Who offers consulting for integrating blockchain into legacy systems?

Decision-makers often hit us with a seemingly simple question: who can really integrate blockchain into our existing ERP, mainframe, data warehouse, and cloud systems without disrupting production? Here’s a straightforward guide to the companies and platforms that are tackling this challenge in 2025, along with their take on integration, privacy, interoperability, and operating at scale within enterprises.

The landscape at a glance

Global systems integrators (SIs) that are great at driving enterprise change and have some awesome accelerators
Protocol experts who create and manage networks (like Ethereum/Quorum, Hyperledger Fabric, Corda)
Cloud providers serving up managed blockchain stacks and node infrastructure
Open-source orchestration and interoperability layers that connect the old-school stuff with the new

Global SIs and consulting leaders

IBM Consulting
- Where they fit: They shine in modernizing z/OS, LinuxONE, and Red Hat OpenShift, along with having some serious know-how in Hyperledger Fabric. Plus, they've been around the block with governance and tooling for permissioned networks.
- Notable: IBM offers enterprise support subscriptions just for Hyperledger Fabric (24x7 SLAs), which shows a cool shift from the typical “blockchain platform SaaS” model to more solid support and consulting. Their Fabric approach really highlights using Linux on Z/LINUXONE for those crucial security and throughput-sensitive tasks. (platform.softwareone.com)
Deloitte
- Where they fit: They really shine in end-to-end IT integration and operations, especially within public-sector and regulated industries. Plus, they’ve got some solid partnerships that help bridge the gap between old data systems and the latest data and web3 technologies.
- Notable: Keep an eye on their 2025 collaboration with Palantir aimed at breaking down those pesky back-office silos. This is a trend we’re seeing pop up again, especially when it comes to blockchain data and tokenized workflows that need to mesh with ERP and finance systems. (www2.deloitte.com)
EY
- Where they fit: They’re all about tokenization and keeping things private on public chains. Their “OpsChain” offers cool APIs that let you connect your current systems to blockchain tech without having to overhaul everything.
- Notable: With the EY OpsChain Traceability and ESG, you get access to enterprise-grade APIs (think Polygon and Ethereum options) and privacy features like zero-knowledge proofs for public chains. EY’s been making waves with API-driven token minting, hitting impressive daily volumes--just what you need for smooth production integrations. Plus, they’re launching the OpsChain Contract Manager on Polygon PoS, with plans for it to hit the Ethereum mainnet soon. Check it out here: (blockchain.ey.com)
KPMG / PwC
- Where they fit: These guys are all about making sure your audit-grade data pipelines and integration governance are spot on. They're great at getting both on-chain and off-chain data into the assurance and compliance workflows.
- Notable: KPMG's Chain Fusion does an awesome job of normalizing multi-chain data for audits. Plus, KPMG in India has teamed up with The Hashgraph Group to roll out some cool Hedera-backed enterprise solutions, like DID, Digital Product Passport, and sustainability initiatives. On the other hand, PwC collaborated with Kayak and Blockskye to create a slick production travel solution, using blockchain as the “single source of truth” from booking to reporting. (kpmg.com)
Accenture, TCS, Infosys, Wipro, Capgemini
- Where they fit: These players excel in large-scale delivery and have tools that work with various DLTs. They’re particularly strong in creating industry-specific solutions and integrating with existing legacy systems.
- Notable:
  - TCS Quartz offers gateways and development kits for tokenization, runs CBDC pilots, and helps DLTs work alongside core systems. You can check it out here.
  - Wipro Slingshot quickly sets up Fabric/Quorum/Corda stacks on different clouds and claims to cut down on provisioning time and speed up time-to-MVP. It’s designed to seamlessly integrate with monitoring, messaging, and OAuth right from the start. More details here.
  - Infosys is a Hyperledger Certified Service Provider and has rolled out large-scale identity and credential networks. This is super useful when blockchains need to fit in with enterprise IAM and HR systems. Learn more here.

Protocol specialists and networks you can hire

ConsenSys (Ethereum/Quorum/Besu)
- Why they matter: They're pretty much the top choice for enterprise Ethereum setups, whether for public or permissioned use. Quorum is now part of the ConsenSys family, and they've got some impressive case studies up their sleeves, like komgo (which focuses on commodity trade finance) and Covantis (tailored for agri-commodities operations). These projects are designed to mesh well with major players in commodities, banks, and ERPs. Check it out here: (consensys.io)
R3 (Corda)
- Why they matter: Corda is all about secure data-sharing, especially when it comes to working with regulated information among trusted parties. Plus, R3 offers some solid professional services, and their partner system integrators (SIs) are making waves in financial market infrastructure, including CBDC pilots, RLN, and collateral mobility.
- Where to look: You can check out R3’s use-case directory, which is packed with details on production and pilot programs like CBDC experiments and regulated liability networks. These often need core banking and Swift integration points. (r3.com)
Hyperledger FireFly (thanks to services from Kaleido or SIs)
- Why it matters: FireFly is a really cool open-source “Web3 supernode” that provides event-driven APIs, supports digital assets and tokens, and manages off-chain data flows. Plus, it’s got connectors for Fabric, Besu/Quorum, and more. The whole point is to connect your ERP systems, mainframes, and apps with blockchains by offering dependable event streams, token APIs, and orchestration. Kaleido takes it a step further by providing managed FireFly and multi-protocol environments. Check it out here: (github.com)

Cloud providers that reduce plumbing

AWS: Amazon Managed Blockchain (AMB)
- What you get: a hassle-free way to manage Hyperledger Fabric networks and connect with public chains like Ethereum. It’s got ordering service durability thanks to QLDB technology, plus VPC endpoints and KMS-backed identity for that extra layer of security. This is especially handy if you’re linking up with VPC-bound ERP or data platforms. (aws.amazon.com)
Google Cloud: Blockchain Node Engine + Blockchain RPC
- What you get: fully managed Ethereum nodes (both full and archive), automatic upgrades for those pesky network hard forks, metrics that integrate with Cloud Monitoring, and a JSON‑RPC service perfect for high‑throughput dApps. Super useful when you need reliable node operations that fit right into your existing SRE/observability setups. (docs.cloud.google.com)
Microsoft Azure: what's the scoop for 2025
- Back in 2021, Azure said goodbye to its managed Blockchain Service. Nowadays, Microsoft is nudging companies towards the ConsenSys Quorum Blockchain Service, while also providing Azure Confidential Ledger--this is a managed, TEE-backed ledger that’s all about keeping things tamper-proof and logging events. If you're planning on building with Azure blockchain, it's best to team up with partners like ConsenSys or lean on open-source frameworks through AKS. (redmondmag.com)
Oracle: Oracle Blockchain Platform Enterprise Edition (OBP EE)
- What you get: a Kubernetes-ready, customer-managed Fabric 2.5 LTS distribution that comes packed with enterprise features for resiliency and security across multicloud and on-prem setups. This is super important for projects tied to data sovereignty or ERP-related deployments. Check it out here: (blogs.oracle.com)

Interoperability: connecting private ledgers, banks, and public chains

Swift + Chainlink CCIP
- Why it matters: Between 2023 and 2024, Swift showed us how its messaging and connectivity--already trusted by over 11,500 institutions--can seamlessly connect to both public and private blockchains through Chainlink’s CCIP. This means organizations can integrate tokenized assets using their current back-office systems without having to overhaul everything. Check out more about it here: (swift.com).
Hyperledger Cacti
- Why it matters: It's a fully graduated Hyperledger project that offers an awesome interoperability toolkit for managing cross-DLT transactions (like Fabric ↔ Besu/Quorum ↔ Corda and more) without needing a common settlement chain. So, if your projects involve different ledgers, Cacti gives you a vendor-neutral way to handle asset transfers and share data across networks. (github.com)

Integration patterns that work with legacy estates

Here are some practical patterns we use and spot in production. They might seem a bit dull on purpose--but that’s actually a plus when you’re managing SAP, Oracle, or mainframe systems on a large scale.

Event-driven “outbox/CDC → Kafka → Web3 gateway → chain”

Pattern: Here’s the deal: you can capture changes from your operational databases like Oracle, SQL Server, and PostgreSQL using CDC tools (think Debezium) and feed them into Kafka topics. After that, you can set off FireFly to mint tokens, notarize documents, or make those smart-contract calls happen. This setup keeps your ERP transactions separate from any on-chain delays or hiccups. Check it out here: (github.com).
Why it’s robust:
- The CDC sources work off logs, which means they won’t mess with your transaction systems too much. Plus, they keep the ordering you need for audits intact. Confluent’s managed CDC connectors (V2) keep everything up to date and running smoothly. Take a look: (docs.confluent.io).
- FireFly makes it easy to convert those blockchain events into solid enterprise event streams that your apps and services can subscribe to. This way, you maintain a consistent view between your record systems and the on-chain state. More info here: (hyperledger.github.io).

Managed connectivity to cut down on node/SRE hassle

Go with AMB (Fabric) for VPC-native networks that come with KMS-anchored identity and a solid ordering service. Alternatively, you can use the Google Cloud Blockchain Node Engine along with RPC for Ethereum to steer clear of constantly monitoring clients and dealing with hard-fork upgrades. (aws.amazon.com)

3) Public‑chain Privacy with Enterprise APIs

If you're looking for a way to maintain public verifiability and scale while keeping your business data under wraps, check out privacy tech like ZK circuits. Pair that with API gateways such as EY’s OpsChain suite for easy tokenization and traceability on platforms like Polygon or Ethereum, all without the hassle of rewriting your core applications. You can find more details here.

4) Cross-network/“bridged” workflows

When business units or partners operate on different chains, Cacti offers a vendor-neutral way to move assets and share state securely across those chains. For interbank or tokenized-asset pilots, Swift+CCIP lets you tap into your existing Swift back-office integration. Check it out here: (hyperledger-cacti.github.io)

5) Performance Tuning on Fabric

With the rollout of Fabric v2.x, we saw some pretty cool advancements like a decentralized chaincode lifecycle and better private data patterns. It turns out that things like block size, ordering, and contention can really shake up latency and throughput. A recent peer-reviewed study even showed that mean response times can vary anywhere from about 1 to 25 seconds based on how busy the system is and the choices you make. So, keep in mind that network parameters should be treated as a capacity-planning task rather than just sticking to the defaults. Check it out here: (aws.amazon.com)
Research is still buzzing with ideas like DAG-aware execution and dependency scheduling, which could really boost throughput when things get crowded. This sort of insight can be super helpful when you're weighing vendor claims about Fabric performance. Just remember to validate vendor support before you dive in! For more details, take a peek at this research: (arxiv.org)

Who to call, and for what

"We have to kick off a production tokenization and traceability pilot in the next 90 days, using SAP or Oracle data to connect to public chains while keeping everything confidential."
- We're looking at using EY OpsChain (which is API-first) along with a FireFly gateway and a CDC/Kafka bridge to handle the flow from ERP to token minting, burning, and transferring workflows. Check it out here: (blockchain.ey.com)
“We’re a bank and market infrastructure diving into CBDC, RLN, and collateral while keeping privacy top of mind.”
- Check out R3's professional services or their partners; they're using Corda for regulated data sharing. Plus, they’re looking into Swift/CCIP interoperability as they experiment with public liquidity rails. (r3.com)
“We're operating on AWS with tight VPC boundaries and solid IAM guardrails.”
- We use AMB (Fabric) for our permissioned networks, and we mix that with AWS KMS‑anchored identities and VPC endpoints. Plus, we’ve got Debezium feeding into Kafka to handle ERP change events. (aws.amazon.com)
“We're all about a multichain strategy, but we don't want to deal with the hassle of custom plumbing.”
- Using Hyperledger FireFly and Hyperledger Cacti together is a great solution: FireFly handles the app-level orchestration and token APIs, while Cacti takes care of cross-DLT transactions. Plus, you can manage both on Kaleido across different clouds. (github.com)
“We've got to have a managed Ethereum node layer that works seamlessly with our SRE and observability setup.”
- Check out Google Cloud’s Blockchain Node Engine and Blockchain RPC (for Ethereum) paired with Cloud Monitoring; it’s super easy to integrate with your current incident and metrics tools. (docs.cloud.google.com)

Concrete examples (with precise setups)

1) SAP Order Lifecycle Notarization with Public-Chain Receipts

Setup: So, here's how it works: SAP S/4HANA logs all order events to an operational database. Then, Debezium kicks in to stream those row-level changes over to Kafka. After that, FireFly takes over, subscribing to the streams and pinning a hash of each order to the Polygon PoS for record-keeping and auditing through the OpsChain Traceability APIs. The great thing is that all the business data stays off-chain! Plus, tokens or NFTs are used to represent physical goods or significant milestones, while a ZK proof layer is there to keep any sensitive info under wraps.

Result: What you get is an unchangeable audit trail, no messy SAP code forks, and your ERP system stays nice and light. Check it out here: blockchain.ey.com

Private Trade Finance on Permissioned Ethereum; Bank Connectivity via Swift

Setup: Imagine a Quorum/Besu network that’s running flows similar to komgo. With Swift and CCIP in the mix, banks can give a shot at instructing transfers and managing tokenized assets using their familiar Swift setups. ERPs send over documents through an API, and we make sure the hashes are notarized for peace of mind.
Outcome: This setup lets us keep using our existing back-office systems and Swift connectivity, all while we explore how digital asset settlement works. Check it out here!

3) Hyperledger Fabric for Supply Chain Provenance with IAM and VPC Controls

Setup: AMB sets up a Fabric 2.2+ network. Organizations can join by proposing and voting, with identities securely anchored in AWS KMS. Off-chain payloads are stored in IPFS, while their hashes are recorded on-chain. To keep everything running smoothly, we use a Kafka topic to distribute events to downstream analytics.
Outcome: This setup ensures strong governance and allows for private data collections, all without risking exposure of internal networks. Check out more details here.

4) Multichain Orchestration for Asset Lifecycle + Cross-DLT Transfers

Setup: FireFly hooks you up with token APIs and an event bus that works seamlessly across both Besu and Fabric. Meanwhile, Cacti takes care of atomic asset transfers between these two ledgers. For instance, Fabric keeps track of internal warranties while Besu looks after the tokens for the external marketplace.
Outcome: This setup helps maintain privacy on Fabric while letting you access public EVM liquidity whenever it’s needed. Check it out on GitHub!

2025 emerging practices worth adopting now

API-first integration beats custom SDKs
- Opt for providers that have robust APIs (EY OpsChain is a solid example) so your enterprise integration teams can connect through standard gateways and CI/CD. (blockchain.ey.com)
Think of node operations as standard plumbing
- Using managed Fabric or Ethereum nodes can save you a ton of SRE effort and make those hard-forks a breeze; focus on adding value above the node layer. (aws.amazon.com)
Formal capacity planning on Fabric
- Adjust block sizes, timeouts, endorsement policies, and private data strategies. It’s essential to run load tests that replicate real transaction inter-arrival times for validation. Recent modeling really highlights how different parameter choices can affect response times dramatically--by a whole order of magnitude! (arxiv.org)
Interop by Design
- Expect to bridge permissioned and public networks. From the get-go, create with Cacti/CCIP compatibility in mind. This way, you can easily link up with other ecosystems or tap into liquidity later on without needing to overhaul everything. (github.com)
Azure strategy update
- For those of you who are all-in on Azure, keep in mind that the managed Blockchain Service has been retired. It’s a good idea to pivot towards Quorum services from partners and use Azure Confidential Ledger for your immutable logs. Plus, don’t forget about AKS for your open-source stacks. (redmondmag.com)

Buyer’s checklist: 12 questions for your RFP

So, which ledgers are you currently using in production--Fabric, Besu-Quorum, or Corda? And what about interoperability toolkits like Cacti or CCIP? Check it out here.
Can you show me a reference deployment that connects with SAP, Oracle, or maybe a mainframe using CDC/Kafka? Don’t forget to include how you handle errors and the replay mechanism. You can find more info here.
What’s your strategy for keeping things private on public chains? Do you use ZK, off-chain payloads, or on-chain hashes? And please share a data classification and key management plan. More details can be found here.
For Fabric, what do you suggest regarding chaincode lifecycle, endorsement, private data, and ordering configurations to optimize our TPS and latency? Let’s see some load-test results, too. Check this out for insights here.
How do you handle Swift or banking connectivity for tokenized assets? If capital markets are involved, it’d be great to see a CCIP-based flow in action. More on this can be seen here.
What managed node services do you utilize, like AMB or Node Engine/RPC? How do you tie those in with enterprise observability and incident response? You can explore more here.
How do you handle versioning and rolling back smart contracts and token schemas across different environments?
Can you show an audit-grade data lineage from an ERP row change, through a Kafka event, on to an on-chain receipt, and finally to a report? Check this out for a reference here.
What’s your production support model (like SLAs) for ledger upgrades and handling critical vulnerabilities? If you’re using Fabric, do you have an enterprise support subscription available? More details can be found here.
Can you break down the cost drivers--things like compute, storage, egress, gas, KMS, and DevOps--and how sensitive they are to traffic spikes?
Share your interoperability roadmap with us so we can steer clear of any future vendor lock-in. Find more on this here.
What does your security posture look like? Let’s talk HSM/KMS usage, IAM boundaries, and options like enclave/TEE for sensitive logs, like Azure Confidential Ledger. You can learn more here.

How 7Block Labs engages

As a blockchain software consultancy, 7Block Labs is all about integration-first delivery:

We’re kicking off architecture sprints to help you map your CDC/Kafka feeds from your systems of record right into FireFly or native protocol APIs. The goal? A deployable blueprint in just 2-3 weeks!
When it comes to cloud-native operations, we’re using AMB (Fabric) or Google Node Engine/RPC (Ethereum) where it makes sense. Plus, we’ll make sure observability and incident workflows mesh seamlessly with your existing SRE stack. Check it out here.
On the privacy front, we're all about data-minimization. We’ll utilize off-chain payloads, on-chain proofs, and ZK-based confidentiality patterns on Polygon/Ethereum whenever public verifiability is a must. You can find more about it here.
Interoperability is our default setting! We’re implementing Cacti/CCIP patterns to ensure you can easily move assets and data across different ledgers as your partners or regulators change. Take a look at the details here.

We usually get a working skeleton up and running--involving events moving from ERP to chain with audit-proof receipts--within about 6 to 8 weeks. After that, we focus on fine-tuning aspects like governance, security, performance, and rolling it out to our partners.

Final thought

In 2025, adding blockchain to existing systems isn't just a one-time experiment anymore. It's all about disciplined, API-first engineering, treating ledgers like any other dependable system component. When choosing partners, go for those with solid production references, leverage managed connectivity to minimize risks, and make sure you design for interoperability right from the start. This is the way to gain value without having to completely overhaul your enterprise.