At CertiK, we believe a truly reliable blockchain ecosystem can only survive on top of robust, secure, and high-performing infrastructure. By developing blockchain and cybersecurity technologies in parallel and complementary to one another, CertiK envisions NoOps as not just a singular product in its portfolio, but a gateway to innovation, discoveries, and deep knowledge in these two sectors.
Security-First Infrastructure Design
The importance of security in a staking scenario is paramount. If an attacker can hack into a network’s infrastructure or attempt a DDoS attack, the entire validator network could go down or cause the entire system to malfunction. The repercussions are serious, leading to the loss of rewards since validators are unable to sign blocks. Fortunately, NoOps was built to alleviate the risk of hacks with sophisticated security techniques, including:
We apply the unique “Validator-Sentry Architecture” to ensure a more robust security level. Similar to chess, pawns always stand in front of kings. The same rationale can apply in this scenario, where Sentry-nodes will always sit in front of the validator—acting as a layer to protect the node from DDoS attack. Additionally, the validator is protected by CertiKOS, the world’s first fully-verified, multiprocessor OS kernel that has been proven to be hacker-resistant.
Network Layer Protection
VPCs (Virtual Private Cloud) and subnets are utilized for network isolation, while ACLs (Access Control List) and security groups help manage network access control. We only open ports when they’re needed, minimizing the attack surface available to hackers.
To login to sentry and validator nodes, you need to be on the CertiK VPN and use a YubiKey. A Yubikey is a physical key that contains an SSH (secure shell) login credential. While it would be difficult for an attacker to get access to the CertiK VPN, it would be nearly impossible to get access to the physical Yubikey.
Private Key Management
We have a secure system to help manage private keys, which for validators is the signing key— one of the most important things in the system that should be kept secret. We store the signing key in a security vault, so even if a malicious actor hacked into the validator node, they can't steal the signing key itself.
A Truly Trustworthy Infrastructure
NoOps is committed to IaC, Infrastructure as Code, for greater quality assurance and security. Infrastructure as Code is the process of managing and provisioning computer data centers through machine-readable definition files, meaning executions are automatic, quicker, easier, and reliable.
NoOps takes the hassle out of starting a node. Through NoOps, establishing machines, adjusting configurations, and executing chain binaries are all combined into a one-click solution. Rather than depend on error-prone human judgment to set up a node, automation tightens the gap between intention and implementation so that any unexpected behaviors or vulnerabilities do not occur.
There are two predefined architecture templates that you can start with:
#1 - For general use:
- One private validator node
- Two public sentry nodes
- One public monitor
#2 - For those with strong security concerns:
- Sentry and validator nodes are designed in a private subnet
You may also choose to build their own infrastructure setup to fit your needs. Like building with Legos, you can add sentries and validators, as well as load balancers to enhance security and performance, among others.
The cost of utilizing the NoOps service also changes depending on how many machines are needed. Security is built into every layer of the product design, thus you can feel assured when customizing architecture.
With a robust backend that supports limitless possibilities, NoOps has an outstanding UX/UI system that helps users navigate through the product and make transactions without hassle.
Real-Time System Metrics for Nodes
Validator health is crucial to both the service provider and stakers. That’s why we built a comprehensive monitoring system dashboard for each node running on the NoOps platform, which measures all important system metrics and collects dedicated secure monitors for periodic evaluation.
Customizable Alert System and On-Call Mechanism
Whenever an abnormality occurs, the monitoring system reports the problem in a timely manner to a stable notification platform, which pushes the alert to the subscribers through an email, Slack message, text message, or phone call. When receiving the alerts, the on-call engineers will respond to the situation and fix the reported problem as soon as possible. Users can customize when and how they receive alerts on the NoOps application page.
Technical and Business Data Insights
With NoOps, we’ve achieved what we believe is a proper balance of validator-driven functionalities, user-friendly interface design, and high-standard security measures.
NoOps offers a comprehensive collection of charts so validators can analyze data, including:
- Node health Peer count
- Disk space
- CPU Load
- Memory usage since last update time
Beyond technical measurements, NoOps also offers business insights for delegators, including:
- Tx history
- Tx amount
- Latest Tx details
- Total assets
- Total bonded %
- Validator share %
NoOps is the first of many exciting projects, all inspired by our past experience and expertise, that we have in the pipeline. With CertiK’s mission to build Blockchain-as-a-Service solutions for enterprise users to simplify business processes, realize seamless digital transformation, and build security-centered blockchain networks, we look forward to sharing more exciting news soon!
Get Started With NoOps
You can start building your secure and custom blockchain infrastructure today with NoOps. Check out our product page to start your trial account or contact us for more information on how to get started.
Please note: While the NoOps service can help alleviate the technical burdens on staking, the cost of bringing your own stake as a new player in a well-established ecosystem can be high.