Before you begin

Before you can start adding security and observability services to your customized app, complete the following prerequisites:

1. Create a customized deployable architecture called Example Corp's infrastructure.

2. Onboard the deployable architecture to a private catalog called Example Corp catalog.

3. After you onboard Example Corp's infrastructure to the Example Corp catalog private catalog, share it with your enterprise.

   If you're not ready to share your deployable architecture, you can skip the sharing step.

4. Add your deployable architecture to a project called Example Corp infrastructure and deploy it. For the purposes of this tutorial, you might want to deploy the architecture only in one region. There’s no need to use multiple regions.

Add observability and security services to your application

To secure your application and enable monitoring capabilities, add the IBM Cloud Essential Security and Observability Services deployable architecture to your existing project.

1. In the IBM Cloud console, click the Navigation menu icon > Projects.
2. Select the Example Corp infrastructure project that contains your previously created customized deployable architecture and click Configurations.
3. Click Create. This step takes you to the IBM Cloud catalog.
4. Find the IBM Cloud Essential Security and Observability Services deployable architecture in the catalog and select it.
5. Click Add to project.
6. Name your configuration security-services.
7. Click Add to add the deployable architecture to your Example Corp infrastructure project.

Configure the observability and security services deployable architecture

After adding the IBM Cloud Essential Security and Observability Services to your project, configure it to match your deployment requirements.

1. In the Details section, review the configuration details.

2. From the Security section, select API key using Secrets Manager as the authentication method. Confirm that this is the correct authentication method selected based on what you added to the environment.

   • Create a Secrets Manager service instance in your IBM Cloud account. To create a secret, you must have the Writer role or higher on the Secrets Manager service. After you create your secret instance, make sure that you select Other secret type to add an arbitrary secret. For information about creating an arbitrary secret, see Creating arbitrary secrets in the UI. Your arbitrary secret must contain the API key. The API key must be created in the target account that you want to deploy to. For more information, go to Using an API key with Secrets Manager to authorize a project to deploy an architecture.

3. Hover over the api_key field and click the Secrets icon to select a secret from Secrets Manager.

4. Click Next to edit the basic configurations.

5. Enter a prefix to use for naming conventions.

6. You don't need to set the region value as that is set in the Connect the customized application to the security and observability services step.

7. Turn on the Advanced configuration option if you need to fine-tune your configuration.

8. Click Done and then click Save.

9. Click View stack configurations. This step takes you to your configurations where you can find the security-services stack, which contains the following services that are ready to be validated:

   • Key management
   • Object Storage
   • App Configuration
   • Observability
   • Event Notifications
   • IBM Cloud Security and Compliance Center Workload Protection
   • Secrets Manager

Connect the customized application to the security and observability services

Before you can validate and deploy the security and observability services, connect your customized deployable architecture to the IBM Cloud Essential Security and Observability Services. This connection helps ensure that both architectures are deployed together in the same region and can share configuration values, such as the region setting.

1. Go to the Configurations tab in the Example Corp infrastructure project.
2. Click the Options icon for the security-services configuration > Edit.
3. In the Configure architecture section, update the region value by clicking Add a reference. This step connects architectures together, so your customized architecture can be connected with IBM Cloud Essential Security and Observability Services.
4. Select Configurations as the source and select the example-corp-us-south configuration.
5. Select Inputs as the category and select region as the property value.
6. Click OK.
7. Click Done > Save.

Validate the configurations

After you save the configurations and connect the customized architecture to the security and observability services, validate the configurations to ensure that they are correct and ready for deployment.

1. Go to the Configurations tab in the Example Corp infrastructure project.
2. Click Validate for each service that is ready for validation. The modal that is displayed provides more details about your in-progress validation.
3. If validation is successful, approve the configuration by entering a comment with more details about the approval, and clicking Approve.

Deploy the configurations

After successful validation, deploy the configurations of your architectures. Since the architectures are connected, they are deployed together in the same region.

1. Go to the Configurations tab in the Example Corp infrastructure project.
2. Click the Options icon for the example-corp-us-south customized deployable architecture > Deploy.
3. Click the Options icon for the services included in the security-services architecture > Deploy.

After deployment is complete, the customized application is connected with the IBM Cloud Essential Security and Observability Services, all deployed in the same region.