Observability Design for VPC virtual servers
Observability in IBM Cloud provides the visibility and insights needed to monitor, troubleshoot, and optimize applications and infrastructure across hybrid and multicloud environments. It goes beyond traditional monitoring by offering end-to-end visibility into metrics, logs, and traces, enabling proactive detection of issues and faster root-cause analysis.
IBM Cloud observability solutions include IBM Cloud Monitoring and IBM Cloud Logs, which together deliver a comprehensive view of system health and performance. These services help organizations ensure application reliability, security compliance, and operational efficiency by providing real-time dashboards, alerting, and deep analytics.
The key observability architecture elements are shown in the following diagram.
IBM Cloud Security and Compliance Center Workload Protection
IBM Cloud Security and Compliance Center Workload Protection provides comprehensive security monitoring and threat detection for workloads running on IBM Cloud, including virtual machines on VPC and OpenShift Virtualization environments.
The Workload Protection agent discovers and prioritizes software vulnerabilities, detects and responds to runtime threats, and manages configurations, permissions, and compliance requirements for hosted virtual machines and containerized workloads.
See Getting started with IBM Cloud Security and Compliance Center Workload Protection
Deployment and Capabilities
To enable Workload Protection, provision an instance of the IBM Cloud Security and Compliance Center Workload Protection service in IBM Cloud. After provisioning, deploy the agent to collect security and compliance data across your infrastructure.
The following table details the capabilities the agent provides.
| Feature | Description |
|---|---|
| Vulnerability scanning | Identify security vulnerabilities in images, packages, and applications |
| Intrusion detection | Detect runtime threats and anomalous behavior |
| Posture management | Validate security configurations and compliance policies |
| Incident response | Investigate and respond to security events with forensic data |
| Compliance validation | Assess compliance against regulatory frameworks and industry standards |
This unified approach enables organizations to accelerate hybrid cloud adoption while addressing security and regulatory compliance requirements across cloud, on-premises, virtual machines, containers, and Kubernetes environments.
See Protecting Linux hosts and Managing the Workload Protection agent on Windows Servers
IBM Cloud Monitoring and Logs
IBM Cloud Monitoring and IBM Cloud Logs provide cloud-native observability for applications and infrastructure running on IBM Cloud, including virtual machines on VPC and OpenShift Virtualization.
| Service | Description | Agent deployment metrics collection |
|---|---|---|
| IBM Cloud Monitoring | IBM Cloud Monitoring is a cloud-native, container-intelligence management system that provides operational visibility into the performance and health of applications, services, and platforms. It offers administrators, DevOps teams, and developers full-stack telemetry with advanced features for monitoring, troubleshooting, alerting, and custom dashboard creation. | To monitor infrastructure, networks, and applications, deploy Monitoring agents on supported hosts. The agent type depends on the host platform and determines which metrics are automatically collected. When a Monitoring agent is configured, default metrics are collected automatically, including metadata for labeling, segmentation, and filtering. |
| No additional instrumentation is required to gain insights from automatically collected metrics. | ||
| For more information, see Getting started with IBM Cloud Monitoring, Monitoring a Windows environment and Monitoring an Ubuntu Linux VPC server instance. | ||
| IBM Cloud Logs | IBM Cloud Logs is an observability service designed to help organizations monitor, troubleshoot, analyze, and alert on application and infrastructure performance in real time and over extended periods. By collecting and analyzing logs from cloud-native applications, servers, databases, and IT systems, IBM Cloud Logs provides actionable insights into system behavior. | IBM Cloud Logs supports log collection from: |
- IBM Cloud services and resources
- On-premises infrastructure
- Third-party cloud providers
- Security and audit logs generated in IBM Cloud
To monitor infrastructure, networks, and applications, deploy Monitoring agents on supported hosts. The agent type depends on the host platform and determines which metrics are automatically collected. When a Monitoring agent is configured, default metrics are collected automatically, including metadata for labeling, segmentation, and filtering. No additional instrumentation is required to gain insights from automatically collected metrics.
For more information, see Getting started with IBM Cloud Monitoring, Monitoring a Windows environment and Monitoring an Ubuntu Linux VPC server instance. |
Be aware that for IBM Cloud Linux VSI and IBM Cloud Windows VSI both Service ID API key and Trusted Profiles authentication methods are supported by the agent with the IBM Cloud Logs service.
Combined Observability Benefits
IBM Cloud uses a single unified agent that can collect both security data (for Workload Protection) and metrics data (for Cloud Monitoring). Key points:
- Multiple instances of the agent cannot be deployed on the same host, but by creating a connection between instances, a single agent can collect both security and metrics data
- You can connect only one Monitoring instance to one Workload Protection instance, and both instances must be in the same region
The following table details the unified agent components.
| Component | Description |
|---|---|
| For Monitoring (Metrics) |
|
| For Workload Protection (Security) |
|
The following table details the comprehensive observability provided when deploying both the unified agent (for IBM Cloud Monitoring and Workload Protection) and the IBM Cloud Logs agent in VPC virtual server instances.
| Observability | Description |
|---|---|
| Full-stack visibility | Monitor from infrastructure through application layers |
| Correlated insights | Correlate metrics and logs for faster root cause analysis |
| Unified dashboards | View metrics and logs in integrated IBM Cloud console |
| Custom alerting | Configure alerts based on metric thresholds and log patterns |
| Long-term retention | Store historical data for trend analysis and compliance |
| Centralized management | Manage observability across hybrid and multicloud environments from a single platform |
| Vulnerability scanning | Identify security vulnerabilities in images, packages, and applications |
| Intrusion detection | Detect runtime threats and anomalous behavior |
| Posture management | Validate security configurations and compliance policies |
| Incident response | Investigate and respond to security events with forensic data |
| Compliance validation | Assess compliance against regulatory frameworks and industry standards |
Next steps
Now that you understand the observability design for VPC virtual servers, explore these related topics:
- Security: Review security design considerations including compliance monitoring
- Resiliency: Learn about backup and disaster recovery strategies
- Networking: Explore networking design patterns for VPC connectivity
- Reference architecture: Review the complete VPC virtual server reference architecture