This page outlines the infrastructure requirements for running a validator node on Canton Network. Requirements vary by deployment method and scale.
Minimum Requirements
Hardware
Requirements vary based on your expected usage level:
| Usage Level | Validator CPUs | Validator RAM | DB CPUs | DB RAM | DB Storage |
|---|
| Development/Local | 1 | 6 GB | 1 | 1 GB | 1 GB |
| Low-activity production | 2 | 8 GB | 2 | 4 GB | 10 GB |
| Moderate-activity production | 2 | 16 GB | 2 | 4 GB | 100 GB |
| Component | Minimum | Recommended |
|---|
| Network | 100 Mbps | 1 Gbps |
| Storage type | SSD | NVMe |
Storage requirements grow over time based on transaction volume. Plan for growth and consider implementing pruning. Database components are sensitive to latency—place managed databases in the same region and zone as your cluster.
Software
| Component | Version | Notes |
|---|
| Operating System | Linux (Ubuntu 22.04+, RHEL 8+) | Windows not supported for production |
| Docker | 24.0+ | If using Docker Compose deployment |
| Docker Compose | 2.26.0+ | Required for quickstart |
| Kubernetes | 1.27+ | If using Kubernetes deployment |
| PostgreSQL | 14+ | For participant database |
| Java | 17 or 21 | Java 22+ is not supported |
Network
| Requirement | Details |
|---|
| Static egress IP | Required for network allowlisting |
| Outbound connectivity | HTTPS (443) to Global Synchronizer endpoints |
| Firewall rules | Allow outbound to synchronizer IPs |
| DNS resolution | Must resolve sync.global domains |
Deployment Options
Docker Compose (Development/Small Scale)
Suitable for development, testing, and small-scale deployments.
# Minimum Docker resources
Docker Desktop:
Memory: 8 GB
CPUs: 4
Disk: 50 GB
Colima (Mac):
colima start --memory 8 --cpu 4
- Simple setup
- Good for development
- Lower operational overhead
Cons:
- Limited scalability
- Manual high availability setup
- Not suitable for large-scale production
Kubernetes (Production)
Recommended for production deployments requiring high availability and scalability.
Minimum cluster:
| Component | Count | Resources |
|---|
| Nodes | 3+ | For high availability |
| CPU per node | 4 cores | Production workloads |
| RAM per node | 16 GB | With headroom |
| Storage class | SSD-backed | Low-latency required |
- AWS EKS
- Google GKE
- Azure AKS
- Self-managed (with experience)
Database Requirements
The participant node requires a PostgreSQL database:
| Parameter | Development | Production |
|---|
| Version | 14+ | 14+ |
| Storage | 50 GB | 500 GB+ |
| IOPS | Standard | 3000+ |
| Connections | 50 | 200+ |
| Backup | Optional | Required |
Database Hosting Options
| Option | Pros | Cons |
|---|
| Managed (RDS, Cloud SQL) | Automated backups, HA | Cost, less control |
| Self-managed | Full control, cost-effective | Operational overhead |
| Container-local | Simple setup | Not for production |
Network Architecture
Ingress Requirements
Your validator needs to be reachable for:
| Service | Port | Purpose |
|---|
| Ledger API | 5001/5003 | Application access |
| Admin API | 5002 | Node administration |
| Health endpoints | Various | Monitoring |
Never expose Admin API to the public internet. Use VPN or private networks for administrative access.
Egress Requirements
Your validator connects outbound to:
| Destination | Purpose |
|---|
| Global Synchronizer sequencer | Transaction submission |
| Global Synchronizer mediator | Confirmation protocol |
| Super Validator endpoints | Onboarding, sponsorship |
*.sync.global*.canton.network.digitalasset.com
IP Allowlisting
Canton Network requires egress IP registration:
- Single IP per environment: DevNet, TestNet, and MainNet each require a distinct IP
- Static IP required: Dynamic IPs cannot be allowlisted
- NAT considerations: Ensure all traffic egresses through the registered IP
Scaling Considerations
Factors Affecting Scale
| Factor | Impact |
|---|
| Number of hosted parties | Database size, memory usage |
| Transaction volume | CPU, network, database IOPS |
| Contract complexity | CPU for Daml execution |
| Historical retention | Storage requirements |
Scaling Strategies
| Strategy | When to Use |
|---|
| Vertical scaling | Increase node resources for moderate growth |
| Database optimization | Tune PostgreSQL for workload |
| Pruning | Remove old data to manage storage |
| PQS offloading | Move read queries to separate service |
Security Requirements
Network Security
| Requirement | Details |
|---|
| TLS | All API endpoints must use TLS 1.2+ |
| Firewall | Whitelist-based access control |
| Network isolation | Separate management and data planes |
| DDoS protection | Recommended for public endpoints |
Key Management
| Key Type | Storage |
|---|
| Party keys | HSM recommended for production |
| TLS certificates | Secure certificate management |
| Database credentials | Secrets management (Vault, KMS) |
Access Control
| Access | Recommendation |
|---|
| Admin API | VPN or private network only |
| SSH/Console | Key-based, MFA enabled |
| Database | Network-restricted, strong passwords |
Cloud-Specific Guidance
AWS
| Service | Recommendation |
|---|
| Compute | EC2 (m6i.xlarge+) or EKS |
| Database | RDS PostgreSQL or Aurora |
| Storage | gp3 EBS volumes |
| Networking | VPC with NAT Gateway |
Google Cloud
| Service | Recommendation |
|---|
| Compute | GCE (n2-standard-4+) or GKE |
| Database | Cloud SQL PostgreSQL |
| Storage | SSD persistent disks |
| Networking | VPC with Cloud NAT |
Azure
| Service | Recommendation |
|---|
| Compute | VM (Standard_D4s_v5+) or AKS |
| Database | Azure Database for PostgreSQL |
| Storage | Premium SSD |
| Networking | VNet with NAT Gateway |
Next Steps
