Each member's pool configuration is peer reviewed via the rest of the CCSPA members to verify and increase the security of their pool and procedures. Since each pool has a unique configuration, every peer review session may also improve the rest of the members' procedures in ways not previously considered.
Kelowna Staking was the first CCSPA member to go through the peer review process and became approved on December 19, 2020.
Since Dec 19, 2020
Whitelisted relay nodes, monitoring server, and SSH access from trusted networks. Every other incoming connection is dropped.
All nodes have SSH enabled with separate password protected SSH keys and password based authentication is disabled. All incoming SSH connections are dropped with the exception from my home and office networks. I have access to both networks through separate VPN connections as well as access to the hosting platform with password protected direct access to all three nodes. If there is ever an emergency I will be able to access all Kelowna Staking nodes. SSH keys are backed up on an encrypted device and with direct access to the nodes, a new set of keys can be created to replace lost SSH keys.
Private keys are contained on a USB encrypted with a password longer than 15 characters containing uppercase, lowercase, numbers and symbols. Transactions are signed from an air gapped machine and transferred via USB to be submitted to the blockchain from a live machine. There are a total of four backups of all private keys on separate storage mediums with various methods of encryption.
Each KLWNA node is running in a high availability cluster that is spread across multiple physical servers which allows each KLWNA node to migrate across the cluster. If one of the physical servers containing a node fails, the effected node will be brought back online automatically by a separate server in the cluster.
If a server has a hypothetical malfunction, any affected node will automatically come back online via another server.
Both relays have unique peers and contain all official CCSPA member nodes in their topology. The Block Producer contains only Kelowna Staking relays in its topology.
Each node is a separate virtualized instance, meaning that each stake pool node runs independently.
KES keys are renewed at least 10 days before expiry to ensure the continuation of block production.
© Copyright Kelowna Staking | Stake pool information provided by ADApools.org