...
VM requirements | Frontend | Signing | Merge |
---|---|---|---|
Description of usage | Frontend node | Signing node | Merge node |
Number of VMs with same specification | 5 | 2 | 2 |
Hardware requirements (CPU, RAM, disk space) | 8xCPU; 16G RAM; 2x1TB SSD | 1xCPU; 4G RAM; 20G HDD | 4xCPU; 16G RAM; 2x1TB SSD |
Network connection requirements | 1 Gpbs | 1 Gbps
| 1 Gbps |
IP addressing requirements (IPv4, IPv6, public routable) | 1 x IPv4 + 1 x IPv6 public 1 x IPv4 + 1 x IPv6 private (note 2) | 1 x IPv4 + 1 x IPv6 private (note 2 ) | 1 x IPv4 + 1 x IPv6 private (note 2) |
Naming requirements1 |
Other resource requirements | Frontend nodes | Signing nodes | |
---|---|---|---|
Load balancing service | TBD: Homemade, using DNS? | ||
HTTP cache caching service | TBD: Varnish? | ||
TLS termination service | Onion service | TBD: hitch? | |
Tor onion service | Tor client | ||
2 x HSM1 | PKCS#11 interface |
1 Hardware Security Module with support for deterministic ECDSA (NIST P-256) with HMAC-SHA256 and ed25519 (PureEdDSA).
Infrastructure hosting requirements
Hosting requirements | Applying to add_distinguisher | Applying to add_distinguisher All systems |
---|---|---|
Availability | "lots of nines" | |
Backup (what, frequency, retention period) | Configuration only (/etc), daily | |
Monitoring and alerting1 |
| |
Measuring and Reporting2 | ||
Log retention3 | ||
Security policy for access and usage4 |
1 At minimum network accessibility (outside of LAN) and hardware resource usage must be monitored. Indicate if some of this resources can be deemed critical so that adequate thresholds for alerting are implemented. Additional, indicate which specific applications uptime and operational health must be monitored and alerting implemented.
2Define what should be measured, how and with what period in order to deliver appropriate reporting relating to KPIs, usage, etc.
4Define the policy for limiting accessing to the infrastructure piece and where it should be implemented (system level, network level etc.)
System and Application maintenance requirements
System and Application Requirements | Applying to add_distinguisher | Applying to VM add_distinguisher||
---|---|---|---|
Operating system | Linux with proper Docker support | ||
Applications1 | N/A | ||
Maintenance hours2 | None – maintenance is performed on parts of the log but not affecting the service | ||
Configuration management3 | Docker containers deployed and run by cosmos + Puppet (i.e. multiverse) |
1 List the applications installed on a system, and add corresponding licenses where applicable.
2 Define window appropriate for regular maintenance. /give some recommendations3 Applies for automatized configuration management. Describe system used.
Human resources requirements
Indicate requirements both in skills and manpower needed, for personnel needed for devops team (that maintains service specific applications) and for L2 support.
Human resources requirements | add_distinguisher | add_distinguisher |
---|---|---|
Description | ||
Manpower | ||
Recommended number of persons (considering backups) | ||
Skills |