Architecture decisions for security

The following are security architecture decisions for the hybrid cloud network for classic infrastructure disaster recovery pattern.

Architecture decisions for identity and access management

Classic data center security identity and access management architecture decisions
Architecture decision Requirement Options Decision Rationale
Privileged Access Management Ensure that all operator actions are run securely through a bastion host
Implement session recording to track all activities and note any potential threats
Manage access to resources and track commands issued
  • Bring Your Own bastion host
  • Jump server
  • Bring Your Own bastion host with Privileged Access Management (PAM) software
 Bring Your Own bastion host or jump server The bastion host or jump server is a Virtual Server instance that is provisioned through SSH over a private network to securely access resources within the IBM Cloud private network.

Using PAM software is recommended when session recording, tracking, and managing all access is required.
Identity Access & Role Management (IAM) Securely authenticate users for platform services and control access to resources consistently across IBM Cloud Cloud Identity and Access Management Cloud Identity and Access Management Use IAM access policies to assign users, service IDs, and trusted profiles access to resources within the IBM Cloud account.