User's Guide: Enroll a Compute Node Using Azure Marketplace

Enroll Compute Node Using Azure Marketplace

  1. First, generate a Join Token using Fortanix CCM UI. To generate your Join Token, please log in to and in the Infrastructure tab, click the + ENROLL NODE in the Compute Nodes page. CCMUserguide35a.png
    Figure 1: Enroll compute node
  2. Click COPY to copy the Join Token. This Join Token is used by the compute node to authenticate itself. NitroJoinToken.png
    Figure 2: Copy Join Token
  3. Visit to create the Node Agent VM to register the compute node.
    Alternatively, you can also download the latest node agent software from and install it on your own machine.
  4. Click the GET IT NOW button in the “Fortanix Confidential Computing Node Agent” page.
    Figure 3: Get the node agent
  5. Click Continue in the pop-up window. azure_2.png
    Figure 4: Confirm creating app in Azure
  6. In the Node Agent preview page, click Create. azure_3.png
    Figure 5: Proceed to create a node agent
  7. In the Create Fortanix Confidential Computing Node Agent form (Figure 6), fill all the necessary details.
    1. Information about the available regions can be found here.
    2. Information about the supported VMs can be found here.
    3. In the Join Token field, paste the join token that you generated using the Fortanix CCM UI.
    4. We strongly recommend using DCAP attestation as the Attestation Protocol while installing the node agent on azure VM.
  8. Click the Review + create button to validate the node agent details. Createnodeagent.pngCreatenodeagent1.pngCreatenodeagent3.png
    Figure 6: Validate node agent
  9. Wait for the validation to pass.
  10. After the validation is successful, click Create to create the node agent. Createnodeagent4.png
    Figure 7: Create node agent CCM_54.png
    Figure 8: node agent created
  11. After the node agent is created, the compute node will be enrolled in the Fortanix CCM, you will see it under the Compute Nodes overview table. CCMUserguide78b.png
    Figure 9: Enrolled node
    To know the attestation type of the node, hover on the certificate CCM_82.png icon. The attestation type is either "DCAP" or "EPID"
  12. Add Labels: To control which applications are allowed to run on which nodes, we add Labels for applications and nodes in the form of “Key:Value” pairs. Refer to Application and Compute Node Policy Enforcement for more details.
    1. Suggested Labels – This field will show the top 10 labels that are frequently used by users of an account.
    2. Add Labels – Enter the Key and Value pair and click the LABEL button to save the label. The newly created label will appear in the Labels Added field. A user can also choose an existing label from the Suggested Labels field.
      Example of a “Key:Value” pairs is – “Location:Location_name” where “Location” is the Key and “Location_name” is the Value of the key such as “South UK”.
      • A label's key and value can have a maximum of 256 characters and is case-sensitive.
      • Some keys are reserved for internal use which are called system-defined labels.
        • Such as: 'Fortanix', 'fortanix', ‘CCM’, ‘ccm’, confidentialcomputingmanager. Or
        • {Fortanix|Fortanix|CCM|ccm|confidentialcomputingmanager|  Confidentialcomputingmanager}<Any_Non-Alphanumeric-Char><Any-Char>.
    3. If we are adding labels for an application then it is mandatory to add the same labels on the node on which the application will run.
    4. A node can have multiple labels that belong to different applications. For example:
      App1’s label => Location1: Value1
      App2’s label => Location2: Value2
      Then the Node can have labels => Location1: Value1 , Location2: Value2.

      CCMUserguide36a.pngFigure 10: Node label


Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful