Understanding your responsibilities when you use IBM® Storage Scale

Learn about the management responsibilities and terms and conditions that you have when you use the IBM® Storage Scale deployable architecture.

For more information about the responsibilities for you and for IBM® when you use a deployable architecture, see Understanding your responsibilities when you use deployable architectures.
For a high-level view of the service types in IBM Cloud® and the breakdown of responsibilities between the user and IBM for each type, see Shared responsibilities for using IBM Cloud® products.
For the overall terms of use, see IBM Cloud Terms and Notices.

Overview of shared responsibilities

IBM® Storage Scale is a product that is deployed to user resources in the IBM Cloud shared responsibility model. Start by reviewing the following table of who is responsible for particular cloud resources for IBM® Storage Scale. Next, view more granular tasks for shared responsibilities in the proceeding sections.

If you use other IBM Cloud products such as Object Storage, responsibilities that are marked as yours in the following table, such as disaster recovery for Data, might be IBM's or shared. Consult those products' documentation for your responsibilities.

Responsibilities by resource
Resource	Incident and operations management	Change management	Security and regulation compliance	Disaster recovery
Data	You	You	You	You
Application Orchestration	You	You	You	You
Observability	Shared	IBM	Shared	IBM
App networking	You	You	You	You
Cluster networking	Shared	Shared	Shared	You
Cluster version	Shared	Shared	Not applicable	Not applicable
Storage Scale nodes	Shared	Shared	Shared	You
Compute nodes	Shared	Shared	Shared	You
Virtual storage	Shared	Shared	Shared	You
Virtual network	Shared	Shared	Shared	You

Review the following sections for the specific responsibilities for you and for IBM when you use the IBM® Storage Scale deployable architecture.

Incident and operations management

Incident and operations management includes tasks such as monitoring, event management, high availability, problem determination, recovery, and full state backup and recovery.

Responsibilities for incident and operations
	IBM Responsibilities	Your Responsibilities
Storage Scale nodes	Deploy highly available dedicated storage nodes in a secured, customer-owned infrastructure account for each cluster. Ensure the health of storage nodes in OS level.	It is the customer responsibility to update and reboot the nodes if necessary and troubleshoot issues such as when the storage nodes are in an unhealthy state. For more information, see Storage Scale documentation for Upgrades.
Compute nodes	Provision compute nodes in VPC under your IBM Cloud infrastructure account. If you have the right permissions and sufficient quota, then the required amount of compute nodes will be successfully provisioned. Fulfill requests for more infrastructure, such as adding, reloading, updating, and removing compute nodes. Fulfill automation requests to help recover compute nodes. Ensure the health of compute nodes in OS level.	Use the provided API, CLI, or console tools to adjust storage capacity to meet the needs of your workload. Deploy application/tools in cluster. Ensure that you raise the sufficient quota request.
Cluster networking	Set up cluster management components, such as public or private cloud service endpoints. Provide the ability to isolate network traffic with bastion nodes.	Use IBM Cloud VPC tools to adjust networking configuration to meet the needs of your workload.
Observability	Provide a standard IBM Cloud Console for monitoring the status of VPC resources(VSI, network, storage, and so on).	Set up and monitor the health of your cluster health metrics.

Change management

Change management includes tasks such as deployment, configuration, upgrades, patching, configuration changes, and deletion.

You and IBM share responsibilities for keeping your clusters at the supported platform and operating system versions, along with recovering infrastructure resources that might require changes. You are responsible for change management of your application data.

Responsibilities for change management
	IBM Responsibilities	Your Responsibilities
Storage Scale nodes	Provide scale node patch operating system(OS), version, and security updates for image used for new cluster creation.	Use the IBM Cloud tools to apply the provided(existing) storage nodes updates that include operating system. It is the customer responsibility to update and reboot the nodes if necessary and troubleshoot issues such as when the storage nodes are in an unhealthy state. For more information, see Storage Scale documentation for Upgrades.
Compute nodes	Provide compute node patch operating system (OS), version, and security updates. Not supported on existing running VSIs, only for new VSIs with latest image.	Use IBM Cloud tools to apply the provided compute node updates that include operating system patches; or to raise ticket to request that worker nodes are rebooted.
Cluster version	Provide image for new version of Scale for new cluster creation.	Update existing storage nodes and compute nodes to new Scale version, or create new cluster with latest image to run with new cluster version

Identity and access management

Identity and access management includes tasks such as authentication, authorization, access control policies, and approving, granting, and revoking access.

You and IBM share responsibilities for controlling access to your IBM® Storage Scale instances. For IBM Cloud® Identity and Access Management responsibilities, consult that product's documentation. You are responsible for identity and access management to your application data.

Responsibilities for identity and access management
	IBM Responsibilities	Your Responsibilities
Observability	Provide the ability to integrate IBM Cloud Activity Tracker with your cluster to audit the actions that users take in the cluster.	Set up IBM Cloud Activity Tracker or other capabilities to track user activity in the cluster. For more information, see IBM Cloud Activity Tracker Event Routing.

Security and regulation compliance

Security and regulation compliance includes tasks such as security controls implementation and compliance certification.

IBM is responsible for the security and compliance of Scale clusters on IBM Cloud. Compliance with industry standards varies depending on the infrastructure provider that you use for the cluster. You are responsible for the security and compliance of any workloads that run in the cluster and your application data.

Responsibilities for security and regulation compliance
	IBM Responsibilities	Your Responsibilities
General	Provide security controls commensurate to best practice for IBM® Storage Scale in Cloud.
Provide options for cluster network connectivity, such as public and private cloud service endpoints		Set up and maintain security and regulation compliance for your apps and data. For example, choose how to set up your cluster network, protect sensitive information such as with IBM Key Protect encryption, and configure further security settings to meet your workload's security and compliance needs. If applicable, configure your firewall.
Storage Scale nodes	Disable certain insecure actions for storage nodes, such as not permitting users to SSH into the host.	As part of your incident and operations management responsibilities for the storage nodes, apply the provided security patch updates. The security patches are provided through the Fix central and respective steps are available for customers to go ahead and patch. If you encounter any issues, please contact the Support team. After investigation, the matter will be routed to the Automation team.
Compute nodes	Disable certain insecure actions for compute nodes, such as not permitting users to SSH into the host.	As part of your incident and operations management responsibilities for the worker nodes, apply the provided security patch updates. The security patches are provided through the Fix central and respective steps are available for customers to go ahead and patch. If you encounter any issues, please contact the Support team. After investigation, the matter will be routed to the Automation team.

Disaster recovery

Disaster recovery includes tasks such as providing dependencies on disaster recovery sites, provisioning disaster recovery environments, data and configuration backup, replicating data and configuration to the disaster recovery environment, and failover on disaster events.

IBM is responsible for the recovery of Storage Scale Computing on IBM Cloud components if there is disaster. You are responsible for the recovery of the workloads that run the cluster and your application data. If you integrate with other IBM Cloud services such as file, block, object, cloud database, logging, or audit event services, consult those services' disaster recovery information.

Responsibilities for disaster recovery
	IBM Responsibilities	Your Responsibilities
General	Provide security controls commensurate to best practice for IBM® Storage Scale in Cloud.	Set up and maintain disaster recovery capabilities for your apps and data. For example, to prepare your cluster for HA/DR scenarios, follow the guidance in High availability on IBM Cloud. Note that bare-metal storage of data such as application logs and cluster metrics are not set up by default. Creating resources in a secondary region and managing the application and data disaster recovery.

Applications and data

You are responsible for the applications, workloads, and data that you deploy to IBM Cloud. However, IBM provides various tools to help you set up, manage, secure, integrate, and optimize your applications.

Responsibilities for applications and data
Resource	How IBM helps	What you can do
Data	Maintain platform-level standards so that your data can be stored with controls commensurate (refer to IBM Storage Scale statement) to a minimum set of security compliance standards. Integrate with IBM Cloud services that you can use to store and manage your data, such as General Parallel File System (GPFS), Network File System (NFS), and Block Storage.	Maintain responsibility for your data and how your apps consume the data.
Applications	Provision Scale clusters with GPFS and NFS file systems. Generate an API key that is used to access infrastructure permissions for each resource group and region.	Maintain responsibility for your apps, data, and their complete lifecycle. Use the provided tools and features to configure and deploy; keep up to date; set up resource requests and limits; size your compute pool to have enough resources to run your apps; set up permissions; integrate with other services; externally serve; save, back up, and restore data; and otherwise manage your highly available and resilient workloads.