Updated 2020-03-19

Multi-tenancy

By default, each participant in a privacy network uses its own Besu and Orion node.

Multi-tenancy allows multiple participants to use the same Besu and Orion node. Each participant is a tenant, and the operator is the owner of the Besu and Orion node.

Important

The operator is responsible for configuring multi-tenancy, and has access to all tenant data.

Multi-tenancy

Important

Ensure the multi-tenant Orion node client API is configured to allow access only by the multi-tenant Besu node. Access to your data is secured through Besu using multi-tenancy mode.

If not configured to allow access only by the multi-tenant Besu node, other Orion clients, including other Besu nodes, might be able to access tenant data.

To secure access, you can configure TLS between Besu and Orion with the whitelist trust mode.

Multi-tenancy validates that tenants have permission to use the specified HTTP or Websocket JSON-RPC requests, and the tenant has access to the requested privacy data. There is segregation of private data, and each tenant uses a JWT token for authentication.

You can create the JWT token either externally or internally.