Using Microsoft Azure to add Blockchains to enterprise solutions
By David Goon, Technical Evangelist at Microsoft
If you have heard of Blockchains, or distributed ledgers, you may be wondering how to use them in production solutions. As a technology, it can seem unapproachable. This month, our close partner Utilidex has agreed to publish the work they had been doing with Microsoft on Blockchain. Utilidex has a wider initiative to demystify and help with the adoption of Blockchain in energy as explained on their blog.
This article explains the Utilidex solution and how Ethereum Blockchains will be incorporated into Utilidex’s wider energy offerings on the Microsoft Azure platform.
Considerations
While public Bitcoin and similar Unspent Transaction Output (UTXO) distributed ledgers are well established, those that can execute code, such as Ethereum Smart Contracts, are relatively new at the time of writing (e.g. Ethereum released in 2015) and is not fully developed for private enterprise use.
Our focus was on enterprise capabilities over the underlying Blockchain technology. Ethereum was chosen because it was the best option to work with at the time. The design considerations can apply to any Blockchain implementation. With Utilidex, we looked at:
- Establishing a secure environment for the Ethereum infrastructure – At the time, Ethereum Blockchains ran on virtual machines and exposed unprotected endpoints. We needed to secure these if they were to be used in a production solution. This was done via Azure’s Virtual Networks, Azure App Services VNet Integration and Network Security Groups.
- Automating deployment of participant components – We expect Utilidex customers to prefer a turn-key ability to participate in the solution. This meant deploying both virtual machines and Platform-as-a-Service components such as Web Apps. To enable this, we turned to Azure Resource Manager and PowerShell to script deployments.
- Developing Smart Contract code that minimizes risks while maximizing value - We designed each function to be as atomic and as self-contained as possible. The design moves complex data shaping to other solution components, with the Smart Contract performing simple state changes that are implicitly tracked by the Blockchain.
- Building a pattern for enterprise solution integration with the Blockchain – To maintain developer productivity, we leveraged Azure App Services. Specifically, Web Apps to provide the solution frontend, API Apps for the API layer and SQL Databases for data storage. Nethereum was then used to provide integration to Ethereum.
- Protecting access to the whole with user-level authentication and authorization – By leveraging Azure Active Directory to protect the solution apps and APIs.
Approach
Our design used Ethereum for what we believe are its strengths (immutability) and implements business logic elsewhere. This simplifies the implementation and lowers the risks of errors with complex Smart Contract code.
Utilidex already enjoys Azure Platform-as-a-Service offerings. We thus maintained and maximized their use of Azure App Services and SQL Databases. Virtual Machines (IaaS) were limited to Ethereum needs. We incorporated the following services from the Azure PaaS catalogue. Additionally, all team collaboration and source repositories were stored on Visual Studio Team Services (VSTS).
For identity management, we use Azure Active Directory and have a central instance controlled by Utilidex specifically for the solution. New participants would register their users to this instance and thus gain access to the solution if Utilidex approves. This avoids federation complexity initially though it will need to be revisited if user single sign-on with their own credentials is desired.
The following summarises the design we arrived at.
Once the above was in place, then integration between Azure and Ethereum was done via the Nethereum library.
To make a Smart Contract call via Nethereum, we:
- Obtain the Smart Contract address and Application Binary Interface.
- Obtain the function signature on the Smart Contract to be called.
- Unlock the Ethereum account making the call with the account's passphrase.
- Make the call.
The following snippet shows the very basic steps. This sample was written to prove functionality quickly and refactoring will be needed to align with accepted current practice.
// STEP 1: Obtain the contract ABI
abi = db.GetContract(agreement.ContractID);
if (string.IsNullOrEmpty(abi))
{
Contracts coreAPIClient = new Contracts(new BChainCoreAPIs());
ClientCredential clientCredential = new ClientCredential(
Startup.ClientId,
Startup.AppSecret);
AuthenticationContext authContext = new AuthenticationContext(Startup.Authority);
AuthenticationResult result = await authContext.AcquireTokenAsync(
Startup.CoreAPIRecourceId,
clientCredential);
try
{
// Get the contract ABI from the core instance and save a copy locally
abi = coreAPIClient.Get(agreement.ContractID, result.AccessToken);
}
catch (Exception ex)
{
Debug.WriteLine(ex);
}
if (string.IsNullOrEmpty(abi))
{
success = false;
}
else
{
success = (db.AddContract(agreement.ContractID, abi) > 0);
}
}
// STEP 2: Get the function address to call on the smart contract
if (success)
{
try
{
func = web3.Eth.GetContract(
abi,
agreement.ContractID).GetFunction("CreateProposal");
}
catch (Exception ex)
{
Debug.WriteLine(ex);
}
success = (func != null);
}
// STEP 3: Unlock the account so we can call the smart contract
if (success)
{
string passphrase = db.GetAccountPassphrase(agreement.OriginatorAccount);
try
{
success = await web3.Personal.UnlockAccount.SendRequestAsync(
agreement.OriginatorAccount,
passphrase,
120);
}
catch (Exception ex)
{
success = false;
Debug.WriteLine(ex);
}
}
// STEP 4: Make the smart contract call
if (success)
{
object[] args = new object[] {
id,
agreement.OriginatorAccount,
agreement.CounterSigAccount };
try
{
// Call the CreateProposal function on the smart contract
await func.SendTransactionAsync(agreement.OriginatorAccount, args);
}
catch (Exception ex)
{
success = false;
Debug.WriteLine(ex);
}
}
Conclusion
Blockchain is constantly evolving as a technology. Through this partnership, Utilidex and Microsoft have gained valuable experience with Ethereum. With the work that was done, we found that while Blockchains provide a transformational ability for untrusted parties to work together, there are still many other capabilities that are needed for enterprise use. The Microsoft Azure platform provided services that credibly improved the Ethereum environment to meet those requirements.
“We are super excited about the possible business model transformation” commented Richard Brys, CEO Utilidex, “We’ve always approached this from the customer side, and how we make the market better for them. So the ideas our teams and customers are starting to come up with in the application of Blockchain is really exciting. And when you combine some interesting technologies like IoT, Analytics, Algorithms and Blockchain, you have a recipe for something new. The secret we believe is now in demystifying the technology, so customers will actually take it up. Otherwise it’s no good to anybody. And that’s why we decided to publish this work”.
More Information
Read the full discussion of the co-development activity between Microsoft and Utilidex at the published project repository on GitHub.
For a quick introduction to Blockchain, this Tech Days Online video provides a good overview.
This technology is rapidly developing. Since our effort, more implementations have been developed and increasingly address the needs for enterprises. For more information on Ethereum and other Blockchains, please refer to the non-exhaustive list below:
- Ethereum Blockchain App Platform
- Enterprise Ethereum Alliance
- P. Morgan’s Quorum
- Support for Multi-member Consortium Blockchain Networks on Azure
Contributors
With thanks to Abhinav Jain, Mike McCloskey, Munah Brys, Richard Brys, Samir Gupta, Sudhir Gupta, and Vaibhav Mishra from Utilidex; and Ben Roscorla, Gina Dragulin, John Donnelly, Jonathan Collinge, Michael Platt, Mike Ormond and Thomas Conte from Microsoft.