AWS for Industries
Streamlining Logistics Management for Air Cargo Using the Blockchain Automation Framework on Amazon EKS
Our customers find it tough to ensure compliance on tracking, security, support, and communication during cargo operations in an airport logistics hub. In this blog post, We will show how you can use Blockchain technologies like the Blockchain Automation Framework© (BAF) and AWS services like Amazon Elastic Kubernetes Service (Amazon EKS) to streamline the processes of an airport logistics hub business.
Our client is one of the busiest international air cargo logistics hubs in the world. To improve their business performance, our client has decided to use digital technologies to reduce bottlenecks and improve the speed, efficiency, and quality of air logistics services.
In this post, We’ll share how Accenture, an AWS Partner Network (APN) Premier Tier consulting partner and Managed Service Provider (MSP), helped the client use Amazon EKS to host a cloud-based distributed ledger ecosystem using BAF. This solution addresses the complexity of establishing trust and data security across multiple independent entities that form a part of the airport logistics supply-chain process.
As a large regional hub for air logistics operations, the client deals with hundreds of thousands of tons of cargo every quarter. This has highlighted the need for a de-centralized communication platform to fast-track the airport logistics hub process. Our client had to interact with multiple parties to negotiate, track, monitor, and secure cargo shipments. For example, international logistics service providers and shipping agencies were demanding better visibility and a more streamlined end-to-end automated process for cargo shipment and cargo management. Security agencies such as border agencies, customs authorities, food authorities, and more wanted real-time visibility into cargo manifests and shipper and receiver details to ensure speedier cargo clearance without compromising on security, and loosing taxation revenues. Today, most of this supply-chain process is performed using standalone systems and individual documents for different steps of the supply-chain flow.
The client partnered with Accenture to define the supply chain journey and the success criteria of the air cargo management ecosystem. The client identified the need to have a single electronic contract representation that flowed through the digital supply chain tracking the physical goods it was representing. This electronic contract representation could provide complete non-repudiation for the transaction originator and processors. This would ensure that all transactions and actions taken with respect to a cargo item could always be traced to a specific individual party in the supply chain. The immutability of the information captured at each step of the supply-chain process flow would be another required characteristic for the electronic contract representation. This would allow the solution to ensure that the contract could not be altered or changed, thus preventing the misuse of the supply chain process. The electronic contract would also be for cryptographically provable verifiability of the electronic contract document and its evolution through the process flow. A smart contract built on top of a blockchain platform delivers these capabilities.
Building this solution in the cloud allowed for a decentralized blockchain network that can be accessed by all parties, provide ability to scale and grow as the number of parties or cargo shipment volumes grew, and simplify management and operational costs of the solution. The use of a blockchain technology in the cloud would abstract the centralized nature of the cloud platform. The solution users would be interacting at the solution layer that allows for multiple entities to be onboarded and represented on the blockchain irrespective of the underlying compute infrastructure ownership.
Figure 1 shows the high-level solution. The solution uses an Hyperledger Fabric-based blockchain platform as a foundational building block to provide a smart contracts implementation. The solution includes cloud-based storage to support scale with high cost-efficiency. These “were abstracted by modules such as cargo data analytics and common gateway”. They were implemented to provide business-process orchestration, tracking, and business-logic implementations. The top layer of the solution stack forms the user experience. It was implemented as a mobile application and a web-based application portal service. Role-based security was built into the solution and implemented at each component layer.
Technical Solution Overview
Amazon EKS is the foundational building block of the ecosystem. The advantage of Amazon EKS is its direct integrations with AWS services such as Amazon CloudWatch, AWS Auto Scaling, AWS Identity and Access Management (IAM), and Amazon Virtual Private Cloud (Amazon VPC). This provides a seamless experience to monitor, scale, and load-balance containerized workloads in the solution.
Figure 2 shows the finalized technical architecture for the solution.
The solution also uses the Kubernetes-native experience in Amazon EKS to consume service mesh features, provide observability and traffic control, and manage the security of the workloads. Amazon EKS provides a scalable and highly available control plane that runs across multiple Availability Zones. It eliminates single points of failure in the control plane. These features enhance the flexibility of the solution. The use of AWS services is helpful because a distributed ledger requires dynamic storage capacity allocation and on-demand network expansion based on the number of participants in the ledger.
Technical Component Highlights
As you can see in Figure 2, the solution was implemented with these services to fulfill core business and technical requirements:
- Amazon EKS: Microservices and the Distributed Ledger Technology (DLT) network are deployed into two Kubernetes clusters to enable network isolation for higher security protection. Cluster 1 was used to run application-level microservices and any supporting services. Cluster 2 was used for running the workloads responsible for the DLT fabric. This ensures that issues with the application-level components do not impact or compromise the integrity of the DLT fabric.
- Amazon Simple Storage Service (Amazon S3) and Amazon Aurora: Off-chain storage to store any personally identifiable information (PII).
- AWS Secrets Manager: Securely store and tightly control access to tokens, passwords, certificates, and encryption keys for protecting machines, applications, and sensitive data.
What Is BAF?
BAF© is an open-source automation framework for delivering consistent production-ready DLT networks on cloud-based infrastructures.
- Security: BAF provides a secure environment for DLT development. By default, BAF applies industry best practices for key management and other security features.
- Scalability: BAF has a scalable network implementation. The network and resource can easily scale according to the demand.
- Acceleration: BAF drives DLT solution acceleration for deployment, enables participant focus on business values, and
- DevOps: BAF uses Ansible to streamline the deployment in an automated way.
Setting up or maintaining a DLT network at production-scale is a non-trivial activity. It requires you to:
- Set-up the basic infrastructure for the DLT.
- Ensure high availability and scalability of the platform.
- Set up a security layer to ensure the blockchain on top of the DLT platform is not susceptible to attacks.
DLT technologies such as R3 Corda, Hyperledger Besu, and Quorum have different implementation considerations and mechanics. When blockchain developers are asked to use an unfamiliar platform, even experienced technicians can struggle to properly set up a DLT network. This is especially true in large-scale production projects across multiple corporate environments.
The team at Accenture Blockchain and Multiparty Systems conceptualized BAF as an accelerator for building rapid prototype solutions using DLT. BAF helps developers rapidly set up and deploy secure, scalable, and production-ready solutions that also allow new organizations to be easily onboarded onto the network. BAF accelerates delivery and lets developers focus on building blockchain applications without having to waste precious time standing up the environment or worrying whether the network will scale and meet production requirements.
BAF uses Ansible scripts and Helm charts to automate DLT platform deployment on Kubernetes clusters. It provides a rapid and consistent means by which developers can deploy production-ready distributed networks on their preferred infrastructure, including multi-cloud configurations.
Key BAF Components
- AWS CodeCommit, a Git repository to enable continuous delivery (CD) with GitOps.
- Amazon EKS, a container-based infrastructure that hosts the DLT network, Hyperledger Fabric.
- AWS Secrets Manager for certificates and a secret key storage management system. This is the alternative to the default option, HashiCorp Vault. To enable this, you must modify the Ansible playbook.
- Ansible playbooks and role definitions that follow a specified order to automate the entire DLT network setup.
- GitOps, a method for continuous delivery (CD) to Kubernetes clusters through Flux operator.
- Helm charts for designing and configuring the DLT architecture.
Hyperledger Fabric Architecture Reference
The following diagram shows how Hyperledger Fabric is deployed on the Kubernetes cluster.
Hyperledger Fabric includes the following core components:
- Smart contracts are initiated or invoked by the end-user client application. This application is external to the blockchain network. Smart contracts are packaged as chaincode which is installed on peers and then defined and used on one or more channels.
- Peer containers maintain a ledger and run the chaincode in secure containers in order to perform read/write operations to the ledger. A chaincode handles business logic agreed to by members of the network. This is represented in the DLT as a smart contract. Peers are owned and maintained by the members.
- Orderer containers order transactions into a block and then distributes blocks to connected peers for validation and commit. These containers exist independent of the peer processes and orders transactions on a first-come, first-serve basis for all channels on the network.
- CA containers are a certificate authority component that issues PKI-based certificates to network member organizations and their users. The CA issues one root certificate (rootCert) to each member and one enrollment certificate (ECert) to each authorized user.
- Channel is a private Blockchain overlay that allows for data isolation and confidentiality. A channel-specific ledger is shared across the peers in the channel. Transacting parties must be authenticated to a channel in order to interact with it.
- Ledger consists of two parts: blockchain and state database. Leger is immutable. After a block has been added to the chain, it cannot be changed. State database contains the current value of transactions. Each peer in a channel maintains its own copy of the ledger. The ledger is distributed across a set of network nodes.
Our client needed to establish a mechanism to simplify collaboration, communication, and business processes in the supply chain flow across multiple globally distributed organizations. Ideally, to improve business processes and cross-organization collaboration, the client wanted to establish a simplified digital contracts management platform and a unified message standard across different industries, but they might not be able to do this due to complex operational procedures, governance requirements, and technology constraints.
BAF accelerates the delivery of the DLT network and lets developers focus on building smart contract blockchain applications. The distributed ledger technology provides capabilities such as cryptography, consensus, network, security, and immutability. BAF is flexible, but provides high availability and scalability and reduces the effort required to manage the underlying infrastructure and platform through automation. AWS lowers the technical barriers to establish a production-grade business service by eliminating the upfront sunk costs and undifferentiated heavy lifting. Fully managed services are a good choice to resolve such undifferentiated heavy lifting scenarios. This allows the client to focus more on the operation and revenue opportunities.
In conclusion, you can simplify your business process collaboration across multiple industry partners by using smart contracts, Hyperledger technologies, and the AWS Cloud for internet-scale deployment.
This document is produced by consultants at Accenture as general guidance. It is not intended to provide specific advice on your circumstances. If you require advice or further details on any matters referred to, please contact your Accenture representative.
Accenture is a global professional services company with leading capabilities in digital, cloud and security. Combining unmatched experience and specialized skills across more than 40 industries, we offer Strategy and Consulting, Interactive, Technology and Operations services — all powered by the world’s largest network of Advanced Technology and Intelligent Operations centers. Our 569,000 people deliver on the promise of technology and human ingenuity every day, serving clients in more than 120 countries. We embrace the power of change to create value and shared success for our clients, people, shareholders, partners and communities. Visit us at www.accenture.com.
How to quickly deploy blockchain networks that can scale to production With Blockchain Automation Framework, a Hyperledger Lab
Blockchain Automation Framework – Getting Started Guide
Get Started with Blockchain Using the new AWS Blockchain Templates