This article provides instructions for getting started with Fortanix Confidential Computing Manager (CCM).
Choose a deployment option:
Confidential Computing as a Service
To get started with Fortanix CCM SaaS, visit https://ccm.fortanix.com/ to sign up. Once your account is approved by an administrator, you can log in to the platform.
For detailed instructions to sign up and create an account with Fortanix CCM SaaS, refer to Logging In.
Secure Confidential Workloads Across Cloud and On-Premises
Deploy and Configure Fortanix CCM
Ensure that the required infrastructure and prerequisites are in place before deployment.
1. Prepare the Kubernetes Environment
Set up a Kubernetes cluster that meets the following requirements:
Provision a Kubernetes cluster (on-premises or cloud-hosted) with SGX-enabled nodes.
Ensure a supported Kubernetes version (1.34.x or later, as per the supported upgrade path).
Configure cluster access using
KUBECONFIG.Ensure a minimum of three nodes for Cassandra deployment.
For detailed requirements, refer to Kubernetes Cluster Requirements.
2. Install Supporting Components
Install the required components in the cluster:
Ingress Controller (for UI/static assets exposure)
cert-manager (for TLS certificate management)
SGX Device Plugin (for SGX support)
For detailed setup instructions, refer to Required Components.
3. Configure Container Registry Access
Obtain credentials for the Fortanix OCI registry.
Create image pull secrets in the required namespaces.
For detailed steps, refer to Image Registry Access.
4. Deploy the Fortanix Armor Kubernetes Operator
Install the Fortanix Armor operator using Helm:
Authenticate to the Fortanix OCI registry.
Deploy the operator Helm chart. The latest version can be accessed here.
Configure required parameters such as namespace and version.
For detailed steps, refer to Deploy Fortanix Armor Kubernetes Operator.
5. Verify Operator Deployment
Ensure all operator pods are running.
Confirm the operator is ready.
For detailed verification steps, refer to Verify Deployment.
6. Create the ArmorPlatform Resource
Define the Fortanix CCM platform configuration using the ArmorPlatform custom resource:
Configure the following:
Base configuration, including:
Platform name
Replica count
Container image registry and pull credentials
Internal network ranges
Confidential computing infrastructure (SGX)
Enrollment policies
Database (Cassandra) topology
Ingress and certificate settings
Apply the resource to initiate the deployment of Fortanix CCM components.
For detailed configuration settings, refer to Create ArmorPlatform Resource.
7. Configure Certificates
Provision the public API TLS certificate using one of the following methods:
Automated (cert-manager): recommended for most deployments
Manual CSR generation and signing
For detailed instructions, refer to the following:
8. Verify Deployment
Verify Fortanix CCM deployment:
Ensure all CCM pods are running.
Validate services are deployed correctly.
9. Access the Fortanix CCM User Interface (UI)
Access the Fortanix CCM UI using the configured domain.
Verify that the Fortanix CCM login page loads successfully.
For detailed instructions, refer to Access Fortanix CCM UI.
10. Perform Initial Setup
Sign up as the first user (automatically becomes System Administrator).
Configure:
Email settings
Security policies
External integrations
For detailed instructions, refer to Initial Configuration.
Learn More
For detailed deployment steps, refer to the Fortanix CCM On-Premises Installation Guide.
For advanced configurations (backup, restore, APIs), refer to the respective sections in the guide.
To know the features available for Fortanix CCM on-premises deployments, refer to Fortanix CCM Feature Support Matrix (SaaS vs On-premises).