User's Guide: Enroll a Compute Node (bare metal or VM) - SGX

1.0 Introduction

This article describes how to enroll a compute node using bare metal or VM on a SGX platform.

2.0 Enroll a Compute Node (bare metal or VM) - SGX

2.1 Ubuntu 24.04 Node Agent 

Refer to Download Ubuntu Node Agent Installer - SGX to download the Ubuntu Node Agent installer.

Perform the following steps:

1. Extract the content of the Node-Agent-Installer.tar.gz package and open the folder.

2. Open the INSTALLER_README.md file containing the steps to enroll the compute node in Fortanix CCM.

   

   The INSTALLER_README.md has the steps to enroll a compute node in Fortanix CCM.

3. Fortanix supports any SGX capable server nodes.

4. Ensure that applications on the node are allowed to make local connections to the Node Agent on port 9092.

   WARNING

   Ports do not accept remote connections as a best practice. So, do not allow remote connections to the node agent.

Perform the following steps to enroll Ubuntu 24.04 compute node in Fortanix CCM:

1. Copy the file installer.sh to VM.

2. Run the installer.sh using the command:

   sudo bash installer.sh  --attestation-type=

3.0 Generating Join Token

Perform the following steps to generate a join token in Fortanix CCM:

1. Log in to https://ccm.fortanix.com.

2. Click the Infrastructure → Compute Nodes menu item, and click + ENROLL NODE on the Compute Nodes page.  

   

3. In the ENROLL COMPUTE NODE window, a Join Token will be generated in the text box for "Get a join token to register an SGX compute node". This Join Token is used by the compute node to authenticate itself.

   

4. Click COPY to copy the Join Token. 

4.0 Validating the Enrolled Compute Node

After the compute node is enrolled in Fortanix CCM, you will see it under the Compute Nodes overview table.