Fortanix Data Security Manager - Sysadmin Settings

1.0 Introduction

Welcome to the Fortanix-Data-Security-Manager (DSM) system administration guide. The purpose of this guide is to describe the rules governing node enrollment within a Fortanix DSM cluster that are configured by the system administrator.

The settings displayed here are applicable to all the nodes within the cluster.

2.0 Enrollment Policy

Fortanix DSM automatically enforces security policies for enrolling new nodes and users into the system. The Enrollment Policy settings define rules for authentication, trusted Software Guard Extensions (SGX) verification, and certificate-based enrollment.

The Enrollment Policy page displays the current configuration settings for node and user enrollment. The check boxes displayed are selected or unselected based on the DSM version and user-configured settings.

Join Policy: It defines the conditions under which new nodes and users can join the DSM cluster. It displays information about the following configurations:
- SGX – Indicates if a node passed IAS or DCAP attestation.
  NOTE
  Intel Attestation Service (IAS) will be reaching the end of life (EOL) by April 02, 2025. For more information on migration from IAS to DCAP attestation, refer to IAS to DCAP Migration Advisory.
- Trusted node identity – Indicates if Secure Node Join feature is enabled for your cluster. For more information, refer to Updating Existing DSM Cluster with Trusted Nodes.
- Node CA - Indicates that the cluster requires a certificate signed by the Node CA from the new node. This option is always selected by default.
Allowed SGX Types: It defines a field in cluster's Enrollment configuration, which can have any SGXType as its value. These types represent different variants of the Intel® SGX architecture, defined as an Enum. SGXType is a mandatory field in the PCK Certificate. For more information, refer to Intel® SGX PCK Certificate and Certificate Revocation List Profile Specification.
It displays information about the following SGX types in system configurations:
- Standard – It refers to the original Intel SGX architecture (SGX1) to provide secure enclaves.
- Scalable – It refers to the enhanced Intel SGX architecture (SGX2) with dynamic memory management, added instructions, and improved performance.
- Scalable with integrity – It refers to a more enhanced Intel SGX architecture (SGX2 and Memory Integrity) with additional memory integrity protection.
For more information on the SGX capabilities of Azure DCsv2 series or DCsv3 series VMs, refer to DCsv2 sizes series or DCsv3 sizes series.
For more information Fortanix Series I, II, or III Appliances, refer to Hardware Guide.
Figure 1: Enrollment Policy Screen
NOTE
The Enrollment Policy page is read-only and cannot be edited.

Fortanix Data Security Manager - Sysadmin Settings - Enrollment Policy

1.0 Introduction

2.0 Enrollment Policy

PLATFORM

Key Insight

Data Security Manager™

Confidential Computing Manager

Enclave Development Platform®

Request A demo

Contact Us

Free Trial

SOLUTIONS

AWS KMS External Key Store (XKS)

Google External Key Manager

Bring Your Own Key (BYOK)

HSM Modernization

Multicloud Key Management

Post Quantum Cryptography

Code Signing

Secrets Management

Tokenization Transparent

Database Encryption

Filesystem Encryption

Confidential Data Search

Confidential AI

Healthcare

Banking & Financial Services

Fintech

Manufacturing

Web 3.0

Federal Government

RESOURCES

Blog

Whitepapers

Datasheets

Solution Briefs

Ebooks

Reports

Case Studies

Webinars

University

Media Kit

Newsletters

COMPANY

About

Careerswe’re hiring

Customers

Partners

Awards

Events

Press

News

Services

Support

FAQ

4.6