Multi-cloud blockchain DLT

Arc
Azure DevOps
Kubernetes Service

Blockchain and Distributed Ledger Technology (DLT) networks are multi-party systems. Each party can have its own tools, methodology, and cloud provider. Some providers' public or private blockchain networks might have limited region availability, scalability, or network segregation.

The open-source Blockchain Automation Framework (BAF) is a consistent way to deploy production-ready DLTs across different public and private clouds. But while BAF can manage deployments, it doesn't provide central infrastructure management and monitoring. Although some cloud providers' blockchain services provide infrastructure management, they might require all parties to be in the same cloud or infrastructure.

To join forces and build a blockchain network, parties that use different cloud providers and infrastructures need a common management platform. This platform should offer standard visibility, operations, and compliance across a wide range of resources and locations, regardless of hosting infrastructure.

This article explores how the BAF and Azure Arc-enabled Kubernetes can build a cross-cloud blockchain solution that focuses on portability and control.

Potential use cases

This approach supports:

  • Heterogeneous DLT deployments where separate organizations own and manage each node.

  • Centralized DevOps, monitoring, and compliance management across multi-party networks.

Architecture

This solution provides a heterogeneous, multi-party, cloud-agnostic DLT network. Parties can host their nodes anywhere and still be part of the network.

Diagram showing a three-party blockchain network with each party using a different cloud provider, managed and monitored through BAF and Azure Arc.

  1. Kubernetes is the standard infrastructure that hosts both the ledger and the application. This example assumes three managed Kubernetes clusters.

    Each party hosts their nodes in a different location.

  2. BAF deploys the distributed network across the three cloud services.

  3. Azure Arc-enabled Kubernetes centrally manages and monitors all the Kubernetes clusters, with:

  4. Azure DevOps provides application and infrastructure lifecycle management. An Ansible Controller on an Azure Linux virtual machine (VM) is the custom Azure DevOps continuous integration and continuous delivery (CI/CD) agent.

  5. Azure Container Registry stores and shares private, application-related container images. Docker Registry pulls ledger-specific images.

Components

  • Kubernetes is the container-based infrastructure that hosts both the ledger and applications. This example assumes three managed Kubernetes clusters, one each in AKS, Amazon EKS, and GCP GKE. You can host your Kubernetes clusters in almost any public or private locations.

  • The open-source Blockchain Automation Framework (BAF) is a way to deliver consistent, production-ready DLT networks on public and private cloud-based infrastructures. BAF supports Quorum, Corda, and Hyperledger DLTs.

  • Azure Arc standardizes visibility, operations, and compliance across resources and locations by extending the Azure control plane.

  • Azure Arc-enabled Kubernetes centrally manages Kubernetes clusters in any location. Azure Arc-enabled Kubernetes works with any Cloud Native Computing Foundation (CNCF)-certified Kubernetes cluster, including:

    • AKS engine on Azure
    • AKS engine on Azure Stack Hub
    • Amazon EKS
    • GCP GKE
    • VMware vSphere
  • Azure Monitor is a comprehensive solution for collecting, analyzing, and acting on telemetry. Azure Monitor Container insights monitors the performance of container workloads deployed to Azure Arc-enabled Kubernetes clusters.

  • Azure Policy helps enforce organizational standards and assess compliance at scale. Azure Policy for Kubernetes can manage and report on the compliance state of all Azure Arc-enabled Kubernetes clusters.

  • Azure Container Registry can build, store, and manage container images and artifacts for all types of container deployments.

  • Azure DevOps is a set of developer services providing comprehensive application and infrastructure lifecycle management. Azure DevOps includes work tracking, source control, build and CI/CD, package management, and testing solutions.

Alternatives

Considerations

For AKS best practices, see Baseline architecture for an Azure Kubernetes Service (AKS) cluster. You can find similar guidance for other cloud providers.

Availability and scalability

Although Azure Arc can manage and monitor Kubernetes clusters, each cluster must independently implement scalability, high availability, and disaster recovery capabilities.

Security

BAF uses HashiCorp Vault for certificate and key storage. To use BAF, you need at least one Vault server. BAF recommends one Vault per organization for production-ready projects.

Deploy this scenario

  1. For this example, create managed Kubernetes clusters in AKS, GKE, and EKS, and onboard the clusters to Azure Arc.
  2. Follow steps for installing and configuring BAF prerequisites.
  3. (Optional) Create an Azure DevOps organization and project, and clone the BAF repo into the new Azure DevOps project.
  4. (Optional) Create an Ansible Controller VM in Azure as the custom build agent to deploy BAF components.

Pricing

To estimate Azure resource costs, use the Azure pricing calculator.

Next steps