Running an Example Application Using SGX Platform

Prev Next

The Fortanix Confidential Computing Manager (CCM) environment is designed with the goal of protecting any application. This article describes how to run a Flask Server application on a compute node.

1.0 Running a Flask Server Enclave OS Application

1.2 Prerequisites:

1.2 Run an Enclave OS Application on Compute Node

  1. Navigate to the Application menu item in the CCM UI left navigation panel, and click the + ADD APPLICATION button.  

    Fig-5-application-landing-screen.png

    Figure 1: Create New Application

  2. Add a Python Web Application. For more information, refer to the User's Guide: Add and Edit an Application.

  3. Approve the domain for the Python Web Application. For more information, refer to the User's Guide: Tasks.

  4. In the detailed view of the application, click the + IMAGE button.  

    add-image-1.png

    Figure 2: Create an Image

  5. Create an image of the Python Web Application by providing a proper tag. For more information, refer to the User's Guide: Create an Image.

  6. Approve the image for the Python Web Application. For more information, refer to the User's Guide: Tasks.

  7. For the node agent attestation type DCAP/EPID, run the application image using the following command:

    docker run --volume /dev:/dev -v /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket -e NODE_AGENT_BASE_URL=http://52.152.206.164:9092/v1/ fortanix-private/python-flask-sgx

    Where,

    • 9092 is the port on which Node Agent listens up.

    • 52.152.206.164 is the Node Agent Host IP.

    • fortanix-private/python-flask-sgx is the converted app that can be found in the Images under the Image Name column in the Images table.  

      mceclip5.png

      Figure 3: Run the Application

      NOTE

      • Use your own inputs for Node IP, Port, and Converted Image in the above format. The information in the example above is just a sample.

      • Add the following flag along with the command to get more details:

        • -e ENCLAVEOS_LOG_LEVEL=debug - to get debug log

        • -p 7622:80 -p 8038:443 - to map the application custom port to 80 or 443

  8. To verify that the application is running, click the APPLICATION from the list in the Fortanix CCM UI and verify that there is a running application image associated with it and displayed with the application in the detailed view of the application.  

    Fig-4-deployed-application.png

    Figure 4: Deployed Application