Understanding your responsibilities when you use deployable architectures

Learn about the management responsibilities and terms and conditions that you have when you use deployable architectures. For a high-level view of the service types in IBM Cloud® and the breakdown of responsibilities between the customer and IBM for each type, see Shared responsibilities for using IBM Cloud products.

Review the following sections for the specific responsibilities for you and for IBM when you use a deployable architecture. For the overall terms of use, see IBM Cloud Terms and Notices.

Incident and operations management

Incident and operations management includes tasks such as monitoring, event management, high availability, problem determination, recovery, and full state backup and recovery.

Table 1. Responsibilities for incident and operations
The first column describes the task that a customer or IBM might be responsibility for. The second column describes IBM responsibilities for that task. The third column describes your responsibilities as the customer for that task.
Task	IBM Responsibilities	Your Responsibilities
Monitor the status of a deployable architecture	IBM provides the ability for customers to monitor the lifecycle of the deployable architecture.	Use the needs attention widget or enable Event Notifications to monitor events that specifically impact the lifecycle of your deployable architecture.
Monitor the status of a product spun up by your deployable architecture	IBM provides the ability for customers to monitor the lifecycle of the instances.	Use the resource list, service instance pages, or the Status page to monitor events that specifically impact your service instance.

Change management

Change management includes tasks such as deployment, configuration, upgrades, patching, configuration changes, and deletion.

Table 2. Responsibilities for change management
The first column describes the task that a customer or IBM might be responsibility for. The second column describes IBM responsibilities for that task. The third column describes your responsibilities as the customer for that task.
Task	IBM Responsibilities	Your Responsibilities
Creation of the IBM Cloud deployable architectures	IBM provides the base pattern as a deployable architecture for instantiation through Terraform.	N/A
Must use supported version of IBM Cloud Terraform Provider.	IBM publishes Terraform provider of all Terraform enabled services on IBM Cloud.	Customers should use the latest major version. Terraform Providers version requirements are documented within the `version.tf` file for each deployable architecture.
Third-party Terraform Providers used within templates	N/A	Customer is responsible for any use of third-party Terraform code that is used with the deployable architecture.
Running default configuration (out of the box)	IBM provides the ability for customers to create and deploy configurations of deployable architectures by using projects, Terraform-as-a-service, or the projects CLI.	Use projects to configure and deploy a deployable architecture.
Running templates locally by using Terraform directly	N/A	Customer can run the deployable architecture on their local system.
Customize modules or deployable architectures with pre-supported modules	IBM provides and supports base Terraform modules for services on IBM Cloud, and provides preset JSON configuration overrides for templates.	Customer can use these base Terraform modules to extend their base deployable architecture pattern.
Workload Management (Application Migration and Backup/Restore)	N/A	Customer responsibility to manage and migrate application workloads.
Fixes, new features, and updates to the next major deployable architecture release	IBM provides regular updates, bug fixes, and new features in a continuous delivery model that is apparent to the customer. IBM provides a migration path when possible.	N/A
Keep deployed services and resources up to date	N/A	Apply fixes and updates to the compute resources that are created from the deployable architecture. These resources are not updated through the deployable architecture unless otherwise indicated.
Issues found in IBM-provided versions of Terraform modules	IBM provides a way for customers to open issues. If the issue is with a deployable architecture, open a case. If the issue is with a module, open an issue in the module GitHub repo.	Customer provides information to reproduce any problem.
Issues with IBM container images	IBM provides a way for customers to open issues.	Customer provides information to reproduce any problem.
Issues with third party and open source container images	N/A	Customer resolves with third-party vendor or open source community.
Issues with IBM Cloud-provided stock operating system images	N/A	Customer must get a compatible stock image from the vendor.
Issues with the services that the Terraform creates from a deployable architecture	IBM Cloud resolves issues with the services.	N/A
IBM Cloud resource outages or issues that occur during automated template execution by using IBM Cloud Terraform Provider	IBM reports outages for any cloud resources on the Status page.	Customers can redeploy after issue is resolved.
IBM Cloud catalog and private catalog support	IBM provides a way for you to discover available deployable architectures in our public catalog and save your versions to a private catalog.	N/A
Provide ability for drift detection	IBM notifies you if your instantiated resources differ from the base pattern.	Customer decides when to remediate any configurations detected in drift detection.
Pulling deployable architecture changes into a project	IBM provides the ability for customers to update the version of a deployable architecture in a project if a new version becomes available.	Customers are notified when a new deployable architecture version is available so they can update their project. \n Customers can save their existing project data through an API, CLI, or by exporting the project.json from the UI. The saved information can be used as backup or as rollover plan if an issue exists. \n Customers can then test the deployable architecture changes by deploying in a development or test environment before they deploy to production. These actions can all be completed within the same project.
Provide notice of end of support	IBM provides notice through regular channels.	N/A

Identity and access management

Identity and access management includes tasks such as authentication, authorization, access control policies, and approving, granting, and revoking access.

Table 3. Responsibilities for identity and access management
The first column describes the task that a customer or IBM might be responsibility for. The second column describes IBM responsibilities for that task. The third column describes your responsibilities as the customer for that task.
Task	IBM Responsibilities	Your Responsibilities
Accessing deployed deployable architectures	IBM provides the ability to control user access to resources provisioned through projects.	Use Identity and Access Management (IAM) to assign users access to projects.
Authorize a project to deploy a deployable architecture configuration	IBM provides the ability to authorize a project to deploy a deployable architecture configuration.	Choose an authentication method to authorize a project to deploy in an account. It’s recommended to use a trusted profile, but you can use an API key or an existing secret to authorize a project to deploy in an account.

Security and regulation compliance

Security and regulation compliance includes tasks such as security controls implementation and compliance certification.

Table 4. Responsibilities for security and regulation compliance
The first column describes the task that a customer or IBM might be responsibility for. The second column describes IBM responsibilities for that task. The third column describes your responsibilities as the customer for that task.
Task	IBM Responsibilities	Your Responsibilities
Apply patches and security updates to operating system in customer instances	IBM notifies you of updates.	Customer must apply all updates.
Install software and OS patches into customer-managed virtual machines	N/A	Customer must apply all patches.
Meet security and compliance objectives	Provide a secure deployable architecture that complies with declared standards. For more information about data security, see How do I know that my data is safe?.	Secure your workloads and data. Integrate tools into your toolchains that satisfy your security and compliance requirements. To learn more about securing your cloud apps, see Security to safeguard and monitor your cloud apps.

Disaster recovery

Disaster recovery includes tasks such as providing dependencies on disaster recovery sites, provision disaster recovery environments, data and configuration backup, replicating data and configuration to the disaster recovery environment, and failover on disaster events.

Table 5. Responsibilities for disaster recovery
The first column describes the task that a customer or IBM might be responsibility for. The second column describes IBM responsibilities for that task. The third column describes your responsibilities as the customer for that task.
Task	IBM Responsibilities	Your Responsibilities
Meet disaster recovery objectives	IBM follows best practices for disaster recovery. All IBM applications automatically recover and restart after any disaster event. For more information about disaster recovery, see the IBM Disaster Recovery Plan.	Customers can help meet disaster recovery objectives by deploying their project in a development or test environment before they deploy to production. \nThe customer does not have to take other actions to prepare for an event of a catastrophic failure in a region.
Meet high availability objectives	IBM Cloud is available globally and load balanced from a single URL. It is highly available and continues to run even if your resources are unavailable. For more information about high availability, see the IBM service level objectives and the sample application architecture.	N/A