Skip to main content

Fireblocks cloud architecture

  • Updated

Overview

Multiple providers and components make up the Fireblocks cloud architecture.

Service providers

Fireblocks uses three cloud service providers: Microsoft Azure, Amazon AWS, and Google Cloud Platform (Firebase).

Microsoft Azure

  • Hosts core components used to handle and store sensitive information, such as key share material, configurations, policy rules, and API credentials
  • Securely stores data using SGX Confidential Enclaves

Amazon AWS

  • Hosts various gateway and frontend services
  • Does not store any secret cryptographic material, such as API keys and MPC key shares
  • Orchestrates messaging between frontend and core components

Google Cloud Platform (Firebase)

  • Acts as the caching database for the Fireblocks Console and the Fireblocks mobile app
  • Enables efficient data delivery

Fireblocks provides a highly available (active-active and active-passive) cloud infrastructure by using multiple tier-1 cloud providers. Two co-signers are hosted on the Fireblocks SaaS cloud environment. The third co-signer is either your mobile device or a self-hosted server (in your cloud environment or your on-premises data center). It is suggested to introduce high availability (HA) and disaster recovery (DR) using the Fireblocks Backup and Recovery procedures for a self-hosted co-signer.

System components

Fireblocks uses several components in the Fireblocks cloud architecture.

Mediation Layer (API gateways and event orchestration)

  • Consists of frontend services, API Gateways, and message queues
  • Orchestrates events between client applications and core components
  • Does not store or manage sensitive data

Transaction Signing Modules (co-signers)

  • Securely stores MPC private key shares and signing transactions
  • Integrates with your core services using a programmable interface
  • Stores and manages sensitive data

Core Components

  • Executes core Fireblocks services and modules
  • Stores and manages sensitive data

Trusted Shared Services

  • Executes shared core Fireblocks services and modules, including the Fireblocks Network
  • Stores and manages sensitive data

Blockchain Nodes Infrastructure

  • Connects various supported blockchain networks and broadcasts signed messages
  • Consists of both public and private (if any) networks
  • Easily scales vertically and horizontally and contains various code optimization to provide efficient execution
  • Does not store or manage sensitive data

Disaster Recovery Services

  • Recovers all your assets in case of disaster
  • Provides reconstruction of the extended ECDSA and EdDSA private keys (xprv+fprv)
  • Should be stored on an offline air-gapped machine with hardened access permissions
  • Should not be used on a regular basis since reconstruction of the extended private keys introduces a single point of compromise

Deployment Options

Collection_of_Overview_Diagrams__WIP__-_Base.jpg

Was this article helpful?
3 out of 3 found this helpful

Related Articles