This is a re-post of a post from sigmastake.com, a stake pool I operated on the Cardano blockchain. Since the new owners wanted to change the name, the sigmastake site has been taken down. I still wanted to share this post as I think it is good inspiration to anyone who would want to setup and operate a stake pool.
We have considered several ways to get to an optimal setup of our infrastructure, first we had to determine which points are are the most important for us and our delegators. Most would consider performance and up-time the most important, but I want to push for that security as the most important.
We want all our nodes to synch fast and be able to keep up with the block progression of the Cardano network. To meet this demand is pretty straight forward, we simply need good enough hardware and internet connection. The hardware requirements for Cardano nodes are comparably low, the current recommendation is 4-core CPU, 12Gb RAM, SSD hard drive and 30Mbit internet. This is a recommendation that has been raised several times over the lifetime of the Cardano Mainnet and no-one can be sure what they will be in one or two years time.
To future proof our relays and block producers we have over dimensioned them quite a bit, but still kept them energy efficient. Our prediction is that the demand on disk and network input/output is what is going to increase the most as the blockchain grows. So for all our servers we settled on 8-core CPU, 16Gb RAM, NVMe SSD drives and 500Mbit internet connection.
Having both your servers and your cryptographic keys secure is paramount. We think that this is a factor that is not taken seriously enough among our fellow stake pool operators. Most are content with securing their servers with a firewall and SSH, and securing their cryptographic keys with a Nano Ledger in the best case or nothing at all in the worst case.
We believe that you have to do more. We secure our servers behind both software firewalls and hardware firewalls allowing no SSH connections at all from outside the hardware firewall. We have also strengthened SSH login with two-factor authentication using a hardware key as the second authentication factor.
To protect your cryptographic keys properly you must never expose them to the internet and this includes having the keys on an USB drive which you insert only when you have to sign a transaction, this is not safe. Safer but not good enough is to use for example a virtual machine to sign transactions. To get the best security you have to sign your transactions offline. We have solved this by utilizing an air-gapped computer, a computer that has never been online and never will be, to sign all our transactions. We also created all our wallets on this offline machine so our keys has never been exposed to the internet.
Missing a leader slot and forfeiting a block production is the last thing we want to do. To have as high uptime as possible you need reliable power, internet, computers and network. There is always the risk of power outages, hardware failures and internet crashes. To minimize those risks we have made sure that we are using reliable electricity and internet providers, additionally we are powering our servers and network with UPS to allow for short power outages.
We still do not like the potential risk that a major power outage or other force majeure could pose, so we have added a final layer of redundancy by deploying two backup relay nodes in a Germany. These two nodes are connected and synched to the Cardano network and by utilizing a dynamic DNS service we can swap freely between the nodes in Sweden and the nodes in Germany.