The Playground

Get familiar with CanaryBit Confidential Cloud tools for FREE

The playground gives you the opportunity to play and interact with CanaryBit Confidential Cloud tools for Confidential environments deployment on Azure, AWS and GCP.

Requirements

A CanaryBit Inspector Trial licence ("Not For Resale");
A CanaryBit account;
An Azure, AWS or GCP account.

How-To

1. Source your credentials

In your terminal, source as environment variables your CanaryBit credentials:

CanaryBit

export CB_USERNAME=***
export CB_PASSWORD=***

as well as your infrastructure provider credentials:

Azure

export ARM_SUBSCRIPTION_ID=***
export ARM_TENANT_ID=***
export ARM_CLIENT_ID=***
export ARM_CLIENT_SECRET=***

AWS

export AWS_ACCESS_KEY_ID=***
export AWS_SECRET_ACCESS_KEY=***
export AWS_REGION=***

GCP

export GOOGLE_APPLICATION_CREDENTIALS=***
export GOOGLE_PROJECT=***
export GOOGLE_ZONE=***

2. Deploy your Confidential environment with CanaryBit Tower

CanaryBit Tower comes with a set of examples that can be used to provision a secure environment in your target infrastructure.

Download CanaryBit Tower configuration for Public Cloud deployments and use the example file related to your target infrastructure.

Finally, deploy the environment following the steps documented in the Products :: TOWER page.

3. Verify your environment with CanaryBit Inspector

Automatic

The verification of your Confidential environment is automatically performed with CanaryBit Tower.

Go to Step 4. View the final report to monitor your environment.

Manual

For ad-hoc setup, you would to upload the CanaryBit (cbclient) agent on the Confidential VM you would like to attest.

a. Install the CanaryBit (cb) CLI tool b. Retrieve your CanaryBit token (CBTOKEN):

cb login cbinspector

The command prompts a temporary token to be used to communicate with CanaryBit Inspector.

c. Download the CanaryBit (cbclient) agent:

./cb download cbclient ${CBCLIENT_V}/cbclient

where CBCLIENT_V is the agent version (e.g. 0.3.0)

d. Copy the cbclient to the Confidential VM e. On the Confidential VM, run the cbclient:

cbclient attestation --token $CBTOKEN --environment $HW_ENV --inspector-url https://api.inspector.confidentialcloud.io

providing $CBTOKEN (see step b.) and $HW_ENV ("snp" or "tdx", depending on your hardware chipset) as arguments.

Info

For ad-hoc setups please get in touch with the CanaryBit team. We will be happy to discuss and help you up fullfil your needs.

4. View the final report

Simply log in to the CanaryBit Inspector Dashboard to view the final report, monitor and observe the security of your environment.

List View:

Inspector Dashboard

Graph View:

Inspector Dashboard Graph

5. Need help?

We will be happy to help you up to speed with our Confidential Cloud solution.

Contact Support!