Learn about the management responsibilities and terms and conditions that you have when you use IBM Cloud Code Engine. For a high-level view of the service types in IBM Cloud® and the breakdown of responsibilities between the customer and IBM
for each type, see Shared responsibilities for IBM Cloud offerings.
Review the following sections for the specific responsibilities for you and for IBM when you use IBM Cloud Code Engine. For the overall terms of use, see IBM Cloud® Terms and Notices.
If you use other IBM Cloud products such as Object Storage, responsibilities that are marked as yours in the following table, such as disaster recovery for Data, might be IBM's or shared. Consult those products' documentation for your responsibilities.
Tasks for shared responsibilities by area
See what tasks you and IBM share responsibility for each area and resource when you use Code Engine.
In the following tables, Code Engine entities include apps, jobs, and builds, as well as any other workload configuration artifacts.
Incident and operations management
You and IBM share responsibilities for the setup and maintenance of your Code Engine environment for your Code Engine projects and entities. You are responsible for incident and operations management of your workloads and data.
Table 2. Responsibilities for incident and operations management
The rows are read from left to right. The resource area of comparing responsibilities is in the first column, with the responsibilities of IBM in the second column and your responsibilities in the third column.
| Task |
IBM responsibilities |
Your responsibilities |
| Code Engine projects and entities |
- Deploy a fully managed, highly available platform in a secured, IBM-owned account to host projects.
- Fulfill requests for more infrastructure, such as adding, reloading, updating, and removing worker nodes.
- Fulfill automation requests to help recover projects.
|
- Use the provided CLI or console tools to adjust the runtime options (including scaling characteristics) of your workload.
|
| Observability |
- Provide Log Analysis and Monitoring to enable observability of your Code Engine projects and entities.
- Provide integration with Activity Tracker and send Code Engine events for auditability.
|
- Set up and monitor the health of your Code Engine projects and entities.
- Set up and send logs to Activity Tracker.
|
Change management
You and IBM share responsibilities for keeping your images at the latest container platform and operating system versions, along with recovering infrastructure resources that might require changes. You are responsible for change management
of your application data.
Table 3. Responsibilities for change management
The rows are read from left to right. The resource area of comparing responsibilities is in the first column, with the responsibilities of IBM in the second column and your responsibilities in the third column.
| Task |
IBM responsibilities |
Your responsibilities |
| Code Engine projects and entities |
- Provide infrastructure operating system (OS), version, and security updates.
|
- Use the CLI or console tools to apply any app or job required updates.
|
Identity and access management
You and IBM share responsibilities for controlling access to your Code Engine projects. For IBM Cloud® Identity and Access Management responsibilities, consult that product's documentation. You are responsible for identity and access management
to your application data.
Table 4. Responsibilities for identity and access management
The rows are read from left to right. The resource area of comparing responsibilities is in the first column, with the responsibilities of IBM in the second column and your responsibilities in the third column.
| Task |
IBM responsibilities |
Your responsibilities |
| General |
- Create projects with a service ID so that your deployments in the project can pull images from IBM Cloud Container Registry.
|
- Maintain responsibility for any service roles that you create.
|
| Observability |
- Provide integration of IBM Cloud Activity Tracker with your Code Engine project entities to audit any activity.
|
- Set up IBM Cloud Activity Tracker or other capabilities to track user activity.
|
Security and regulation compliance
IBM is responsible for the security and compliance of Code Engine. You are responsible for the security and compliance of any Code Engine entities that run in the Code Engine environment and your associated data.
Table 5. Responsibilities for security and regulation compliance
The rows are read from left to right. The resource area of comparing responsibilities is in the first column, with the responsibilities of IBM in the second column and your responsibilities in the third column.
| Task |
IBM responsibilities |
Your responsibilities |
| General |
- Maintain controls commensurate to various industry compliance standards.
- Monitor, isolate, and recover user projects.
- Provide highly available replicas of your projects and entities.
- Monitor and report the health of the project and entities in the various interfaces.
- Automatically apply security patch updates for infrastructure.
- Enable certain security settings, such as encrypted disks.
- Disable certain insecure actions, such as not permitting users to SSH into the host.
- Encrypt communication with TLS.
- Continuously monitor Code Engine projects and entities to detect vulnerability and security compliance issues.
- Provide options for network connectivity.
- Integrate Code Engine with IBM Cloud Identity and Access Management (IAM).
|
- Set up and maintain security and regulation compliance for your Code Engine entities and data.
- As part of your incident and operations management responsibilities for Code Engine entities and data, apply any security updates.
- Do not include sensitive or private information in Code Engine resource metadata, including configuration values.
|
| Building from source |
- Continuously update the build tools, including BuildKit, and Paketo buildpacks to the latest version.
|
- Resubmit builds to pick up fixes in the base image of your Dockerfile-based builds and to pick up operating system and runtime environment fixes in your Buildpacks-based builds.
|
Disaster recovery
IBM is responsible for the recovery of Code Engine projects and entities in case of disaster. You are responsible for the recovery of the workloads and your workload data. If you integrate with other IBM Cloud services such as file, block,
object, cloud database, logging, or audit event services, consult those services' disaster recovery information.
Table 6. Responsibilities for disaster recovery
The rows are read from left to right. The resource area of comparing responsibilities is in the first column, with the responsibilities of IBM in the second column and your responsibilities in the third column.
| Task |
IBM responsibilities |
Your responsibilities |
| General |
- Maintain service availability across worldwide regions so that customers can deploy projects across zones and regions for higher DR tolerance.
- Provision projects with three replicas in the same region for high availability.
- Continuously monitor Code Engine infrastructure to ensure the reliability and availability of the service environment by site reliability engineers.
- Update and recover operational Code Engine entities.
- Back up and recover Code Engine infrastructure data, as well as your Code Engine entity configuration files.
- Provide integration with other IBM Cloud services such as storage providers so that data can be backed up and restored.
|
- Set up and maintain disaster recovery capabilities for your Code Engine entities and data. For example, to prepare your project for HA/DR scenarios, follow the guidance in High availability for Code Engine.
Note that persistent storage of data such as logs and metrics is not set up by default.
|