NoOps: Reinventing Your Staking UX

CertiK | Jun 26, 2020

Article's Poster

Check out our previous product announcement on NoOps!

At CertiK, we believe a truly reliable blockchain ecosystem can only survive on top of robust, secure, and high-performing infrastructure. By developing blockchain and cybersecurity technologies in parallel and complementary to one another, CertiK envisions NoOps as not just a singular product in its portfolio, but a gateway to innovation, discoveries, and deep knowledge in these two sectors.

Security-First Infrastructure Design

The importance of security in a staking scenario is paramount. If an attacker can hack into a network’s infrastructure or attempt a DDoS attack, the entire validator network could go down or cause the entire system to malfunction. The repercussions are serious, leading to the loss of rewards since validators are unable to sign blocks. Fortunately, NoOps was built to alleviate the risk of hacks with sophisticated security techniques, including:

Multi-Layered Protections

We apply the unique “Validator-Sentry Architecture” to ensure a more robust security level. Similar to chess, pawns always stand in front of kings. The same rationale can apply in this scenario, where Sentry-nodes will always sit in front of the validator—acting as a layer to protect the node from DDoS attack. Additionally, the validator is protected by CertiKOS, the world’s first fully-verified, multiprocessor OS kernel that has been proven to be hacker-resistant.

Visualization of validator-sentry architecture that ensures more robust security

Network Layer Protection

VPCs (Virtual Private Cloud) and subnets are utilized for network isolation, while ACLs (Access Control List) and security groups help manage network access control. We only open ports when they’re needed, minimizing the attack surface available to hackers.

Public cloud vs virtual private cloud

Dual-Access Control

To login to sentry and validator nodes, you need to be on the CertiK VPN and use a YubiKey. A Yubikey is a physical key that contains an SSH (secure shell) login credential. While it would be difficult for an attacker to get access to the CertiK VPN, it would be nearly impossible to get access to the physical Yubikey.

Generic physical key for login credentials

Private Key Management

We have a secure system to help manage private keys, which for validators is the signing key— one of the most important things in the system that should be kept secret. We store the signing key in a security vault, so even if a malicious actor hacked into the validator node, they can't steal the signing key itself.

A Truly Trustworthy Infrastructure

NoOps is committed to IaC, Infrastructure as Code, for greater quality assurance and security. Infrastructure as Code is the process of managing and provisioning computer data centers through machine-readable definition files, meaning executions are automatic, quicker, easier, and reliable.

Automated Setup

NoOps takes the hassle out of starting a node. Through NoOps, establishing machines, adjusting configurations, and executing chain binaries are all combined into a one-click solution. Rather than depend on error-prone human judgment to set up a node, automation tightens the gap between intention and implementation so that any unexpected behaviors or vulnerabilities do not occur.

Customizable Infra-Layouts

There are two predefined architecture templates that you can start with:

#1 - For general use:

  • One private validator node
  • Two public sentry nodes
  • One public monitor

#2 - For those with strong security concerns:

  • Sentry and validator nodes are designed in a private subnet

You may also choose to build their own infrastructure setup to fit your needs. Like building with Legos, you can add sentries and validators, as well as load balancers to enhance security and performance, among others.

The cost of utilizing the NoOps service also changes depending on how many machines are needed. Security is built into every layer of the product design, thus you can feel assured when customizing architecture.

Photo by Xavi Cabrera via Unsplash

User-Friendly UX/UI

With a robust backend that supports limitless possibilities, NoOps has an outstanding UX/UI system that helps users navigate through the product and make transactions without hassle.

Real-Time System Metrics for Nodes

Validator health is crucial to both the service provider and stakers. That’s why we built a comprehensive monitoring system dashboard for each node running on the NoOps platform, which measures all important system metrics and collects dedicated secure monitors for periodic evaluation.

NoOps real-time system metrics dashboard

Customizable Alert System and On-Call Mechanism

Whenever an abnormality occurs, the monitoring system reports the problem in a timely manner to a stable notification platform, which pushes the alert to the subscribers through an email, Slack message, text message, or phone call. When receiving the alerts, the on-call engineers will respond to the situation and fix the reported problem as soon as possible. Users can customize when and how they receive alerts on the NoOps application page.

Technical and Business Data Insights

With NoOps, we’ve achieved what we believe is a proper balance of validator-driven functionalities, user-friendly interface design, and high-standard security measures.

NoOps offers a comprehensive collection of charts so validators can analyze data, including:

  • Node health Peer count
  • Disk space
  • CPU Load
  • Memory usage since last update time

Validator health monitoring

Beyond technical measurements, NoOps also offers business insights for delegators, including:

  • Tx history
  • Tx amount
  • Latest Tx details
  • Total assets
  • Total bonded %
  • Validator share %

Business insights dashboard for delegators

What’s Next?

NoOps is the first of many exciting projects, all inspired by our past experience and expertise, that we have in the pipeline. With CertiK’s mission to build Blockchain-as-a-Service solutions for enterprise users to simplify business processes, realize seamless digital transformation, and build security-centered blockchain networks, we look forward to sharing more exciting news soon!

Make sure to follow us on Twitter @certik_io or subscribe to our mailing list for the latest updates.

Get Started With NoOps

You can start building your secure and custom blockchain infrastructure today with NoOps. Check out our product page to start your trial account or contact us for more information on how to get started.

Please note: While the NoOps service can help alleviate the technical burdens on staking, the cost of bringing your own stake as a new player in a well-established ecosystem can be high.