Blue glowing high energy plasma field in space, computer generated abstract background
The Future of...

The Enterprise Blockchain Spectrum: Private, Permissioned, and Private to Permissioned

Blockchain provides distributed ledger technology that can be used to enable multi-party workflows across enterprises by creating a shared source of truth. Levels of access to the blockchain and customized permissions can be set by a single operator of the blockchain or governed by a consortium of participants. Public blockchain networks democratically allow any entity to participate in the blockchain. In contrast, a central operator or consortium in private and permissioned networks grants customized levels of access to each of the blockchain participants. Analogous is the terminology used to describe network topologies: intranet, extranet, and internet.

The Enterprise Blockchain Spectrum

Enterprises today are deploying Blockchain with the following access set-up:

  1. Private blockchains operated by a central operator
  2. Permissioned blockchains with a consortium and governance model at the outset
  3. Starting with a private blockchain and transitioning to permissioned

In the financial services industry, a market operator in the capital market infrastructure segment may use a private blockchain to register trade and settlement directives. Initially, the operator acts as the central authority and has the sole ability to commit data to the blockchain and control participation levels of entities in this market. Market participants can interact with the blockchain and be guaranteed to operate on authenticated datasets, which helps minimize failed transactions and reduces reconciliation costs. Over time, the market operator can decentralize the authority to commit data to the blockchain by granting commit access to regulators and market participants, improving the joint ownership and resilience of the end-to-end system by decentralizing trust.

Enterprises should consider the following topics, whether they are planning to deploy a private or permissioned blockchain, or the VMware Blockchain approach to meet their needs.

Considerations for Private Blockchains

  • A consistent, safe and fault tolerant architecture: A critical attribute of a blockchain platform is its ability to guarantee that it provides a consistent, cryptographically verifiable source of truth, and can update that source of truth even when malicious failures are encountered. The blockchain platform also needs to be fault tolerant. By using a byzantine fault tolerant state machine replication implementation, our blockchain solution achieves this critical attribute. Up to 1/3 of the replica nodes can be faulty or malicious without impacting the ability of the blockchain network to respond to requests and to commit transactions. Additionally, VMware Blockchain is designed to be distributed globally to ensure nodes are physically isolated. For example, if the blockchain nodes are distributed over four data centers and if one data center gets compromised either by an internal or external actor the blockchain is not compromised.
  • Enterprise grade capabilities: Recognizing the importance of day-2 operations to enable enterprises to bring their blockchain solutions to production, our approach focuses on bringing all notable characteristics in our enterprise portfolio to our blockchain solutions, including ease of deployment, monitoring, management, resilience, and world class support.
  • Flexible and extensible platform architecture: VMware Blockchain platform architecture includes a virtual smart contract execution engine that is designed to easily extend the platform to support additional smart contract languages such as Solidity, Golang, DAML. The ability to standardize on single platform that supports multiple languages gives enterprises the ability to protect investment and leverage smart contract languages that apply best to their business domain.
  • Performance and scale: Enterprises rely on the blockchain platform to handle high speed transactions from around the globe. One key factor in how well a blockchain platform performs and scales is the choice of the consensus mechanism deployed. Due to the criticalness of the consensus mechanism, VMware Blockchain uses Scalable Byzantine Fault Tolerance (SBFT), an enterprise grade consensus engine developed internally by VMware Research.
  • Data privacy: By integrating well with the smart contract execution engines, such as with DAML, our approach includes client data filtering and sub-transaction privacy so that parties have access only to data that is relevant to them in multi-party transactions.

Considerations for Permissioned Blockchains

A permissioned blockchain network forms the backbone of consortia to store and share data in a trusted fashion. Trust implies that all transactions added into the blockchain proceed through a consensus mechanism, the data in blockchain is immutable (cannot be altered), and that malicious actors cannot disrupt or introduce bad data into the blockchain. Additional benefits that a permissioned blockchain can bring to participants in the consortium is that they can build other products/services based on the access to the single source of truth. In addition to everything discussed above for Private Blockchains, considerations for Permissioned Blockchains include:

  • Fast consensus and governance: SBFT, designed by VMware’s Research team in the Office of the CTO, forms the foundation of VMware Blockchain’s consensus mechanism. SBFT is designed to solve the problems of scale and performance in blockchain solutions while preserving liveness (transactions on the blockchain will eventually be committed, in spite of malicious attacks) and safety (all nodes will have the same view of the global state, even with malicious attacks to disrupt). SBFT maintains decentralized trust and supports ongoing governance in multi-party networks.
  • Virtual execution engine: Consortia members on a blockchain platform can potentially use their own blockchain smart contract language and deployment model. In order for one blockchain platform to support these possibilities, VMware Blockchain employs a virtual execution engine to create a flexible blockchain platform. As described in The Future of Business: Multi-Party Business Networks, each participating entity in the consortium brings a unique heritage of technology, preference for deployment model and language of choice. The VMware approach supports a range of smart contract languages and deployment models so that members of a consortium can participate in the same network while maintaining those preferences.
  • Dynamic reconfiguration: As part of operating a blockchain network, the operator will need to be able to upgrade the network, add or remove nodes (to replace nodes or grow/shrink the network) – in a trusted and authenticated manner. Reconfiguration provides the technical foundation for governance frameworks to be built for a blockchain network. To implement dynamic reconfiguration, VMware Blockchain utilizes an innovative approach in state machine replication systems to ensure this.

Considerations for Transitioning from Private-to-Permissioned Blockchain

Enterprises may want to start with a more controlled private blockchain and take steps towards transitioning to a permissioned blockchain with a consortium of participants operating it. By covering both private and permissioned blockchains, our approach enables enterprises to start where they are comfortable and grow.  An enterprise may transition from a private to a permissioned blockchain with the following approach

  1. Initially a trusted 3rd party operates all nodes in the blockchain
  2. Next, Client nodes are moved to other participants in the consortium for localized operation and availability of verified immutable data for a single source of truth
  3. Finally, Replica nodes are moved to the various participants in the consortium, and multiple participants govern and operate the blockchain for full decentralization.

Whether deploying fully private or multi-party permissioned networks, VMware’s Blockchain approach is designed to provide all participants in the blockchain both the privacy and transparency required to optimize business results.  Enterprises can start where they are most comfortable and grow their Blockchain solution by transitioning to a more decentralized model as appropriate for their business.

If you have any feedback, questions, or comments, we would love to hear from you:


Alim Karim is a Group Product Line Manager in the Blockchain BU at VMware. He started his career as a software developer and joined VMware in 2020. Alim has held several customer-facing and product development positions and is passionate about solving business problems with emerging technology. He holds an undergraduate degree in Computer Science and an MBA from Queen’s University.