BitSpace EOS Block Producer DevOps and Security Update

in eos •  last year  (edited)

Introduction

As we near the launch of the EOS mainnet, BitSpace has been working with a team of DevOps and security experts from Praqma. During this period we have started upgrading our architecture plan to enterprise level.

We aim to constantly enhance our standards. Leveraging our experience with previous DPOS systems such as Bitshares and Steem and collaborating with experienced IT consultancy firms allows us to add an extra layer of expertise to the Block Producer server infrastructure.

Our aim with this post is to provide valuable information to the EOS ecosystem and fellow Block Producer candidates, and do our part in the community tech debate. The results outlined below do not jeopardize our security measures and are intended for informational purposes only. This report is focused on running a Block Producer, not on launch practices.

Architecture

Our Block Producer at Green Mountain will be completely isolated from the outside world. Two high speed lines and VPN connections will connect them to multiple seed nodes, in the cloud (see diagram below).

The seed nodes in the cloud will be using the latest cloud-based DDoS protection systems available today. We will be using multiple clusters of seed nodes spread throughout multiple cloud providers and again spread over multiple regions. This makes an attack very hard to coordinate. If a cluster is compromised, it can be shut down and all traffic passed over to an alternate cluster.

Within one of our seed node clusters we will have multiple seed nodes running under a load balancer, a NAT gateway and a Jumpbox. A Jumpbox is a secure computer that all admins first connect to before launching any administrative task or use as an origination point to connect to other servers or untrusted environments. A NAT gateway is used to enable instances in a private subnet to connect to the internet or other cloud services but prevent the internet from initiating a connection with those instances.

In addition, we will have one primary physical seed node cluster close to Green Mountain with a similar non-cloud setup. The Block Producer will sit behind an IPV6 connection which will only be known to the admins of BitSpace. That way it is not traceable from the internet.

Throughout all of this the Block Producer will be isolated and protected with its own physical firewalls and DDoS systems. Redundant BPs with their own VPNs will be waiting in an alternate location in the unlikely case that the primary BP is compromised or fails.

The BitSpace DevOps and Security architecture is work in progress and under constant development. We will post updates as we make changes and improvements to the proposition. We welcome feedback from the EOS community and actively encourage discussion around the choices we have made so far.

BitSpace looks forward to a successful launch and we hope the EOS community can benefit from the information provided. Go EOS!

「Links」

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Looks like a great set up. Good luck on block producer votes. Not long till launch now. Exciting days ahead!

Excellent post friend, always following your work, from #Venezuela supporting you and learning every day more with your publications ... success
@bitspace

Thanks for these information friend .. I hope the EOS community can benefit from the information provided..

For the LB - Use Netscaler :)

Woow well done and good work security is everything!! Congratulations Great Article..!!
=)

Interesting topic, security is everything, I'll check it!

They do it excellent, every time you learn something more about EOS ecosystem, without a doubt you have me very anxious about its launching, you make an extraordinary relationship Bitspace with Block Produces, you expect a lot of you guys, I feel that this would be a big full project of success.

Good that they are constantly improving on the security part it is most important

EOS is a great coin, Dan Larimer always gives us great progress in the space of the blockchain and I believe that we should wait until Steemit leaves the beta mode to see it's real potential! Great project guys I will be definitely checking it out soon, cryptocurrencies are a form for economical anarchism! Upvoted and resteemed! :D

I am more bullish on Steem than any other Cryptocurrency. Especially with the latest grading system made public by china and a B+ rating given by Weiss. Nothing compare to Steem now and it is only matter of time. I only now stick on the best blockchain.

Screenshot_20180518-092343_Chrome.jpg

  ·  last year (edited)

Great post guys, here at EOS UK we are very jealous or your Green Mountain. We want our own Green Mountain! (Mind you I was just looking at their website and noticed this which you might want to mention to them.)

You s till can't beet having a DC inside a mountain though, that is so cool!
All the best for the launch later and voting :-)

Best regards

Roger
EOS UK
https://eosuk.io

·

Thanks, will do :)

Our aim with this post is to provide valuable information to the EOS ecosystem and fellow Block Producer candidates, and do our part in the community tech debate.

Then I must say thanks for the information and you guys are doing a wonderful job honestly. Block technology is absolutely extraordinary I must confess. We look forward to EOS launch

·
  ·  last year (edited)

Similar to the above-mentioned hedge funds are interested in crypto currency and are beginning to recognize its management companies and households. Not so long ago, there was news that a management company in the United States had opened an investment bitcoin fund for its customers, which made many interested in it. This happened in 2016. This asset class is completely new - just a couple of years ago it simply was not. In that fund, the maximum amount that could be invested to one client - $ 50,000 was set. This is a rarity, because you can not find an organization that would set such limits on the size of the contributions of its members. But, in our opinion, this method is the simplest in terms of risk control. There simply is an allowable amount that can be lost, and the contribution is limited to it. Investment companies often complain about the short-term focus of their clients. But such a focus becomes clear when failures in investment issues can adversely affect their lives. Nevertheless, all available for investment places in the funds were sold in a short time.

·
·

stimme ich definitiv zu

It will be interesting to see how EOS will go up against Ethereum. I'm still trying to wrap my mind around it.

we see what hapens next few days

i cant` wait for next few days to see what is going to happen

waiting for the launch, keep us dapdated.

Yes, we all are waiting for the launch of EOS and we are counting the days because EOS is well awaited project and in this post it's clearly reflecting that how Bitspace team is working with Block Produces to make the EOS ecosystem more strong. And thanks for introducing us with the architecture, it's an clear picture how strong the Blockchain system is. Thanks for sharing this post with us and wishing you an great day team. Stay blessed. 🙂

Very beautiful architecture, although I do not understand what a seed node is.😇👌

Hopeful for EOS to moon like ETH circa 2017.

Has there been any news regarding hardware wallets. Would be best if I could keep EOS tokens on Ledger Nano S.

Gran post

the information about EOS you provide is most helpful for steemit people and others. i am new at steemit. you help me a lot about EOS .thank u for share

We Are The-Resistance:
We have seen that @grumpycat or his alt @madpuppy has flagged your post.
You are not alone. He also:

  • flags innocent people and calls them "collateral damage"
  • tries to impose his rules by using his SP on those weaker than him
  • rejects all diplomatic proposals presented
    @the-resistance has upvoted you to help heal the damage he has done to you in an effort to protect people like yourself.
    Join our bot we-resist to help protect others ....https://we-resist-bot.herokuapp.com
    Come to meet with the community ... https://discord.gg/qMWCbWR

@GrumpyCat: you can avoid ever seeing this message again when you STOP attacking innocents.
Love: @the-resistance

I need some help please give me some upvote bro

EOS sounds awesome I am pretty interested in this project

Wow everyone been working hard on this launch

You got a 18.57% upvote from @postpromoter courtesy of @hanzilla!

Want to promote your posts too? Check out the Steem Bot Tracker website for more info. If you would like to support the development of @postpromoter and the bot tracker please vote for @yabapmatt for witness!

Congratulations @bitspace!
Your post was mentioned in the Steemit Hit Parade in the following category:

  • Pending payout - Ranked 3 with $ 714,91

Hi @bitspace, what are your thoughts about the consensus between potential block producers including all TOKENs (including unregistered ETH holders)?

Do you know of any movement about who is against what in this sense? Anyone providing a view of how are currently all token holders and who is opting IN or OUT of the full list?

Cheers

I really like your friend post, thank you

EOS!

Friend this is my drawing, after several days of work and effort ... I would love you to support me ... I hope you like it ... I am a #venezuela #venenezuela artist and painter ... Thank you ...

https://steemit.com/art/@petertomas/drawing-paint-art-my-cat

@clains

You got a 68.03% upvote from @upme thanks to @hanzilla! Send at least 3 SBD or 3 STEEM to get upvote for next round. Delegate STEEM POWER and start earning 100% daily payouts ( no commission ).

Great work, few questions from my perspective How is access to the jump box controlled? API needs to be authenticating calls and checking for authorization for every fetch from database. Where are the firewalls? Ssh needs to be V2, secured authorized keys. What symmetric key size and algorithm is the VPN using? Just food for thought as security is paramount which I'm sure you guys are aware :-)

This is a great idea, can't wait till EOS is launched.

image

Good post...👍

Your post has been a lot better I have learned a lot from here. I can use my different things. I have had many benefits. I am very happy to know many unknown things.
Thanks for the nice post