# Puffer Node Operator Hardware Options :::success Of scope are [SGX-capable Intel CPUs](https://www.intel.com/content/www/us/en/architecture-and-technology/software-guard-extensions-processors.html) in order to allow for the lowest possible Puffer bond requirements (1 ETH). Unfortunately, SGX has been deprecated for Intel consumer products since 2022. Instead, Intel’s server products have to be considered as well. [1] ::: ## 🧛🏼‍♂️ (Option #1) Cloud Server - aka 'The Toothless Vampire' - :bulb:Idea: **Running a full node & [secure-signer](https://docs.puffer.fi/technology/secure-signer) in the cloud** Often times the performance bottleneck for running an Ethereum full node [on a VPS is a slow SSD](https://gist.github.com/yorickdowne/f3a3e79a573bf35767cd002cc977b038#overview). A dedicated server with a NVMe SSD, such as [OVH Advanced-1](https://www.ovhcloud.com/en-gb/bare-metal/advance/adv-1/), is usually recommended. Although cloud-hosted servers generally provide Intel's SGX-capable CPUs, it should be doublechecked if the SGX features are enabled for a given subscription plan. > Note: As a Puffer Node Operator, one may critically question oneself as to why vampire-attack Lido as a staking centralisation vector in the first place, only to then run into the arms of cloud hosting platforms as another centralisation vector... ### Pros - [ ] most convenient and easy access to SGX-capable hardware - [ ] subscription time flexibility (e.g. in accordance to [validator ticket](https://docs.puffer.fi/protocol/validator-tickets) duration) - [ ] potentially higher up-time (for maximal rewards) ### Cons - [ ] somewhat (partially) defeats the purpose of a vampire-attack on Lido - [ ] **pricy** in the long run (~160 USD/month for a dedicated server) - [ ] :exclamation:potentially unable to independently install BIOS updates (e.g. in case of SGX vulnerabilities) ## 🧛 (Option #2) Intel NUC - aka 'Count Duckula' *The light-weight, [vegetarian vampire](https://youtu.be/g9ZVWMPuZ2c) variant, e.g. for existing full node operators.* - :bulb:Idea: This machine **only hosts a validator client + secure-signer** and securely ++connects to a separate machine which is hosting a full node++. - Think of the NUC essentially just functioning as a smart hardware wallet in this case. [A few older consumer NUCs](https://www.intel.com/content/www/us/en/support/articles/000057420/software/intel-security-products.html) are still shipping with SGX. Their availability is dwindling rapidly, however. Take this [NUC7-PJYHN as an example](https://mirror.xyz/ladislaus.eth/joTqwZ1sBLxlJayV4pIYxCkwl4RWheM_xipU_OCp9MM). ### Pros - [ ] maximally decentralised staking - [ ] minimal spec & low cost SGX hardware (initial setup ~300 USD) - [ ] dedicated, isolated machine for puffer staking - [ ] low power consumption (~10w) - [ ] independent BIOS updates possible ### Cons - [ ] :warning: no full node included (because the NUC is underpowered) - [ ] limited availability / deprecated consumer hardware - [ ] slightly more advanced networking know-how needed for connecting two machines securely :::warning This option may be interesting for existing home stakers or Rocket Pool smart node operators. ::: *A slight tweak to this option could be to connect an existing full node to a `cloud-hosted SGX instance`, e.g. [Azure confidential computing](https://pufferfinance.github.io/secure-signer/getting-started/). Note, however, that this may turn out pricy in the long run (starting from >70 USD/month only for a VC + secure-signer instance).* *The Rocket Pool community maintains a great list of suggestions for regular [full node hardware](https://docs.rocketpool.net/guides/node/local/hardware#hardware-requirements).* ## 🧛 (Option #3) Dedicated at-home microserver - aka 'Count Dracula' *As the name suggests, this vampire does it all.* - :bulb:Idea: The at-home Puffer node **all-in-one solution**, hosting a full node & secure-signer together on a dedicated machine. Unfortunately, there’s only very limited affordable SGX-capable out-of-the-box *server* hardware for home stakers available on the market. The trade-off here comprises of the fact that server hardware optimises for different use cases than running an Ethereum full node. Of course, custom server builds are always an option. Best bang-for-the-buck I’ve found was this [HP enterprise microserver](https://www.hpe.com/uk/en/product-catalog/compute/proliant-servers/pip.specifications.proliant-microserver.1014677641.html), sporting a fairly modern [Xeon E-2314](https://www.intel.com/content/www/us/en/products/sku/212259/intel-xeon-e2314-processor-8m-cache-2-80-ghz/specifications.html). ### Pros - [ ] maximally decentralised node operation and staking - [ ] full-node + secure-signer ++on a single++ dedicated at-home machine - [ ] relatively low power consumption (~40w) - [ ] somewhat 'affordable' upfront SGX-capable hardware (~1,300 USD) + setup effort - [ ] independent BIOS updates possible ### Cons - [ ] just 4 cores / 4 threads (good at single-threaded tasks; lacking behind more modern consumer CPUs with regards to multi-threading capabilities), i.e. this may fit better for a smaller number of validators - [ ] needs some initial hardware adaptions (e.g. purchase of separate PCIe-3 adapter in order to connect a NVMe SSD) This might be a suitable option for completely new node operators and stakers who are eager to start their validator journey as a Puffer node operator from home. -- :::success [1] Technical note: Puffer node operators need to make sure their Intel SGX-capable CPU [supports FLC](https://www.intel.com/content/www/us/en/support/articles/000057420/software/intel-security-products.html) (Flexible Launch Control) and thus DCAP (Data Center Attestation Primitive), since [soon to be sunset EPID](https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/resources/sgx-ias-using-epid-eol-timeline.html) (Enhanced Privacy ID) support for [remote attestations](https://docs.puffer.fi/technology/RAVe) will not be sufficient anymore. :::