Develop, govern, and operate your business network with the IBM Blockchain
Develop, govern, and operate your business network with the IBM Blockchain
How it accelerates network activation and collaborative governance
Blockchain is a transformational technology
with tremendous potential to help drive business value by saving time,
reducing costs, lowering risks, and enabling new business models.
For example, IBM Global Financing is one of the world’s largest technology
financiers with more than 125,000 clients in over 60 countries with 4,000
partners and suppliers. IBM’s use of blockchain technology has freed up
100 million dollars that was previously, at any time, tied up in
transaction disputes. For details regarding this successful implementation
of blockchain, see the video to the right.
What value can blockchain provide?
Collaborators (suppliers, consumers, partners, etc.) in any network need to
share data to transact business. Consider a retail store scenario as a
simplified example: A retail store purchasing computer
parts logs the purchase order with a supplier while also
recording the purchase order and money transferred in the retail store
database. The supplier ships the item, recording that the item has been
shipped in the supplier database and recording the collection of money for
In this scenario, the supplier and the retail store each have
their own data in their own separate databases. When a problem occurs
(say, the shipped good does not arrive), how does the retail store track
down the location of the part? Today, they must rely on separate records
to validate what occurred and also navigate through the delivery pipeline
to determine where the item is ultimately located. This manual process is
time consuming and error prone.
Blockchain is revolutionary in that it allows for a
decentralized, immutable ledger that
records each transaction. The ledger is decentralized and shared: The
members of the network each have a copy of the ledger (in our example,
the retail store and the supplier have the same copy). The
also immutable: Each transaction is signed by multiple parties and
protected by the chain of block hashes representing the content of each
block of data. As a result, if a rogue organization attempts to tamper with the
data in the ledger, it is easily discoverable.
In our retail store scenario, the item is picked up by a trucking company,
is delivered to a port, is loaded on a ship, arrives at a port, and
finally is delivered by truck to the retail store. When the item arrives
at a particular location, that item, the date, and location are recorded
in the blockchain ledger. As a result, the ledger now has a detailed
record of the date and location of the item as it moves through the
delivery pipeline. If the item does not arrive, both the retail store and
supplier can look at the ledger, where all the information is recorded.
The retail store and supplier can then determine where the item is
currently located, because all the arrival points are recorded in the
ledger and cannot be deleted or altered.
By having this shared, immutable ledger, companies can drastically reduce
the time spent resolving disputes, finding information, and verifying
transactions, leading to quicker settlement. Furthermore, costs can be
trimmed because a central governing body or arbitrator is
eliminated for dispute resolution, and because the shared ledger enables
the automation of inefficient processes. Security risks are also reduced
due to minimizing collusion and tampering, given the secure and
transparent nature of blockchain technology.
Introducing the IBM Blockchain Platform
IBM is a co-founder and premier member of the
Hyperledger community, as well as an active technology contributor to both
the Hyperledger Fabric and Hyperledger Composer open source projects. Both
projects are achieving fundamental advancements in the standardization of
permissioned blockchains for business use. While IBM has contributed
significantly to the Hyperledger Fabric and Hyperledger Composer code
bases, the ecosystem of contributors has grown to include developers from
startup companies to enterprises. Over 150+ organizations currently
The IBM Blockchain Platform is now generally available,
providing capabilities to help developers learn, experiment, and develop
proof-of-concept applications for generating business value. Ultimately
those proof-of-concept applications lead to product definition, design,
and implementation. And once they continue demonstrating that they help save
time, reduce cost, lower risk, or enable new revenue-making business
models, pilots are deployed and ultimately implemented in production on
the IBM Blockchain Platform.
The IBM Blockchain Platform reflects IBM’s experience with over 400 clients
and multiple active networks operating the longest-running production
blockchain network for enterprises. Since 2016, the IBM Blockchain
Platform has been operating active blockchain networks, such as Walmart’s
Food Safety, Northern Trust’s Private Equity Fund Administration,
SecureKey’s Trusted Identity Exchange, and Everledger’s Luxury Good
Exchange, to name a few.
The IBM Blockchain Platform simplifies the development, governance, and
operation of a decentralized network across multiple companies or
institutions forming a business ecosystem. It enables all members to
quickly achieve the common goal of activating and collaboratively
governing their network so they can get on with conducting, innovating,
and deriving value from their business transactions.
What is Hyperledger Fabric v1.0?
Think of Hyperledger Fabric v1.0 as the “operating
system” that powers the IBM Blockchain Platform. Hyperledger Fabric is a
framework for distributed ledger solutions on permissioned networks, where
the members are known to each other.
Its modular architecture allows for a flexible trust model and maximizes
performance and scalability while opening the way for supporting desired
standards (membership and cryptography, for example).
Network scalability and performance are optimized because only a
small subset of the nodes are required to participate in endorsing
while the chance of failed consensus is reduced because the endorsers and
committers participating in transaction processing are limited to those in
a channels. Channels, introduced in Hyperledger
Fabric v1.0, help ensure that data goes only to the parties that need to
know, providing data isolation for data that must be
protected at all costs.
Trust is also increased as each chaincode can specify a select
set of endorsers and committers that it trusts to do its execution for
each particular transaction. (Chaincode, also
called a smart contract, is the software
that encapsulates the
business logic and transactional instructions for creating and modifying
assets.) With the IBM Blockchain Platform, users with the
right permissions can easily install and instantiate chaincode for
channels, and see members who are in the channels that they participate
in. Properly authorized users can invoke chaincode, create new channels,
and even update a channel’s access rights based on the policy of the
blockchain network established.
Policies requiring consensus within or
across organization members or admins can be set and enforced to grant
access to channels, instantiate chaincode, invoke chaincode, submit
transactions, reconfigure participant organization membership
credentials, upgrade chaincode, or even modify existing policies.
Furthermore, properly authorized auditors can also easily audit the
content of certain transactions associated with an asset transfer to
ensure the business logic was properly applied. (Note that the chaincode
hash is submitted to the blockchain, so endorsers are bound to what they
Chaincode runs in a Docker container associated with any peer that needs
to interact with it. Chaincode is first installed on a peer’s filesystem
for a peer that will participate in exchanging
assets. Chaincode is
then instantiated on a specific channel that contains a list of members.
Each channel represents a subset of members that are authorized to see the
data for the chaincode instantiated on that channel. The trust model
associated with each chaincode’s execution can be based on business logic
itself by executing on only the set of endorsers and committers versus
executing across all nodes.
If you are not on a channel, you can’t see the data in it. Each channel has
a unique ledger, and users must be properly
authorized in order to perform read/write operations against this data for
that channel. Multiple channels can be set up with
a list of permissioned members.
Managing the installation and instantiation of chaincode, as well as member
participation in channels, is made easier through the governance and user
interface of the IBM Blockchain Platform. Hyperledger Fabric also allows
application layer encryption, while access to decryption keys can be
restricted to the few properly authorized endorsers that the application
trusts. This capability demonstrates how the business logic trust model
helps to ensure confidentiality of the keys.
Let’s look at specific, unique ways the IBM Blockchain Platform simplifies
development, governance, and operation to accelerate network activation and
collaborative governance throughout the network.
DEVELOP with flexible tools and services
Blockchain networks are usually sparked by innovative business ideas, which
application developers translate into working code. With the IBM
Blockchain Platform, developers can quickly turn business and technology
requirements into functional blockchain applications in dramatically short
order by leveraging popular languages and frameworks.
Developers can start building blockchain applications right
away, thanks to an open and progressive set of development tools and
popular services that developers can use in their preferred
- Online: Developers who may be new to blockchain can
learn key blockchain concepts, create network definitions, and explore
reusable industry models and smart contract (chaincode) libraries in a
cloud sandbox. The sandbox features Hyperledger
Composer, an open source Hyperledger project hosted by The Linux
Foundation. The powerful combination of the business modeling language
playground rapidly enables application developers to become blockchain
- On a laptop: After exploring blockchain solutions
online, developers can use IBM-certified Docker images of Hyperledger
Fabric, along with Hyperledger Composer, to develop and test
blockchain applications directly on their local machine. Plug-ins for
popular editors make it easy to use existing development environments
- On the IBM Cloud: If developers then move their
applications developed on Hyperledger Composer into the IBM Cloud
environment, all members of the ecosystem can develop collaboratively,
share code, and view playbacks of the running blockchain network. This
environment uses the IBM Container Service and popular tools like
Docker and Kubernetes to help members quickly stand up blockchain test
networks, with free and fee options.
Hyperledger Composer development tools
With the Hyperledger Composer development tools, all
running blockchain network using Hyperledger Fabric v1.0. Hyperledger
Composer uses a unique approach to software design that allows a business
person and engineer to code collaboratively, ensuring the rapid delivery
and full fidelity of a business concept.
Hyperledger Composer allows you to quickly model your business network,
containing your assets and transactions related to them. As part of your
business network model, a developer will define assets (whether tangible
or intangible goods, services, or property). A developer will then define
the types of transactions, as well rules that govern transactions that
will interact with assets (perhaps buying or selling an asset). Finally, a
developer will define participants who interact with the assets and
transactions that may have a unique identity. With three easy concepts of
assets, transactions, and participants, a developer can quickly create a
true business application. Furthermore, a developer can use queries in
Hyperledger Composer to return data about the world state.
For example, you can select
an asset or participant according certain criteria, and actions can then
be performed on a set of results.
To make development even easier, Hyperledger Composer integrates with most
project including a user interface (angular.js) and connection to external
data sources (loopback). Hyperledger Composer also has pre-built smart
contracts and extensible templates for key industry use cases, while also
making it easy to deploy applications to live Hyperledger Fabric
Finally, Hyperledger Composer leverages Node-RED to integrate with IoT,
TCP, web sockets, and other modern interfaces, as well as enterprise
integration tools, such as IBM Integration Bus, so that developers can
integrate external systems, such as SAP and CICS, to get data onto and off
of the blockchain.
GOVERN with democratic and integrated management
The challenge of deciding how to offer all participating members some
control in a blockchain network with a shared ledger — while
preventing any one member from having exclusive control — is often
overlooked and underestimated. Governing an operational blockchain network
across a group of members can take significant coordination, time, and
effort. The ultimate goals of proper network governance are to ensure
regulatory compliance, remove the uncertainly and risk of applying
business rules (encoded in smart contracts, or chaincode), provide privacy and
confidentiality for different classes of transactions (protected in
channels), and prevent bad actors from joining the network. The ecosystem
has to overcome the fact that it is only as strong as the weakest member,
as fast as the slowest member, as rich as the poorest member (who may be
struggling to find funding), as secure as the most insecure member, and as
smart as their least informed member.
You might imagine that bootstrapping an enterprise-grade blockchain network
would be a complex process, requiring a lot of information and
coordination to set up the hardware and software. And you’d be right!
Setting up a network with all the certificates, the members of the
network, and the governance required is quite complex, but the IBM
Blockchain Platform makes it easy. In a few minutes, you can activate a blockchain network, invite
participants to join the network, add new channels, and set up the
operating rules for the network. Activation tools allow you to start your
network small and grow elastically as more members are needed.
The IBM Blockchain Platform also provides governance tooling, which helps
members to democratically operate a distributed network. As an example of
a governance policy, members may want to set rules to determine how
members join the network. Do all members need to agree to have another
member join? Do 50% of the members decide to have a member join the
network? Network governance is embodied in governance policies like these.
A policy editor is available within the IBM Blockchain Platform to help
set the democratic policies for numerous lifecycle tasks of a blockchain
Based on this governance tooling and policies for who has appropriate
access, resource screens are provided to help manage resources for the
Certificate Authority, the peers, and ordering service.
As an example, on the
resource screens, those who have permission can access logs that can be
useful in debugging blockchain applications on particular channels. Also,
the policy editor is a multi-party workflow tool that provides features
such as the member activities panel, integrated notifications, and secure
signature collection for policy voting.
OPERATE a secure, always-on network
Once you have activated your network using the IBM Blockchain Platform, you
can deploy and operate your decentralized network with a production-ready,
security-hardened, always-on service that is optimized for performance.
Its ultra-high-security environment includes many hardware, firmware, and
software security features designed for scalability, resiliency, and
Operation of the IBM Blockchain Platform ensures uptime by providing native
resilience, and as such the architecture eliminates single points of
failure and adds redundancy to the blockchain network. For example, the
ordering service is crash fault tolerant, and 2 peers can be automatically
provided per member for high-availability purposes. In addition, special
technology is available to back up the entire environment in case of
The IBM Blockchain Platform has endorsers, ordering services, and
committers that run with dedicated resource inside multiple isolated
environments. Communication between peers takes place over a high-speed
network where communication is highly secure with no data leakage. In
addition, communication is accelerated, thanks to advanced cryptographic
technology, where operations are more performant with respect to hashing,
encryption, and digital signatures.
Integrated technical support is available 24/7 in case problems or
questions arise as members progress to proving out the technology and
expanding the consortium. Also, a dashboard monitor provides built-in
monitoring and support for simplified asset lifecycle management. Members
of the network can see an overview of the blockchain environment,
including information about peers, logs, ledger state, channels, and
chaincode. This allows you to manage the network and understand asset
status at any time. And because it’s a managed service, seamless version
updates to the underlying Hyperledger Fabric are automatically applied
across all network components.
Secure by design
Based on IBM’s experience with hundreds of operating blockchain
environments in production, security has been one of the most critical
elements that needs to be ensured for many industries. As a result, the
IBM Blockchain Platform has been hardened and security tested by outside
firms to ensure all data is protected and managed appropriately, and that
the infrastructure is sound and security-proof.
The IBM Blockchain Platform runs in an isolated and highly secured
environment. The embedded operating system and all the Fabric components
are run in multiple Secure Service Containers (SSC). The Secure Service
Container provides advanced cryptology, security, and reliability by
encapsulating the operating systems with a secure boot container,
encrypting appliance disks, providing tamper protection, and protecting
memory. It can be configured to be EAL5 compliant and certified. All these
capabilities help to protect highly sensitive and regulated data.
For the IBM Blockchain Platform, a virtual appliance was created based on
the Secure Service Container.
In this appliance, data access is
controlled, and access to the embedded Operating System is disabled.
Firmware disables access to the memory to prevent data from being dumped.
The appliance is booted with a secure boot architecture that ensures that
code has not been tampered with. All of the appliance image is signed and
encrypted. The appliance is only decrypted in memory, and the encryption
keys are protected by Hardware and Firmware means, so administrators do
not have access to them. Administrators, including service administrators,
cannot access or modify the chaincode, the endorsers, the ordering
service, the committer, or the blockchain network.
In addition to these features, HSM (Hardware Security Module) safeguards
and manages digital keys for strong authentication. Hyperledger Fabric
provides modified and unmodified PKCS11 for key generation, which supports
cases like identity management that need more protection. For scenarios
dealing with identity management, HSM increases the protection of keys and
sensitive data. The IBM Blockchain Platform has HSM support with the
highest FIPS-level compliance.
via IBM developerWorks : Cloud computing https://ibm.co/2cihRPX
October 11, 2017 at 11:39AM