Running EDP applications on Confidential Computing Manager

Creating an EDP application

To create an application in using Fortanix Rust EDP please refer https://support.fortanix.com/hc/en-us/articles/360044746932-Bringing-EDP-Rust-Apps-to-Confidential-Computing-Manager 

On successful app creation, you will get SIGSTRUCT file of the application (details on the above link). Once you get the Enclave SIGSTRUCT of the application build, proceed with the UI flow below.

Running an application on Confidential Computing Manager

Step 1: Signup and Log in to Fortanix Confidential Computing Manager (CCM)

  •  Visit https://ccm.fortanix.com/ and signup.
  • After your account is approved by the administrator, log in by entering your email id and password.

CCM_5.png Figure 1: Logging in

Step 2: Create and Select an Account

  • Once you sign up and log in, you will be taken to the Accounts page. Click ADD ACCOUNT to create a new account. 
  • Enter a name for the new account and optionally add a custom logo for the account. Click CREATE ACCOUNT to complete the account creation.

EDP1.png Figure 2: Create an account

  • Once the account is created, click SELECT ACCOUNT to select the newly created account and start enrolling the compute nodes and creating applications.

EDP2.png Figure 3: Select an account

Step 3: Add an EDP Application

select-EDP.png
Figure 4: Add EDP application

  1. In the EDP application form, fill the relevant details such as the Application name and Description (optional).
  2. Add any certificate using the Certificate Configuration section.
  3. Enter the certificate domain. You can choose to add multiple certificates using the ADD A CERTIFICATE button. Once you configure all the certificates, click NEXT to configure the image.  EDP3.png
    Figure 5: Add application details

Step 4: Create an EDP Application Image

  1. In the Add image form, enter the Image Version.
  2. Next, you have to add the Sigstruct details. The SIGSTRUCT for an enclave is generated when an application is signed. It is used to register the enclave with Fortanix CCM. In the Enclave Configuration SIGSTRUCT section, you will see three options to add SIGSTRUCT. Choose one of the options to add the SIGSTRUCT details.
        EDP4.png EDP5.png Figure 6: Create an EDP Application Image
  3. Click CREATE to create the EDP application image.

Step 5: Domain and Image Whitelisting

  • An application whose domain is whitelisted will get a TLS Certificate from Fortanix CCM. Similarly, when an application runs from the converted image, the application will try to contact Fortanix CCM and ask for a TLS Certificate.
  • On the Tasks tab, approve the pending requests to whitelist the domain and image.

CCMUserguide17.png Figure 7: Whitelist the domain

CCMUserguide32.png Figure 8: Whitelist the Image

Step 6: Running the application

On a node running the Fortanix CCM Node Agent, start the application.

ftxsgx-runner get-certificate.sgxs

EDP6.png Figure 9: Deployed EDP application

Was this article helpful?
0 out of 0 found this helpful