Before you start - Secure Nodes
Before starting your Secure Node build, it is wise to review each of the eligibility criteria and ensure you're aware of how to meet each of them. This will prevent any wasted effort, or missed requirements when procuring and deploying a VM, VPS instance, or your own dedicated hardware.
Criteria | How to meet |
---|---|
Balances
| Balances Recommended minimum ZEN: per Secure Node = 42 ZEN
How to stake:
|
Availability / Exceptions
| Availability In order to meet the uptime target, your Secure Node needs to be running 24/7, 365 days per year. This level of uptime is more easily achieved in a dedicated hosting environment i.e. dedicated hosted server, or VPS. It is possible to achieve this outside a hosted environment, but that of course requires dedicated hardware to be powered and have internet connectivity 24/7, 365 days per year. Exceptions* Block height - indicates that your Secure Node has downloaded fewer blocks than were generated within a certain time frame. Assuming your Secure Node is connected to the internet continuously, you will be unlikely to encounter this error Version control - check for emails (to the address you register as part of Secure Node setup) with notifications of software version requirements, as well as the Secure Node tracker website (https://securenodes.zensystem.io/) *A full, exhaustive list of exceptions is maintained on the Secure Node tracker website. |
Network / Security
| Network Unique IP address - By design, all ip addresses are required to be unique. Each Secure Node must be connected to the network via a unique IP address, which is not currently registered for use by another Secure Node or Super Node. The ip address can be ipv4, or ipv6. Standard home, or business broadband internet connections will provide a unique (generally dynamic) ipv4, or ipv6 address. Likewise, a VPS procured and used to host a Secure Node will provide an ipv4, or ipv6 address, these are usually static ip addresses. DNS - The Secure Node public ip address must be referenced by an address mapping (A, or AAAA based on ip version) record with the fully-qualified domain name (FQDN). There are many freely available DNS registration schemes, or a paid DNS record can be used. It is also possible to add a sub domain entry to an existing DNS registration, resolving to the Secure Node ip address. The DNS entry is validated as part of the certificate-based checks to ensure it is valid for the Secure Node. NOTE: if you do not have a static ip address, as and when your ip address changes, the DNS A record must also be updated to resolve to the correct ip address. External connectivity - in order to enable incoming connections to the zend daemon, you must ensure the port used for zend (default 9033 on mainnet) is accessible through your firewall(s). In order to achieve this, be sure to check all firewalls (host-based, modem/router if applicable, hardware firewall, VPS-panel) between the host which is running the Secure Node and the internet. SSL/TLS Certificate - The Secure Node network mandates end-to-end encryption, in order to achieve this, a valid, non-expired SSL certificate is required. This must be generated for the FQDN used in the DNS address mapping record that resolves to the Secure Node's public ip address. You may use a paid certificate, or freely-available alternatives such as LetsEncrypt. Wildcard certificates can also be used and will, for example, allow an existing DNS record to have a sub domain added, mapped to a Secure Node using a wildcard certificate. |