> ## Documentation Index > Fetch the complete documentation index at: https://docs.hedera.com/llms.txt > Use this file to discover all available pages before exploring further. # Node Deployment Requirements > The Hedera mainnet is currently comprised of permissioned consensus nodes operated by the Hedera Council. This guide outlines the technical requirements, system setup, and network configuration for [*Hedera Council*](https://hedera.com/council) members to deploy and operate their permissioned consensus node on the Hedera mainnet. All requirements aim to ensure consistency and performance across the network. **Note:** This documentation applies only to permissioned consensus nodes operated by Hedera Council Members. It does not cover Hedera’s transition to a permissionless network. ## Minimum Node Platform Requirements The overall performance of the Hedera mainnet is currently constrained by the lowest-performing node in the network. To maintain consistent performance across all Council nodes, a set of minimum hardware, connectivity, and hosting requirements has been established for this initial permissioned phase. **Action:** To ensure compliance with these requirements, submit your proposed node hardware, connectivity, and hosting specifications to Hedera for review **before making any purchases via** {" "} **[devops@hashgraph.com](mailto:devops@hashgraph.com).** ### CPU * **Architecture**: X86/X64 (Intel Xeon or AMD EPYC) * **Cores**: 24 cores / 48 threads * **Benchmarks:** * **Geekbench 6 single-core:** * Minimum: ≥ 1000 * Recommended: ≥ 1500 * **Passmark single-thread:** * Minimum: ≥ 2300 (required for Mainnet) * Recommended: ≥ 2800 *** ### **Memory** * **Minimum:** 256GB DDR4 ECC Registered DIMM (PC4-21300 2666MHz) * **Recommended:** 320 GB+ DDR4 ECC (PC4-25600 3200MHz) *** ### **Storage** **General Guidelines:**\ It is recommended to configure a **240 GB SSD in RAID 1** for the root volume (`/`) and mount additional volumes for usable storage during installation. If RAID is not available, assign all storage to root. * **Minimum:** 5TB NVMe SSD (usable) * **Recommended:** * OS: 2 × 240GB SSD (RAID 1) * Data: 2 × NVMe drives (7.5TB RAID 0) or 4× in RAID 10 array **Performance:**\ If mounted to root volume, the root volume must meet these requirements. If provisioned via RAID, the RAID array should meet these requirements. Lower values are minimum, higher values are recommended: * Sequential Write: 2,000–3,000 MB/s * Sequential Read: 3,000–6,200 MB/s * Random Read (sync): 250k–1M IOPS * Random Write (sync): 100k–170k IOPS * Random Read AIO (async): 500k-1M IOPS * Avg. Latency: ≤ 200µs > 📁 **Note**: Nodes must pass the Hedera performance test suite at installation time. *** ### **Network Connectivity** * Sustained bandwidth: ≥ 1Gbps (via 1/10Gb Ethernet) *** ### Node Operating System & Tools #### Supported OS * Supported Linux Distributions (64-bit, LTS only): * Ubuntu 22.04 LTS and 24.04 LTS * Red Hat Enterprise Linux (RHEL) 8 and 9 * Oracle Linux 8 and 9 * Supported kernel versions: * 6.2.0 * 6.1.2 * 6.0.16 * 5.15.86 The following software components must be installed and configured on your node host to ensure proper participation in the Hedera Mainnet. All installations must follow the minimum version requirements and path conventions. **🐳 Docker & Containerization:**

Component	Version	Notes
Docker Engine	`20.10.6`	Must be deployed with root privileges.
Docker Compose	`1.29.2`	Required for managing multi-container deployments.
Privileged Containers	Optional	If disabled, host machine must run the Havege Daemon.
Havege Daemon	`1.9.14`	Needed only if privileged containers are disabled.
IPTables Support	Linux kernel `3.10+`	Required for Docker networking.

> :information\_source: **Information**: Havege Daemon enhances the system’s entropy pool and is only necessary if container privilege escalation is disabled in your environment. **🔐 System Utilities:**

Component	Required Version	Purpose
HashDeep	`4.4`	Used for update integrity verification.
Bindplane Collector	`4+`	Required for node software log monitoring
JQ CLI	`1.5+`	JSON parser utility used in scripts and CLI workflows.
GNU CoreUtils	`8.00+`	Provides essential Unix command-line tools.
cURL CLI	`7.58.0+`	Used for API communication and health checks.
InCron Daemon	`0.5.12+`	Enables file-system-triggered automation (e.g., network upgrades).
Rsync CLI	`3.0.0+`	Required for network-wide upgrade file synchronization.

> 📁 Note: Ensure all command-line tools are installed in your system's global \$PATH and are accessible to the node admin user. **⚙️ Node Management Tools:**

Component	Version	Configuration Requirements
Node Mgmt Tools	`0.1.0+`	Must be installed at `/opt/hgcapp/node-mgmt-tools`
		Path must be writable and executable by `hgcadmin` user

> 📁 Note: The Node Mgmt Tools bundle includes essential scripts for update operations, log rotation, and status health checks. *** ### **System User Accounts** #### ***Node Software Account (Mandatory):*** | Attribute | Value | | ----------------------- | ---------------------------------------------- | | **Username** | `hedera` | | **Unix UID** | 2000 | | **Group Specification** | `hedera` (GID 2000) | | **Secondary Group** | `admin` or `wheel` | | **Permissions** | Full access to the entire `/opt/hgcapp` folder | *** ### Proxy Server Requirements A proxy is required to expose the node’s public APIs. #### Minimum Proxy Specifications: * **CPU**: 2-core X86/X64 * **Memory**: 4GB RAM * **Storage**: 100GB SSD * **Network**: 200Mbps sustained, static IP **Software:** * **Docker container** (provided by Hedera) with pre-configured HAProxy *** ### Network Configuration **✅ Network Bandwidth** * **Minimum:** `1 Gbps` sustained internet connection *(not burstable).* * **Recommended:** Unmetered bandwidth to ensure uninterrupted sync and consensus participation. **🔐 Network Isolation & IP Requirements** * Deployed within a **dedicated, isolated DMZ** (Demilitarized Zone) network * Configured with a **firewall** to allow connectivity only with Hedera consensus nodes * Node must have a **static IP address** > 📁 **Note\*\***:\*\* Fully Qualified Domain Names (FQDNs) are \*\*not\*\* supported. **📡 Port Configuration** The following ports must be configured for **public internet access** unless otherwise stated: | Port | Protocol | Direction | Description | | ------- | -------- | -------------- | ------------------------------------- | | `50111` | TCP | Ingress/Egress | Gossip protocol | | `50211` | TCP | Ingress/Egress | gRPC (public) API access (HAPI) | | `50212` | TCP | Ingress/Egress | TLS-encrypted gRPC | | `80` | TCP | Egress only | OS package repository connectivity | | `443` | TCP | Egress only | Secure package & system update access | | `123` | UDP | Ingress/Egress | Time sync via NTP pool | **✅ Internet Bandwidth** * **Required:** 200 Mbps sustained connection **📡 Port Configuration** | Port | Protocol | Direction | Purpose | | ------- | -------- | -------------- | ------------------------------- | | `50211` | TCP | Ingress/Egress | gRPC (public) API access (HAPI) | | `50212` | TCP | Ingress/Egress | TLS-encrypted gRPC | | `80` | TCP | Egress only | OS package repository | | `443` | TCP | Egress only | Secure updates | If you plan to use **interface bonding (NIC bonding)** to increase reliability or performance, note the following: **✅ Supported Configurations** Only **Layer 2** bonding is supported: * **Mode 1 (Active-Backup):** * Uses one active NIC at a time * Automatically switches to backup if the active NIC fails * **Mode 4 (LACP – 802.3ad Active/Active):** * Uses Link Aggregation Control Protocol * Requires switch support * Provides load balancing and redundancy **❌ Not Supported** * **Layer 3 Policy-Based Routing (PBR)** with dual-pathways is **not supported**, due to the use of **mutual TLS** in the Hedera network. > ⚠️ Mutual TLS depends on consistent IP-level paths; Layer 3 routing can disrupt this, leading to connection failures. *** ### Hosting Requirements To ensure high availability, security, and operational consistency, all nodes must be hosted in accordance with the following standards: **✅ Hosting Facility Standards** * Must use a **Tier 1 Data Center** with high availability and redundancy. * The facility should be compliant with industry security standards: * **SSAE 16 / SSAE 18** * **SOC 2 Type 2** **🔒 Security & Compliance** * Facilities must implement industry-standard physical and logical security controls. * Regular audits and certifications (must be available on request). **⚠️ Redundancy Across Council** * **Hedera aim to avoid using the same hosting providers** across multiple Council Members to minimize systemic risk and improve geographic and provider diversity. *** ## Contacts For questions or approval of infrastructure plans, contact: * 📧 [devops@hashgraph.com](mailto:devops@hashgraph.com) *** ## Next Steps For detailed guidance on deploying and onboarding your Hedera mainnet node, please see the [Node Deployment Steps](/operators/consensus-node/deployment).