Architecture

Created: Jul 04, 2021 Last Updated: Aug 03, 2021 image
Click here to see a larger image

Let me start off by saying, when it comes to securing your pool/servers, there is no magic pill or a silver bullet to the problem. You can only take these steps to safeguard your server and make it difficult for the attacker. Here are some (not all) of the steps taken to securing pool and the pledge.

  • Harden servers before the pool is registered
  • Enable MFA on your servers
  • Install and configure Fail2ban
  • Religiously apply OS level updates to your server during setup and later
  • Create a new user
  • Change the default SSH port
  • Enable firewall
  • Open needed ports only
  • Define incoming and outgoing firewall rules allowing only specific IPs for SSH access
  • Run your pool in Hybrid mode
  • Run your Block Producer in a private subnet (no internet access)
  • Do not keep your payment and cold keys on your Block Producer (BP) running in online mode
  • Use an Airgapped machine and Hardware Wallet to secure your cold keys and pledge

In this setup you will see 3 Subnets (2 Public and 1 Private subnet) and 4 Security Groups.

Management security group contains a bastion host, acts as a jumpbox to access producer nodes. This server is OFF mostly and is turned ON only on-demand, when we need to connect to the Block Producer node. When bastion is OFF, block producer is inaccessible to everyone (including us :-)).

Block Producer node runs in a private subnet with no internet access. It can only be accessed via Bastion Host (for Management). When Bastion is OFF, BP node is inaccessible, which provides an additional layer of security. And yes, it still runs and connected to relay nodes, updating transactions and slots. Even though this server doesn't have access to internet, it can still mint a block and do the leaderlog calculations.

Relay nodes are in public subnet with internet access, but protected by a firewall which only allows access to the relay port and ssh connection is restricted to specific IP.

Airgapped machine with no internet access, for offline transactions (cold keys are kept on this machine), also used to connect Hardware wallet to secure your pledge, for signing transactions, rotating KES keys and more.

Questions? Contact us

You can contact us via email, twitter or telegram with questions. If you like what you are seeing and like to delegate to our pool, here are the details.


Name: ADA Moon Stake Pool
Ticker: AMOON
PoolID: 059b4217a24a8c67a363968ff1db13a17ed96e611362450c115b2415