Currently, the client can deploy the TSS Node on an off-the-shelf server, a server that supports Intel® Software Guard Extensions (Intel® SGX), or Apple MacBook.

Deployment Methods

SGX-Ready Server

Intel® Software Guard Extensions (SGX) offers hardware-based memory encryption that isolates specific application code and data in memory. SGX allows client-level code to allocate private regions of memory, called enclaves, which are designed to be protected from processes running at higher privilege levels. It offers a granular level of control and protection against many known and active threats.

For more information on SGX, please click here.

A SGX-ready server can provide an encrypted environment for the TSS Node, and the application can run in an isolated environment to further ensure data security.

Currently, the SGX environment can be configured on the following servers:

• Azure Confidential Computing (Virtual Machine)

• Alibaba Cloud Elastic Compute Service

• SGX-ready physical server (on premise)

If you choose to use a SGX-ready server to deploy the TSS Node, please head to the “Environment Preparation: SGX-Ready Server” section.

Off-The-Shelf Server

An off-the-shelf server refers to any server that meets the minimum configuration requirements of the TSS Node (e.g. Elastic Compute, a physical server operated by the client).

An off-the-shelf server can deploy the TSS Node, but it does not provide the unique security properties of a SGX-ready server.

If you choose to use an off-the-shelf server to deploy the TSS Node, please head to the “Environment Preparation: Off-The-Shelf Server” section.

Apple MacBook

Please prepare a brand-new Apple MacBook, upgrade the system to the latest macOS version, and complete the required security configurations.

If you choose to use an Apple MacBook to deploy the TSS Node, please head to the "Apple MacBook" section under "Server Environment Preparation."