New! Corda 5 Architecture

Corda 5’s architecture has a few changes on the new platform. R3’s ambition to build a scalable, highly available distributed system that could scale to power an entire country’s money supply or the biggest international payment networks in the world, must be the most reliable, available, and scalable deployment system in the market.

This post is a summary review of how the new Corda 5 node architecture and deployment methods are designed to maximize reliability, availability, and scalability.


The new architecture features a fully redundant, worker-based to be applied to all critical services that are required to run a node. Made up of multiple worker clusters, it provides horizontal scaling for tasks processing distributing workload evenly among workers.

Each worker (a Java Virtual Machine instance containing a group of processing services) processes some proportion of a load, which is dynamically distributed. Services run independently and perform well-defined functions, such as running user code, querying a database, or managing configuration. The services are deployed in separate active-active clusters, and it is this hot-hot configuration that will also allow for the new architecture to scale easily and adapt to a variety of workflows.


Redundancy, built intentionally into the architecture, ensures that each component of a system is replaceable and that it can be done, at a moment’s notice, without any interruption to service. It is a cornerstone of high availability architecture, a failsafe for all the unpredictable events that could shut down a worker.

Redundancy means that transaction processes can continue uninterrupted even when some workers become unresponsive. With multiple redundant instances of a service running in separate workers, the system is completely horizontally scalable — more workers can be added to process messages in parallel when demand increases.


The grouping of services into separate workers according to their function and usage gives system operators greater control on how to meet their specific service level agreements. Taking a modular approach to the integration of client services allows for a highly configurable system that can be tailored to fit the system requirements of consumers.

Reviewing security and resiliency, we find that services within each worker are logically segregated on distinct sandboxes to prevent malicious attacks within the system. Malicious users cannot gain access to services deployed on other workers as they exist on two separate JVM instances.

Deployment Methods

Corda 5 has two distinct deployment models with different guaranteed levels of availability depending on the profile and requirements of an end user:

  • Simple high availability deployment - provides software segregation, easier to deploy, and services are scaled horizontally as a whole.

  • High SLA availability deployment - provides a higher degree of availability as processes are also segregated and gives sophisticated operators greater control over horizontal scalability.

For more information about the topic, please visit R3’s Production Team blog post “Corda 5 “The road ahead” — Part 3 — Introduction to the Architecture”.

Don’t forget to visit your developer platform.