Hi,
I am currently working on the following plan.
There is a need for at least to kind of nodes. There are SuperNET privacy nodes and (Hallmarked) nxt nodes, mostly run by persons on a VPS.
For these nodes, it’s currently the case that you have to buy the VPS, install the necessary packages and build the coin wallets and libraries/API’s. Building a privacy node is still quite cumbersome and daunting for most users. When you look at what you need to do, I would say it will slow down adoption if people have to go through all this.
This does apply more for a SuperNET privacy node then a simple NRS node for NXT. But still, for both nodes I think it would help to ease things way more, so people can buy a VPS and start right away, and get up and running in no time.
What to think of all people who have their nodes running and need to keep it secure too. Some firewalling, ddos prevention, encryption, hardening of ssh, hardening of various Operating System tools and monitoring tools and all that.
The situation is now:
User buys a VPS. The user tries to find a manual and starts configuring. In the case of SuperNET nodes, they will likely get stuck along the way, and have to try to get through it.
Personalise the installation: Create accounts and passwords.
When it’s build, they can run the node, but as things do change, they have to update quite regularly. In the case of a NRS wallet, it’s less frequent, but still they need to update it.
When running the node, it should be kept up to date. When exploits and vulnerabilities arise, the user should act on that.
This node is still not secured, unnecessary services are running, no firewall is set up, no hardening on services and operating system is done AT ALL. It’s only a base setup of Linux and there is nothing done to harden it. Everything should still be done, following 10 page tutorials of how to make sure the machine is secured.
And then, still, there is nothing in place to keep it secured, and no monitoring is set up.
What if, the situation would become streamlined like this, how cool would that be:
User buys a VPS. User signs up for the Master node and gets an acknowledgementTurns on the VPS, start a script.
Drink coffee while the machine is completely installed. Personalise the installation. Create accounts and passwords.
That’s it!
Simple as that.
From now on, the user has it’s machine updated (if they wish) and don’t need to look at all the things that change, new releases and updating of the machine.
Also, a complete firewalled and secured node is there, and lots of things are hardened on the machine, secured and unnecessary stuff is removed and all configuration to make and keep the machine secure is done for you.
I worked out this concept and it can be implemented for these Privacy nodes and NRS (hallmarked) nodes. It will be a breeze for a user to get this VPS up and running.
How will all this work?
There will be a master configuration server. There can be one, but there can be more of them for redundancy. 1,3, or 5 or whatever seems appropriate.
This master server will be setup completely to build and deliver the configuration for the nodes. It will contain configuration for NRS nodes and Privacy nodes, but I can also deliver this service for other type of coins which need nodes with wallets (and possibly other stuff).
This server has to be build, everything that will be done on a node, will be setup here in scripts, separated in various modules. These modules will contain the software which is needed and all configuration changes in such a way to get these nodes in a certain state. I can easily differentiate different kind of nodes and these nodes can get the software and configuration they need. I can reuse the needed modules and differentiate between node configurations where needed. When adding a new kind of node for a new wallet or a new type of server, I can add this to the configuration. Also, when some company/idea connected to NXT (or another crypto currency) they can talk to me to see if they can have their node configuration automated too. It can then be added to my master server and nodes can be created for it in no time.
When I’ve finished a complete node configuration I can easily deliver 100 nodes in one day, if necessary. It depends on how fast you can buy VPSes and turn them on
When someone requests a certain node, I only need to add it to my master server and when the node identifies itself with the master server, once acknowledged it gets it complete configuration pushed and the server will get its state as it should be. And the node will be kept current and secured, for the future.
Also, it’s possible to set up different Linux distributions with this concept. It means extra work in the beginning but once done, other distributions can be set up too.
Security configuration and updating is a continuous job and can be done centrally.
All wallets will be packaged in the needed package formats. A repository will be created via Ubuntu PPA, so ANY node, also nodes that are not setup via this master-client concept can then install these packages simply via apt-get. So people who are not interested in this whole concept, can simply get these wallet packages with apt-get and can also update the wallets packages simply via apt-get, when a new release has come out.
Packaging the wallets will be quite some work, but once done, I can try to keep them up to date.
All this is part of a bigger plan I’’m working on. I will write about that soon.
I actually wanted to publish this part equally with the whole plan, but I started building this master - clientnode concept already, because SuperNET is in need of 50 to 100 servers to get launched.
This pilot phase will help NXT and SuperNET hopefully because setting up Privacy and NRS nodes will be as easy as pushing a button.
Frohike
Poll
