LogoLogo
  • WELCOME TO ALEPH ZERO
  • EXPLORE
    • About Aleph Zero
    • AlephBFT Consensus
    • The Economy of Aleph Zero
    • Where to Buy AZERO
    • Decentralized Governance on Aleph Zero
    • Ecosystem
    • Aleph Zero Foundation Treasury Management
    • Community
    • Glossary
    • Audit & Research Papers
  • USE
    • Wallets
    • Explorer
    • Ledger
    • Telegram Notifications
    • Aleph Zero Signer
      • General introduction
      • What does Signer do?
      • What are Sub-accounts and Sub-account paths?
      • Why is it critical to store your Secret Phrase in a safe place?
      • How to forget and restore accounts?
      • What are Networks?
      • What are Trusted apps?
    • Dashboard
      • Dashboard basics
      • Overview
    • Stake
      • Staking Basics
      • Staking Menu Overview
      • How to Start Staking with the Aleph Zero Dashboard
      • How to Start Staking With the Developer Wallet
      • How to start staking using Ledger hardware wallet
      • How to Change Nominations
      • How to Stop Staking
      • Staking Rewards
      • Validators
      • Commission and Foundation Nodes
      • Proxy Accounts
    • Validate
      • Validating Overview
      • Hardware requirements
      • Running an Aleph Node on Testnet
        • Downloading and running the node
        • Verifying your setup
        • Customizing your setup
        • Building and running from source [advanced]
          • Building from source
          • Set environment variables
          • Download DB snapshot
          • Running the binary
        • Appendix: Ports, addresses, validators, and archivists
      • Running an Aleph Node on Mainnet
        • Running the node
        • Building and running from source [advanced]
      • Setting your identity
      • Making the node validate
      • Securing your validator
      • Troubleshooting
      • Elections and Rewards Math
      • Testnet Validator Airdrop
      • Foundation Nomination Program
    • Using the EVM-layer
    • Governance
      • Token
      • Multisig Accounts
  • BUILD
    • Aleph Zero smart contracts basics
      • Setting up a Testnet account
      • Installing required tools
      • Creating your first contract
      • Deploying your contract to Aleph Zero Testnet
      • Extending your contract
    • Cross contract calls
      • Using references
      • Using dynamic calls
    • Migrating from Solidity
    • Writing e2e tests with ink-wrapper
    • Aleph Zero Signer integration
    • Front-end app: smart contract interaction
    • Security Course by Kudelski Security
      • ink! Developers Security Guideline
      • Lesson 1 - Getting started with ink!
      • Lesson 2 - Threat Assessment
      • Lesson 3 - Integer Overflow
      • Lesson 4 - Signed-integer
      • Lesson 5 - Role-Based Access Control
      • Lesson 6 - Address Validation
      • Lesson 7 - Smart Contract Control
    • Development on EVM-layer
  • PROTOCOL DETAILS
    • Shielder
      • Overview
      • Design against Bad Actors
      • Preliminaries - ZK-relations
      • Notes and Accounts
      • ZK-ID and Registrars
      • Anonymity Revokers
      • PoW Anonymity Revoking
      • Relayers
      • Deterministic Secret Management
      • SNARK-friendly Symmetric Encryption
      • SNARK-friendly Asymmetric Encryption
      • Cryptography
      • Token shortlist
      • User Wallet
      • Versioning
      • PoC
      • Version 0.1.0
      • Version 0.2.0
    • Common DEX
      • Common Whitepaper - Differences
      • Dutch Auctions
  • FAQ
  • Tutorials
    • Withdrawing coins from exchanges
      • How to withdraw your AZERO coins from KuCoin
      • How to withdraw your AZERO coins from MEXC Global
      • How to withdraw your AZERO coins from HTX
  • Setting up or restoring a wallet
    • How to set up or recover your AZERO account using Aleph Zero Signer
    • How to set up or recover your AZERO account using the official mainnet web wallet
    • How to set up or recover your AZERO account using Nova Wallet
    • How to set up or recover your AZERO account using SubWallet
    • How to set up or recover your AZERO account using Talisman
  • Staking
    • How to stake via a direct nomination using the Aleph Zero Dashboard
    • How to stake via a nomination pool using the Aleph Zero Dashboard
    • How to destroy a nomination pool via the Aleph Zero Dashboard
Powered by GitBook
On this page
  • Rationale
  • High availability
  • Security
  • Monitoring

Was this helpful?

  1. USE
  2. Validate

Securing your validator

Even though this page attempts to cover some good practices when setting up a validator, it is not meant to be an absolute guide for creating an iron-clad validator but rather a starting point.

Rationale

As a validator, you are one of the key enablers of block production and consensus, and you need to maintain your reputation in eyes of the nominators. To that end, a validator node has to maintain:

  • high availability: for uninterrupted operation

  • high security, especially with regard to its session keys: if a malicious actor managed to access the keys, they would be able to commit slashable behavior on behalf of the validator

High availability

Even though, in contrast to a lot of chains, the Aleph Zero chain does not punish downtime by slashing, it is still in your best interest to be online as much as possible for two main reasons:

  • you are not getting rewards for the time you are offline

  • your nominators will notice that your node is not reliable and will choose to nominate another validator.

Some recommendations are quite trivial but important nonetheless:

  • run on good quality hardware and prefer bare metal to VM-s

  • ensure stable and fast internet connection

  • make sure you have plenty of disk space (or monitor it regularly if you want to provision it on demand)

While it may seem like a good idea to introduce redundancy (i.e. run more than one node as the same validator), it is not a good idea:

  • you will need to somehow share the session keys between the nodes and that may expose them

  • you may be slashed for equivocation if both nodes are taking part in the consensus at the same time

Security

As mentioned above, you need to keep your keys a secret and the best way to start is to follow standard security practices:

  • setup a firewall and only expose to the outside world the ports you really need (in case of the validator node it is ports 30333 and 30343 for libp2p protocol/validator network, and a port for SSH access)

  • you may want to change the SSH port to something less obvious than 22

  • disable password authentication in SSH and only use key-based authentication

  • for the safest setup, you may consider turning SSH off altogether (if you have physical access to the machine)

  • avoid using the root account

Monitoring

We suggest monitoring your nodes using a combination of these methods:

  • Grafana: for setting up your own dashboards with detailed metrics

  • Logs: for manually monitoring the health of your node

Grafana

Telemetry

The telemetry is enabled by default in the dockerised setup. If you want to disable it (which we strongly advise against), go to your env/validator config file and set TELEMETRY_ENABLED=false.

If you're building the node from source and running a plain binary, you will need to supply the --telemetry-url 'wss://telemetry.polkadot.io/submit/ 1' option when you run the node.

Logs

The text logs from the node can provide useful information when something is wrong. You may want to keep an eye out for:

  • various error messages

  • lack of messages about finalization or importing

  • your node being behind on finalization for prolonged periods of time

PreviousMaking the node validateNextTroubleshooting

Last updated 1 year ago

Was this helpful?

: for publicly sharing basic statistics about your node

It is recommended to setup monitoring and alerts for your node using the standard Prometheus metrics (by default exposed by Aleph Node on port 9615). The recommended tool for digesting the metrics is Grafana and for convenience we've made the config template available .

If the telemetry is enabled, you will be able to monitor your node's performance .

Performance statistics in the azero.dev wallet.
Telemetry
here
here