Difference between revisions of "Node Provider Roadmap"
m |
(Move milestones into a single page) |
||
Line 9: | Line 9: | ||
There are five Node Provider milestones to go from scratch to being a Node Provider. Finally, the sixth milestone covers node management and maintenance once you're a Node Provider. | There are five Node Provider milestones to go from scratch to being a Node Provider. Finally, the sixth milestone covers node management and maintenance once you're a Node Provider. | ||
− | + | === Milestone One: Education === | |
− | + | Here, you will learn more about the Internet Computer and the rewards/obligations of being a Node Provider. | |
− | * [[Node Provider | + | |
− | + | ==== Step 1: Learn about the Internet Computer | | ==== | |
− | * [[Node Provider | + | Before becoming a Node Provider, it is important to gain a base understanding of the Internet Computer. |
− | ** | + | |
− | + | For a comprehensive overview of the internet computer, read the [[Introduction to ICP]] wiki page as well as the official ICP website: internetcomputer.org. Here, you will learn about the Internet Computer, subnets, the NNS, proof of useful work, ICP tokens, Internet Identity, and other relevant concepts. | |
− | + | ||
− | + | ==== Step 2: Learn what it means to be a Node Provider | | ==== | |
− | + | ||
− | + | ===== What is a Node Provider? | | ===== | |
− | + | The Internet Computer is a decentralized network of nodes running the Internet Computer protocol. These nodes are owned by Node Providers who receive rewards for their nodes' useful work. Every Node Provider is allowed a limited amount of nodes. | |
+ | |||
+ | ===== What does a Node Provider do? | | ===== | ||
+ | It is the job of a Node Provider to: | ||
+ | |||
+ | * Meet the skill, hardware, and networking requirements. These are detailed in milestones two and four. | ||
+ | * Independently onboard as a Node Provider. This is detailed in milestone three. | ||
+ | * Independently onboard their nodes. This is detailed in milestone five. | ||
+ | * Provide maintenance to their own nodes when hardware or networking issues arise, as Node Providers are only rewarded for their nodes' useful work. This is detailed in milestone six. | ||
+ | |||
+ | ===== What are the costs/rewards for being a Node Provider? | | ===== | ||
+ | To understand the varying rewards and estimated costs of being a Node Provider, read the [[Node Provider Remuneration]] guide. | ||
+ | |||
+ | ===== How do you apply to become a Node Provider? | | ===== | ||
+ | Individuals or organizations can become Node Providers through submitting a proposal to the Network Nervous System (NNS). The NNS is a Decentralized Autonomous Organization (DAO) that governs the Internet Computer. The NNS is a collection of smart contracts running on the Internet Computer and includes a voting system where token-holders who have staked ICP may submit and vote on proposals. | ||
+ | |||
+ | The approval of a Node Provider registration proposal takes place through a vote on the NNS. If the proposal passes, the applicant will automatically be registered on the Internet Computer as a Node Provider. Once registered as a Node Provider, you can then purchase hardware, create a contract with a data center, and set up your node machines. | ||
+ | |||
+ | === Milestone Two: Requirements === | ||
+ | Here, you will learn more about the specific skill, hardware, networking, and data center requirements, as well as some best practices regarding decentralization and security. | ||
+ | |||
+ | ==== Step 1: Understand requirements | | ==== | ||
+ | |||
+ | ===== Skill requirements | | ===== | ||
+ | To function effectively as a Node Provider, certain technical skills are required. To see if you are ready, ask yourself, can you: | ||
+ | |||
+ | * Purchase a node machine? | ||
+ | * Connect ethernet or SFP+ cables between routers and servers? | ||
+ | * Install USB based OS installers? | ||
+ | * Run commands from the command line? | ||
+ | * Troubleshoot network connectivity issues? | ||
+ | * Understand the differences between IPv6 and IPv4? | ||
+ | * Follow security best-practices? | ||
+ | |||
+ | ''Note: A Cisco Certified Network Associate (CCNA) certification (or equivalent knowledge) is strongly recommended to successfully complete network configuration.'' | ||
+ | |||
+ | ===== Hardware requirements | | ===== | ||
+ | Read the [[Node Provider Machine Hardware Guide]]. | ||
+ | |||
+ | ===== Networking requirements | | ===== | ||
+ | Read the [[Node Provider Networking Guide]]. | ||
+ | |||
+ | ==== Step 2: Understand best practices | | ==== | ||
+ | |||
+ | ===== Decentralization | | ===== | ||
+ | As a Node Provider, you are a defender of the Internet Computer's decentralization. Here are some recommendation to maximize your decentralization contribution: | ||
+ | |||
+ | * <span class="s1"></span>Be as independent as possible from other Node Providers | ||
+ | ** <span class="s1"></span>Do not own shares in multiple Node Provider organizations | ||
+ | ** <span class="s1"></span>Have only a single Node Provider identity | ||
+ | ** <span class="s1"></span>When seeking support/discussion, use public channels so that Node Provider interaction is transparent | ||
+ | ** <span class="s1"></span>While other Node Providers may offer advice, you're fully responsible for and in charge of your own nodes | ||
+ | * <span class="s1"></span>Be vigilant | ||
+ | ** <span class="s1"></span>Be independent minded, make your own decisions and do not blindly trust 3rd party advice (DFINITY is also a 3rd party that should not be blindly trusted and that holds no special authority over the Internet Computer) | ||
+ | ** <span class="s1"></span>Be aware that misinformation can be used as an attack vector, and therefore, it is important to verify information from multiple sources (preferably public and authenticated) | ||
+ | ** <span class="s1"></span>If you suspect somebody is trying to deceive you, it may be helpful to other Node Providers and other members of the IC community if you use public channels to warn them | ||
+ | * <span class="s1"></span>Restrict access to node machines | ||
+ | ** <span class="s1"></span>Whenever possible, it is best to perform all node-maintenance yourself and to avoid 3rd-party support all together | ||
+ | ** <span class="s1"></span>When 3rd-party servicing is necessary, use a local service (preferably somebody you know and trust) rather than a global one and carefully monitor their work | ||
+ | * <span class="s1"></span>Use local and trusted supply chains | ||
+ | ** <span class="s1"></span>If possible, purchase hardware locally from a trusted vendor to avoid global single points of failure and to reduce the risk that somebody tampers with your hardware during delivery | ||
+ | * <span class="s1"></span>Avoid single points of failure in Node Provider organizations with multiple people | ||
+ | ** <span class="s1"></span>When possible, use the four-eyes principle | ||
+ | ** <span class="s1"></span>For transparency about your decentralization contribution, you may provide a description of your internal security controls against single-person access in your [[Node Provider Self-declaration|self-declaration]] (discussed in milestone three) | ||
+ | ** <span class="s1"></span>Restrict access to trusted employees and collaborators and vet new personnel and collaborators | ||
+ | * <span class="s1"></span>Set up your Node Provider service with a local mindset | ||
+ | ** <span class="s1"></span>Choose a local data center that you can easily reach and inspect | ||
+ | ** <span class="s1"></span>Choose a data center that is not part of a global business to reduce risk from extra-territorial influence | ||
+ | ** <span class="s1"></span>Operate your nodes in the same country as you/your organization reside | ||
+ | ** <span class="s1"></span>Use local employees who live in the same area and that you know yourself | ||
+ | * <span class="s1"></span>Keep information relating to decentralization up-to-date | ||
+ | ** <span class="s1"></span>For example, if you relocate, you should report this to the NNS<span class="s1"></span><span class="s1"></span> | ||
+ | |||
+ | ===== Security | | ===== | ||
+ | |||
+ | * Lock up your hardware | ||
+ | ** Understand and v<span class="s1"></span>erify the physical access control to your node machines in the data centers | ||
+ | ** Determine who should be authorized to use the devices that comes in contact with the node machines (USB sticks, HSMs, network cables, laptops, etc.) and prevent unauthorized physical access through safe storage and alarm systems | ||
+ | ** Establish safe work practices, e.g., four-eyes principle when accessing node machines or using other devices to avoid tampering with them | ||
+ | ** Determine who should have physical keys to access hardware and instruct them to keep the keys safe | ||
+ | ** Keep devices disconnected from the Internet except when strictly necessary to be online | ||
+ | * Store passwords and secret keys safely | ||
+ | ** Use key splitting to back them up in a way that no single-point compromise will cause loss | ||
+ | * WIP | ||
+ | |||
+ | ===== Regulations and taxation | | ===== | ||
+ | Since the Internet Computer is a decentralized system with nobody in charge, you must yourself take full responsibility for compliance with local regulations, including taxation of rewards | ||
+ | |||
+ | * Set up a contract with a data center (see Milestone 3) | ||
+ | * Understand regulations that apply in your jurisdiction with respect to running node machines and when needed, seek legal advise | ||
+ | * Understand how Node Provider rewards are taxed, e.g., through consultation with a tax advisor | ||
+ | |||
+ | === Milestone Three: Node Provider Onboarding === | ||
+ | Before ordering your hardware and obtaining a data center contract, you should first gain approval by the NNS DAO to be a Node Provider. You will do this by submitting a proposal to the NNS to make you an approved node provider. If you're approved, you will be able to add nodes to the Internet Computer network. | ||
+ | |||
+ | ==== Step 1: Join Node Provider matrix channel | | ==== | ||
+ | Join the [[Node Provider Matrix channel]]. Here, you can submit questions or comments related to obtaining the Node Provider requirements or being a Node Provider. | ||
+ | |||
+ | ==== Step 2: Node Provider self-declaration | | ==== | ||
+ | Node Providers should declare their identity and provide a statement of good intent. Failing to do so could reduce your chances of being approved by the NNS to become a Node Provider. See [[Node Provider Self-declaration]]. | ||
+ | |||
+ | ==== Step 3: Node Provider onboarding | | ==== | ||
+ | Follow the [[Node Provider Onboarding]] steps 1 - 11 for detailed instructions on how to create a node provider id and submit a proposal to become an node provider. | ||
+ | |||
+ | === Milestone Four: Node Onboarding Preparation Checklist === | ||
+ | Before you are ready to move on to onboard your nodes, it is important to verify that you have completed all necessary preparations. This milestone provides a mini-roadmap for you to follow to go about obtaining the requirements. | ||
+ | |||
+ | ==== Step 1: Obtain hardware | | ==== | ||
+ | Step 1a: The [[Node Provider Machine Hardware Guide#Purchasing%20Hardware|Node Provider Purchasing Hardware Guide]] will assist you in purchasing your node hardware. | ||
+ | |||
+ | Step 1b: The [[Node Provider Networking Guide]] will assist you in purchasing your networking hardware. | ||
+ | |||
+ | ==== Step 2: Obtain data center contract | | ==== | ||
+ | |||
+ | ==== Step 3: Configuring networking requirements | | ==== | ||
+ | The [[Node Provider Networking Guide]] will assist you in configuring the networking equipment. | ||
+ | |||
+ | ==== Step 4: Reset BMC password | | ==== | ||
+ | The [[BMC Password Reset Guide]] will assist you in resetting your BMC password. | ||
+ | |||
+ | === Milestone Five: Node Machine Onboarding === | ||
+ | By this point, you should have been approved by the NNS as a node provider and have completed the Node Provider Onboarding preparation checklist. You are now ready to onboard your nodes to the Internet Computer! You do this by installing IC-OS on your node machines. | ||
+ | |||
+ | ==== Step 1: IC-OS installation | | ==== | ||
+ | If you encounter issues during the IC-OS installation, check the [[Node Provider Troubleshooting]] page. If that does not solve your problem, you are encouraged to ask for assistance in the [[Node Provider Matrix channel]]. | ||
+ | |||
+ | To install IC-OS, follow the IC-OS installation runbook for your corresponding machine: | ||
+ | |||
+ | * [[IC-OS Installation Runbook|IC-OS Installation Runbook (no-HSM)]] | ||
+ | * [[NitroKey HSM installation runbook|IC-OS Installation Runbook (HSM, legacy onboarding)]] | ||
+ | |||
+ | |||
+ | ❗️❗️❗️DFINITY does ''not'' offer live support for Node Providers attempting to onboard nodes. | ||
+ | |||
+ | === Milestone Six: Node Management === | ||
+ | Here, you will find important guidance and resources on managing and troubleshooting your nodes. | ||
+ | |||
+ | ==== Step 1: Read the Node Provider Maintenance Guide | | ==== | ||
+ | The [[Node Provider Maintenance Guide]] is designed to guide you through many of the tasks, questions or issues you may encounter throughout your career as a Node Provider. Additionally, it includes important best practices, of which all Node Providers should be aware. | ||
+ | |||
+ | ==== Miscellaneous Node Provider resources: | | ==== | ||
+ | These guides provide additional assistance for certain Node Provider tasks: | ||
+ | |||
+ | * [[Node Provider Troubleshooting]] | ||
+ | * [[Node Provider Decommissioning Guide]] | ||
+ | * [[Changing Your Node Provider Principal]] | ||
+ | * [[Changing Your Data Center Principal]] | ||
+ | * [[Updating Firmware]] | ||
+ | * [[IDRAC access and TSR logs]] | ||
+ | |||
+ | If these guides do not solve your problem, you are encouraged to ask for assistance in the [[Node Provider Matrix channel]]. | ||
=== Quick-links === | === Quick-links === |
Revision as of 19:44, 11 August 2023
Introduction
The Internet Computer is a decentralized network of nodes running the Internet Computer protocol. These nodes are owned by Node Providers who receive rewards for their nodes' useful work. Individuals or organizations can become Node Providers through submitting a proposal to the Network Nervous System (NNS), the Decentralized Autonomous Organization (DAO) that governs the Internet Computer.
The more diverse the set of Node Providers who supply node machines, the more resilient the Internet Computer is. You can support the Internet Computer and the IC community by becoming a Node Provider and increasing decentralization.
Roadmap
The Node Provider roadmap outlines what is required of Node Providers, the reward model of the Internet Computer, guidance on hardware acquisition and data center contracts, in-depth best practices, node onboarding procedures, and much more.
There are five Node Provider milestones to go from scratch to being a Node Provider. Finally, the sixth milestone covers node management and maintenance once you're a Node Provider.
Milestone One: Education
Here, you will learn more about the Internet Computer and the rewards/obligations of being a Node Provider.
Step 1: Learn about the Internet Computer | |
Before becoming a Node Provider, it is important to gain a base understanding of the Internet Computer.
For a comprehensive overview of the internet computer, read the Introduction to ICP wiki page as well as the official ICP website: internetcomputer.org. Here, you will learn about the Internet Computer, subnets, the NNS, proof of useful work, ICP tokens, Internet Identity, and other relevant concepts.
Step 2: Learn what it means to be a Node Provider | |
What is a Node Provider? | |
The Internet Computer is a decentralized network of nodes running the Internet Computer protocol. These nodes are owned by Node Providers who receive rewards for their nodes' useful work. Every Node Provider is allowed a limited amount of nodes.
What does a Node Provider do? | |
It is the job of a Node Provider to:
- Meet the skill, hardware, and networking requirements. These are detailed in milestones two and four.
- Independently onboard as a Node Provider. This is detailed in milestone three.
- Independently onboard their nodes. This is detailed in milestone five.
- Provide maintenance to their own nodes when hardware or networking issues arise, as Node Providers are only rewarded for their nodes' useful work. This is detailed in milestone six.
What are the costs/rewards for being a Node Provider? | |
To understand the varying rewards and estimated costs of being a Node Provider, read the Node Provider Remuneration guide.
How do you apply to become a Node Provider? | |
Individuals or organizations can become Node Providers through submitting a proposal to the Network Nervous System (NNS). The NNS is a Decentralized Autonomous Organization (DAO) that governs the Internet Computer. The NNS is a collection of smart contracts running on the Internet Computer and includes a voting system where token-holders who have staked ICP may submit and vote on proposals.
The approval of a Node Provider registration proposal takes place through a vote on the NNS. If the proposal passes, the applicant will automatically be registered on the Internet Computer as a Node Provider. Once registered as a Node Provider, you can then purchase hardware, create a contract with a data center, and set up your node machines.
Milestone Two: Requirements
Here, you will learn more about the specific skill, hardware, networking, and data center requirements, as well as some best practices regarding decentralization and security.
Step 1: Understand requirements | |
Skill requirements | |
To function effectively as a Node Provider, certain technical skills are required. To see if you are ready, ask yourself, can you:
- Purchase a node machine?
- Connect ethernet or SFP+ cables between routers and servers?
- Install USB based OS installers?
- Run commands from the command line?
- Troubleshoot network connectivity issues?
- Understand the differences between IPv6 and IPv4?
- Follow security best-practices?
Note: A Cisco Certified Network Associate (CCNA) certification (or equivalent knowledge) is strongly recommended to successfully complete network configuration.
Hardware requirements | |
Read the Node Provider Machine Hardware Guide.
Networking requirements | |
Read the Node Provider Networking Guide.
Step 2: Understand best practices | |
Decentralization | |
As a Node Provider, you are a defender of the Internet Computer's decentralization. Here are some recommendation to maximize your decentralization contribution:
- Be as independent as possible from other Node Providers
- Do not own shares in multiple Node Provider organizations
- Have only a single Node Provider identity
- When seeking support/discussion, use public channels so that Node Provider interaction is transparent
- While other Node Providers may offer advice, you're fully responsible for and in charge of your own nodes
- Be vigilant
- Be independent minded, make your own decisions and do not blindly trust 3rd party advice (DFINITY is also a 3rd party that should not be blindly trusted and that holds no special authority over the Internet Computer)
- Be aware that misinformation can be used as an attack vector, and therefore, it is important to verify information from multiple sources (preferably public and authenticated)
- If you suspect somebody is trying to deceive you, it may be helpful to other Node Providers and other members of the IC community if you use public channels to warn them
- Restrict access to node machines
- Whenever possible, it is best to perform all node-maintenance yourself and to avoid 3rd-party support all together
- When 3rd-party servicing is necessary, use a local service (preferably somebody you know and trust) rather than a global one and carefully monitor their work
- Use local and trusted supply chains
- If possible, purchase hardware locally from a trusted vendor to avoid global single points of failure and to reduce the risk that somebody tampers with your hardware during delivery
- Avoid single points of failure in Node Provider organizations with multiple people
- When possible, use the four-eyes principle
- For transparency about your decentralization contribution, you may provide a description of your internal security controls against single-person access in your self-declaration (discussed in milestone three)
- Restrict access to trusted employees and collaborators and vet new personnel and collaborators
- Set up your Node Provider service with a local mindset
- Choose a local data center that you can easily reach and inspect
- Choose a data center that is not part of a global business to reduce risk from extra-territorial influence
- Operate your nodes in the same country as you/your organization reside
- Use local employees who live in the same area and that you know yourself
- Keep information relating to decentralization up-to-date
- For example, if you relocate, you should report this to the NNS
Security | |
- Lock up your hardware
- Understand and verify the physical access control to your node machines in the data centers
- Determine who should be authorized to use the devices that comes in contact with the node machines (USB sticks, HSMs, network cables, laptops, etc.) and prevent unauthorized physical access through safe storage and alarm systems
- Establish safe work practices, e.g., four-eyes principle when accessing node machines or using other devices to avoid tampering with them
- Determine who should have physical keys to access hardware and instruct them to keep the keys safe
- Keep devices disconnected from the Internet except when strictly necessary to be online
- Store passwords and secret keys safely
- Use key splitting to back them up in a way that no single-point compromise will cause loss
- WIP
Regulations and taxation | |
Since the Internet Computer is a decentralized system with nobody in charge, you must yourself take full responsibility for compliance with local regulations, including taxation of rewards
- Set up a contract with a data center (see Milestone 3)
- Understand regulations that apply in your jurisdiction with respect to running node machines and when needed, seek legal advise
- Understand how Node Provider rewards are taxed, e.g., through consultation with a tax advisor
Milestone Three: Node Provider Onboarding
Before ordering your hardware and obtaining a data center contract, you should first gain approval by the NNS DAO to be a Node Provider. You will do this by submitting a proposal to the NNS to make you an approved node provider. If you're approved, you will be able to add nodes to the Internet Computer network.
Step 1: Join Node Provider matrix channel | |
Join the Node Provider Matrix channel. Here, you can submit questions or comments related to obtaining the Node Provider requirements or being a Node Provider.
Step 2: Node Provider self-declaration | |
Node Providers should declare their identity and provide a statement of good intent. Failing to do so could reduce your chances of being approved by the NNS to become a Node Provider. See Node Provider Self-declaration.
Step 3: Node Provider onboarding | |
Follow the Node Provider Onboarding steps 1 - 11 for detailed instructions on how to create a node provider id and submit a proposal to become an node provider.
Milestone Four: Node Onboarding Preparation Checklist
Before you are ready to move on to onboard your nodes, it is important to verify that you have completed all necessary preparations. This milestone provides a mini-roadmap for you to follow to go about obtaining the requirements.
Step 1: Obtain hardware | |
Step 1a: The Node Provider Purchasing Hardware Guide will assist you in purchasing your node hardware.
Step 1b: The Node Provider Networking Guide will assist you in purchasing your networking hardware.
Step 2: Obtain data center contract | |
Step 3: Configuring networking requirements | |
The Node Provider Networking Guide will assist you in configuring the networking equipment.
Step 4: Reset BMC password | |
The BMC Password Reset Guide will assist you in resetting your BMC password.
Milestone Five: Node Machine Onboarding
By this point, you should have been approved by the NNS as a node provider and have completed the Node Provider Onboarding preparation checklist. You are now ready to onboard your nodes to the Internet Computer! You do this by installing IC-OS on your node machines.
Step 1: IC-OS installation | |
If you encounter issues during the IC-OS installation, check the Node Provider Troubleshooting page. If that does not solve your problem, you are encouraged to ask for assistance in the Node Provider Matrix channel.
To install IC-OS, follow the IC-OS installation runbook for your corresponding machine:
❗️❗️❗️DFINITY does not offer live support for Node Providers attempting to onboard nodes.
Milestone Six: Node Management
Here, you will find important guidance and resources on managing and troubleshooting your nodes.
Step 1: Read the Node Provider Maintenance Guide | |
The Node Provider Maintenance Guide is designed to guide you through many of the tasks, questions or issues you may encounter throughout your career as a Node Provider. Additionally, it includes important best practices, of which all Node Providers should be aware.
Miscellaneous Node Provider resources: | |
These guides provide additional assistance for certain Node Provider tasks:
- Node Provider Troubleshooting
- Node Provider Decommissioning Guide
- Changing Your Node Provider Principal
- Changing Your Data Center Principal
- Updating Firmware
- IDRAC access and TSR logs
If these guides do not solve your problem, you are encouraged to ask for assistance in the Node Provider Matrix channel.
Quick-links
- Node Machine installation runbooks:
- Troubleshooting and maintenance:
- Other resources: