Running EDP Applications on Confidential Computing Manager

1.0 Creating an EDP Application

To create an application in using Fortanix Rust EDP, refer to bringing-edp-rust-apps-to-confidential-computing-manager.

On successful app creation, you will get SIGSTRUCT file of the application (details on the above link). After you get the Enclave SIGSTRUCT of the application build, proceed with the UI flow below.

2.0 Running an Application on Fortanix CCM

Step 1: Signup and Log in to Fortanix Confidential Computing Manager (CCM)

1. Visit https://ccm.fortanix.com/ and signup.

2. After your account is approved by the administrator, log in by entering your email id and password.

   

Step 2: Create and Select an Account

1. After you sign up and log in, you will be taken to the Accounts page. Click ADD ACCOUNT to create a new account. 

2. Enter a name for the new account and optionally add a custom logo for the account. Click CREATE ACCOUNT to complete the account creation.

   

3. After the account is created, click SELECT ACCOUNT to select the newly created account and start enrolling the compute nodes and creating applications.

   

Step 3: Add an EDP Application

1. In the EDP application form, fill in the relevant details such as the Application name and Description (optional).

2. Select a Fortanix CCM group for the application.

3. Labels: To control which applications are allowed to run on which nodes, add Labels for applications and nodes in the form of “Key:Value” pairs.

4. Add any certificate using the Certificate Configuration section.

5. Enter the certificate domain. You can choose to add multiple certificates using the ADD A CERTIFICATE button. After you configure all the certificates, click CREATE to configure the image. 

   

Step 4: Create an EDP Application Image

1. On the next screen, click + IMAGE button.

   

2. On the Add image form, enter all the required details.

   1. Image Version - Enter the valid version number of the image.

   2. Image Type - Select the required radio button for image type.

   3. Enclave Configuration SIGSTRUCT - Choose one of the options to add the SIGSTRUCT details. The SIGSTRUCT for an enclave is generated when an application is signed. It is used to register the enclave with Fortanix CCM.

      

3. Click CREATE to create the EDP application image.

Step 5: Domain and Image Whitelisting

1. An application whose domain is whitelisted will get a TLS Certificate from Fortanix CCM. Similarly, when an application runs from the converted image, the application will try to contact Fortanix CCM and ask for a TLS Certificate.

2. On the Tasks → Pending menu item, approve the pending requests to whitelist the domain and image.

   

   

Step 6: Running the application

On a node running the Fortanix CCM Node Agent, start the application.

ftxsgx-runner get-certificate.sgxs