In order to help mitigate geography risk for our Ada staking pools, we’ve now added a dedicated server and Cardano SL node in Singapore and it went live this morning!
Helsinki, Finland will be next as we continue to expand servers in prep for the Shelley launch and staking in February.
Some screenshots to show you the inner workings of a node (in this case our Singapore node):
If interested, you can learn more about our upcoming Ada staking pools at http://adapools.io
Good news! So far it looks quite professional and a bit more advanced than other staking pool projects I have seen popping up on this forum, so props to you.
Please let us know what is you security set-up like and how you plan to gain trust for the community as we will all agree that security is a very important aspect for this PoS implementation to succeed.
I will definitely keep an eye on the endorsement IOHK will hopefully give to you guys
Hi and thanks for the kind words Cosmos!
Re: security - absolutely paramount. Fortunately, the background of our company is that we have already been running mission critical global ecommerce site and message board forum for over 14 years…so all that experience with security (from DDos attacks, malware, hack attempts, you name it) is coming into play here for the Adapools project.
For more specifics I can work from the inside out:
Server hardening - this includes IP firewall, login shutdown and reporting after failed attempts, closing ports, etc.
Dome9 security - this is our main outer security enforcement layer. Dome9 was the winner of the 2017 CyberSecurity Excellence awards, GoldenBridge Gold 2017 award, etc. It basically puts an agent at the kernel level and then secures the entire server from the inside out. You can then communicate with that kernel agent from the Dome9 platform and it effectively makes the server ‘invisible’ to the internet, except for on a need to access basis.
Screenshot from an example of Dome9 is below where it has a visual mapping of all access points and layers:
We were one of the first users of Dome9 roughly five years ago when it first was introduced, and it has been a massive improvement in terms of server security. Threat logs have never been quieter. Here’s a link to their site if you want to read more: http://dome9.com
CloudFlare - Finally, we currently use CloudFlare on our websites and are looking at their use for the pool nodes. This provides DDos protection and web caching. However, for the nodes themselves, we may or may not need as there is no caching and given that we are not serving a website on our servers, the DDoS openings may be already limited. We’ll continue evaluation over the next few weeks. (Funny story about Cloudflare - when LulZSec hacking group went on a hacking spree in 2011, they used Cloudflare to protect themselves from everyone from the CIA to Anonymous…and it worked. Hard to get better proof of DDoS defense than that kind of a war going on - http://www.zdnet.com/article/cloudflare-how-we-got-caught-in-lulzsec-cia-crossfire )
Hardware redundancy/security - all of our servers have backups such that in the event of a hardware failure, the node can roll to a new server. In addition, should we need to add new servers in a rush for expansion, we are working on an Ansible playbook that would automate the spinning up of a new node so that we can bring a completely new server up if needed in record time.
Floating IPs - we can freely move IP’s so that if needed, the same IP can easily move even as a new server is brought online.
Geographic security - this was a bit of what I was referring to earlier. Most of our servers are in Chicago, USA but for this project, I felt we needed to mitigate against geographic risk (i.e. earthquake that severs cables to the datacenter) and so we are rolling out servers spread out globally - Singapore, Chicago, USA, Frankfurt and Helsinki. May add one in Amsterdam in the future.
Backup security - we also have a fixed schedule for complete server snapshots on a weekly basis and will up that to daily as the pools go live. We can do snapshots in less than a minute on our servers b/c they are all interwoven SSD setups so it’s super fast.
That’s kind of the overview at this point. This is still very much an in-motion config and we’ll adjust and improve as we get more specifics on the details of the staking pools in the next few weeks.
Finally as a last point regarding security - it’s important to note that when you stake with any pool, you are not giving them your Ada currency!
Rather you are assigning the equivalent of your ‘voting rights’ for your Ada holdings to the pool. You keep 100% control of your currency and it never leaves your wallet. The pool represents you 24/7 with dedicated server resources for when you get randomly called on to be a slot leader and then passes back your % share of the rewards from the entire pool.
I wanted to make this point b/c I have a concern that in the future someone could setup a fraudulent pool whereby they request you send them your Ada to join their pool…and then vanish with your funds b/c people didn’t know that you don’t send the currency, rather you simply assign your voting rights.
The fact the pool doesn’t hold the stakeholders currency in and of itself is another security bonus.
Hope this helps provide some info on our security!
Thank you so much for the detailed response and the lengthy post. This is a good example of transparency, and you set the bar high for the other pools, which is a good thing.
If you could also detail what is in it for you to run such a pool and your commissions structure, that would be great, and a step further in the trust karma count … or maybe it is too soon to have a full picture?
what Linux distro are you running the node on?
Hi ,
I’m the organizer for the Vancouver Cardano Community and I want our city to have local nodes in preparation for staking . Great work btw.
Hi Cosmos,
Thanks for the feedback!
To answer your question - the long term goal would be for a win/win in terms of stakeholders that pool with us coming out better than if they did it solo and for the pool to come out with a profit after equipment, organization and coding costs.
Someone staking in a good pool should come out ahead from
1 - consistency of the rewards due to having a share in a larger pool and the compounding of more frequent payouts vs long periods of nothing. Imagine if Cardano was appreciating at 1% per month…you would be better to get a 1/6 payout every month that compounded each month vs. a single payout once every 6 months for example.
2 - 24/7 availability via high speed global config ensuring no missed rewards when called.
It’s too early at this point to do anything but speculate on what the pool fees would be. We’ll have to see what are the stake rewards once they are announced (February?) and what are total costs are for the global pools and come out with a good setup for everyone.
I could envision that fees might be scaled according to stake size and length of time in the pool (with lower fees for larger/longer to encourage long term participation) but again, too early for the full picture.
I have experience in mining (Ethereum and BTC) and the typical pool fees are 1%. Some pools offer .5% or even 0%, but those usually end up being pools that have very questionable accounting with miners leaving strongly suspecting that they didn’t get their full rewards based rewards running there vs at a 1 % pool that has proper accounting. And at 0% pool fee, you can almost guarantee something is amiss since how could they cover their costs for running the pool except to skim off rewards.
For now we’re setting all the servers up and running the nodes to help the Cardano project in general and to get live experience to ensure we are properly positioned to move on things asap as soon as pools are vetted and announced.
Speaking of that, Amsterdam server just went live last night btw!
Thanks for the feedback and hope you are doing well!
Hi Martin,
All our node servers are standardized on and running CentOS 7.4.
I asked our Sys admin last week if he wanted to try running on anything else (I see a lot of people doing dev work on Ubuntu for example) but he felt that CentOS was a great fit and I agree based on our experience.
It’s been flawless for us.
CentOS7 also has us ready with Docker CE as Charles referenced the idea that the pooling code may be a docker object, so that’s another future ready aspect.
Hope that helps!
Hi MadebyJanni,
Great re: local node(s) for Vancouver. I’m actually just outside of Seattle and have visited Vancouver many times (great food there).
We used to have a server in Kelowna (sp? basically East of Vancouver). I wasn’t clear from your comment regarding having a local node, if you wanted us to look at putting a node there in Vancouver for our pool network or you meant you are going to be setting up a local pool for your Vancouver group?
Either way happy to help as we’ve gotten it down to where we can spin up a new node from a clean server very rapidly now.
Hope you are doing well!
How to start ADA staking pool from Bangalore - India?
In addition, should we need to add new servers in a rush for expansion, we are working on an Ansible playbook that would automate the spinning up of a new node so that we can bring a completely new server up if needed in record time.
Ansible + Docker Swarm + CentOS7 is a typical day at the office for me. Is your stuff on github? coz I’d love to take a look if so.
