Limitations

Do's

• Secure your network configuration: Restrict inbound and outbound rules to the minimum required IP ranges and ports. Follow the principle of least privilege.

• Use security groups and ACLs effectively: Allow only necessary application ports (for example, 22 for SSH, 3389 for RDP, 443 for HTTPS).

• Limit Floating IP access: Assign Floating IPs only when needed for testing and remove them afterward.

• Patch vulnerabilities: Keep your environment up to date by applying security patches. If patches are not applied, the Sandbox may be decommissioned to protect your account.

Don'ts

• Do not open all ports (0–65535) in Security Groups or ACLs. This exposes your environment to risk.

• Do not share Floating IP addresses publicly or with untrusted users. Treat them as access points to your test environment

Do's

• Store SSH keys, API keys, and service credentials securely.

• Use Secrets Manager for managing sensitive information.

Don'ts

• Do not share SSH keys, API keys, passwords, or invite links with others.

• Do not upload private keys to GitHub, Slack, shared drives, or ticketing systems.

• Avoid distributing screenshots containing sensitive account information.

Do's

For Bare Metal servers (if enabled), follow recommended lifecycle actions and allow provisioning tasks to complete before rebooting.

Don'ts

• Do not force-stop Bare Metal servers during provisioning, operating system installation, or maintenance actions.

• Do not attach unauthorized storage or network interfaces that violate your Sandbox limits.

Do's

• Follow Sandbox usage limits and trial timelines.

• Notify IBM if suspicious activity or unauthorized access is detected.

Don'ts

• Do not use the Sandbox for production workloads.

• Do not perform stress testing, penetration testing, or high-risk security scans unless explicitly approved by IBM.

• Do not deploy sensitive or regulated production data inside the Sandbox.