About IBM Blockchain Platform for IBM Cloud

The IBM Blockchain Platform for IBM Cloud is the next generation of IBM Blockchain Platform offerings, which gives you total control over your deployments, certificates, and private keys. It includes the new IBM Blockchain Platform console, a user interface that can simplify and accelerate the process of deploying components into a Kubernetes cluster on IBM Cloud managed and controlled by you. For more information about deploying an Kubernetes cluster on IBM Cloud, see Kubernetes.

A key benefit of the platform is that IBM tests the open source code for security vulnerabilities daily and provides 24x7x365 support with SLAs appropriate for production environments.

If you are interested in learning more about how to use IBM Blockchain Platform on Red Hat OpenShift Container Platform, Red Hat Open Kubernetes Distribution, or any Kubernetes v1.16 - v1.19 container platform on x86_64 hardware, see Getting started with IBM Blockchain Platform 2.5.1.

If you are an experienced Hyperledger Fabric customer and are interested in learning more about how to use the IBM Blockchain peer, CA, orderer, and smart contract container images, see Using the IBM Blockchain images .

Watch the following video for an introduction to blockchain and the IBM Blockchain Platform:

• Video script

  By now you've probably heard of the IBM Blockchain Platform, the leading permissioned enterprise blockchain solution in the world. But what is a permissioned blockchain? And what is the IBM Blockchain Platform? The modern world is interwoven and interactive place.

  But under the surface it's still following some pretty old rules.

  Jerry here on the left uses a different record keeping system than Door2Door Logistics on the right, which means they have to spend a lot of time figuring out what the truth is before they can make a deal.

  This process is not just slow, it's vulnerable. A successful hack or other problem can mean records are lost forever. As a result, businesses sacrifice efficiency for security and lock their records away.

  But what if businesses shared their records, and shared the burden of protecting them? What if Jerry's Modern Fabrics and Door2Door Logistics and their business partners never had to spend time arguing over who's right because every time an asset moves from one to the other you've records updated at the same time? And what if those records, once written, could never been changed?

  This network, leveraging what's called Distributed Ledger Technology, already exists. It's an open blockchain network like Bitcoin. But there's a problem. Businesses don't necessarily want the records of their transactions shared with everyone, especially in a network like Bitcoin where users are unknown. In some industries, it's actually illegal to share data that way.

  What Jerry's Modern Fabrics and Door2Door Logistics need is a permissioned blockchain like IBM Blockchain Platform, where businesses can form networks with known, established partners and still take advantage of the robustness and efficiency of blockchains. But this too creates a problem. Who owns this network? Who runs it? The answer is: no one does.

  Once an IBM Blockchain network has been established, its rules and practices are managed collectively, mimicking the kind of consensus process that governs the way transactions themselves are approved and written to the ledgers in the network.

  But the IBM Blockchain Platform doesn't just stop with permissions and identities, users also have the ability to create channels where a few members of a network can get together and transact privately.

  Additionally, private data collections can be established, which allows a few channel members to share certain transactions just with each other, without needing a whole separate channel.

  Because components are hosted in clusters that are owned and controlled by users, the IBM Blockchain Platform is naturally compliant with data residency rules.

  All of these processes are managed through an award winning UI we call the console, which, along with custom APIs, makes the powerful open-source Hyperledger Fabric blockchain painless to use.

  The console integrates seamlessly with the rest of the IBM Blockchain Platform suite, including a powerful VS Code extension which allows users to create and test smart contracts and applications and then package and install them on production networks.

  Because the console can run on both IBM Cloud and any cloud supported by Red Hat's Open Shift, the console can run nearly everywhere and consoles in different clouds can connect to each other and to nodes deployed on Hyperledger Fabric.

  But how many CAs, which create identities and define organizations, do I need?

  How many peers, which host ledgers and have smart contracts installed on them, should I deploy on a channel to make sure I have no downtime?

  Because you only pay for the compute you use, it's painless to transition from pilot programs to full production networks using the IBM Blockchain Platform. The IBM Garage is here to help assist you in finding the right configuration for every use case.

  The world is moving too fast to keep doing things the old way. Go to cloud dot IBM dot com today and check out the IBM blockchain platform.

What the IBM Blockchain Platform offers

This latest release is tailored to experienced IBM Blockchain and Hyperledger Fabric users and lets them host and join IBM Blockchain networks. If you are an existing Enterprise Plan customer, instead of IBM managing your network, you now have total control with the ability to provision, monitor, and manage your components inside your own Kubernetes cluster.

The IBM Blockchain Platform includes the following key features:

BUILD ---- Integrated developer experience

smart contracts in Node.js, Golang, Java, or JavaScript. Use the IBM Blockchain Platform Developer Tools to easily develop smart contracts locally or use Red Hat CodeReady Workspaces to develop them in the cloud. Leverage SDK integration with the console, and learn from our rich tutorials and samples. peers or ordering nodes. Leverage the latest features of Hyperledger Fabric v1.4.9 and v2.2.1:
• Smart contract lifecycle
• Raft ordering service
• Private data collections that provide increased data privacy by ensuring that ledger data is shared to only authorized peers via the gossip protocol.
• Fabric Node OUs
• Service discovery, allowing you to dynamically discover and update how your application interacts with your network.
• Channel access control lists that allow you additional control of the governance of your channels and smart contracts.

OPERATE --- Total control of your deployments

peers that are hosted in the cluster to multiple channels on multiple clouds, or invite other organizations to join your consortium or channels while the organizations manage their nodes independently across infrastructures. Hardware Security Module (HSM) to generate and store the private key of your nodes. channels, and deploy smart contracts from your console. peers needing privileged access. upgraded to 2.x. After which, the capabilities of your channels can also be increased to v2.0, allowing full access to the latest Fabric features like the smart contract lifecycle.

GROW --- Scalability and flexibility

Allocating resources. Pricing. disaster recovery (DR). peers to any network running Hyperledger Fabric components. Similarly, you can invite Fabric peers to join channels hosted on an ordering service deployed on the IBM Blockchain Platform. Note that you will need to use Hyperledger Fabric APIs or the CLI.

This offering is intended for experienced Fabric users who want to build and manage their own networks.

Have questions and want to speak to an IBM Blockchain Platform expert? Schedule a consult now to learn more about how blockchain can transform your business.

Supported IBM Cloud configuration

Reminder: IBM Cloud Kubernetes Service 1.15 is no longer supported. If your IBM Blockchain Platform instance is linked to an IBM Cloud Kubernetes Service 1.15 cluster, you must immediately upgrade it to IBM Cloud Kubernetes Service 1.16. Customers can only upgrade their 1.15 clusters to 1.16 until January 29, 2021. After January 29, 2021, any clusters or worker nodes running 1.15 can no longer be upgraded and become unusable. Be aware that IBM Cloud Kubernetes Service 1.16 is already deprecated, therefore now is a good time to upgrade to 1.17 which is supported until March 2021. To get started, see 1.15 to 1.16 version considerations and 1.16 to 1.17 considerations. For the actual steps that are required, see Updating clusters, worker nodes, and cluster components. For the list of IBM Cloud Kubernetes Service supported versions and expiration dates see the release history.

Kubernetes	v1.17 - v1.19
Orchestration Service	Kubernetes OpenShift Container Platform on IBM Cloud 4.4, 4.5
Infrastructure	Classic
Hardware Security Module (HSM)	Tested with Cloud HSM Support any HSM that implements the PKCS #11 standard
VLAN	VLAN spanning must be enabled for multi-zone clusters. Because private ingress is not supported, a cluster with only private VLANs is not supported as a public internet connection is required for a connection between the IBM Blockchain cluster and the customer Kubernetes cluster. A cluster with private and public VLANs configured is supported.
Storage	File Block Portworx Object (For backups only, not intended for live storage)

Virtual Private Cloud (VPC) infrastructure is currently not supported.

Considerations

Before you deploy the console, ensure that you understand the following considerations:

• You are responsible for the management of health monitoring, security, and logging of your Kubernetes cluster on IBM Cloud. See this information for details on what IBM Cloud manages and what you are responsible for.
• You are also responsible for monitoring the resource usage of your Kubernetes cluster on IBM Cloud. To monitor your Kubernetes resources, we recommend using the IBM Cloud Sysdig tool in combination with your IBM Cloud Kubernetes dashboard. If you need to increase storage capacity or performance of the cluster, see this information on how to modify your existing volume.
• You are responsible for managing and securing your certificates and private keys. IBM does not store your certificates in the Kubernetes cluster or in the console. They are only kept in the local storage of your browser. If you switch browsers, you will have to import your created identities into that browser.
• IBM Blockchain Platform is available in select regions. Refer to this topic on IBM Blockchain Platform locations for an updated list.
• The default storage that is pre-selected for you when you provision a Kubernetes cluster in IBM Cloud is Gold, if the cluster is running Kubernetes v1.17 or higher, and Bronze if you are running Kubernetes v1.16. If you do not want to use the default File Storage that is pre-selected for you when you provision a Kubernetes cluster in IBM Cloud, you can provision storage of your choice. See this topic on Persistent storage considerations to learn more.
• If you decide to include IBM Cloud multi-zone support in your Kubernetes cluster on IBM Cloud, you must provision your own storage. See Using Multizone (MZR) clusters with IBM Blockchain Platform for more details.
• We can preview the IBM Blockchain Platform at no charge for 30 days when you link your IBM Blockchain Platform service instance to an IBM Cloud Kubernetes free cluster. Performance will be limited by throughput, storage and functionality. IBM Cloud will delete the cluster after 30 days and you cannot migrate any nodes or data from a free cluster to a paid cluster. If you choose a paid Kubernetes cluster instead of the limited free cluster, you will incur charges for the Kubernetes service to your IBM Cloud account.
• Kubernetes clusters that are configured with private VLANs are not supported.

Migration

Currently, migration from any IBM Blockchain Platform offering to the IBM Blockchain Platform for IBM Cloud is not possible.

License and pricing

IBM Blockchain Platform for IBM Cloud introduces a new hourly pricing model based on virtual processor core (VPC) usage. The simplified model is based on the amount of CPU (or VPC) that your IBM Blockchain Platform nodes consume on an hourly basis, at a flat rate of $0.29 USD/VPC-hour, where 1 VPC = 1 CPU. See this topic on Pricing for more details.

Getting started

For information about how to deploy IBM Blockchain Platform for IBM Cloud, see Getting started with IBM Blockchain Platform for IBM Cloud.

For more information about how to use the console to start deploying nodes and building consortium, see the Building your network tutorial. This tutorial guides you through the process of using the console to create a sample network with three organizations, one ordering organization, two peer organizations, and a channel with two peers joined to it. We can use this sample network to for demos or proofs of concept or adjust and expand the steps in the tutorial to create your own custom blockchain configuration.

Architecture reference

The following illustrations show the components of your blockchain network and how they interact with the cluster.

IBM Blockchain Platform on IBM Cloud Kubernetes Service Architecture

Notice how a single instance of the console, also known as Operational Tooling, is created for each IBM Blockchain Platform Service Instance. When a peer, orderer or CA node is deployed by using the console, it is deployed into the Kubernetes Cluster Service Instance.

Operational Tooling	Also known as the "console", this is your central user interface for operating all of your blockchain components. With this console we can create CA, peer, and ordering nodes, create channels and use smart contracts developed with IBM's VS Code extension. The console is deployed in an IBM-owned cluster. There is no charge for this tooling or the Kubernetes cluster on IBM Cloud where it runs.

Operator	A Kubernetes operator that is used to deploy the console.
Ingress	A Kubernetes object that allows access to the cluster resources from outside the cluster.
Proxy	The IBM Blockchain Platform proxy is responsible for routing traffic to the correct peer, CA and ordering nodes by using host header routing.
Peers, CAs, ordering nodes	These are the nodes that are created. These nodes can also be imported from other consoles. Because the private keys are never stored by IBM, every peer and ordering node includes a gRPC web proxy that allows the console to communicate with each node by using the keys in the wallet.
RBAC	Role based access control. The IBM Blockchain Platform configures Kubernetes RBAC in the cluster which is required to manage blockchain components in the cluster.

IBM Blockchain Platform on Red Hat OpenShift Architecture

A single instance of the console, also known as Operational Tooling, is created for each IBM Blockchain Platform service instance. When a peer, ordering node, or CA is deployed by using the console, it is deployed into the Red Hat OpenShift Cluster Service Instance.

Operational Tooling	Also known as the console, this is your central user interface for operating all of your blockchain components. With this console you can now create CA, peer, and ordering nodes, create channels and use smart contracts developed with IBM's VS Code extension. The console is deployed in an IBM-owned cluster. There is no charge for this tooling or the Kubernetes cluster on IBM Cloud where it runs.

Operator	A Kubernetes operator that is used to deploy the console.
Routes	An OpenShift route is a way to expose a service by giving it an externally reachable hostname.
Proxy	The IBM Blockchain Platform proxy is responsible for routing traffic to the correct peer, CA and ordering nodes by using host header routing.
Peers, CAs, Ordering nodes	These are the nodes that are created. Note: these nodes could also be imported from other Kubernetes Cluster Service Instances. Because the keys are never stored by IBM, every peer and ordering node includes a gRPC web proxy that allows the console to communicate with each node by using the keys in the wallet.
RBAC	Role based access control. The IBM Blockchain Platform configures OpenShift RBAC in the cluster which is required to manage blockchain components in the cluster.

Integrating with IBM Cloud and other third-party services

IBM Blockchain Platform can leverage a suite of services provided in the IBM Cloud catalog to enable users more visibility into their network or to integrate with other services.

Access control

• Securely authenticate users and control access to all cloud resources using IBM Cloud Identity and Access Management (IAM).

Monitoring

• Use IBM Cloud Activity Tracker with LogDNA service to troubleshoot logs in real-time, diagnose issues, and identify problems in your Kubernetes cluster on IBM Cloud.

• Use IBM Cloud Activity Tracker with Sysdig to monitor the activity and the health of services and applications in the Kubernetes cluster on IBM Cloud.

• See this tutorial on how to Analyze logs and monitor application health with LogDNA and Sysdig.

• The IBM Blockchain Platform peers and orderers are automatically configured to expose a /metrics endpoint that Prometheus can use to scrape a wide variety of blockchain metric data. Read more about using Prometheus in IBM Cloud.

Storage

• Utilize IBM Cloud File Storage when blockchain nodes are provisioned. See the topic on Persistent storage considerations to learn more about how blockchain integrates with IBM Cloud storage options.

• Set up Portworx to manage local persistent storage across your containerized databases, or share data between pods across multiple zones.

For more information about available IBM Cloud services and other third-party integrations, see this list of Supported IBM Cloud and third-party integrations.

Compliance

For a list of the current security certifications that IBM Blockchain Platform adheres to, see the Software Compatibility Reports.

Getting support

For more information about how to get support on IBM Blockchain Platform for IBM Cloud, as well as free blockchain developer resources and support forums that you can use to troubleshoot problems, see Getting support.