IBM Cloud Docs
About IBM Blockchain Platform for IBM Cloud

About IBM Blockchain Platform for IBM Cloud

ATTENTION!! IBM Blockchain Platform SaaS Edition has been replaced by IBM Support for Hyperledger Fabric!! IBM Blockchain Platform SaaS Edition will no longer be supported after July 31, 2023. Customers have been directed to migrate their networks by July 31, 2023. After this date, IBM Blockchain Platform SaaS networks that are not migrated to IBM Support for Hyperledger Fabric will be at risk for potential security vulnerabilities. A migration tool is provided from your console, and the disruption to your network is minimal. See Migrating to IBM Support for Hyperledger Fabric for details.

The IBM® Blockchain Platform for IBM Cloud is the next generation of IBM Blockchain Platform offerings, which gives you total control over your deployments, certificates, and private keys. It includes the new IBM Blockchain Platform console, a user interface that can simplify and accelerate the process of deploying components into a Kubernetes cluster on IBM Cloud managed and controlled by you. For more information about deploying an Kubernetes cluster on IBM Cloud, see Kubernetes.

A key benefit of the platform is that IBM tests the open source code for security vulnerabilities daily and provides 24x7x365 support with SLAs appropriate for production environments.

If you are interested in learning more about how to use IBM Blockchain Platform on Red Hat OpenShift Container Platform, Red Hat Open Kubernetes Distribution, or any Kubernetes v1.24 - v1.26 container platform on x86_64 hardware, see Getting started with IBM Blockchain Platform 2.5.4.

If you are an experienced Hyperledger Fabric customer and are interested in learning more about how to use the IBM Blockchain peer, CA, orderer, and smart contract container images, see Using the IBM Blockchain images.

What IBM Blockchain Platform offers

This latest release is tailored to experienced IBM Blockchain and Hyperledger Fabric users and lets them host and join IBM Blockchain networks.

The IBM Blockchain Platform includes the following key features:

BUILD ---- Integrated developer experience

  • Deploy easily. Use Ansible Playbooks or the Red Hat Marketplace to deploy networks quicker than ever before.
  • Easily code your smart contractsA set of business terms that are embedded into a blockchain and executed with transactions. A smart contract can also include a digital representation of a set of business rules and defines conditions under which transfers occur. A smart contract is implemented using chaincode. in Node.js, Golang, Java, or JavaScript. Use the IBM Blockchain Platform Developer Tools to easily develop smart contracts locally. Leverage SDK integration with the console, and learn from our rich tutorials and samples.
  • Simplified DevOps allows you to move from development to test to production in a single environment by scaling up your Kubernetes resources to add more components.
  • Up-to-date Fabric key features. Choose which version of Hyperledger Fabric you want to use when deploying peers or ordering nodes. Leverage the latest features of Hyperledger Fabric v2.2.10:

OPERATE --- Total control of your deployments

  • Host or join a network. Deploy peers that are hosted in your cluster to multiple channels on multiple clouds, or invite other organizations to join your consortium or channels while the organizations manage their nodes independently across infrastructures.
  • Maintain complete control of your identities. Store and manage the keys that are used to administer your nodes. Optionally, use a Hardware Security Module (HSM)A physical appliance that provides on-demand encryption, key management, and key storage as a managed service. to generate and store the private key of your nodes.
  • Run Anywhere. Thanks to the unified codebase of the IBM Blockchain Platform console, it is possible to run your components on any environment supported by IBM Cloud and third-party public clouds.
  • Unified operation. The IBM Blockchain Platform console allows you to deploy and manage all of your organizations and nodes in one console. You can also add or remove members from a blockchain consortium, create and join channels, and deploy smart contracts from your console.
  • Dynamic signature collection that allows better control over collaborative governance over channel configurations.
  • Elimination of Docker-in-Docker for smart contracts allows smart contract pods to be run more securely, without peers needing privileged access.
  • Manage access of the users who can administer or monitor your nodes.
  • Interact directly with your pods using the Kubernetes dashboard.
  • Direct access to the logs of your nodes from your IBM Kubernetes service. Use the IBM Log Analysis or any supported third-party service to extract and analyze your logs.
  • Kubernetes service integration. Leverage services such as IBM Log Analysis for logging and Prometheus and IBM Cloud Monitoring for monitoring. Leverage the built-in IBM Cloud services, such as IBM Cloud Kubernetes Service and OpenShift dashboards, IBM Log Analysis, and IBM Cloud Identity and Access Management (IAM).
  • Upgrade the Fabric version of your nodes. Nodes running Fabric version 1.4.x can be upgraded to 2.x.

After which, the capabilities of your channels can also be increased to v2.0, allowing full access to the latest Fabric features like the smart contract lifecycle.

GROW --- Scalability and flexibility

  • Choose your compute. You have the flexibility to decide the amount of CPU, memory, and storage you want to provision in your Kubernetes cluster. For more information, see Allocating resources.
  • Scale up and down the resources in your Kubernetes cluster, paying for only what you need. For more information, see Pricing.
  • Disaster recovery and multi-region high availability (HA). This option duplicates your Kubernetes deployment across zones and regions, enabling high availability (HA) of your components and disaster recovery (DR).
  • Connect to other Fabric networks: Join IBM Blockchain Platform peers to any network running Hyperledger Fabric components. Similarly, you can invite Fabric peers to join channels hosted on an ordering service deployed on the IBM Blockchain Platform. Note that you will need to use Hyperledger Fabric APIs or the CLI.

This offering is intended for experienced Fabric users who want to build and manage their own networks.

Have questions and want to speak to an IBM Blockchain Platform expert? Schedule a consult now to learn more about how blockchain can transform your business.

Supported IBM Cloud configuration

Reminder: If your IBM Blockchain Platform instance is linked to an IBM Cloud Kubernetes Service cluster that is no longer supported, you must immediately upgrade it to a supported version listed in the table below. See Kubernetes version information for Kubernetes version details. For the actual steps that are required, see Updating clusters, worker nodes, and cluster components.

Table 1. Supported IBM Cloud configuration
Kubernetes
  • v1.24 - v1.26
Orchestration Service
  • Kubernetes
  • OpenShift Container Platform on IBM Cloud 4.9, 4.10, 4.11, 4.12
Infrastructure
  • Classic
Hardware Security Module (HSM)A physical appliance that provides on-demand encryption, key management, and key storage as a managed service.
VLANA logical association of switch ports based upon a set of rules or criteria, such as Medium Access Control (MAC) addresses, protocols, network address, or multicast address. This concept permits the LAN to be segmented again without requiring physical rearrangement.
  • VLAN spanning must be enabled for multi-zone clusters.
  • Because private ingress is not supported, a cluster with only private VLANs is not supported as a public internet connection is required for a connection between the IBM Blockchain cluster and the customer Kubernetes cluster. A cluster with private and public VLANs configured is supported.
Storage
  • File
  • Block
  • Portworx
  • Object (For backups only, not intended for live storage)

Fabric Component Support

Support for Hyperledger Fabric v1.4 is now deprecated, and support for Fabric v1.4 will be removed from IBM Blockchain Platform on March 31, 2023. Users should therefore upgrade to Fabric v2.2 as soon as possible. Your applications may require changes as a result of upgrading to v2.2, so please plan for appropriate testing. Note that Fabric v1.4 has not been supported by the Hyperledger community since April of 2021. In addition, Fabric v1.4 uses Golang v1.14, which is no longer receiving security updates from the Golang community.

The following support levels are provided for Hyperledger Fabric v1.4.12 (Deprecated), v2.2.4, v2.2.5, and Fabric CA v1.5.0 and v1.5.2.

Using IBM Certified Fabric Images, Kubernetes Operator, and Certified Fabric Operations Console are required for support and provide Hyperledger Fabric clients with a verified production setup, simplified management and support, and verified security patches.

Table 2. Fabric component support
Fabric Component Support Level
IBM Certified Fabric images deployed using Kubernetes Operator and managed via the Certified Fabric Operations Console image. All Certified Fabric images include IBM fix support for supported Hyperledger Fabric versions.
Supported Environments Recent Kubernetes and OpenShift versions on IBM Cloud, third-party Cloud or local installations.
Hyperledger Fabric without IBM Certified Images, Kubernetes Operator or Certified Fabric Operations Console image. Not included in support - community support only
Hyperledger Fabric Labs Support Fabric Operations Console via Certified Image and deployed by Kubernetes Operator is supported.
Hyperledger Fabric Open Source Projects - IBM Blockchain GitHub Open source projects are not included in support, with the exception of Ansible. All other open source projects are community support only.
Hyperledger Fabric SDK and CLI Basic connectivity diagnostics is supported. Code support and SDK API usage and tuning are not included in support - community support only.
Hyperledger Fabric Chaincode Basic chaincode diagnostics is supported. Code support and tuning are not included in support - community support only.
Deployment Architecture and Design Basic deployment and management of highly available peer, orderer, and Certificate Authority nodes via the Console are supported. Detailed Deployment Architecture and Design are not included in support - see deployment options for more information.
Solution Architecture and Design Deploying and managing smart contracts via the Console are supported. Solution Architecture and Design are not included in support.
Performance Tuning Resource allocation via the Console is supported. Detailed performance analysis and tuning of the environment or application code are not included in support - see the documentation on creating highly available applications and using indexes with CouchDB.
Certificate Renewal Automatic and Manual Certificate renewal via the Certified Console image is supported. The user is responsible for keeping track of identities and performing manual certificate renewal. Using IBM Secrets Manager is recommended for keeping track of identities and certificates.

Considerations

Before you deploy the console, ensure that you understand the following considerations:

  • You are responsible for the management of health monitoring, security, and logging of your Kubernetes cluster on IBM Cloud. See this information for details on what IBM Cloud manages and what you are responsible for.
  • You are also responsible for monitoring the resource usage of your Kubernetes cluster on IBM Cloud. To monitor your Kubernetes resources, we recommend using the IBM Cloud Monitoring tool in combination with your IBM Cloud Kubernetes dashboard. If you need to increase storage capacity or performance of your cluster, see this information on how to modify your existing volume.
  • You are responsible for managing and securing your certificates and private keys. IBM does not store your certificates in the Kubernetes cluster or in the console. They are only kept in the local storage of your browser. If you switch browsers, you will have to import your created identities into that browser.
  • IBM Blockchain Platform is available in select regions. Refer to this topic on IBM Blockchain Platform locations for an updated list.
  • The default storage that is pre-selected for you when you provision a Kubernetes cluster in IBM Cloud is Gold. If you do not want to use the default File Storage that is pre-selected for you when you provision a Kubernetes cluster in IBM Cloud, you can provision storage of your choice. See this topic on Persistent storage considerations to learn more.
  • If you decide to include IBM Cloud multi-zone support in your Kubernetes cluster on IBM Cloud, you must provision your own storage. See Using Multizone (MZR) clusters with IBM Blockchain Platform for more details.
  • You can preview the IBM Blockchain Platform at no charge for 30 days when you link your IBM Blockchain Platform service instance to an IBM Cloud Kubernetes free cluster. Performance will be limited by throughput, storage and functionality. IBM Cloud will delete your cluster after 30 days and you cannot migrate any nodes or data from a free cluster to a paid cluster. If you choose a paid Kubernetes cluster instead of the limited free cluster, you will incur charges for the Kubernetes service to your IBM Cloud account.
  • Kubernetes clusters that are configured with private VLANs are not supported.

License and pricing

IBM Blockchain Platform for IBM Cloud introduces a new hourly pricing model based on virtual processor core (VPC) usage. The simplified model is based on the amount of CPU (or VPC) that your IBM Blockchain Platform nodes consume on an hourly basis, at a flat rate of $0.29 USD/VPC-hour, where 1 VPC = 1 CPU. See this topic on Pricing for more details.

Getting started

For information about how to deploy IBM Blockchain Platform for IBM Cloud, see Getting started with IBM Blockchain Platform for IBM Cloud.

For more information about how to use the console to start deploying nodes and building consortium, see the Building your network tutorial. This tutorial guides you through the process of using the console to create a sample network with three organizations, one ordering organization, two peer organizations, and a channel with two peers joined to it. You can use this sample network to for demos or proofs of concept or adjust and expand the steps in the tutorial to create your own custom blockchain configuration.

Architecture reference

The following illustrations show the components of your blockchain network and how they interact with your cluster.

IBM Blockchain Platform on IBM Cloud Kubernetes Service Architecture

IKS Sample network structure
Figure 1. Architecture diagram of IBM Blockchain Platform on IBM Cloud Kubernetes Service

Notice how a single instance of the console, also known as Operational Tooling, is created for each IBM Blockchain Platform Service Instance. When a peer, orderer or CA node is deployed by using the console, it is deployed into the Kubernetes Cluster Service Instance.

IBM Blockchain Platform Kubernetes Cluster Description
Operational Tooling Also known as the "console", this is your central user interface for operating all of your blockchain components. With this console you can create CA, peer, and ordering nodes, create channels and use smart contracts. The console is deployed in an IBM-owned cluster. There is no charge for this tooling or the Kubernetes cluster on IBM Cloud where it runs.
Kubernetes cluster on IBM Cloud instance Description
Operator A Kubernetes operator that is used to deploy the console.
Ingress A Kubernetes object that allows access to the cluster resources from outside the cluster.
Proxy The IBM Blockchain Platform proxy is responsible for routing traffic to the correct peer, CA and ordering nodes by using host header routing.
Peers, CAs, ordering nodes These are the nodes that are created. These nodes can also be imported from other consoles. Because the private keys are never stored by IBM, every peer and ordering node includes a gRPC web proxy that allows the console to communicate with each node by using the keys in the wallet.
RBAC Role based access control. The IBM Blockchain Platform configures Kubernetes RBAC in the cluster which is required to manage blockchain components in the cluster.

IBM Blockchain Platform on Red Hat OpenShift Architecture

OCP Sample network structure
Figure 2. Architecture diagram of IBM Blockchain Platform on Red Hat OpenShift in IBM Cloud

A single instance of the console, also known as Operational Tooling, is created for each IBM Blockchain Platform service instance. When a peer, ordering node, or CA is deployed by using the console, it is deployed into the Red Hat OpenShift Cluster Service Instance.

Table 4. Components that reside in the IBM Blockchain Platform Kubernetes Cluster
IBM Blockchain Platform Red Hat OpenShift Cluster Description
Operational Tooling Also known as the console, this is your central user interface for operating all of your blockchain components. With this console you can now create CA, peer, and ordering nodes, create channels and use smart contracts. The console is deployed in an IBM-owned cluster. There is no charge for this tooling or the Kubernetes cluster on IBM Cloud where it runs.
OpenShift cluster Description
Operator A Kubernetes operator that is used to deploy the console.
Routes An OpenShift route is a way to expose a service by giving it an externally reachable hostname.
Proxy The IBM Blockchain Platform proxy is responsible for routing traffic to the correct peer, CA and ordering nodes by using host header routing.
Peers, CAs, Ordering nodes These are the nodes that are created. Note: these nodes could also be imported from other Kubernetes Cluster Service Instances. Because the keys are never stored by IBM, every peer and ordering node includes a gRPC web proxy that allows the console to communicate with each node by using the keys in the wallet.
RBAC Role based access control. The IBM Blockchain Platform configures OpenShift RBAC in the cluster which is required to manage blockchain components in the cluster.

Integrating with IBM Cloud and other third-party services

IBM Blockchain Platform can leverage a suite of services provided in the IBM Cloud catalog to enable users more visibility into their network or to integrate with other services.

IBM Blockchain Platform integrations
Figure 2.IBM Cloud Integrations

Access control

Monitoring

Storage

  • Utilize IBM Cloud File or Block storage when blockchain nodes are provisioned. See the topic on Persistent storage considerations to learn more about how blockchain integrates with IBM Cloud storage options.

  • Set up Portworx to manage local persistent storage across your containerized databases, or share data between pods across multiple zones.

For more information about available IBM Cloud services and other third-party integrations, see this list of Supported IBM Cloud and third-party integrations.

Compliance

For a list of the current security certifications that IBM Blockchain Platform adheres to, see the Software Compatibility Reports.

Getting support

For more information about how to get support on IBM Blockchain Platform for IBM Cloud, as well as free blockchain developer resources and support forums that you can use to troubleshoot problems, see Getting support.