Learn more >
Wei Jun Zheng, Run Hua Chi, Chun Ling Li, Yi Yuan | Published July 23, 2019
In this tutorial, we’ll show you a basic Hyperledger Fabric development configuration with two organizations — one for the ordering service and one for a peer. Following the recommendation in the IBM Blockchain Platform documentation, we’ll guide you to deploy separate certificate authorities (CAs) for each organization. Therefore, you will see how to deploy two CAs, one for a peer that is associated with one organization, and one for an ordering node that is associated with another organization.
This tutorial guides you through the steps to build a blockchain network using IBM Blockchain Platform in the private cloud environment of IBM Cloud Private on IBM Z or LinuxONE with the Secure Service Container framework.
When you finish this tutorial, you will have:
In this tutorial, you will use one logical partition (LPAR) in your IBM Z or LinuxONE environment to install and configure the Secure Service Container framework, and then set up the IBM Cloud Private cluster. Make sure you have an LPAR ready for use.
Before you start, you need to prepare the following versions of the products to complete this tutorial:
You need to follow the installation instructions to install the following command-line tools:
The estimated time to complete this tutorial is provided under each step because the steps are completed by different roles on different platforms.
Required user role: IBM Z or LinuxONE system administrator who has access to the Hardware Management Console (HMC)
Estimated time: 0.5 hours
IBM Z and LinuxONE servers support several types of partitions. When system administrators define a partition, they specify characteristics that include processor resources, memory resources, and security controls. System administrators use the HMC to define partition characteristics.
Follow the instructions in the IBM Z Systems Secure Service Container User’s Guide, SC28-6971-01 to create a Secure Service Container partition, allocate at least 450 GB of storage disk space for data pool resizing, and assign the IP address for the partition. The following are the relevant instruction chapters in the user’s guide.
To create a Secure Service Container partition on a host system that is running in standard mode (that is, with Processor Resource/System Manager or PR/SM), refer to the following chapters:
To create a Secure Service Container partition on a host system with IBM Dynamic Partition Manager (DPM) enabled, refer to the following chapters:
During the configuration, you need to enter the master ID and password for the partition, which you will use later when you set up the Secure Service Container for IBM Cloud Private.
Required user role: Appliance administrator and IBM Cloud Private cluster administrator who have access to the Secure Service Container environment
Estimated time: 2 – 3 hours
IBM Secure Service Container for IBM Cloud Private is a software offering that’s built on the IBM Secure Service Container framework, and you can run IBM Cloud Private workloads on a secure platform on IBM Z and LinuxONE. For more information about how the offering works, See IBM Secure Service Container for IBM Cloud Private technology at a glance.
The master node is hosted on an x86 server, while the worker and proxy nodes are hosted on the Secure Service Container partition on an IBM Z or LinuxONE server. Figure 1 shows an example network topology.
Figure 1. Network topology example
Before you install the Secure Service Container for IBM Cloud Private, be sure to complete the following configurations:
The appliance administrator should complete the following tasks via the Secure Service Container user interface at https://<LPAR_IP>:
The cluster administrator should complete the following tasks on the x86 server:
Note: You need to perform additional tasks on the x86 server to ensure secure connectivity among the cluster nodes that are created using the Secure Service Container for IBM Cloud Private CLI tool. For more information, see Configuring the network on the master node.
Required user role: IBM Cloud Private cluster administrator who has access to the Secure Service Container environment
Before you install IBM Cloud Private, be sure to complete the prerequisites to prepare your cluster, especially the following configurations:
Follow the installation instructions to install IBM Cloud Private on your IBM Z or LinuxONE environment.
After you successfully access your IBM Cloud Private cluster, you also need to create a new target namespace that is bound to a pod security policy before you can install the IBM Blockchain Platform Helm chart.
Required user role: Cluster administrator or team administrator to the IBM Cloud Private cluster
Estimated time: 1 hour
IBM Blockchain Platform for IBM Cloud Private is delivered as a Helm chart file that can be installed as a bundled service in your IBM Cloud Private cluster.
Follow the instructions for importing the IBM Blockchain Platform Helm chart into your IBM Cloud Private cluster. After you import the Helm chart, you will know it’s successful if you can see the ibm-blockchain-platform tile in your IBM Cloud Private Catalog dashboard.
Note: If you are installing IBM Blockchain Platform behind a firewall, you need to get the required images ready in your local system beforehand. For more information, see Installing IBM Blockchain Platform behind a firewall. You can find the specification file manifest.yaml under the ibm-blockchain-platform-dev/ibm_cloud_pak directory in the Helm chart.
Estimated time: 1.5 hours
For IBM Blockchain Platform for IBM Cloud Private v1.0.2, you need to deploy your blockchain components one at a time by creating Helm releases with the installed IBM Blockchain Platform Helm chart. Also, note that before you can deploy a peer or an ordering node, you first need to deploy a CA node to generate the required certificates.
For this tutorial, you deploy two CAs one at a time, and then use one CA to deploy an ordering node and use the other CA to deploy a peer.
At the end of this step, you will build a network with the following structure:
Figure 2. Blockchain network structure
Deploy the blockchain components
Deploy the blockchain components in the following sequence:
Ordering service CA
Ordering service Org
Configure the network
Install and instantiate a smart contract
Follow the instructions below, install and instantiate a smart contract on Channel 1.
Congratulations! You should now have a blockchain network successfully running in your IBM Cloud Private cluster, which is built on the Secure Service Container framework on your IBM Z or LinuxONE environment. The network is flexible and you can scale it by deploying more blockchain components to the network.
Now you can create applications that submit transactions in your private cloud with pervasive encryption, which protects your data at rest and in flight. For more information about creating applications, see the Creating applications tutorial in the IBM Cloud docs, as well as the IBM Developer Blockchain code patterns.
Explore key risks that are unique to blockchain solutions, and find out what you can do about them.
Everyone is placing bets on how the blockchain technology will revolutionize the way organizations and institutions transact business. Let's look…
In this series of video interviews, professionals tell you all about their mainframe jobs, what brought them to mainframes, and…
Back to top