Reading Time: 8 minutes

I recently embarked on a fascinating journey into the realm of blockchain technology, specifically the construction of a private permissioned blockchain using Hyperledger Besu. This cutting-edge platform offers an array of possibilities for organizations seeking to harness the power of blockchain while maintaining a controlled and secure environment. In this article, I will share my insights on the process and intricacies of building a private permissioned blockchain with Hyperledger Besu, shedding light on the steps, challenges, and exciting potential that lie ahead. So, fasten your seatbelts and join me on this captivating exploration of blockchain innovation.


Hello there! Welcome to this comprehensive article on building a private permissioned blockchain with Hyperledger Besu. In this article, I will guide you through the process of understanding private permissioned blockchains, give you an introduction to Hyperledger Besu, and walk you through the steps of setting up and managing your own network. We will also discuss privacy and security considerations, as well as explore some use case examples. So, let’s dive right in!

Understanding Private Permissioned Blockchains


Before we begin, let’s first understand what private permissioned blockchains are. A private permissioned blockchain is a type of blockchain that provides controlled access to specific participants. Unlike public blockchains, where anyone can join and participate in the network, private permissioned blockchains require participants to be authorized entities. This allows for privacy, enhanced security, and more efficient consensus mechanisms.


There are several benefits to utilizing private permissioned blockchains. Firstly, by controlling access and permissions, private permissioned blockchains enable organizations to maintain privacy and confidentiality of their data. Secondly, the restricted membership ensures that all participants have been vetted and authorized, reducing the risk of malicious activities. Lastly, private permissioned blockchains offer faster transaction processing speeds and scalability compared to public blockchains, making them suitable for enterprise use.

Use Cases

Private permissioned blockchains find applications in various industries. Supply chain management is one such use case, where participants can track and verify the authenticity and origin of products. Financial services also benefit from private permissioned blockchains, as they provide secure and efficient means for conducting transactions. Additionally, healthcare can leverage private permissioned blockchains to secure patient data and enable seamless sharing between authorized entities.

Introduction to Hyperledger Besu

Now that we have a grasp of private permissioned blockchains, let’s dive into Hyperledger Besu.


Hyperledger Besu is an open-source Ethereum client developed by the Hyperledger community. It offers several features that make it an ideal choice for building private permissioned blockchains. One of its standout features is its support for multiple consensus mechanisms, including Proof of Work (PoW), Proof of Authority (PoA), and Istanbul BFT. This flexibility allows users to choose the consensus mechanism that best suits their needs. Besu also supports privacy features such as deploying private smart contracts and utilizing private transactions.


Hyperledger Besu follows a modular architecture that allows for easy customization and integration with other components. It consists of three main layers: the application layer, the consensus layer, and the network layer. The application layer provides the necessary APIs for interacting with the blockchain, while the consensus layer handles the agreement mechanism between nodes. The network layer, on the other hand, deals with network communication and data synchronization among nodes.

Consensus Mechanisms

Besu supports multiple consensus mechanisms, each with its own strengths and use cases. Proof of Work (PoW) is the most well-known and widely used consensus mechanism, primarily used in public blockchains. Proof of Authority (PoA) is a more suitable mechanism for private permissioned blockchains, as it allows for faster block confirmations and reduces energy consumption. Istanbul BFT is a Byzantine Fault Tolerant consensus mechanism that provides high fault tolerance and faster block finality.

Setting Up the Environment

Before we can start building our own private permissioned blockchain network, we need to set up the environment properly.

Installing Hyperledger Besu

To get started with Hyperledger Besu, you’ll first need to install the software. Besu provides detailed installation instructions on their official website, which you can follow to install it on your preferred operating system. Once installed, you’ll have access to the Besu command line tool, which will be used for various network management tasks.

Configuring Network Permissions

Next, you’ll need to configure network permissions according to your organization’s requirements. This involves identifying the participants who will be part of the network and defining their roles and permissions. By managing these permissions, you can control which participants can read, write, and execute smart contracts on the blockchain.

Setting Up Prerequisites

Before creating your network, there are a few prerequisites that need to be fulfilled. Firstly, you’ll need to have a suitable hardware infrastructure and network connectivity. Besu has certain system requirements that need to be met for optimal performance. Secondly, you should ensure that you have the necessary cryptographic keys and certificates for secure communication within the network. Lastly, it’s important to have a clear understanding of the business requirements and use cases that your network aims to address.

Creating a Network

Now that our environment is set up, let’s move on to creating our own private permissioned blockchain network using Hyperledger Besu.

Defining Network Participants

The first step in creating a network is to define the participants who will be part of the network. These participants could be individuals or organizations that are authorized to join and interact with the blockchain. It’s important to carefully consider the roles and permissions of each participant to ensure proper access control and data privacy.

Configuring Nodes

Once the participants are defined, the next step is to configure the nodes that will form the network. Nodes are the individual instances running Besu that make up the blockchain network. You’ll need to specify the identity and cryptographic keys for each node, as well as define the network connectivity settings. It’s important to properly configure and secure the nodes to ensure the integrity of the network.

Initializing the Network

After the nodes are configured, you can initialize the network. This involves bootstrapping the initial state of the blockchain and establishing the genesis block. The genesis block acts as the starting point for the network and contains important configuration parameters. By carefully designing the genesis block, you can set the initial consensus mechanism, block time, and other network-specific settings.

Managing Network Access

Now that our network is created, let’s move on to managing network access and controlling permissions within the network.

Setting Up Access Control

Access control is crucial in a private permissioned blockchain network, as it defines who can perform specific actions within the network. With Hyperledger Besu, you can define fine-grained access control policies that specify which participants can read, write, and execute smart contracts. By defining these policies, you can ensure that only authorized entities can access and interact with the blockchain.

Defining Permissioned Actions

In addition to access control, you can also define permissioned actions within the network. These actions can be tailored to the specific use cases of your network and can include tasks such as creating new contracts, executing specific functions, or modifying certain data. By defining these permissioned actions, you can further enhance the security and integrity of your network.

Managing Identity Providers

Hyperledger Besu allows for the integration of external identity providers, such as LDAP or OAuth, to manage participant identities within the network. By leveraging these identity providers, you can streamline the user management process and ensure that only authenticated users can join the network. This integration also provides additional security measures, such as multi-factor authentication and centralized user management.

Deploying Smart Contracts

Smart contracts are the backbone of any blockchain network, and Hyperledger Besu provides a seamless environment for deploying and interacting with smart contracts.

Writing Smart Contracts

To deploy smart contracts on your network, you’ll first need to write them using a programming language such as Solidity. Smart contracts are self-executing contracts with the terms of the agreement directly written into code. They enable automated transactions and interactions between participants on the blockchain. Besu supports the Ethereum Virtual Machine (EVM) and the use of Solidity for writing smart contracts.

Compiling and Deploying Contracts

Once you’ve written your smart contracts, you’ll need to compile them into bytecode that can be executed on the EVM. The bytecode represents the compiled version of your smart contract code and can be thought of as the equivalent of machine code for the EVM. After compiling, the contracts can be deployed to the blockchain network using the Besu command line tool. The deployment process involves specifying the contract address and other necessary parameters.

Interacting with Contracts

Once deployed, smart contracts can be interacted with using relevant API calls. Hyperledger Besu provides APIs for reading and writing data to and from smart contracts. You can use these APIs to execute functions defined in your smart contracts, query contract state, and listen for events emitted by the contracts. These interactions enable participants to utilize the functionality provided by the smart contracts and execute meaningful transactions on the blockchain.

Monitoring and Maintenance

Once your network and smart contracts are up and running, it’s important to monitor and maintain the network to ensure optimal performance and security.

Monitoring Network Performance

Monitoring the performance of your network is crucial to identify any bottlenecks or issues that may impact its overall functionality. Hyperledger Besu provides monitoring tools and metrics that allow you to monitor various aspects of your network, such as block processing times, transaction throughput, and network latency. By keeping a close eye on these metrics, you can proactively address any performance-related issues and optimize your network’s performance.

Managing Server Nodes

Server nodes form the backbone of your network and require regular maintenance to ensure they are running smoothly. This includes tasks such as patching and updating software, monitoring resource usage, and ensuring proper network connectivity. Hyperledger Besu provides tools and commands that simplify the management of server nodes, making it easier to perform these maintenance tasks.

Handling Upgrades and Patches

As with any software, it’s important to keep your Hyperledger Besu implementation up to date with the latest upgrades and patches. These upgrades and patches often include bug fixes, performance improvements, and security enhancements. Hyperledger Besu provides an upgrade process that allows you to smoothly transition to new versions without disrupting the network. By regularly updating your Besu implementation, you can ensure that your network is secure and benefits from the latest features and improvements.

Privacy and Security Considerations

Privacy and security are of paramount importance in any blockchain network, especially private permissioned blockchains. Hyperledger Besu incorporates several measures to ensure the privacy and security of your network.

Data Privacy Measures

Hyperledger Besu allows for the deployment of private smart contracts and the execution of private transactions. Private smart contracts ensure that only authorized participants can access and interact with specific contract functions and data. Private transactions, on the other hand, ensure that transaction details and associated data are only visible to authorized participants. By utilizing these privacy measures, you can safeguard sensitive information and protect data privacy within your network.

Secure Network Communication

Hyperledger Besu enables secure communication between nodes using various cryptographic algorithms and protocols. It supports the use of Transport Layer Security (TLS) for encrypted communication over the network. By encrypting network communication, you can prevent unauthorized entities from intercepting or tampering with sensitive data transmitted between nodes.

Key Management

Key management is crucial in maintaining the security and integrity of your network. Hyperledger Besu allows for the generation and management of cryptographic keys for secure network authentication and communication. Proper key management practices, such as securely storing and rotating keys, are essential to prevent unauthorized access and protect against potential security breaches.

Use Case Examples

To wrap things up, let’s explore some real-world examples of how private permissioned blockchains built with Hyperledger Besu can be utilized.

Supply Chain Management

Supply chain management is a complex process involving multiple entities and transactions. By deploying a private permissioned blockchain with Hyperledger Besu, organizations can ensure end-to-end visibility and traceability of goods within the supply chain. Smart contracts can be utilized to automate processes such as verification, validation, and payment settlements. This transparency and automation result in increased efficiencies, reduced fraud, and improved trust among participants.

Financial Services

Financial services, such as remittances, settlement, and auditing, can benefit greatly from private permissioned blockchains. By utilizing Hyperledger Besu, financial institutions can streamline cross-border transactions, reduce transaction costs, and enhance security by leveraging cryptography. Smart contracts can facilitate the enforcement of contractual agreements, ensure compliance with regulations, and automate processes such as clearing and settlement.


In the healthcare industry, maintaining the privacy and security of patient data is of utmost importance. Private permissioned blockchains built with Hyperledger Besu can provide a secure and decentralized platform for sharing patient records and enabling seamless collaboration between healthcare providers. Smart contracts can be utilized to automate processes such as insurance claims, prescription fulfillment, and patient consent management. This results in improved data integrity, reduced administrative overhead, and enhanced patient care.


And there you have it! In this comprehensive article, we explored the world of private permissioned blockchains and delved into the features and architecture of Hyperledger Besu. We learned how to set up the environment, create a network, manage network access, deploy smart contracts, and maintain the network. Privacy and security considerations were discussed, along with some real-world use case examples in supply chain management, financial services, and healthcare. I hope this article has provided you with the necessary knowledge and insights to start building your own private permissioned blockchain network with Hyperledger Besu. Happy blockchain building!

By Steve Hodgkiss

I’m Steve Hodgkiss. I’m a web developer living in-between the United Kingdom and S.E. Asia. I am a fan of technology, travel and food. I’m also interested in programming and web development. Born in the UK, after finishing school I graduated from Technical College with a HND (Higher National Diploma). After working my way up as an Employee of various companies, I went Freelance in 1987. Working both in the UK and locations worldwide, I soon built up my reputation as a very competent developer, being retained by one particular Bank for 15 years. The last few years I've developed more experience that relates to Blockchain Technology and the way it can empower governments, businesses and customers. This includes the development of blockchain platforms and Cryptocurrency exchanges.