2021 Call for Code Awards: Live from New York, with SNL’s Colin Jost! Learn more

Develop, govern, and operate your business network with the IBM Blockchain Platform

Blockchain is a transformational technology that is helping drive business value across industries by saving time, reducing costs, lowering risks, and enabling new business models.

For example, IBM Global Financing is one of the world’s largest technology financiers with more than 125,000 clients in over 60 countries with 4,000 partners and suppliers. IBM’s use of blockchain technology has freed up 100 million dollars that was previously, at any time, tied up in transaction disputes. For details regarding this successful implementation of blockchain, see the video to the right.

Blockchain value

Collaborators (suppliers, consumers, partners, etc.) in any network need to share data to transact business. Consider a retail store scenario as a simplified example: A retail store purchasing computer parts logs the purchase order with a supplier while also recording the purchase order and money transferred in the retail store database. The supplier ships the item, recording that the item has been shipped in the supplier database and recording the collection of money for the good.

In this scenario, the supplier and the retail store each have their own data in their own separate databases. When a problem occurs (say, the shipped good does not arrive), how does the retail store track down the location of the part? Today, they must rely on separate records to validate what occurred and also navigate through the delivery pipeline to determine where the item is ultimately located. This manual process is time consuming and error prone.

Blockchain is revolutionary in that it allows for a decentralized, immutable ledger that records each transaction. The ledger is decentralized and shared: The members of the network each have a copy of the ledger (in our example, the retail store and the supplier have the same copy). The ledger is also immutable: Each transaction is signed by multiple parties and protected by the chain of block hashes representing the content of each block of data. As a result, if a rogue organization attempts to tamper with the data in the ledger, it is easily discoverable.

In our retail store scenario, the item is picked up by a trucking company, is delivered to a port, is loaded on a ship, arrives at a port, and finally is delivered by truck to the retail store. When the item arrives at a particular location, that item, the date, and location are recorded in the blockchain ledger. As a result, the ledger now has a detailed record of the date and location of the item as it moves through the delivery pipeline. If the item does not arrive, both the retail store and supplier can look at the ledger, where all the information is recorded. The retail store and supplier can then determine where the item is currently located, because all the arrival points are recorded in the ledger and cannot be deleted or altered.

By having this shared, immutable ledger, companies can drastically reduce the time spent resolving disputes, finding information, and verifying transactions, leading to quicker settlement. Furthermore, costs can be trimmed because a central governing body or arbitrator is eliminated for dispute resolution, and because the shared ledger enables the automation of inefficient processes. Security risks are also reduced due to minimizing collusion and tampering, given the secure and transparent nature of blockchain technology.

What the IBM Blockchain Platform is

The IBM Blockchain Platform is the first commercially available platform to leverage technologies from Hyperledger, a global, open source, collaborative effort hosted by The Linux Foundation.

IBM is a co-founder and premier member of the Hyperledger community, as well as an active technology contributor to the Hyperledger Fabric open source project. The project is achieving fundamental advancements in the standardization of permissioned blockchains for business use. While IBM has contributed significantly to the Hyperledger Fabric code base, the ecosystem of contributors has grown to include developers from startup companies to enterprises. 159 engineers from 27 organizations contributed to the first release of Hyperledger Fabric.

The IBM Blockchain Platform is the only managed software-as-a-service that supports and guides users through all the required stages for launching a blockchain network: building and testing proof-of-concept applications in a pre-production environment, activating a production network, establishing flexible governance policies for network members, and managing daily operations with the highest levels of security and performance.

The IBM Blockchain Platform reflects IBM’s experience with over 400 clients and multiple active networks operating the longest-running production blockchain network for enterprises. Since 2016, the IBM Blockchain Platform has been operating active blockchain networks, such as Walmart’s Food Safety, SecureKey’s Trusted Identity Exchange, and Everledger’s Luxury Good Exchange, to name a few.

The IBM Blockchain Platform simplifies the development, governance, and operation of a decentralized network across multiple companies or institutions forming a business ecosystem. It enables all members to quickly achieve the common goal of activating and collaboratively governing their network so they can get on with conducting, innovating, and deriving value from their business transactions.

Open source technologies that power the platform

Think of Hyperledger Fabric as the operating system that powers the IBM Blockchain Platform. Hyperledger Fabric is a framework for distributed ledger solutions on permissioned networks, where the members are known to each other. Its modular architecture allows for a flexible trust model and maximizes performance and scalability while opening the way for supporting desired standards (membership and cryptography, for example).

Network scalability and performance are optimized because only a small subset of the nodes are required to participate in endorsing transactions, while the chance of failed consensus is reduced because the endorsers and committers participating in transaction processing are limited to those in channels. Channels, introduced in Hyperledger Fabric v1.0, help ensure that data goes only to the parties that need to know, providing data isolation for data that must be protected at all costs.

Trust is also increased as each chaincode can specify a select set of endorsers and committers that it trusts to do its execution for each particular transaction. (Chaincode, also called a smart contract, is the software that encapsulates the business logic and transactional instructions for creating and modifying assets.) With the IBM Blockchain Platform, users with the right permissions can easily install and instantiate chaincode for channels, and see members who are in the channels that they participate in. Properly authorized users can invoke chaincode, create new channels, and even update a channel’s access rights based on the policy of the blockchain network established.

Policies requiring consensus within or across organization members or admins can be set and enforced to grant access to channels, instantiate chaincode, invoke chaincode, submit transactions, reconfigure participant organization membership credentials, upgrade chaincode, or even modify existing policies. Furthermore, properly authorized auditors can also easily audit the content of certain transactions associated with an asset transfer to ensure the business logic was properly applied. (Note that the chaincode hash is submitted to the blockchain, so endorsers are bound to what they have executed.)

Chaincode runs in a secure container associated with any peer that needs to interact with it. Chaincode is first installed on a peer’s filesystem for a peer that will participate in exchanging assets. Chaincode is then instantiated on a specific channel that contains a list of members. Each channel represents a subset of members that are authorized to see the data for the chaincode instantiated on that channel. The trust model associated with each chaincode’s execution can be based on business logic itself by executing on only the set of endorsers and committers versus executing across all nodes.

If you are not on a channel, you can’t see the data in it. Each channel has a unique ledger, and users must be properly authorized in order to perform read/write operations against this data for that channel. Multiple channels can be set up with a list of permissioned members. Managing the installation and instantiation of chaincode, as well as member participation in channels, is made easier through the governance and user interface of the IBM Blockchain Platform. Hyperledger Fabric also allows application layer encryption, while access to decryption keys can be restricted to the few properly authorized endorsers that the application trusts. This capability demonstrates how the business logic trust model helps to ensure confidentiality of the keys.

Let’s look at specific, unique ways the IBM Blockchain Platform simplifies development, governance, and operation to accelerate network activation and collaborative governance throughout the network.

DEVELOP with flexible tools and services

Blockchain networks are usually sparked by innovative business ideas, which application developers translate into working code. With the IBM Blockchain Platform, developers can quickly turn business and technology requirements into functional blockchain applications in dramatically short order by leveraging popular languages and frameworks.

Developers can start building blockchain proof-of-concept applications right away, thanks to an open and progressive set of development tools and popular services that are fully integrated into the Platform.

Developers who may be new to blockchain can use the integrated samples and tutorials to learn key blockchain concepts, create network definitions, and explore reusable industry models. The powerful combination of the business modelling language and JavaScript business logic enables application developers to rapidly become blockchain developers.

Furthermore, the valuable skills that developers gain in network governance and operation will seamlessly transfer to an Enterprise plan for deployment to a full production network.

Versatile development tools

With the IBM Blockchain Platform toolset, all developers need to know is JavaScript, and they are minutes away from having a running blockchain network using Hyperledger Fabric. This toolset’s unique approach to software design allows a business person and developer to code collaboratively, ensuring the rapid delivery and full fidelity of a business concept.

Developers can quickly model a business network by specifying its assets (whether tangible or intangible goods, services, or property); the types of transactions, as well rules that govern transactions that will interact with assets (perhaps buying or selling an asset); and the participants who interact with the assets and transactions that may have a unique identity. With three easy concepts of assets, transactions, and participants, a developer can quickly create a true business application. Developers can use queries to return data about the world state. For example, an asset or participant can be selected according certain criteria, and actions can then be performed on a set of results.

To make development even easier, the toolset integrates with most JavaScript frameworks and allows a developer to complete a blockchain project including a user interface (angular.js) and connection to external data sources (loopback). The toolset has pre-built chaincode and extensible templates for key industry use cases. The toolset also leverages Node-RED to integrate with IoT, TCP, web sockets, and other modern interfaces, as well as enterprise integration tools, such as IBM Integration Bus, so that developers can integrate external systems, such as SAP and CICS, to get data onto and off of the blockchain.

GOVERN with democratic and integrated management tools

The challenge of deciding how to offer all participating members some control in a blockchain network with a shared ledger — while preventing any one member from having exclusive control — is often overlooked and underestimated. Governing an operational blockchain network across a group of members can take significant coordination, time, and effort. The ultimate goals of proper network governance are to ensure regulatory compliance, remove the uncertainly and risk of applying business rules (encoded in smart contracts, or chaincode), provide privacy and confidentiality for different classes of transactions (protected in channels), and prevent bad actors from joining the network. The ecosystem has to overcome the fact that it is only as strong as the weakest member, as fast as the slowest member, as rich as the poorest member (who may be struggling to find funding), as secure as the most insecure member, and as smart as their least informed member.

You might imagine that bootstrapping an enterprise-grade blockchain network would be a complex process, requiring a lot of information and coordination to set up the hardware and software. And you’d be right! Setting up a network with all the certificates, the members of the network, and the governance required is quite complex, but the IBM Blockchain Platform makes it easy. In a few minutes, you can activate a blockchain network, invite participants to join the network, add new channels, and set up the operating rules for the network. Activation tools allow you to start your network small and grow elastically as more members are needed.

The IBM Blockchain Platform also provides governance tooling, which helps members to democratically operate a distributed network. As an example of a governance policy, members may want to set rules to determine how members join the network. Do all members need to agree to have another member join? Do 50% of the members decide to have a member join the network? Network governance is embodied in governance policies like these. A policy editor is available within the IBM Blockchain Platform to help set the democratic policies for numerous lifecycle tasks of a blockchain network.

Based on this governance tooling and policies for who has appropriate access, resource screens are provided to help manage resources for the Certificate Authority, the peers, and ordering service. As an example, on the resource screens, those who have permission can access logs that can be useful in debugging blockchain applications on particular channels. Also, the policy editor is a multi-party workflow tool that provides features such as the member activities panel, integrated notifications, and secure signature collection for policy voting.

OPERATE a secure, always-on network

Once you have activated your network using the IBM Blockchain Platform, you can deploy and operate your decentralized network with a production-ready, security-hardened, always-on service that is optimized for performance. Its ultra-high-security environment includes many hardware, firmware, and software security features designed for scalability, resiliency, and availability.

Operation of the IBM Blockchain Platform ensures uptime by providing native resilience, and as such the architecture eliminates single points of failure and adds redundancy to the blockchain network. For example, the ordering service is crash fault tolerant, and 2 peers can be automatically provided per member for high-availability purposes. In addition, special technology is available to back up the entire environment in case of catastrophic failure.

The IBM Blockchain Platform has endorsers, ordering services, and committers that run with dedicated resource inside multiple isolated environments. Communication between peers takes place over a high-speed network where communication is highly secure with no data leakage. In addition, communication is accelerated, thanks to advanced cryptographic technology, where operations are more performant with respect to hashing, encryption, and digital signatures.

Integrated technical support is available 24/7 in case problems or questions arise as members progress to proving out the technology and expanding the consortium. Also, a dashboard monitor provides built-in monitoring and support for simplified asset lifecycle management. Members of the network can see an overview of the blockchain environment, including information about peers, logs, ledger state, channels, and chaincode. This allows you to manage the network and understand asset status at any time. And because it’s a managed service, seamless version updates to the underlying Hyperledger Fabric are automatically applied across all network components.

Secure by design

Based on IBM’s experience with hundreds of operating blockchain environments in production, security has been one of the most critical elements that needs to be ensured for many industries. As a result, the IBM Blockchain Platform has been hardened and security tested by outside firms to ensure all data is protected and managed appropriately, and that the infrastructure is sound and security-proof.

The IBM Blockchain Platform runs in an isolated and highly secured environment. The embedded operating system and all the Fabric components are run in multiple Secure Service Containers (SSC). The Secure Service Container provides advanced cryptology, security, and reliability by encapsulating the operating systems with a secure boot container, encrypting appliance disks, providing tamper protection, and protecting memory. It can be configured to be EAL5 compliant and certified. All these capabilities help to protect highly sensitive and regulated data.

For the IBM Blockchain Platform, a virtual appliance was created based on the Secure Service Container. In this appliance, data access is controlled, and access to the embedded Operating System is disabled. Firmware disables access to the memory to prevent data from being dumped. The appliance is booted with a secure boot architecture that ensures that code has not been tampered with. All of the appliance image is signed and encrypted. The appliance is only decrypted in memory, and the encryption keys are protected by Hardware and Firmware means, so administrators do not have access to them. Administrators, including service administrators, cannot access or modify the chaincode, the endorsers, the ordering service, the committer, or the blockchain network.

In addition to these features, HSM (Hardware Security Module) safeguards and manages digital keys for strong authentication. Hyperledger Fabric provides modified and unmodified PKCS11 for key generation, which supports cases like identity management that need more protection. For scenarios dealing with identity management, HSM increases the protection of keys and sensitive data. The IBM Blockchain Platform has HSM support with the highest FIPS-level compliance.

Next steps