Hardware Requirements for Consensus Validator

@boscro asked about the hardware requirements for building and running the consensus validator in another thread, and I provided a link to the requirements in the BUILD.md for consensus, as well as some additional info about configuring SGX.

I think this is a great seed for a topic around consensus validator requirements.

Note - you can build for hardware mode on a machine without SGX, but you will need SGX at runtime to be able to use the features of the enclave that provide privacy and integrity.


Can anyone share info related to minimum viable Azure machine instance type to run a validator? Anyone aware of a guide out there to configure said VM properly? It’s kind of odd that this hasn’t popped up on the community forum yet, or maybe I missed it. I’ve also seen folks link to the Build.md in the project as the authoritative guide to “hardware requirements” which is interesting because the document, as far as I can tell, doesn’t include any mention of hardware requirements or recommendations for that matter, which one might conclude as indicating that there essentially aren’t any beyond access to the SGX enclave.

Anyways, I’m rambling a bit but it seems like either one can run an Azure instance for, at a minimum, $180/month or buy hardware listed here (the list of devices with out of the box support here is especially useful.)

Can anyone speak to their own experience? I’d like to figure out the cheapest way (let’s say amortized over 12 months) to be able to actually participate in the TestNet and ideally the MainNet as well (I don’t have a good mental model re expectations for ledger/block sizes and how to would impact hardware requirements for a validator node, curious if others could speak to that specifically).

I guess I’ll answer my own question here - seems like this Intel NUC7PJYH for ~$200 is a decent starting point.

Some additional notes for the curious:

  • Mobilecoin targets specific hardware in their Rust configuration, see
    Start-testnet-client.sh build fails (Ubuntu). You may need to make some changes to the build configuration to accommodate.
  • You must be able to make specific changes to your BIOS settings or your hardware must not provide certain features. While the NUC I linked above does not support hyper threading I haven’t been able to figure out how to turn off integrated graphics from the BIOS, which may or may not be possible.

Good luck to you other fools out there.

Yeah it’s kinda a beast to run. We’re working on a runbook to help answer these questions but there’s a lot to it. We hope to be able to put something out soon that will contextualize it.


Re: Azure instances - take a look at the Confidential Compute Offerings, DC series. They come configured correctly for SGX (with hyperthreading and GPU disabled).

Note that MobileCoin Validators are using the EPID driver, not the DCAP driver, so you’ll want to make sure your provisioning process takes this into account as well.

You can see MobileCoin’s SGX deployment setup in install_sgx.sh.

IBM cloud also provides SGX baremetal, correctly configured in many global regions.

While the following is not a hardware requirement it’s definitely worth noting here that use of the Intel Production attestation API portal which is required to run a consensus validator node requires an Intel commercial license which requires forming a registered corporate entity and also probably a fee.

@juancarlosfoust - correct, thank you for pointing this out. You do need a commercial license to run SGX with PROD attestation. The license does not require a fee, which is great. More information is here: https://software.intel.com/content/www/us/en/develop/topics/software-guard-extensions/request-license.html

Bump. Has there been any updates on hardware requirements docs or setup guides? Or if there was a forum thread I missed could someone point me in the right direction? Thanks.

Hi @Mercury - the hardware requirements are the same - please see the links in the top post, and let us know if you have any additional questions!

Adding on some OVH info in case anyone is looking for a cloud provider that is cheaper than Azure and IBM.

OVH has SGX supported on some instances (any Intel dedicated server in the INFRA range).
They are less expensive than Azure and IBM - $112/month + $89 one-time setup fee without commitment, $105/month and no setup fee with commitment for an INFRA-1 (prices in USD) - however, they don’t come as nicely provisioned out of the box as @drakeley mentions above for Azure and IBM.

You’ll need to enable SGX and turn off hyperthreading and integrated graphics yourself.
All can be controlled by accessing the BIOS via IPMI. SGX can also be controlled through the OVHcloud Control Panel/API.

An INFRA-1 gets you a 4 core Xeon E/32 GB DDR4 ECC/960 GB NVMe instance.
I think I saw these specs were good enough for a mainnet consensus-service on the signal group chat. MobileCoin team, any thoughts here?

We are right in the middle of a big sprint so all of the engineers at MobileCoin Inc. are unavailable for a few days. We’ll get you an answer ASAP.


Thank you for sharing your research! We looked at OVH early on and they are also a great option - thank you for the reminder and we will make sure to include them when we’re listing out SGX-enabled cloud providers in the future.