Everstake’s Migrated to a New Tezos Baker Infrastructure

15 OCT 2024
4 min read
Tezos
4 min read
Article content
What’s New with the Migration
Google Cloud Key Management Service (KMS)
YubiHSM 2 by Yubico
Conclusion

Everstake completed the migration of our Tezos baker to a new high-availability (HA) infrastructure after extensive testing on Ghostnet. This new setup enhances performance and security, ensuring smooth and efficient operations for our Tezos delegators.

What’s New with the Migration

We’ve upgraded our Tezos baker to a powerful infrastructure that utilizes Google Cloud’s HSM (Hardware Security Module) solution for consensus key management. The new infrastructure is built to optimize endorsement performance, ensuring seamless block production. Our solution leverages a Tezos Remote Signer to manage the baker’s private keys.

The new baker is hosted on a Google Cloud C4 machine series VM, powered by the latest Emerald Rapids Intel processor. This setup, combined with Hyperdisk storage, guarantees the highest level of performance for processing transactions and securing the Tezos network. 

image2_1

High endorsing performance—all blue means no blocks were lost at all.

undefined

After the spike to safely conduct migration, we have 0 missed endorsements as well.

To ensure uninterrupted service, we’ve deployed a triple-reserved setup. This consists of:

  • Main baker: high-performant GCP VM that utilizes Cloud HSM
  • First hot standby: bare metal server located in the Netherlands at Worldstream with a locally attached YubiHSM
  • Second hot standby: bare metal server placed in an undisclosed location, adding an additional layer of redundancy.

This resilient setup ensures our Tezos baker is lightning fast and failsafe, with multiple layers of fallback to guarantee continuous operation.

Google Cloud Key Management Service (KMS)

Our migration leverages Google Cloud’s Key Management Service (KMS), a secure and scalable way to manage cryptographic keys. GCP KMS is essential for safeguarding our Tezos baker’s consensus keys, ensuring that they remain protected within a hardware security module (HSM) environment. 

This solution allows for efficient key rotation and secure signing operations, providing robust key security and compliance at the enterprise level.

YubiHSM 2 by Yubico

We’ve integrated the YubiHSM 2 into our setup for added security and redundancy. This device is known for its cost-effective, secure, hardware-based cryptographic operations, offering another layer of key protection. 

Attached directly to our bare metal servers, YubiHSM 2 enables fast and secure preendorsement, endorsement and block  signing, ensuring that the private keys stay protected from unauthorized access or misuse.

Conclusion

Our upgraded infrastructure is designed to deliver the best possible performance and security for our Tezos users. With cutting-edge technology and a highly redundant setup, we’re prepared to meet the evolving demands of the Tezos network. 

Now is the perfect time to stake Tezos with Everstake and benefit from our enhanced reliability and efficiency. Join us in securing the network while benefiting from it!

Stake with Everstake | Follow us on X | Connect with us on Discord

Dark - Light
Everstake Logo
Everstake
Content Manager
Everstake is the world's leading validator, with 735,000+ delegators across 77 blockchain networks. We stake $4.8 billion in assets and provide best-in-class staking services to institutional and retail clients.

Contact us

Have questions?
We’re always there to answer!

contact us
Our distributed team of 20+ community managers is online 24/7 and is ready to assist you.
quote avatar

We’d love to hear your thoughts.

Your opinion matters. Share any concerns, issues, or suggestions you may have with us so that Everstake could work on them, and your experience could improve.
Give FEEDBACK