Access Point Installation Guide

Access Point System Requirements

To participate in the TripleBlind platform, an organization must host a TripleBlind Access Point. This Access Point serves two main purposes: secure the organization’s data or algorithmic assets, and provide computational power for joint operations.

The Access Point is designed as a cloud native component. It is built around Docker technologies, isolating the host infrastructure from internal details and enabling simple deployment and upgrades. Interaction and management is done through the web interface and the Python SDK.

Hosting Requirements

Basic Docker host system requirements:

  • 4 CPU cores (minimum)
  • 16 GB of RAM (minimum)
  • 100 GB+* of attached storage
    * Additional storage requirements depend on assets to be shared on the platform.
  • Static IP address (simplifies whitelisting)

IP Addresses to Whitelist

In general, it is recommended to whitelist by domain as some of our IP addresses may be changed without prior notice. We will notify Access Point administrators if the IP addresses to be whitelisted change.

Inbound Traffic:

  • 35.222.119.55 must be whitelisted to enable inbound traffic from the TripleBlind infrastructure to your Access Point.
  • Inbound traffic from your collaborators’ Access Points’ IP addresses.
  • Inbound traffic from the IP addresses of the machines of your SDK users (required for positioning and retrieving Assets).
  • Inbound traffic from your own Access Point’s IP address (with default setup, find this in the admin console).

Outbound Traffic:

  • tripleblind.app (104.21.14.248)
  • dev.tripleblind.app (172.67.160.210)
  • 52.165.33.19
  • 3.129.200.236
  • 34.68.6.20

ℹ️ The IP addresses or URLs of all counterparty organizations’ Access Points must be whitelisted for both inbound and outbound traffic in order to collaborate with external organizations.

ℹ️ If you do not provide your own SSL certificate and key, TripleBlind will generate temporary ones during the installation process via 🔗LetsEncrypt. In order to generate these, ALL inbound and outbound traffic must be allowed temporarily during the installation. You can revert back to your original whitelisted addresses once the setup is complete.

ℹ️ Your Access Point must have all of your counter-party certificate authorities in its chain of trust. Otherwise connections by their Access Point will be rejected when you attempt to perform collaborative operations. Contact TripleBlind support if you need assistance working with a non-standard Certificate Authority.

Ports

  • 443
  • Both HTTPS and WSS (WebSocket Secure) protocols must be enabled.

Cloud Computing

  • Google Cloud Platform (GCP), using n1-standard-4 machine type
  • Amazon Web Services (AWS), using t3.xlarge machine type
  • Microsoft Azure, using Standard_D4a_v4 machine type

An easy way to configure a server for TripleBlind is by subscribing through Cloud Marketplaces.

Azure Setup

You can find the TripleBlind offering in the 🔗Azure Marketplace.