Hi and thanks for the kind words Cosmos!
Re: security - absolutely paramount. Fortunately, the background of our company is that we have already been running mission critical global ecommerce site and message board forum for over 14 years…so all that experience with security (from DDos attacks, malware, hack attempts, you name it) is coming into play here for the Adapools project.
For more specifics I can work from the inside out:
Server hardening - this includes IP firewall, login shutdown and reporting after failed attempts, closing ports, etc.
Dome9 security - this is our main outer security enforcement layer. Dome9 was the winner of the 2017 CyberSecurity Excellence awards, GoldenBridge Gold 2017 award, etc. It basically puts an agent at the kernel level and then secures the entire server from the inside out. You can then communicate with that kernel agent from the Dome9 platform and it effectively makes the server ‘invisible’ to the internet, except for on a need to access basis.
Screenshot from an example of Dome9 is below where it has a visual mapping of all access points and layers:
We were one of the first users of Dome9 roughly five years ago when it first was introduced, and it has been a massive improvement in terms of server security. Threat logs have never been quieter. Here’s a link to their site if you want to read more: http://dome9.com
CloudFlare - Finally, we currently use CloudFlare on our websites and are looking at their use for the pool nodes. This provides DDos protection and web caching. However, for the nodes themselves, we may or may not need as there is no caching and given that we are not serving a website on our servers, the DDoS openings may be already limited. We’ll continue evaluation over the next few weeks. (Funny story about Cloudflare - when LulZSec hacking group went on a hacking spree in 2011, they used Cloudflare to protect themselves from everyone from the CIA to Anonymous…and it worked. Hard to get better proof of DDoS defense than that kind of a war going on - http://www.zdnet.com/article/cloudflare-how-we-got-caught-in-lulzsec-cia-crossfire )
Hardware redundancy/security - all of our servers have backups such that in the event of a hardware failure, the node can roll to a new server. In addition, should we need to add new servers in a rush for expansion, we are working on an Ansible playbook that would automate the spinning up of a new node so that we can bring a completely new server up if needed in record time.
Floating IPs - we can freely move IP’s so that if needed, the same IP can easily move even as a new server is brought online.
Geographic security - this was a bit of what I was referring to earlier. Most of our servers are in Chicago, USA but for this project, I felt we needed to mitigate against geographic risk (i.e. earthquake that severs cables to the datacenter) and so we are rolling out servers spread out globally - Singapore, Chicago, USA, Frankfurt and Helsinki. May add one in Amsterdam in the future.
Backup security - we also have a fixed schedule for complete server snapshots on a weekly basis and will up that to daily as the pools go live. We can do snapshots in less than a minute on our servers b/c they are all interwoven SSD setups so it’s super fast.
That’s kind of the overview at this point. This is still very much an in-motion config and we’ll adjust and improve as we get more specifics on the details of the staking pools in the next few weeks.
Finally as a last point regarding security - it’s important to note that when you stake with any pool, you are not giving them your Ada currency!
Rather you are assigning the equivalent of your ‘voting rights’ for your Ada holdings to the pool. You keep 100% control of your currency and it never leaves your wallet. The pool represents you 24/7 with dedicated server resources for when you get randomly called on to be a slot leader and then passes back your % share of the rewards from the entire pool.
I wanted to make this point b/c I have a concern that in the future someone could setup a fraudulent pool whereby they request you send them your Ada to join their pool…and then vanish with your funds b/c people didn’t know that you don’t send the currency, rather you simply assign your voting rights.
The fact the pool doesn’t hold the stakeholders currency in and of itself is another security bonus.
Hope this helps provide some info on our security!