IBM Cloud Docs
Watsonx.ai SaaS with Assistant and Governance

Watsonx.ai SaaS with Assistant and Governance

The Watsonx.ai SaaS with Assistant and Governance deployable architecture is designed to automate the deployment and configuration of the IBM watsonx platform in an IBM Cloud account. The IBM watsonx platform is made up of several services working together to offer AI capabilities to end users who can explore them using IBM watsonx projects. The automation also configures a IBM watsonx starter project for an existing IBM Cloud user.

A typical use case is to establish a ready to use IBM watsonx platform in an Enterprise account by granting administrator access to an AI Researcher. It enables an administrator to automatically install all of the services that the IBM watsonx platform is comprised of, as well as the setup of a starter {{site.data.keyworkd.IBM_notm}} watsonx project, allowing an AI Researcher to login to the platform and begin working immediately. For more information, see overview of IBM Cloud watsonx.

In more advanced use cases, the deployable architecture can be used as part of a larger solution, where it is included in a stack with other deployable architectures. For example, this deployable architecture can be used to first setup the IBM watsonx platform as a foundation, and then another deployable architecture can install an "AI application" that uses the underlying services provisioned by the previous one. To facilitate those business challenges, the Watsonx.ai SaaS with Assistant and Governance deployable architecture provides output parameters that can be used programmatically for wiring it to the other components of the stack, and it provides the capability to install additional Watson services.

Architecture diagram

Architecture diagram for the Watsonx.ai SaaS with Assistant and Governance deployable architecture

The Watsonx.ai SaaS with Assistant and Governance deployable architecture creates the services shown in the watsonx services section and an instance of IBM Cloud Object Storage in a target IBM Cloud account, resource group, and region. Then, it automatically configures a IBM watsonx starter project that grants access to an existing IBM Cloud user, for example, an AI researcher. As a result, that user can log into the IBM watsonx starter project, and begin working.

Optionally, but recommended, is enabling the storage delegation for the provisioned IBM Cloud Object Storage instance using your own encryption keys with Key Protect. The section Enable storage delegation explains the benefits of enabling that option.

The Watsonx.ai SaaS with Assistant and Governance deployable architecture can automatically enable storage delegation by taking as input the CRN of the Key Protect instance to use. If you do not specify an encryption key, then the deployable architecture automatically creates one for you in a key ring of your choice (if you do not specify a key ring, then the default one is used).

All service instances must be co-located in the same region. Cloud Object Storage buckets will be created in that region.

The Key Protect instance must be co-located in the same region of the {{site.data.keyworkd.IBM_notm}} watsonx services you are deploying, and it must be in the same target account.

watsonx.governance can only be deployed in us-south and eu-de regions actually, so if you plan to use it you must select one of those regions as deployment location.

watsonx Orchestrate can only be deployed in us-southregion at the moment, so if you plan to use it you must select that region as deployment location.

Additional services from the optional section can be installed at any time after the initial deployment of the deployable architecture.

Design concepts

Design requirements for Watsonx.ai SaaS with Assistant and Governance deployable architecture
Figure 2. Scope of the design requirements

Requirements

The following table outlines the requirements that are addressed in this architecture.

Table 1. Requirements
Aspect Requirements
Enterprise applications Setup and grant access to the IBM Watsonx Artificial Intelligence and Governance platform.
Storage Provide storage that meets the application performance and security requirements
Security
  • Protect boundaries against denial of service and application layer attacks.
  • Encrypt all application data in transit and at rest to protect from unauthorized disclosure.
  • Encrypt all security data (operational and audit logs) to protect from unauthorized disclosure.
  • Protect secrets through their entire lifecycle and secure them using access control measures.
Resiliency
  • Support application availability targets and business continuity policies.
  • Ensure availability of the services in the event of planned and unplanned outages
  • Provide highly available storage artificial intelligence assets.
Service Management Monitor audit logs to track changes and detect potential security problems.

Components

The following table outlines the services used in the architecture for each aspect.

Table 2. Components
Aspects Architecture components How the component is used
Storage Cloud Object Storage Stores artificial intelligence IBM watsonx data assets managed by Watson Machine Learning and Watson Studio services.
Security IAM IBM Cloud® Identity and Access Management authenticates and authorizes any user interaction.
Resiliency All IBM Cloud provisioned services Fully managed services that provide resiliency and high availability.
Application platforms IBM watsonx platform End users interact with the IBM watsonx platform to manage artificial intelligence assets and data.

Next steps

You are now ready to plan your deployment.