What is BCM?
The Business Continuity Module (BCM) is a self-hosted solution for Fireblocks Hosted MPC customers that enables secure transaction signing even if the Fireblocks SaaS platform becomes unavailable.
It ensures operational continuity during outages or disconnection from Fireblocks’ cloud services by allowing signing via your own infrastructure using the Hosted MPC setup.
System Overview
The Business Continuity Module (BCM) comprises several components that are listed below. Each component is provided as a Docker image.
BCM Component List
Docker BCM API
The BCP API is a server that acts as the primary interface for all of your operations within the BCM. It provides the public API, which is the entry point for all user interactions.
Docker BCM Aggregator
The BCM Aggregator is an on-premises component responsible for managing the order of the Multi-Party Computation (MPC) protocol messages. It serves as the MPC broker, facilitating communication between the BCM Primary and the Guard Co-Signer to ensure proper message orchestration.
Docker Redis
The BCM Aggregator utilizes Redis as a transient data store to maintain transaction states in transit. While the default deployment includes a standard Redis Docker container, you can replace this with your own Redis service, either on-premises or cloud-based.
Offline Signing Console
The Offline Signing Console is a web application that consolidates the necessary packages for displaying and scanning Fireblocks' proprietary QR codes that use a camera for offline signing. It also enables seamless communication with other BCM modules to retrieve and manage active transactions.
How does it work?
- BCM runs on-premises using Dockerized components:
- BCM API: Handles transaction requests and authentication.
- BCM Aggregator: Manages MPC message flow between co-signers.
- Redis: Temporary storage for transaction states.
- Offline Signing Console: Web app for scanning and signing QR codes with a cold wallet device.
- All components use secure TLS communication, customer-signed certificates, and private key authentication.
- Integrates with Fireblocks’ MPC infrastructure and Cold Wallet apps.
- Supports both Active-Active and Active-Passive high availability setups.
Requirements
-
Software versions:
- Primary & Guard Co-Signer: v3.9.0+
- Offline Mobile App: v2.0.12+
-
Infrastructure:
- VM with 16 GB RAM
- Docker & Docker Compose
- TLS certificates signed by Fireblocks
-
Security Setup:
- Signed x-access-token JWTs
- Secure certificate management
- Redis ≥ 6.2 (non-clustered)
-
Optional:
- Nginx for TLS proxying and domain mapping
- Kubernetes or other orchestrators
For further support and implementation, contact your Fireblocks Customer Success Manager.