Blockchain has captured the attention of the business and technology world as a way to streamline business processes, verify transactions and reduce the potential for fraud. This article introduces Blockchain as a Service (BaaS) in Microsoft Azure, showing how it can be used to build a secured data structure and create a distributed transactional digital ledger.
There’s plenty of literature on the Internet about blockchain and how it started as a digital ledger for Bitcoin.
Blockchain is a secure, shared, distributed ledger that can be public, private or consortium (that is, restricted to named members only). It’s secure because it uses cryptography to create transactions that are difficult (if not impossible with current computing technology) with which to tamper. Shared among all nodes or peers in the chain is a data store and, as you’ll see shortly, business logic in the form of contracts. A blockchain value is indeed directly linked to the number of entities that participate in them. Critically, blockchain data and contracts are distributed, which means that there are many replicas of the database. And the more replicas there are, the more authentic it becomes. And finally, blockchain is a digital ledger, a transactional database that appends only immutable records of every transaction that occurs.
I’d like to reinforce this point about block chain being a distributed ledger. Traditional ledgers are centralized and use third-party systems, or middlemen, to approve and record transactions. Think of credit cards, banks, identity management systems and the like. This approach creates a challenge of trust and scale. Do you trust your middleman agent to act as a broker for all your transactions? Can the agent become a single point of failure? Can it be compromised?
In a blockchain, ledgers are distributed across the entire network, and there’s no need for any third-party system to be in the middle of a transaction. The technology maintains multiple replicas of data, as in a peer-to-peer file-sharing system, as each peer obtains a copy of the entire dataset. No one owns the entire thing, but everyone possesses a copy of it. Figure 1 depicts this arrangement.
The first blockchain, Bitcoin, emerged in 2009, with distinct limits. As a digital ledger, it simply records transactions and doesn’t keep track of digital asset account balances. Ownership of bit coins is verified by links to previous transactions, following the immutable history of blocks in the chain of recorded transactions. Also, Bitcoin doesn’t define any specific logic on how to handle a transaction and the conditions, for example, that the two involved parties must agree upon in a cryptocurrency exchange.
Blockchain technology evolved with the addition of smart contracts, which are small pieces of code that add logic to transactions. Think of smart contracts as a computer code representation of legal terms in a contract for goods or services. New blockchain ledgers emerged in the market, the most popular being Ethereum (ethereum.org) and Hyperledger Fabric (hyperledger.org), to add smart contract capability to the network. In these (let’s call them Blockchain 2.0) digital ledgers, smart contracts are now stored in a block and are distributed to all nodes along with related data.
Bitcoin’s blockchain is often referred to as Blockchain 1.0. It’s a simple ledger that records transactions in sequence and represents the state of the network at any given moment. Think of it simply as a distributed database.
But just as databases have evolved over time by adding logic execution capability—in the form of stored procedures, for example—blockchain has introduced smart contracts to handle the logic tier. However, smart contracts can operate on data only contained in the block where they’re stored. They can’t access external data or systems, as calling a service outside of the blockchain breaks the “circle of trust” that blockchain provides for cryptographic security and immutability of transactions. CRM, ERP and payroll systems all represent external entities that aren’t part of a blockchain, but may be involved in the exchange of data within a transaction. Blockchains need a way to securely receive external data, as well as access to secure execution of off-chain code.
To address this requirement, Microsoft introduced cryptlets as part of “Blockchain 3.0,” the blockchain of data, logic and cloud services. Figure 2 shows the progression of features.
Figure 2 Evolution of Blockchain
Cryptlets are off-chain code modules written in any language that can execute within a secure, isolated, trusted container and can communicate over secure channels. Cryptlets extend smart contracts to the outside world by providing services like encryption, time and date events, external data access, and identity authentication. Microsoft introduced cryptlets as part of its open source project code-named “Bletchley”, which has evolved into the Azure Blockchain Workbench product revealed at the Microsoft Build developer conference in May.
Bletchley is an architectural approach to building an enterprise consortium blockchain ecosystem. To be clear, this is not a blockchain stack. It’s Microsoft’s approach to bringing distributed ledger (blockchain) platforms into the enterprise and building real solutions addressing real business problems, while keeping the platform open.
Blockchain as a Service
Blockchain consists of:
- Single-node ledgers to simulate production for multiple divisions within a single organization.
- Multi-node ledgers to simulate production for multiple divisions within multiple organizations.
- Tools for development of decentralized applications distributed on a blockchain.
Decentralized applications (dApps) are applications that run on a peer-to-peer network of computers rather than a single computer. In blockchain context, think of a dApp as a client application that communicates to a smart contract for interacting with the blockchain network. A good introduction to dApps can be found on BlockchainHub.
The key characteristics of building a blockchain infrastructure in Azure are:
- Establish a secure environment that exposes protected endpoints. This can be done via Azure Virtual Networks, Azure App Services VNet Integration or Network Security Groups.
- Develop smart contracts, using any of the available development tools, such as Block stack Core, Ethereum Studio or Truffle.
- Automate deployment of participant components, both virtual machines and Platform-as-a-Service components. This can be enabled by Azure Resource Manager and PowerShell scripts.
- Protect access to data and logic, with user-level authentication and authorization, by implementing Azure AD to secure apps and APIs.
- In general, build architecture for enterprise solution integration with a blockchain ledger, leveraging Azure enterprise capabilities and worldwide distribution.
Azure BaaS, in a nutshell, represents not just a public cloud hosting provider for distributed ledgers, but an organic and integrated platform for building and delivering decentralized applications that run on a blockchain technology.