This section was copied from existing reviewed documentation.
Source:docs/src/validator_operator/validator_hardware_requirements.rst
Reviewers: Skip this section. Remove markers after final approval.
This section describes hardware requirements for running a validator. Note that these are reference values. Actual requirements can vary based on usage of your validator. We recommend monitoring your production validator nodes with respect to CPU and memory usage of all components and disk usage of the database, and adjust the resourcing as needed.The requirements include both the validator and participant container.These requirements are largely identical between the docker-compose based deployment and the k8s deployment but exclude overhead from k8s itself or ingress.
Usage
CPUs
Memory
DB CPUs
DB Memory
DB size
Experiments on local laptop or minimal VM
1
6GB
1
1GB
1GB
Production validator with little activity
2
8GB
2
4GB
10GB
Production validator for an app provider with moderate activity
Components are relatively sensitive to database latency. If you use a managed database offering like GCP CloudSQL, it is recommended that you allocate it in the same region and zone that your cluster runs in.
Storage requirements grow over time based on transaction volume. Plan for growth and consider implementing participant pruning to manage database size.
Database latency has a direct impact on validator performance. Place your database in the same region and availability zone as your validator compute. Use SSD or NVMe-backed storage.
Your validator must have a static egress IP address. This IP is registered with Super Validators during onboarding and added to their firewall allowlists. Each network environment (DevNet, TestNet, MainNet) requires a separate, dedicated IP.If you run in a cloud environment, use a NAT Gateway (AWS), Cloud NAT (GCP), or NAT Gateway (Azure) to ensure all outbound traffic exits through a single static IP.
Your validator initiates all connections — it does not need to accept inbound connections from the network. Ensure your firewall allows outbound HTTPS (port 443) to:
*.sync.global — Global Synchronizer endpoints
*.canton.network.digitalasset.com — Canton Network infrastructure
GitHub container registry (ghcr.io) — For pulling container images
Back up your PostgreSQL database regularly. The database contains your validator identity, party keys, and contract data. Loss of this data means loss of your validator identity and all hosted party state.For production deployments, use managed database services with automated backups, point-in-time recovery, and cross-region replication.
Validators pay traffic fees in Canton Coin (CC). You need a sufficient CC balance to cover transaction costs. On DevNet and TestNet, CC is available through faucets. On MainNet, CC has real economic value.The validator software can be configured to automatically purchase traffic when your balance runs low.
