- API and Producer nodes are run exclusively on hardware.
- Systems are monitored via multiple methods.
- No services are directly exposed to the internet:
● VPNs/SSH are used to remotely manage systems.
● All SSH keys used are stored solely in hardware devices (gpg card).
● API services are reverse-tunneled via Argo agents.
● Incoming P2P connections are handled via a load balancing proxy.
● Producer and Validator nodes only connect to other trusted nodes.
Block Pane utilizes a variety of cloud service providers for auxiliary services, such as storing snapshots, hosting reporting, etc. However: All API and producer nodes are run on bare metal.
One potential risk is that some services are routed via CloudFlare or CloudFront CDNs to protect against denial of service, and provide routing optimization.