BitSpace EOS Block Producer DevOps and Security Update
Introduction
As we near the launch of the EOS mainnet, BitSpace has been working with a team of DevOps and security experts from Praqma. During this period we have started upgrading our architecture plan to enterprise level.
We aim to constantly enhance our standards. Leveraging our experience with previous DPOS systems such as Bitshares and Steem and collaborating with experienced IT consultancy firms allows us to add an extra layer of expertise to the Block Producer server infrastructure.
Our aim with this post is to provide valuable information to the EOS ecosystem and fellow Block Producer candidates, and do our part in the community tech debate. The results outlined below do not jeopardize our security measures and are intended for informational purposes only. This report is focused on running a Block Producer, not on launch practices.
Architecture
Our Block Producer at Green Mountain will be completely isolated from the outside world. Two high speed lines and VPN connections will connect them to multiple seed nodes, in the cloud (see diagram below).
The seed nodes in the cloud will be using the latest cloud-based DDoS protection systems available today. We will be using multiple clusters of seed nodes spread throughout multiple cloud providers and again spread over multiple regions. This makes an attack very hard to coordinate. If a cluster is compromised, it can be shut down and all traffic passed over to an alternate cluster.
Within one of our seed node clusters we will have multiple seed nodes running under a load balancer, a NAT gateway and a Jumpbox. A Jumpbox is a secure computer that all admins first connect to before launching any administrative task or use as an origination point to connect to other servers or untrusted environments. A NAT gateway is used to enable instances in a private subnet to connect to the internet or other cloud services but prevent the internet from initiating a connection with those instances.
In addition, we will have one primary physical seed node cluster close to Green Mountain with a similar non-cloud setup. The Block Producer will sit behind an IPV6 connection which will only be known to the admins of BitSpace. That way it is not traceable from the internet.
Throughout all of this the Block Producer will be isolated and protected with its own physical firewalls and DDoS systems. Redundant BPs with their own VPNs will be waiting in an alternate location in the unlikely case that the primary BP is compromised or fails.
The BitSpace DevOps and Security architecture is work in progress and under constant development. We will post updates as we make changes and improvements to the proposition. We welcome feedback from the EOS community and actively encourage discussion around the choices we have made so far.
BitSpace looks forward to a successful launch and we hope the EOS community can benefit from the information provided. Go EOS!
Looks like a great set up. Good luck on block producer votes. Not long till launch now. Exciting days ahead!
Excellent post friend, always following your work, from #Venezuela supporting you and learning every day more with your publications ... success
@bitspace
Thanks for these information friend .. I hope the EOS community can benefit from the information provided..
For the LB - Use Netscaler :)
Woow well done and good work security is everything!! Congratulations Great Article..!!
=)
Interesting topic, security is everything, I'll check it!
They do it excellent, every time you learn something more about EOS ecosystem, without a doubt you have me very anxious about its launching, you make an extraordinary relationship Bitspace with Block Produces, you expect a lot of you guys, I feel that this would be a big full project of success.
Good that they are constantly improving on the security part it is most important
.
Great post guys, here at EOS UK we are very jealous or your Green Mountain. We want our own Green Mountain! (Mind you I was just looking at their website and noticed this which you might want to mention to them.)
You s till can't beet having a DC inside a mountain though, that is so cool!
All the best for the launch later and voting :-)
Best regards
Roger
EOS UK
https://eosuk.io
Thanks, will do :)