Overview

Canton is a privacy-enabled, distributed ledger protocol designed for secure enterprise transactions. Because Canton features strict data segregation and encryption, a participant's private transaction data remains strictly within their local participant node.

To enable Bitwave’s digital asset accounting, tax compliance, and financial reporting capabilities for your Canton network activities, Bitwave requires secure read access to your party's transaction logs. Bitwave offers three distinct architectural approaches for integrating with your Canton participant node, allowing your enterprise to balance security, infrastructure complexity, and control.

Architectural Integration Methods

1. Remote Crawling via Secure VPN or IP Whitelisting

In this architecture, Bitwave hosts the crawler infrastructure on our secure cloud environments and connects directly to your exposed node endpoint. This can be achieved through two network security configurations:

• VPN Connectivity: Supports either a Peer-to-Peer (Site-to-Site) IPSec VPN or a Point-to-Site (Client-to-Gateway) VPN tunnel to grant Bitwave's crawler restricted access.
• IP Whitelisting: Alternatively, if your node endpoint is accessible over the internet via a secure gateway, Bitwave can provide a set of static, dedicated outbound IP addresses. Your network team can whitelist these specific IPs on your firewall or API gateway, eliminating the need to maintain a VPN tunnel.
• Mechanism: Bitwave's ingestion engine programmatically polls and queries the exposed Canton Ledger API endpoints (e.g., the Active Contracts Service and Transaction Service) over the secured network path.
• Data Transfer: Transaction data is parsed remotely and directly ingested into the Bitwave core platform.
• Best Used For: Organizations that prefer not to manage third-party software deployments within their own infrastructure and have robust network security teams capable of managing granular firewall rules, IP access control lists (ACLs), or VPN configurations.

2. On-Premises/In-Firewall Edge Crawler Deployment

For organizations with strict egress and internal network policies that prohibit external inbound access, Bitwave provides a lightweight, local ingestion agent. This agent operates entirely within the customer’s secure infrastructure boundary.

• **Deployment Model: **Delivered as a containerized application (Docker container) deployed behind the customer's enterprise firewall, adjacent to the Canton participant node.

• Shared Source Model: To satisfy strict enterprise compliance and security reviews, the edge crawler is distributed under a shared-source model. Your security engineering and DevOps teams can inspect the complete source code, audit data handling practices, and compile or modify the codebase as required by internal policies.

• Mechanism: The local container queries the Canton Ledger API via the internal network, processes the relevant ledger events locally, and securely pushes (ships) the finalized transaction payloads upstream to Bitwave’s ingestion API over an outbound HTTPS connection.

• **Best Used For: **Infosec-sensitive environments, such as financial institutions or regulated entities, requiring complete visibility into all binaries running on-premises and a zero-inbound-ports network policy.

3. Native Canton Multi-Party Node Replication

   This method leverages the native consensus and topology mechanics of the Canton protocol itself to synchronize state, removing the need for traditional HTTP/gRPC ledger API crawling across network boundaries.

• **Mechanism: **The customer configures their Canton participant node to designate a dedicated Bitwave-hosted Canton participant node as an authorized replication endpoint for their specific Party IDs.

• Data Isolation: Under Canton’s privacy model, the Bitwave node will only receive transactions where the synchronized Party ID is an explicit stakeholder or signor. Other ledger traffic remains strictly obfuscated and inaccessible.

• **Ingestion: **Once the private transaction data natively replicates to the Bitwave Canton node via the Canton protocol, Bitwave’s internal ingestion engine crawls our local node directly with sub-second latency.

• ** Best Used For: **High-throughput transaction environments requiring native ledger redundancy, lowest possible latency, and seamless utilization of Canton's built-in cryptographic privacy and entitlement controls.

Integration Matrix & Comparison

Next Steps and Implementation

To proceed with your Canton integration, please contact your Bitwave Implementation Manager to schedule a technical scoping call. Our solutions engineering team will assist in evaluating your network topology and provisioning the necessary cryptographic keys, Docker manifests, static IP addresses, or VPN endpoints required for your chosen architecture.