Onboarding
From initial contact to running Canton nodes — a straightforward process designed to get you operational quickly.
Table of contents
What We Need From You
Before we begin provisioning, please prepare the following:
| Item | Description | Example |
|---|---|---|
| Company name | Used for namespace naming and Keycloak realm | acme |
| Contact email | Notification endpoint for validator operations | ops@acme.com |
| Environment | Which environment(s) to deploy to | Devnet, Testnet, Mainnet |
| Onboarding secret | Provided by the Canton Network for validator registration | (from Canton Network) |
Provisioning Process
Step 1 — Namespace and Identity Setup
We create your isolated environment:
- Kubernetes namespace with dedicated service accounts and RBAC
- Keycloak realm with your organization’s identity configuration
- OAuth clients for each application component (validator backend, wallet UI, CNS UI)
- User accounts for your operators with appropriate roles
Step 2 — Security Configuration
Your security layer is established:
- TLS certificate issued via Let’s Encrypt for your dedicated endpoints
- DNS records configured for your services (e.g.,
validator.acme-01.mainnet.naas.noders.services) - GCP KMS key ring provisioned for Canton node cryptographic keys
- Secrets stored in GCP Secret Manager and synced to your namespace via External Secrets Operator
- Istio gateway and authorization policies configured for your namespace
Step 3 — Node Deployment
Your Canton nodes go live:
- PostgreSQL database deployed on premium SSD storage
- Splice Participant node configured with Ledger API endpoints
- Splice Validator node deployed with wallet integration and network connectivity
- Monitoring enabled with Prometheus metrics scraping and Grafana dashboard access
Step 4 — Verification
We confirm everything is operational:
- Node health checks pass (validator and participant pods running)
- Canton Network connectivity verified (sequencer connection established)
- API endpoints reachable and authenticated
- Grafana dashboards showing your metrics
- Backup jobs scheduled and verified
What You Receive
After onboarding is complete, you will receive:
| Deliverable | Details |
|---|---|
| Participant API Endpoints | gRPC and JSON API URLs for your participant node |
| Validator API Endpoint | Public endpoint for your validator node |
| Keycloak Credentials | Login URL, username, and initial password for your operator account |
| Wallet UI | Web interface for validator wallet operations |
| Console Web UI Access | Our own web UI dashboard for managing the validator, parties, users, etc. |
Endpoint Pattern
Your services will be available at:
https://validator.<client>-01.<env>.naas.noders.services
https://participant.<client>-01.<env>.naas.noders.services
https://wallet.<client>-01.<env>.naas.noders.services
https://console.naas.noders.services
Timeline
| Phase | Duration |
|---|---|
| Information gathering | 1 day |
| Provisioning and deployment | 1 day |
| Verification and handover | < 1 day |
| Total | 1–2 business days |
Timeline assumes all required information is provided upfront. Complex configurations or custom requirements may require additional time.
Multi-Environment Onboarding
We recommend a staged approach for production deployments:
- Devnet — start here for initial testing and familiarization
- Testnet — validate your Daml applications against pre-production infrastructure
- Mainnet — production deployment with the confidence that everything works identically
Each environment uses the same infrastructure templates, so behavior in Devnet accurately predicts behavior in Mainnet.
Questions?
Contact us at office@noders.services to start the onboarding process or to discuss your specific requirements.