Blockchain and Distributed Ledger Technology (DLT) networks are multi-party systems. Each party can have its own tools, methodology, and cloud provider. Some providers' public or private blockchain networks might have limited region availability, scalability, or network segregation.
The open-source Blockchain Automation Framework (BAF) is a consistent way to deploy production-ready DLTs across different public and private clouds. But while BAF can manage deployments, it doesn't provide central infrastructure management and monitoring. Although some cloud providers' blockchain services provide infrastructure management, they might require all parties to be in the same cloud or infrastructure.
To join forces and build a blockchain network, parties that use different cloud providers and infrastructures need a common management platform. This platform should offer standard visibility, operations, and compliance across a wide range of resources and locations, regardless of hosting infrastructure.
This article explores how the BAF and Azure Arc-enabled Kubernetes can build a cross-cloud blockchain solution that focuses on portability and control.
Potential use cases
This approach supports:
Heterogeneous DLT deployments where separate organizations own and manage each node.
Centralized DevOps, monitoring, and compliance management across multi-party networks.
Architecture
This solution provides a heterogeneous, multi-party, cloud-agnostic DLT network. Parties can host their nodes anywhere and still be part of the network.

Kubernetes is the standard infrastructure that hosts both the ledger and the application. This example assumes three managed Kubernetes clusters.
- Party A uses Azure Kubernetes Service (AKS).
- Party B uses GCP Google Kubernetes Engine (GKE).
- Party C uses Amazon Elastic Kubernetes Service (EKS).
Each party hosts their nodes in a different location.
BAF deploys the distributed network across the three cloud services.
Azure Arc-enabled Kubernetes centrally manages and monitors all the Kubernetes clusters, with:
- GitOps-based cluster configuration deployment and management.
- Azure Monitor Container insights monitoring.
- Azure Policy for Kubernetes policy management.
Azure DevOps provides application and infrastructure lifecycle management. An Ansible Controller on an Azure Linux virtual machine (VM) is the custom Azure DevOps continuous integration and continuous delivery (CI/CD) agent.
Azure Container Registry stores and shares private, application-related container images. Docker Registry pulls ledger-specific images.
Components
Kubernetes is the container-based infrastructure that hosts both the ledger and applications. This example assumes three managed Kubernetes clusters, one each in AKS, Amazon EKS, and GCP GKE. You can host your Kubernetes clusters in almost any public or private locations.
The open-source Blockchain Automation Framework (BAF) is a way to deliver consistent, production-ready DLT networks on public and private cloud-based infrastructures. BAF supports Quorum, Corda, and Hyperledger DLTs.
Azure Arc standardizes visibility, operations, and compliance across resources and locations by extending the Azure control plane.
Azure Arc-enabled Kubernetes centrally manages Kubernetes clusters in any location. Azure Arc-enabled Kubernetes works with any Cloud Native Computing Foundation (CNCF)-certified Kubernetes cluster, including:
- AKS engine on Azure
- AKS engine on Azure Stack Hub
- Amazon EKS
- GCP GKE
- VMware vSphere
Azure Monitor is a comprehensive solution for collecting, analyzing, and acting on telemetry. Azure Monitor Container insights monitors the performance of container workloads deployed to Azure Arc-enabled Kubernetes clusters.
Azure Policy helps enforce organizational standards and assess compliance at scale. Azure Policy for Kubernetes can manage and report on the compliance state of all Azure Arc-enabled Kubernetes clusters.
Azure Container Registry can build, store, and manage container images and artifacts for all types of container deployments.
Azure DevOps is a set of developer services providing comprehensive application and infrastructure lifecycle management. Azure DevOps includes work tracking, source control, build and CI/CD, package management, and testing solutions.
Alternatives
Ambassador API Gateway manages cross-node communications, but you can use a cloud native API Gateway like Azure API Management over the internet. For more information, see Deploy to Azure Kubernetes Service.
You can also use External-DNS with Azure DNS service.
You can get Internet Protocol Security (IPSec) private connections with tools like Submariner.
Considerations
For AKS best practices, see Baseline architecture for an Azure Kubernetes Service (AKS) cluster. You can find similar guidance for other cloud providers.
Availability and scalability
Although Azure Arc can manage and monitor Kubernetes clusters, each cluster must independently implement scalability, high availability, and disaster recovery capabilities.
Security
BAF uses HashiCorp Vault for certificate and key storage. To use BAF, you need at least one Vault server. BAF recommends one Vault per organization for production-ready projects.
Deploy this scenario
- For this example, create managed Kubernetes clusters in AKS, GKE, and EKS, and onboard the clusters to Azure Arc.
- Follow steps for installing and configuring BAF prerequisites.
- (Optional) Create an Azure DevOps organization and project, and clone the BAF repo into the new Azure DevOps project.
- (Optional) Create an Ansible Controller VM in Azure as the custom build agent to deploy BAF components.
Pricing
To estimate Azure resource costs, use the Azure pricing calculator.
Next steps
- Baseline architecture for an Azure Kubernetes Service (AKS) cluster
- Azure Arc Jumpstart
- Blockchain workflow application
- Azure Arc hybrid management and deployment for Kubernetes clusters
- Deploy Hyperledger Fabric consortium on Azure Kubernetes Service
- CI/CD workflow using GitOps - Azure Arc-enabled Kubernetes
- Containers and container orchestrators for AWS professionals
- Containers and container orchestrators for GCP professionals