Skip to main content
This guide outlines the technical requirements, system setup, and network configuration for Hedera Council members to deploy and operate their permissioned consensus node on the Hedera mainnet. All requirements aim to ensure consistency and performance across the network.
Note: This documentation applies only to permissioned consensus nodes operated by Hedera Council Members. It does not cover Hedera’s transition to a permissionless network.

Minimum Node Platform Requirements

The overall performance of the Hedera mainnet is currently constrained by the lowest-performing node in the network. To maintain consistent performance across all Council nodes, a set of minimum hardware, connectivity, and hosting requirements has been established for this initial permissioned phase.
Action: To ensure compliance with these requirements, submit your proposed node hardware, connectivity, and hosting specifications to Hedera for review before making any purchases via devops@hashgraph.com.

CPU

  • Architecture: X86/X64 (Intel Xeon or AMD EPYC)
  • Cores: 24 cores / 48 threads
  • Benchmarks:
    • Geekbench 6 single-core:
      • Minimum: ≥ 1000
      • Recommended: ≥ 1500
    • Passmark single-thread:
      • Minimum: ≥ 2300 (required for Mainnet)
      • Recommended: ≥ 2800

Memory

  • Minimum: 256GB DDR4 ECC Registered DIMM (PC4-21300 2666MHz)
  • Recommended: 320 GB+ DDR4 ECC (PC4-25600 3200MHz)

Storage

General Guidelines:
It is recommended to configure a 240 GB SSD in RAID 1 for the root volume (/) and mount additional volumes for usable storage during installation. If RAID is not available, assign all storage to root.
  • Minimum: 5TB NVMe SSD (usable)
  • Recommended:
    • OS: 2 × 240GB SSD (RAID 1)
    • Data: 2 × NVMe drives (7.5TB RAID 0) or 4× in RAID 10 array
Performance:
If mounted to root volume, the root volume must meet these requirements. If provisioned via RAID, the RAID array should meet these requirements:
  • Sequential Write: 2,000–3,000 MB/s
  • Sequential Read: 3,000–6,200 MB/s
  • Random Read (sync): 250k–1M IOPS
  • Random Write (sync): 100k–170k IOPS
  • Avg. Latency: ≤ 200µs
📁 Note: Nodes must pass the Hedera performance test suite at installation time.

Network Connectivity

  • Sustained bandwidth: ≥ 1Gbps (via 1/10Gb Ethernet)

Node Operating System & Tools

Supported OS

  • Supported Linux Distributions (64-bit, LTS only):
    • Ubuntu 22.04 LTS
    • Red Hat Enterprise Linux (RHEL) 8 and 9
    • Oracle Linux 8 and 9
  • Supported kernel versions:
    • 6.2.0
    • 6.1.2
    • 6.0.16
    • 5.15.86
The following software components must be installed and configured on your node host to ensure proper participation in the Hedera Mainnet. All installations must follow the minimum version requirements and path conventions.🐳 Docker & Containerization:
ComponentVersionNotes
20.10.6Must be deployed with root privileges.
1.29.2Required for managing multi-container deployments.
OptionalIf disabled, host machine must run the Havege Daemon.
1.9.14Needed only if privileged containers are disabled.
Linux kernel 3.10+Required for Docker networking.
:information_source: Information: Havege Daemon enhances the system’s entropy pool and is only necessary if container privilege escalation is disabled in your environment.
🔐 System Utilities:
ComponentRequired VersionPurpose
4.4Used for update integrity verification.
4+Required for node software log monitoring
1.5+JSON parser utility used in scripts and CLI workflows.
8.00+Provides essential Unix command-line tools.
7.58.0+Used for API communication and health checks.
0.5.12+Enables file-system-triggered automation (e.g., network upgrades).
3.0.0+Required for network-wide upgrade file synchronization.
📁 Note: Ensure all command-line tools are installed in your system’s global $PATH and are accessible to the node admin user.
⚙️ Node Management Tools:
ComponentVersionConfiguration Requirements
0.1.0+Must be installed at /opt/hgcapp/node-mgmt-tools
Path must be writable and executable by hgcadmin user
📁 Note: The Node Mgmt Tools bundle includes essential scripts for update operations, log rotation, and status health checks.

System User Accounts

Node Software Account (Mandatory):

AttributeValue
Usernamehedera
Unix UID2000
Group Specificationhedera (GID 2000)
Secondary Groupadmin or wheel
PermissionsFull access to the entire /opt/hgcapp folder

Proxy Server Requirements

A proxy is required to expose the node’s public APIs.

Minimum Proxy Specifications:

  • CPU: 2-core X86/X64
  • Memory: 4GB RAM
  • Storage: 100GB SSD
  • Network: 200Mbps sustained, static IP
Software:
  • Docker container (provided by Hedera) with pre-configured HAProxy

Network Configuration

✅ Network Bandwidth
  • Minimum: 1 Gbps sustained internet connection (not burstable).
  • Recommended: Unmetered bandwidth to ensure uninterrupted sync and consensus participation.
🔐 Network Isolation & IP Requirements
  • Deployed within a dedicated, isolated DMZ (Demilitarized Zone) network
  • Configured with a firewall to allow connectivity only with Hedera consensus nodes
  • Node must have a static IP address
📁 Note**:** Fully Qualified Domain Names (FQDNs) are **not** supported.
📡 Port ConfigurationThe following ports must be configured for public internet access unless otherwise stated:
PortProtocolDirectionDescription
50111TCPIngress/EgressGossip protocol
50211TCPIngressgRPC (public) API access (HAPI)
50212TCPIngressTLS-encrypted gRPC
80TCPEgress onlyOS package repository connectivity
443TCPEgress onlySecure package & system update access
123UDPIngress/EgressTime sync via NTP pool
✅ Internet Bandwidth
  • Required: 200 Mbps sustained connection
📡 Port Configuration
PortProtocolDirectionPurpose
50211TCPIngress/EgressgRPC (public) API access (HAPI)
50212TCPIngress/EgressTLS-encrypted gRPC
80TCPEgress onlyOS package repository
443TCPEgress onlySecure updates
If you plan to use interface bonding (NIC bonding) to increase reliability or performance, note the following:✅ Supported ConfigurationsOnly Layer 2 bonding is supported:
  • Mode 1 (Active-Backup):
    • Uses one active NIC at a time
    • Automatically switches to backup if the active NIC fails
  • Mode 4 (LACP – 802.3ad Active/Active):
    • Uses Link Aggregation Control Protocol
    • Requires switch support
    • Provides load balancing and redundancy
❌ Not Supported
  • Layer 3 Policy-Based Routing (PBR) with dual-pathways is not supported, due to the use of mutual TLS in the Hedera network.
⚠️ Mutual TLS depends on consistent IP-level paths; Layer 3 routing can disrupt this, leading to connection failures.

Hosting Requirements

To ensure high availability, security, and operational consistency, all nodes must be hosted in accordance with the following standards: ✅ Hosting Facility Standards
  • Must use a Tier 1 Data Center with high availability and redundancy.
  • The facility should be compliant with industry security standards:
    • SSAE 16 / SSAE 18
    • SOC 2 Type 2
🔒 Security & Compliance
  • Facilities must implement industry-standard physical and logical security controls.
  • Regular audits and certifications (must be available on request).
⚠️ Redundancy Across Council
  • Hedera aim to avoid using the same hosting providers across multiple Council Members to minimize systemic risk and improve geographic and provider diversity.

Contacts

For questions or approval of infrastructure plans, contact:

Next Steps

For detailed guidance on deploying and onboarding your Hedera mainnet node, please see the Node Deployment Steps.