Text copied
Castlenode

We provide a state-of-the-art infrastructure tailored to the networks we operate in.

Network features at a glance

20 years of experience in high-availability hosting
99.99% uptime in the past 5 years

Dedicated HSMs for all sensitive operations

PCI-DSS compliant hardware and hosting site

24/7 monitoring and on-call supervision

Fully redundant N+M hosted platform

Validator nodes co-located in dedicated Tier3 datacenter

Infrastructure Specification

Validator nodes

  • Validator-nodes co-located in dedicated Tier3 datacenters
  • Site redundancy - 2 independent datacenters (Equinix & Zayo)
  • Switching validators requires a manual procedure to protect against equivocation
  • Electric redundancy - All systems are backed by at least two power feeds
  • Internet redundancy - Cloud & Backbone MultiSite BGP / Ripe Members
  • Internal network redundancy - Brocade/Arista Hardware
  • Network security & DMZ using dedicated Juniper SRX hardware
  • Consensus key secured with Yubico HSMs
  • Application keys secured with SafeNet HSMs
  • TPM encrypted storage & IPSec network communication
  • Obfuscation/Polymorphism of network topologies

Sentry nodes

  • 3+ sentry groups using different cloud providers (GCP, OVH & AWS)
  • Different sentry types in each group (Full Duplex, Half Duplex, Private) to maintain service in adversarial conditions
  • Secure switch between sentries

Key management

  • Critical operations require several people, not only founders
  • All operations require 2FA from each participant
  • No use of passwords, only OTP/HSMs
  • In-hardware encoded governance for application keys

Monitoring & Alerting

  • Kafka Relay
  • Blackhole/Timestamps server to store logs
  • Prometheus/Kibana/Grafana to monitor indicators
  • Unusual variations trigger alerts
  • Community channels monitoring

Business continuity

  • If one datacenter is compromised, Business Continuity Plan (BCP) is applied - Few hours to migrate
  • If both datacenter are compromised, Disaster Recovery Plan (DRP) is applied - 72 hours to migrate

Want to contact us ?

Contact