1. Fortanix
  2. Confidential Computing Manager
  3. User Guide
  4. Compute Nodes
  5. Enroll Compute Node

User's Guide: Enroll a Compute Node (bare metal or VM) - SGX

Last Updated: 

Enroll a Compute Node (bare metal or VM) - SGX

Download Node Agent Installer - Ubuntu 16.04/Ubuntu 20.04

Click the following URL to download the Ubuntu Node Agent installer:
Download Ubuntu Node Agent Installer - SGX

Download Node Agent Installer - CentOS 7

Click the following URL to download the CentOS Node Agent installer:
Download CentOS Node Agent Installer - SGX

Enroll Compute Node

  1. Extract the content of the Node-Agent-Installer.tar.gz package and open the folder.
  2. Open the INSTALLER_README.md file which contains the steps to enroll the compute node in Fortanix CCM.
    nodeagentinstaller.png
    Figure 1: INSTALLER_README

    The INSTALLER_README.md has the steps to enroll a compute node in Fortanix CCM:

  3. Fortanix supports any SGX capable server nodes.
  4. Ensure that applications on the node are allowed to make local connections to the Node Agent on port 9092.
    WARNING
    Ports do not accept remote connections as a best practice. So, do not allow remote connections to the node agent.
  5. Enroll your compute node in Fortanix CCM:
    1. Copy the file installer.sh to your VM.
    2. Run the installer.sh using the command: 
      sudo bash installer.sh <join-token> --attestation-type=<attestation-type>
    NOTE
    • If the attestation type is DCAP, then make sure that you have az-dcap-client installed on your machine. To install az-dcap-client, please refer to INSTALLER_README.md file.
    • We strongly recommend using DCAP attestation while installing the node agent on azure VM.
  6. To generate your Join Token, please log in to https://ccm.fortanix.com, and in the Infrastructure tab, clickENROLL NODE on the Computes Nodes page. CCMUserguide35a.png
    Figure 2: Enroll compute node
  7. In the ENROLL NODE window, a Join Token will be generated in the text box for "Get a join token to register an SGX compute node". This Join Token is used by the compute node to authenticate itself.
    NitroJoinToken.png
    Figure 3: Join token generated
  8. Click Copy to copy the Join Token (Figure 3). 
  9. Run the installer.sh with the Join Token that you copied. This will enroll the compute node in Fortanix CCM.
  10. Once the compute node is enrolled in Fortanix CCM, you will see it under the Compute Nodes overview table. CCMUserguide79.pngFigure 4: Enrolled node

Comments

Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful