in a consistent and transparent approach. Furthermore, blockchain smart contracts can be used to trigger new automatic actions when the contracts expire. The smart contract’s behavior can be adjusted for specific asset types and treat product and service delivery different than inventory sales.

You can also combine other features like invoices and internal payment to your contract validation feature. As always, one of the biggest challenges that large companies struggle with is transparency and trust between parties. And as always, a private, permissioned blockchain, together with traditional IT solutions, can resolve these problems.

Blockchain-based time-sensitive distribution

 From the beginning of the pandemic of Covid-19 in 2019, scientists began to find a solution to lower the rate of spread of the virus to almost zero. The introduction of various vaccines was the solution as expected. The problem came up when the demand raised too much – although it was expected -, traditional distribution system could easily fail to find potential frauds and counterfeits which caused by the high demand. It also was not as time-sensitive as it should have been and could cause a lot of losses in the number vaccine dozes; Especially considering the pricelessness of them at the early stages of the vaccination.

And this is how blockchain solved all the aforementioned challenges at once. Tech Mahindra – an Indian multinational IT services and consulting company – has made an interesting Hyperledger Fabric based system, called VaccineLedger. VaccineLedger was actually developed in cooperation with a startup funded by Unicef and Gavi (an international organization to improve access to new and underused vaccines for children living in the world’s poorest countries). Thanks to this new system, distribution and monitoring of the vaccine can be done with precise information on the logistics, temperature, current location, purchase orders, and transport conditions, leading to a smooth operation. Read more about VaccineLedger in Forbes

GreenPlus Hyperledger Fabric

GreenPlus Managed Blockchain is a fully managed service that allows you to set up and manage a scalable Hyperledger Fabric blockchain network with just a few clicks. Managed Blockchain eliminates the overhead required to create the network, and automatically scales to meet the demands of thousands of applications running millions of transactions. Once your network is up and running, Managed Blockchain makes it easy to manage and maintain your Hyperledger Fabric network. It manages your certificates and lets you easily invite new members to join the network.

Get started building a Hyperledger Fabric blockchain network in minutes with Greenplus  here.

 

Blockchain

What is a blockchain?

Information is essential to business. The faster and more precisely it is received, the better. Blockchain is the best technology for delivering that information because it offers a real-time, shareable, and complete, immutable ledger that stores transparent data and can only be accessed with network members’ permission. Orders, payments, accounts, production, and more may all be tracked via a Baas. Additionally, you can see every aspect of a transaction from beginning to end because all members have access to the same information. This gives you more confidence and opens up new options and efficiency. If you want to know more about BaaS, follow us in this article.

What is a blockchain (BaaS)?

BaaS is a blockchain service that enables users to create, utilize, and host their BaaS functionalities, apps, and smart contracts using cloud-based services.

How Does BaaS Work?

The BaaS provider receives payment from the customer for establishing and managing blockchain-linked nodes on the client’s behalf. A BaaS supplier operates the client’s business’s back end.

A Blockchain-as-a-Service provider is in charge of maintaining the blockchain infrastructure. A BaaS operator handles efficient resource allocation, bandwidth management, and hosting needs. Clients who use a BaaS model may concentrate more on their core businesses and the operation of their blockchains without worrying about infrastructure and performance difficulties.

Think of the blockchain as a service akin to a web host.

You create inventive websites that receive millions of daily visitors and hosts.

Benefits of blockchain

Operations frequently squander time and resources on third-party validations and duplicate record keeping. Systems for preserving records may be susceptible to fraud and online threats. A lack of openness may slow data verification. And the number of transactions has multiplied since the introduction of IoT. We need a better solution because this slows down the company and depletes the bottom line. Here comes blockchain. Learn about the benefits of blockchain in the rest of the article.

increased security

Blockchain technology fundamentally changes the way you view your sensitive and essential data. Generating a record that cannot be changed and is encrypted end-to-end of BaaS reduces fraud and unlawful behavior. Employing permissions to restrict access and anonymize personal data may also solve privacy concerns on the BaaS. In order to prevent hackers from accessing data, information is kept across a network of computers rather than on a single server.

Greater transparency

Without blockchain, every company needs to maintain a different database. BaaS employs a distributed ledger, which ensures that transactions and data are recorded consistently across all locations. Full transparency is provided since any network user with permissions may see the same data simultaneously. All transactions are time- and date-stamped records with immutability. Thanks to this, members may access the whole transaction history, almost eliminating the possibility of fraud.

Instant traceability

Blockchain establishes an audit trail that records an asset’s origins at each stage of its travel. This supports the argument in industries rife with fraud and counterfeiting and in enterprises where clients are concerned about a product’s environment or human rights issues. BaaS makes it feasible to communicate provenance information to customers directly. Data on traceability revealed weak points in any supply chain, such as where items may be stored on a loading dock while being transported.

Increased efficiency and speed

Traditional paper-intensive procedures take a long time, are subject to human mistakes, and frequently need for third-party mediation. Transactions may be finished more quickly and effectively by automating these operations with BaaS. The BaaS may hold documentation and marketing information together, doing away with the necessity for paper exchange. Clearing and settlement may happen considerably more quickly because there is no need to reconcile several ledgers.

Automation

Traditional paper-intensive procedures take a long time, are subject to human mistakes, and frequently need for third-party mediation. Transactions may be finished more quickly and effectively by automating these operations with BaaS. The blockchain may hold documentation and marketing information together, doing away with the necessity for paper exchange. Clearing and settlement may happen considerably more quickly because there is no need to reconcile several ledgers.

Types of blockchain networks

There are different types of BaaS. Follow us to learn more now about this.

Public Blockchain

Anyone may join and utilize a public BaaS, like the one used by Bitcoin. Possible negatives include:

  • The need for processing power.
  • A lack of privacy for transactions.
  • Shoddy security.

These are crucial factors to consider for BaaS use cases in businesses.

Private Blockchain

A private blockchain network, or a decentralized peer-to-peer network, is comparable to a public blockchain network. A single entity, however, controls the network’s governance, executing a consensus procedure and managing the shared ledger. Depending on the use case, this can significantly increase participant confidence and trust. Running a private BaaS behind a company firewall and hosting it on-site are options.

Permissioned blockchain networks

A permissioned BaaS is a type of blockchain that requires permission to join. Both private and public baas types can be included in this category. Of course, most private blockchains use this feature.

Consortium Blockchain

The duties of maintaining a BaaS can be split among several organizations. Who may submit transactions or access these previously chosen organizations decide upon the data? When all participants must have permission and share ownership of the blockchain, a consortium BaaS is the best option for business.

Conclusion

A potential idea is a BaaS, which provides businesses with scalable solutions based on blockchain technology to help them prepare for the future.

Make your business processes more effective, durable, and secure using the greenplus blockchain service.

cdn

What is CDN? | GreenWebPlus

 

Have you ever had a philosophical look at supermarkets? Places to access the goods you need. That makes it unnecessary to go to the factory’s warehouse. This is precisely what “CDN” does. CDN helps by saving a copy of the static content of your origin server in different pop sites, so you don’t need to connect to the source server every time to get the content you need, but it makes it possible for you to access it from the closest place. Follow this article to know more about CDN.

What is a CDN?

A network of geographically dispersed servers called a content delivery network (CDN) speeds up the delivery of web material by bringing it closer to the users. Caching, a technique that temporarily saves copies of files, is used by data centers worldwide so that you can access internet material through a web-enabled device or browser more rapidly through a server close to you.

CDNs cache web pages, pictures, and videos on proxy servers close to your location. This eliminates the need to wait when performing tasks like watching a ­­movie, downloading software, checking your bank account, posting on social media, or making transactions.

What are the benefits of CDNs?

Now that we understand what a CDN is, it’s time to look at the CDN benefits. Of course, the benefits of CDN are many and vary depending on each business, but in the following sentences, we will bring you the most important ones.

Improving website page load times

Visitors get quicker webpage loading times because of a nearby CDN server, which enables online content delivery closer to website visitors. A website with a long page load time typically has more visitors who click or leave. The rating of the website on search engines may potentially suffer as a result of this.

Therefore, having a CDN can decrease bounce rates and increase the time users stay on the site. Thus, a website that loads quickly will attract more people and keep them there longer.

Reducing bandwidth costs

The data that makes up the content a user asks for from a website or an online application must travel over physical paths to the user’s device. However, the bandwidth usage increases with the distance these assets must travel to reach their destination. In the end, this raises the price of bandwidth for firms.

High-resolution video and graphics are preferred by the online community, which makes the issue worse by adding to the data burden.

A CDN can reduce the quantity of data and distance needed to fulfill a user’s request by caching content data at network edge servers. Instead of connecting to the origin server, the cached version of the website is retrieved.

Increasing content availability and redundancy

Redundancy and availability of content are rising. Hardware issues or high online traffic might disrupt a website’s usual operation and cause downtime. A CDN can manage more web traffic and withstand hardware failure than multiple origin servers because of its distributed architecture. In addition, other active servers can take over and maintain service continuity if one or more CDN servers go unavailable for any reason.

Improving website security

It is perfect for reducing DDoS assaults since it uses the same procedure that CDNs use to handle traffic spikes. These are attacks when hostile actors send a large number of requests in an attempt to overwhelm your application or origin servers. Customers’ access to the website may be affected if the server goes down because of the volume.

A CDN effectively serves as a DDoS mitigation and protection framework, with the GSLB and edge servers dispersing the load evenly throughout the network’s total capacity. Additionally, CDNs can offer certificate administration and automatic certificate issuance and renewal.

How does a CDN work?

To understand how a CDN work, you must first comprehend the origin and edge of web servers in order.

origin server

A computer running one or more programs designed to listen for and respond to incoming internet requests is known as an origin server.

edge servers

The term “edge servers” describes servers (compute resources) that carry out processing at an edge location, anywhere along the edge spectrum, typically from on-premises edge to regional edge.

 

CDN makes a copy of the static content of your origin server and caches it in different geographical locations (edge servers are the same servers that store your copied content.). This way, CDN makes accessing your website easier for people from different parts of the world.

Conclusion

In this article, we tried to introduce you to the concept of CDN and how it works. In addition, we have listed the benefits of CDN for you. We hope this article was helpful for you. Finally, don’t forget that it is better to go for advanced cloud technologies as soon as possible to develop your business and forget about traditional infrastructure. GreenWebPlus CDN is at your service for the best development of your business.

CDN WordPress Compatibility

What Can a CDN That Is Compatible with WordPress Do?

CDN can speed up your WordPress website

How Content Delivery Networks (CDN) Can Impact SEO

Improve the speed of your website by CDN

DDoS attcks and How to prevent them

All about DDoS Attacks and How to Prevent Them

It is vital to have uninterrupted service whether you operate a small business or a personal website. If your website is slow or entirely unavailable, you may lose users and clients.

To build the most satisfactory security solution, every business owner must understand Distributed Denial of Service (DDoS) attacks thoroughly. Navigating DDoS attack types and their key characteristics is an important technique to gain expertise. 

What are DDoS Attacks?

DDoS attacks are carried out via networks of Internet-connected computers. These networks are made up of computers and other devices (such as IoT devices) that have been infected with malware. This allows an attacker to manage them remotely. Individual devices are known as bots (or zombies), while a network of bots is known as a botnet. After establishing a botnet, the attacker may conduct an attack by sending remote commands to each bot.

These attacks try to take down or slow down the targeted website by flooding the network, server, or application with fake traffic. DDoS attacks are malicious attempts to render internet services unavailable to users, frequently causing their hosting server to be temporarily interrupted or suspended. Because each bot is a legitimate Internet device, distinguishing attack traffic from regular traffic can be difficult.

DDoS attacks on websites and organizations of all sizes are common. GitHub was hit by one of the most remarkable DDoS attacks in 2018, taking the company’s website down for ten minutes. A DDoS attack disrupted the BBC’s whole network of websites in 2015. Moreover, numerous South African banking websites were targeted by ransom-driven DDoS attacks in 2019.

How to identify a DDoS attack?

The most visible indication of a DDoS attack is a site or service that becomes unexpectedly slow or inaccessible to legitimate traffic. However, even a minor shift in lawful traffic might cause many problems. Thus it is vital to look at a plethora of additional evidence. Users who have the same behavioral profile, device type, geography, or web browser version will generate a flood of traffic. DDoS attacks’ telltale signals can be detected using traffic analytics software. The server returns a 503 error and a service outage. Ping requests and TTL time-outs are also possible.

What are some common types of DDoS attacks?

Broadly speaking, DoS and DDoS attacks can be divided into three types:

  • Application Layer Attacks
  • Volume-based Attacks
  • Protocol Attacks

Application layer attacks

The purpose of application layer or layer 7 DDoS attacks (referring to the OSI model’s 7th layer) is to deplete the target’s resources and cause a denial of service. Layer 7 attacks are difficult to protect against since it might be difficult to distinguish between malicious and genuine communication.

An application-layer attack targets an application and particular vulnerabilities or flaws, preventing the program from communicating with or delivering content to its users (s).

Application Layer Attacks include low-and-slow attacks, GET/POST floods, and attacks against Apache, Windows, or OpenBSD vulnerabilities, among other things. The scope of the attack is measured in Requests per second (Rps).

The fundamental efficacy of most DDoS attacks stems from the difference between the resources required to launch an attack and the resources required to absorb or neutralize one. While this is true for L7 attacks, the efficiency of influencing both the targeted server and the network needs less total bandwidth to produce the same disruptive effect; an application layer attack does more significant harm with less total bandwidth.

An attacker may use a layer seven or application layer attack to target the application itself. Like SYN flood infrastructure attacks, the attacker attempts to overload particular components of an application to render it inaccessible or unresponsive to legitimate users. This is sometimes possible with very low request volumes that create only a modest amount of network traffic. As a result, the attack may be challenging to identify and neutralize. Examples of application-layer attacks are HTTP floods, cache-busting attacks, and WordPress XML-RPC floods.

An attacker launches a WordPress XML-RPC flood attack, also known as a WordPress pingback flood, against a website running on the WordPress content management platform. The attacker uses the XML-RPC API function to send a flood of HTTP requests. The pingback function allows a WordPress-hosted website (Site A) to alert another WordPress site (Site B) via a link that Site A has built to Site B. Site B then seeks to retrieve Site A to confirm the existence of the link. The attacker leverages this capability in a pingback flood to induce Site B to attack Site A. These attacks have a distinct signature: WordPress is generally included in the HTTP request header’s User-Agent field.

An attacker can choose to exploit the TLS negotiation process if a web application is served through Transport Layer Security (TLS). TLS is computationally costly; therefore, an attacker can degrade service availability by producing extra stress on the server to treat unreadable data (or incomprehensible (ciphertext)) as a genuine handshake. An attacker completes the TLS handshake but constantly renegotiates the encryption mechanism in a variant of this attack. In addition, an attacker can exhaust server resources by opening and closing many TLS sessions.

How can a CDN counteract DDoS attacks?

If your website is the subject of a DDoS attack, a CDN will ensure that the assault does not reach the origin server, rendering your site inoperable. When a server receives more traffic than it can manage, it simply forwards it to other servers. There will be no downtime for your website. Users won’t notice anything, and you won’t either.

Other methods for preventing HTTP floods include the usage of a web application firewall, traffic management and filtering using an IP reputation database, and on-the-fly network monitoring by engineers.

Green Plus CDN can evaluate traffic from several sources, mitigating possible attacks with continually updated WAF rules and other mitigation measures, often before they occur or have a chance to occur.

3 Techniques Mitigate Application Layer DDoS Attacks

Captcha and JavaScript Challenges

CAPTCHA verification is a web technique for determining if a user is a genuine person or a spam machine. CAPTCHAs provide users with altered letters or symbols that must be deciphered by humans. Another method for filtering requests from botnets or attack machines uses JavaScript computational challenges. Most botnets are incapable of dealing with such complicated difficulties.

Behavioral Analytics

Behavioral analytics is a security method that leverages AI and machine learning technologies to analyze and record user and object behavior. It then identifies any unusual activity or traffic that does not fit the typical/daily trends. This approach employs sophisticated analysis, data from logs and reports, and threat data to successfully identify anomalies that may signal hostile behavior. According to computer experts, this strategy allows for the precise detection of rogue actors that may threaten your system.

Web Application Firewall

A web application firewall protects your apps from the internet. An intelligent WAF can manage, filter, and analyze traffic from many sources. WAFs work with the aid of rules and policies that can be easily and quickly customized and updated. This allows it to respond to assaults more quickly. A WAF is the most effective defense against some of the most popular DDoS assaults, including layer seven attacks. Managed WAFs filter layer seven traffic and provide data to cybersecurity specialists who can identify malicious traffic attempting to disrupt your services.

green and gray computer and server

What Is a DNS Server?

To know about a DNS server, first, we need to elaborate on what a server is. A server is a device or software that provides services to other programs known as ‘clients.’ DNS clients, which are included in most current desktop and mobile operating systems, allow web browsers to communicate with DNS servers.

What is a DNS server?

The Domain Name System (DNS) is the Internet’s phonebook. When users input domain names like ‘google.com’ into web browsers, DNS is in charge of determining the correct IP address for those sites. Browsers then use the addresses to interact with origin servers or CDN edge servers to access website information. This is made possible by DNS servers, which are machines specialized in responding to DNS requests.

A DNS server’s goal is to convert what users put into their browser into something that a computer can understand and use to find a website. In other words, its function is to translate a domain name like www.example.com into an IP address like 71.232.101.120.

Thanks to DNS servers, people no longer have to memorize complicated IP addresses such as 216.58.217.206, Google’s IP address. They only need to remember www.google.com.

This translation process, known as DNS resolution, necessitates the use of many hardware components. The primary DNS server is the most critical.


How do DNS servers respond to DNS queries?


Four servers work together to send an IP address to the client in a standard DNS query without caching: recursive resolvers, root nameservers, TLD nameservers, and authoritative nameservers.

The DNS recursor (also known as the DNS resolver) is a server that receives the DNS client’s query and then communicates with other DNS servers to find the proper IP address. When the resolver gets the client’s request, it acts as a client, contacting the other three types of DNS servers in search of the correct IP address.
The resolver begins by querying the root nameserver. The root server is the initial stage in converting human-readable domain names into IP addresses (resolving). The root server then answers to the resolver by providing the address of a top-level domain (TLD) DNS server (such as.com or.net) that holds information for its domains.

The resolver then requests the TLD server. The TLD server returns the IP address of the domain’s authoritative nameserver. The recursor then contacts the authoritative nameserver, responding with the origin server’s IP address.

Finally, the resolver will return to the client the IP address of the origin server. Using this IP address, the client may then submit a query straight to the origin server, and the origin server will react by returning website data that the web browser can decode and display.

What exactly is DNS caching?


Recursive resolvers can resolve DNS requests utilizing cached data in addition to the procedure described above. The resolver will save the correct IP address for a particular website in its cache for a limited length of time after getting it. If any additional clients submit requests for that domain name during this period, the resolver can skip the regular DNS search procedure and just respond to the client with the IP address held in the cache.

a webite with cdn seurityagainst ddos attacks

Increased Security with CDN

DDoS attacks have grown in popularity as a method for cybercriminals to launch an attack against your website. They don’t require any hacking skills and are all about flooding your website with traffic. A cybercriminal can purchase a botnet for a few dollars and launch a massive amount of traffic to your site with the intent of slowing it down or rendering it inaccessible entirely. Another reason for their popularity is that they are usually used with another cyberattack. DDoS attacks serve as a decoy while a more dangerous attack, such as SQL injection, is launched against your website. SQL injection is an attack in which malicious SQL statements are inserted into a database entry for execution. It enables cybercriminals to impersonate others.

What exactly is a CDN?

The term “content delivery network” (CDN) refers to a system or network of geographically distributed servers worldwide that aims to deliver web content from the origin server to end-users from anywhere in the world. It accomplishes this by storing a cached or copied version of your website’s web page, including the elements required to load, such as HTML, CSS, Javascript, images, and videos.
When a website visitor wants to view a specific web page, a request is sent from the user’s computer or mobile device. All submissions will be routed to the origin server if a CDN is not used. Even in the absence of a DDoS attack, high traffic volume can overwhelm the origin server, resulting in a server crash.

This ability to handle high traffic volumes is also helpful in dealing with unusually high volumes of traffic caused by DDoS attacks. The sheer capacity of cloud CDN solutions’ IT infrastructure can absorb the most potent low-level DDoS attacks.

Tools for Proactive Monitoring and Cleaning

Of course, simply absorbing high volumes of traffic will not suffice. As a result, top CDN operators have various tools to protect websites from multiple types of attacks. These tools are capable of proactive monitoring for potential attacks and inspection and cleansing of traffic for unnatural and harmful visits.

All five major TLS extensions are supported.

TLS, or Transport Layer Security, is a protocol that provides authentication, privacy, and data integrity between the origin server and the CDN server and then between the CDN server and the end-user.

Green Plus CDN, as one of the leading CDN platform providers, supports all five major TLS extensions, including HTTP/2, OCSP Stapling, Dynamic record sizing, ALPN, and Perfect forward secrecy.