IBM Cloud Docs
Creating a IBM Cloud® Security and Compliance Center Workload Protection instance

Creating a IBM Cloud® Security and Compliance Center Workload Protection instance

To leverage the functionality offered by IBM Cloud® Security and Compliance Center Workload Protection, Workload Protection instance is required required. This tutorial describes how to create one.

Before you begin

  • You must have a user ID that is a member or an owner of an IBM Cloud account. To get an IBM Cloud user ID, go to: Registration.

  • Check the regions where the service is available. Learn more. You can complete the steps in any of the supported regions.

Manage user access

Every user that accesses the IBM Cloud Security and Compliance Center Workload Protection service in your account must be assigned an access policy with an IAM user role defined. The policy determines the actions that the user can run within the context of the service or instance you selected. The allowable actions are customized and defined as operations that are allowed to be run on the service. The actions are then mapped to IAM user roles. For more information, see Managing user access in the IBM Cloud.

When a user is granted permissions in the IBM Cloud to work with the IBM Cloud Security and Compliance Center Workload Protection service, the user is automatically granted a service role. This role determines the actions that a user has permissions to run. For more information, see Controlling access through IAM.

Before you can provision an instance, you need to understand:

  • The account owner can create, view, and delete an instance of a service in the IBM Cloud, and can grant permissions to other users to work with the IBM Cloud Security and Compliance Center Workload Protection service.
  • You must have permissions to create resources in the Default resource group.
  • Other IBM Cloud users with administrator or editor permissions can manage the IBM Cloud Security and Compliance Center Workload Protection service in the IBM Cloud. These users must also have platform permissions to create resources within the context of the resource group where they plan to provision the instance.

To grant a user the administrator role for the service and to manage instances within a resource group in the account, the user must have an IAM policy for the IBM Cloud Security and Compliance Center Workload Protection service. For more information, see Granting permissions to work with the IBM Cloud Security and Compliance Center Workload Protection service.

By default, users are automatically added as members of the Secure Operations team that is predefined for each IBM Cloud Security and Compliance Center Workload Protection instance. Users have full permissions to see all the data in the web UI.

Provision an instance

To add monitoring features with IBM Cloud Security and Compliance Center Workload Protection in the IBM Cloud, you must provision an instance of the IBM Cloud Security and Compliance Center Workload Protection service.

Instances are provisioned in the context of a resource group. A resource group organizes your services for access control and billing purposes. You can provision the IBM Cloud Security and Compliance Center Workload Protection instance in the default resource group or in a custom resource group.

To provision an instance through the IBM Cloud UI, complete the following steps:

  1. Log in to your IBM Cloud account.

    Open the IBM Cloud dashboard.

    After you log in with your user ID and password, the IBM Cloud UI opens.

  2. Click Catalog. The list of the services that are available in IBM Cloud opens.

  3. To filter the list of services that is displayed, select the Security category.

  4. Click the IBM Cloud Security and Compliance Center Workload Protection tile.

  5. Select the location.

  6. Select a service plan.

    For more information about the service plans, see Service plans.

  7. Enter a service name.

  8. Select a resource group. By default, the Default resource group is set.

  9. Click Create to provision an instance.

The service UI opens.

To provision an instance through the CLI, see Provisioning a Monitoring instance through the IBM Cloud CLI.

Access the Workload Protection Dashboard

The last step should have taken you to the Overview page of the Workload Protection you just created. From there, you can just click on "Open dashboard". In case you closed the page and want to get back, follow these steps to access the dashboard:

  1. Open the IBM Cloud dashboard.

  2. Click the Navigation menu icon Navigation menu icon > Security > Resources

  3. From the list, select your Workload Protection instance and click on it.

  4. In the instance, click on Open Dashboard

Next step: Configure the agent

You've successfully created a Workload Protection instance. Proceed to Workload Protection agent setup to learn how to install and configure the agent on your Power Virtual Server instances and Virtual Servers for VPC.