Story image

How Amazon aims to reinvent blockchain

03 Dec 18

At AWS re:Invent, Amazon Web Services announced two new services to help companies manage business transactions that require full auditability. 

Amazon QLDB is a transparent, immutable, and cryptographically verifiable ledger for applications that need a central, trusted authority to provide a permanent and complete record of transactions (for example, supply chain, financial, manufacturing, insurance, and HR). 

For customers who want to build applications where multiple parties can execute transactions without the need for a trusted, central authority, Amazon Managed Blockchain makes it easy to create and manage scalable blockchain networks using the popular, open source Ethereum and Hyperledger Fabric frameworks.

With a few clicks in the AWS Management Console, customers can set up a blockchain network that can span multiple AWS accounts and scale to support thousands of applications and millions of transactions.

Amazon QLDB: A transparent and cryptographically verifiable ledger database service

Customers looking to implement blockchain technologies are typically trying to accomplish one of two things. Some need a centralised ledger that records all changes or transactions and maintains an immutable record of these changes (for example, tracing the movement of an item through a supply chain network, tracking the history of credits and debits in banking transactions, or validating incidents filed against an insurance claim). 

This ledger is owned by a single trusted entity and is shared with any number of organisations that are working together. To do this today, customers can use relational databases, or they can use the ledger technology in one of the open source blockchain frameworks. 

Neither solution is optimal. Relational databases aren’t built for immutable, cryptographically verifiable ledger entries, so customers must build custom audit tables and audit trails. And, there is no way to verify that no unintended changes were made to the data. 

Using the ledger in a blockchain framework may give customers an immutable history of data changes, but comes at the cost of the heavy lifting to set up a full blockchain network with at least two nodes and all of the associated access control configuration. 

Because there are limited database Application Programming Interfaces (APIs) within the blockchain frameworks it is challenging to create tables, index, and query data. Finally, blockchain frameworks are decentralised and require consensus from members in the network before committing new transactions to the shared ledger, which significantly slows ledger performance.

Amazon QLDB is a new class of database that provides a transparent, immutable, and cryptographically verifiable ledger that customers can use to build applications that act as a system of record, where multiple parties are transacting within a centralised, trusted entity. 

Amazon QLDB removes the need to build complex audit functionality into a relational database or rely on the ledger capabilities of a blockchain framework. Amazon QLDB uses an immutable transactional log, known as a journal, which tracks each and every application data change and maintains a complete and verifiable history of changes over time. All transactions must comply with atomicity, consistency, isolation, and durability (ACID) to be logged in the journal, which cannot be deleted or modified. 

All changes are cryptographically chained and verifiable in a history that customers can analyze using familiar SQL queries. Amazon QLDB is serverless, so customers don’t have to provision capacity or configure read and write limits. They simply create a ledger, define tables, and Amazon QLDB will automatically scale to support application demands, and customers pay only for the reads, writes, and storage they use. 

And, unlike the ledgers in common blockchain frameworks, Amazon QLDB doesn’t require distributed consensus, so it can execute two to three times as many transactions in the same time as common blockchain frameworks.

Amazon Managed Blockchain: A new way to create and manage scalable blockchain networks

Other customers want the immutable and verifiable capability provided by a ledger, however, they also want to allow multiple parties to transact, execute contracts, and share data without a trusted central authority. For this, customers use blockchain frameworks like Ethereum and Hyperledger Fabric. But setting up these frameworks is hard and time-consuming. 

Each member of a permission network has to provision hardware, install software, create, and manage certificates for access control, and configure network settings.

As usage of a blockchain application grows, there is a lot of work involved in scaling the network, including monitoring resources across all nodes, adding or removing hardware, and managing the availability of the entire network. This complexity is the reason many customers typically need the help of expensive consultants to make blockchain work.

Amazon Managed Blockchain is a new, fully managed blockchain service that makes it easy and cost-effective for customers to create and manage secure blockchain networks that can scale to support thousands of applications running millions of transactions. 

Amazon Managed Blockchain supports two popular open source blockchain frameworks, Ethereum and Hyperledger Fabric, and setting up a blockchain network is as easy as a few clicks in the AWS Management Console. 

Customers simply choose their preferred framework, add network members, and configure the member nodes that will process transaction requests. Amazon Managed Blockchain takes care of the rest, creating a blockchain network that can span multiple AWS accounts with multiple nodes per member, and configuring software, security, and network settings. 

For a permissioned network, Amazon Managed Blockchain secures and manages blockchain network certificates with AWS Key Management Service, eliminating the need for customers to set up their own secure key storage.

Amazon Managed Blockchain contains a voting API that allows network members to quickly vote to add or remove members. And, as application usage grows, customers can add more capacity to the blockchain network with a simple API call. 

Amazon Managed Blockchain offers a range of instances with different combinations of compute and memory capacity to give customers the ability to choose the right mix of resources for their blockchain applications.

Unlike existing blockchain technologies that require custom development to extract blockchain network activity data, Amazon Managed Blockchain makes it easy to replicate transactions to Amazon QLDB. This gives customers the ability to gain advanced insights on how to optimise the blockchain network by querying the change history of their network.

HTC signs with 5G partners across the globe
Sprint and Telstra will both carry a 5G mobile smart hub built by HTC.
Dell EMC embeds security in latest servers
Dell EMC's 14th generation of PowerEdge servers has comprehensive management tools to provide security across hardware and firmware.
Soul Machines' virtual humans go mainstream
An Auckland AI firm renowned for its work creating ‘digital humans’ is now unleashing its creativity to the wider market.
Why data backups should be a part of daily operations
"Disaster recovery needs to address complete system failure and provide a set of security policies to govern disaster incidents."
Hands-on review: The Logitech R500 laser presentation remote
With a clever ergonomic design, you’ll never have to glance at the device, unless you deliberately look to use the built-in laser pointer to emphasise your presentation.
Businesses focusing on threats from within - survey
Over 50% of respondents reported that 100 days of dwell time or more was representative of their organisation.
GCSB welcomes Inspector-General's report on intelligence warrants
Intelligence warrants can include surveillance, private communications interception, searches of physical places and things, and the seizure of communications, information and things.
Corelight and Exabeam partner to improve network monitoring
The combination of lateral movement and siloed usage of point security products leaves many security teams vulnerable to compromise.