Documentation Index

Fetch the complete documentation index at: https://support.fortanix.com/llms.txt

Use this file to discover all available pages before exploring further.

Deploying the ACI Application Using Azure Portal

  • Updated on Jun 26, 2026
  • Published on Jun 11, 2024
  • 3 minute(s) read
Prev Next

1.0 Introduction

This article describes how to deploy a confidential Azure Container Instances (ACI) group using the Microsoft Azure portal and Fortanix Confidential Computing Manager (CCM).

2.0 Deploy Confidential ACI Group Using Azure Portal

Perform the following steps to deploy a confidential Azure Container Instances (ACI) group using the Microsoft Azure portal:

  1. From the Azure portal, search and select Deploy a custom template.

    Figure 1: Search box

  2. On the Custom Deployment page, select Build your own template in the editor.

    A screenshot of a computer Description automatically generated

    Figure 2: Build your own template in the editor

  3. In the next screen, paste the JSON Azure Resource Manager (ARM) template encoding of the security policy generated for the ACI application build. For more information, refer to Deploy the ACI Application Using Azure Portal.

  4. Click Save to save the template.

    A screenshot of a computer Description automatically generated

    Figure 3: Paste JSON ARM template

  5. In the Project details form:

    • Subscription: Select the required Azure subscription.

      • Resource Group: Select the required resource group from the drop-down menu or create a new resource group.

    • Instance details:

      • Region: Fortanix ACI is supported only in the following Azure regions: East US, North Europe, West Europe, and West US 2.

      • Join Token: Copy it from the CCM UI. Refer to Steps 7 and 8.

      • Ports: The ports are automatically populated from the image ARM template and can be modified if required.

      • Location: Fortanix ACI is supported in East US 2, West Europe, West US countries only. For more information, refer to Section Confidential SKU (preview) to know all the supported regions at https://learn.microsoft.com/en-us/azure/container-instances/container-instances-region-availability.

      • Request App Cert: Application certificate to request from Fortanix CCM. This must be an approved domain configured for the application.

      • Name: Name of the newly created resource.

      • App Config Id: Leave this field blank for standard ACI applications. However, if you are using ACI applications for CCM workflows, then add the Application Identifier (Runtime configuration hash) of the workflow application. For more information, refer to Workflows Applications Using Fortanix ACI.

      • Agent Log Info: Logging level for the Fortanix agent container. You can select the value from the drop down menu.

      • Startup Timeout Minutes: Specifies the duration for which the system waits for the application certificate before timing out. The time is specified in minutes. An empty value indicates an infinite wait period.

      • Exit Delay Minutes: Specifies the waiting period before the system terminates the process in the event of a certificate request failure. The time is specified in minutes. An empty value indicates an infinite wait period.

      • Disable Default Certificate: Disables requesting the default certificate when no application certificate is set up. This parameter has two options: "Enable Default Certificate" and "Disable Default Certificate."

    Figure 4: Deployment details

  6. Navigate to the Fortanix CCM user interface (UI). For more information, refer to Fortanix Armor Solutions.

  7. In the CCM UI left navigation menu, navigate to Infrastructure → COMPUTE NODES → Azure SEV Containers, and then click ADD NODE.

    Figure 5: Enroll compute node

  8. In the Enroll Compute Node window, click COPY to copy the join token. This Join Token is used by the compute node to authenticate itself.

  9. Click Review + create to create the custom deployment.

    Figure 6: Validate node agent

  10. Wait for the validation to pass.

  11. After the validation is successful, click the Create button to create the custom deployment.

    Figure 7: Node agent created

  12. Navigate to CCM UI → Infrastructure → COMPUTE NODES → AZURE SEV CONTAINERS tab. Verify that the node with attestation type AMD_SEV_SNP is created and in the Active state.

  13. Verify that the application is running successfully by ensuring that the app is active, and the compute node is linked to the build. You can also view and download the certificate to verify the status.

3.0 Verification Steps

Perform the following steps to validate the ACI deployment:

  1. Navigate to the resource group deployment container instance.

  2. Access the application using the public IP address and port number. For example, if the public IP is 20.23.216.154 and the app is running on port 80, then access the application using http://20.23.216.154 or curl http://20.23.216.154:80.

  3. The NGINX welcome page is displayed.

    893d22c5-bf83-4ece-9904-3fe3c9d76255.png

    Figure 8: Welcome screen

  4. Ensure that the node agent and app containers of the deployment are running. Check the container logs to identify errors.

    Screenshot

    Figure 9: Check status

    Screenshot

    Figure 10: Check logs

Related articles

Platform
Fortanix Armor
Armet AI Key Insight Data Security Manager Confidential Computing Manager
Open Source Platform
Enclave Development Platform®

Solutions
Use Cases
Legacy to Cloud Infrastructure Migration Regulatory Compliance Post-Quantum Readiness Secure, Data-Driven Innovation
Industry
Healthcare Banking & Financial Services Fintech Manufacturing Federal Government

Company
About Us Partners Careers Confidential Computing University Blog FAQ Contact Us Awards Events Webinars Press News Services Media Kit Newsletters

Customers

Resources

Support
Fortanix-logo

4.6

star-ratings

As of August 2025

Request a Demo