Documentation Index

Fetch the complete documentation index at: https://support.fortanix.com/llms.txt

Use this file to discover all available pages before exploring further.

Enroll a Compute Node (bare metal or VM) - SGX

  • Updated on Jun 26, 2026
  • Published on Jun 11, 2024
  • 1 minute(s) read
Prev Next

1.0 Introduction

This article describes how to enroll a compute node on a bare-metal or virtual machine (VM) with an Intel® Software Guard Extensions (SGX) platform in Fortanix Confidential Computing Manager (CCM).

2.0 Enroll A Compute Node (bare Metal) – SGX

2.1 Ubuntu 24.04 Node Agent

Ensure to download the Ubuntu Node Agent Installer for SGX from here.

Perform the following steps to enroll the Ubuntu 24.04 compute node:

  1. Run the following commands to extract the contents of the Node-Agent-installer.tar.gz package and open the folder:

    tar -zxvf Node-Agent-Installer.tar.gz
cd em-agent-installer

  2. Open the INSTALLER_README.md file containing the steps to enroll the compute node in Fortanix CCM.

    Text Description automatically generated with medium confidence

    Figure 1: Readme.txt

  3. Fortanix CCM supports all SGX-capable server nodes.

  4. Ensure that applications running on the compute node are allowed to establish local connections to the Node Agent on port 9092.

    WARNING

    As a security best practice, the Node Agent ports must not accept remote connections. Do not allow remote access to the Node Agent.

  5. Copy the installer.sh file to the VM.

  6. Run the following command to execute the installer.sh script:

    sudo bash installer.sh <join-token> --attestation-type=<attestation-type>

    Where,

    • <join-token> is the token copied from Fortanix CCM. For more information, refer to Section 3.0: Generate a Join Token.

    • <attestation-type> is DCAP. It is strongly recommended to use the DCAP attestation while installing the node agent on Azure VM.

    NOTE

    For Fortanix CCM on-premises SGX deployments, update the EM_HOST_NAME setting in the /etc/em-agent/em-agent.conf file from ccm.fortanix.com to api.armor.onprem.fortanix.net, and then restart the em-agent using the following command:

    sudo systemctl restart em-agent

3.0 Generate a Join Token

Perform the following steps to generate a join token in Fortanix CCM:

  1. Log in to Fortanix Armor Platform. For more information, Getting Started with Fortanix Armor.

  2. Navigate to the Fortanix CCM user interface (UI).  For more information, refer to Fortanix Armor Solutions.

  3. In the CCM UI left navigation panel, click Infrastructure → COMPUTE NODES → Intel SGX, and then click ADD NODE.

    Figure 2: Add node

  4. In the Enroll Compute Node window, click COPY to copy the Join Token. This Join Token is used by the compute node to authenticate itself.

4.0 Validate the Enrolled Compute Node

After the compute node is successfully enrolled, it appears in the COMPUTE NODES overview table in Fortanix CCM.

Related articles

Platform
Fortanix Armor
Armet AI Key Insight Data Security Manager Confidential Computing Manager
Open Source Platform
Enclave Development Platform®

Solutions
Use Cases
Legacy to Cloud Infrastructure Migration Regulatory Compliance Post-Quantum Readiness Secure, Data-Driven Innovation
Industry
Healthcare Banking & Financial Services Fintech Manufacturing Federal Government

Company
About Us Partners Careers Confidential Computing University Blog FAQ Contact Us Awards Events Webinars Press News Services Media Kit Newsletters

Customers

Resources

Support
Fortanix-logo

4.6

star-ratings

As of August 2025

Request a Demo