# Validator Node Installation Specifications ## Host Machine Requirements **Validator nodes for Volta and the Energy Web Chain must run on a dedicated server or Virtual Machine only for the purpose of running the client; do not use hosts that already perform other tasks.** You can choose to run your validator node either On-Premise on your own hardware or on a virtual machine / cloud computing instance of your choosing. If you have any questions please contact the EWF NetOps team: ***The following specifications are strongly recommended, but validators are free to configure their host machine at their discretion in accordance with relevant internal policies or requirements. Please note that hosting a node on a machine with insufficient CPU, storage, RAM, and/or networking capacity may result in node failure (e.g. unable to connect to peers, unable to synchronize, unable to seal blocks) and require extra labor to reconfigure the host machine.*** #### **On-Premise Hardware** A on-premise node should have these specs or higher. For security reasons these resources must be reserved for the validator node and not shared with other workloads. 1. Modern Multi-core x64 CPU (at least 4 threads, preferably Xeon-class) 2. 8GB RAM (preferably ECC) 3. Local SSD storage, 300 GB free capacity for blockchain, redundant in RAID-1 4. 1 GBit NIC #### Cloud Environments The following specifications are strongly recommended based on the most common cloud environments used by existing EW Chain validators. You may select any cloud provider of your choosing **Amazon AWS** The following EC2 instance sizes are appropriate to run validators. These resources should be reserved for the validator node and not shared with other workloads. * m5.xlarge * m5.2xlarge * m5a.xlarge * m5a.2xlarge * c5.xlarge * c5.2xlarge The default EBS storage assigned (normally 8GB) is not large enough to run the node. Make sure to run the node with following EBS storage settings: * General Purpose SSD (gp2) * at least 300GB size **Microsoft Azure** The following Azure VirtualMachine sizes are suitable to run a validator. These resources should be reserved for the validator node and not shared with other workloads. * D4s\_v3 * DS3\_v2 * B4ms Use Premium SSD as attached storage with a size of at least 300GB. **Google Cloud** The following Google Cloud Virtual Machine sizes are suitable to run a validator node. These resources should be reserved for the validator node and not shared with other workloads. * n2-standard-4 and above: **Digital Ocean** The following Digital Ocean Virtual Machine sizes are suitable to run a validator. These resources should be reserved for the validator node and not shared with other workloads. * General Purpose Droplet: 16 GB memory, 4vCPU * CPU-Optimized Droplet: 8 GB memory, 4vCPU Use Block Storage as attached SSD storage with a size of at least 300 GB. ## **Connectivity Requirements** The following requirements should be met to ensure proper operation: * Wired connection with 100 MBit/s symmetric link to the internet * Low latency connection to next internet hop (<5ms) * No data volume limitations Even though we recommend a 100MBit/s connection, that connection will likely not be saturated by the node. You can expect 10-30MBit/s when the chain is under load. Traffic will mainly flow on port 30303 (udp/tcp). ## Operating System Requirements The following Linux-based Operating Systems are supported for running a validator node: * Ubuntu Server 18.04 LTS or later * Debian 9.8 or later * CentOS 7 or later * RedHat Enterprise Linux 7.4 or later Validators can elect other operating systems at their discretion, but may need to customize the installation scripts. Contact for questions and support. The following section provide a comprehensive guide for installation of one the supported operating systems. All further deployment procedures are based on the installation results. ### **Ubuntu Server 18.04 LTS** **On-Premise** Procedure based on version 18.04.2. * Download the ISO from .
* Boot the ISO * Select **English** as language * Choose a convenient keyboard layout * Choose **Install Ubuntu** * Let the network auto-configure -or- configure manually if needed. The system needs an internet connection. * Select no proxy and keep the mirror address. * Select **Use an entire disk** and confirm * Choose user name and host name in next screen. Choose a strong password. * Select **Install OpenSSH Server** but don’t import keys * Don’t select any snaps and continue * Finish installation and let it boot to the prompt * Login as the created user and run a full system update using 'sudo apt update && sudo apt dist- upgrade -y' **Amazon AWS** Ubuntu AMI's are listed at . Search for "ebs 18.04 amd64" to get the right version. **Microsoft Azure** The URN for the image is **Canonical:UbuntuServer:18.04-LTS:latest** ### **Debian 9.8** **On-Premise** * Download the NetInst ISO from * Boot the ISO * Select **Install** from the boot screen * Select **English** as language * Select Location based on actual location of the host * Chose a convenient keyboard layout * Let the network auto-configure -or- configure manually if needed. The system needs an internet connection. * Name your host. Change it from debian to something else * Choose a strong root password * Create the user account and choose a strong password * Select the proper timezone * For the partitions use **Guided - use entire disk** * Select **All files in one partition** * Finish partitioning and write changes to disk * Select **No** when ask to scan more disks * Choose a mirror close to the host * Opt-out of the package survey * on the **Software Selection** select only **SSH Server** and **standard system utilities** * Install the grub bootloader to MBR and use the primary disk for that * Finish installation and let it boot to the prompt * Login as root and run a full system update using 'apt update && apt dist-upgrade -y' * Reboot **Amazon AWS** The AMI Id's can be found at **Microsoft Azure** The URN for the image is **credativ:Debian:9:latest** ### **CentOS 7** **On-Premise** * Download the minimal ISO from * Boot the ISO * Confirm the automatic boot option **Test this media & install CentOS 7** * Choose **English** as language * On the installation summary choose **Installation destination** and confirm **automatic partinioning** * Back on the installation summary screen click on **Network & Hostname** * Change the hostname * Enable the network interface and make sure it is configured properly * Click **Done** to get back to the summary and click **Begin Installation** * During installation set a root password * Finish installation and let it boot to the prompt * Login as root and run a system update with 'yum update' **Amazon AWS** The AMI Id's can be found at **Microsoft Azure** The URN for the image is **OpenLogic:CentOS:7.5:latest** ## **Recommended Security Settings** Running a validator node requires raised awareness of host and node security as authorities are a main attack surface to disturb operation of the blockchain. The following security rules **are strongly recommended**: * No services are permitted to run on the same host that are not part of the validator node package * All incoming connections on all ports except SSH (22/tcp) and the P2P (30303/tcp+udp) port have to be firewalled on the host with DROP rules. To guarantee proper network etiquette, incoming ICMP has to be accepted. * SSH access is only allowed for non-root users * SSH access is only allowed through RSA keys * OpenEthereum or Nethermind client RPC endpoints (HTTP, WebSocket) have to be disabled * System updates have to applied regularly and in a timely manner * Regular (monthly) run of rootkit detectors * If you are using AWS please also check out the additional [AWS Security guide](https://energyweb.atlassian.net/wiki/spaces/EWF/pages/703037441/AWS+Security+Guide). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.energyweb.org/legacy-documentation/ew-dos-technology-components-2023/trust-layer-energy-web-chain/validator-node-installation-specifications.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.