Everstake’s Migrated to a New Tezos Baker Infrastructure

Everstake completed the migration of our Tezos baker to a new high-availability (HA) infrastructure after extensive testing on Ghostnet. This new setup enhances performance and security, ensuring smooth and efficient operations for our Tezos delegators.

What’s New with the Migration

We’ve upgraded our Tezos baker to a powerful infrastructure that utilizes Google Cloud’s HSM (Hardware Security Module) solution for consensus key management. The new infrastructure is built to optimize endorsement performance, ensuring seamless block production. Our solution leverages a Tezos Remote Signer to manage the baker’s private keys.

The new baker is hosted on a Google Cloud C4 machine series VM, powered by the latest Emerald Rapids Intel processor. This setup, combined with Hyperdisk storage, guarantees the highest level of performance for processing transactions and securing the Tezos network. 

High endorsing performance—all blue means no blocks were lost at all.

After the spike to safely conduct migration, we have 0 missed endorsements as well.

To ensure uninterrupted service, we’ve deployed a triple-reserved setup. This consists of:

• Main baker: high-performant GCP VM that utilizes Cloud HSM
• First hot standby: bare metal server located in the Netherlands at Worldstream with a locally attached YubiHSM
• Second hot standby: bare metal server placed in an undisclosed location, adding an additional layer of redundancy.

This resilient setup ensures our Tezos baker is lightning fast and failsafe, with multiple layers of fallback to guarantee continuous operation.

Google Cloud Key Management Service (KMS)

Our migration leverages Google Cloud’s Key Management Service (KMS), a secure and scalable way to manage cryptographic keys. GCP KMS is essential for safeguarding our Tezos baker’s consensus keys, ensuring that they remain protected within a hardware security module (HSM) environment. 

This solution allows for efficient key rotation and secure signing operations, providing robust key security and compliance at the enterprise level.

YubiHSM 2 by Yubico

We’ve integrated the YubiHSM 2 into our setup for added security and redundancy. This device is known for its cost-effective, secure, hardware-based cryptographic operations, offering another layer of key protection. 

Attached directly to our bare metal servers, YubiHSM 2 enables fast and secure preendorsement, endorsement and block  signing, ensuring that the private keys stay protected from unauthorized access or misuse.

Conclusion

Our upgraded infrastructure is designed to deliver the best possible performance and security for our Tezos users. With cutting-edge technology and a highly redundant setup, we’re prepared to meet the evolving demands of the Tezos network. 

Now is the perfect time to stake Tezos with Everstake and benefit from our enhanced reliability and efficiency. Join us in securing the network while benefiting from it!