Understanding your responsibilities when you use VCF as a Service
Learn about the management responsibilities and terms and conditions that you have when you use IBM Cloud® for VMware Cloud Foundation as a Service. For a high-level view of the service types in IBM Cloud and the breakdown of responsibilities between the customer and IBM® for each type, see Shared responsibilities for IBM Cloud products.
Review the following sections for the specific responsibilities for you and for IBM when you use VMware Cloud Foundation (VCF) as a Service. For the overall terms of use, see IBM Cloud terms of use.
Incident and operations management
Incident and operations management includes tasks such as event management, high availability, problem determination, recovery, and full state backup and recovery.
| Item | IBM responsibilities | Your responsibilities |
|---|---|---|
| High availability | Actively monitor and resolve infrastructure and hypervisor issues. VMware® by Broadcom environments are configured with one spare redundant host for workload availability. | Plan and provision VMware workloads with HA configurations such as active-passive and active-active. Active-active and active-passive workload deployments are enabled through customer configurations. These deployments consist of multiple instances of the application that are load-balanced based on factors such as application, instance availability, or application instance response performance. |
| Infrastructure health monitoring and notification | Remediate all infrastructure and hypervisor environment issues. Notify customers of applicable incidents. | Ascertain the impact of each incident that is reported. Engage IBM Support as required. |
| Infrastructure health management | Continuously deliver new features, updates, and bug fixes as needed in a manner transparent to you. Schedule maintenance activities that have customer impact in advance and post notifications to the IBM Cloud status page. | Set preferences to receive emails notifications. Monitor the IBM Cloud status page for general announcements. |
| Clusters, hosts, and storage resource management and observability | Deploy a fully managed single-tenant VMware environment in a secured, IBM-owned infrastructure account to customer specifications. Fulfill customer requests for more infrastructure, such as adding and removing single-tenant clusters, bare metal compute, and storage. Integrate ordered infrastructure resources to work automatically with your cluster architecture and become available to your deployed apps and workloads. Provide monitoring by using IBM Cloud Monitoring to enable observability of your clusters. | Control the amount of deployed infrastructure and ensure that the VMware environment has the proper amount of storage, networking, and compute resources to run workloads. Monitor compute, RAM, and storage usage in Cloud Monitoring. Use the provided console tools to adjust VCF as a Service instance compute and storage capacity to meet the needs of your workload. |
| Application networking | Deploy fully managed single-tenant VMware NSX-T™ edge configurations that are attached to virtual data centers that can be used to access the public internet and IBM Cloud private internet. | Use the provided console tools to configure multiple virtual data centers to a single edge configuration. Or select a one-to-one virtual data center to networking edge mapping based on use case and bandwidth. When you put VMware workloads on the public and private IBM Cloud network, use NSX-T edge services firewalls, OS or application firewalls, and OS or application security configurations to protect workloads from threats and attacks. |
| Workload monitoring | Forward to customer any network intrusion notifications detected. Triage virtualization and backup-related errors to determine whether the customer issue needs assistance. Remediate all hardware failures, notification of potential workload impact. | Monitor and respond to OS or software failures, backup, and replication jobs. Engage IBM Support as required. |
| Full state backup and recovery | Back up all management component configurations that support customer instances. | Regularly back up workload deployments and establish the ability to re-create workload deployments. |
| Incident management | Communicate unplanned incidents with customer impact through the CIE process. | If you are an impacted customer, obtain a report about the incident upon request. |
Change management
Change management includes tasks such as deployment, configuration, upgrades, patching, configuration changes, and deletion.
| Item | IBM responsibilities | Your responsibilities |
|---|---|---|
| Updates, fixes, and new features | Provide regular updates, bug fixes, and new features, following a continuous delivery model in a way that is transparent to you for all infrastructure tools, VMware components, IBM deployed cloud services and IBM management, monitoring, and automation tools. Post notifications for changes that impact you. | Set preferences to receive email notifications. Monitor the IBM Cloud status page for general announcements. Use best practices and keep application operating systems and workload applications patched and secure with the most recent security patches. |
Identity and access management
Identity and access management includes tasks such as authentication, authorization, access control policies, and approving, granting, and revoking access.
| Item | IBM responsibilities | Your responsibilities |
|---|---|---|
| Identity and access | Provide the function to restrict access to resources through the IBM Cloud console. Provide default access to the provisioned VMware environment. | Manage access to resources through IAM (Identity and Access Management). Manage access to the VMware environment. |
| Observability | Allow integration of IBM Cloud Activity Tracker with your VMware environment to audit the actions that users take in the cluster. | Set up IBM Cloud Activity Tracker or other functions to track user activity. |
Security and regulation compliance
Security and regulation compliance includes tasks such as security controls implementation and compliance certification.
| Item | IBM responsibilities | Your responsibilities |
|---|---|---|
| Workload compliance | Provide an up-to-date catalog of operating system images. | Configure, harden, maintain, and monitor your virtual machines according to your compliance needs. |
| Encryption | Provide secure SSL connections to administration portals and replication endpoints. Workload can be deployed by using AES 256-bit encrypted data stores with unique key per customer instance. Backups are encrypted uniquely per customer. | Choose encrypted data stores when you are deploying workloads into the environment where appropriate. Use encrypted networking for workload to workload and workload to IBM Cloud Service connections. Use the IBM Cloud private network where appropriate. |
Disaster recovery
Disaster recovery includes tasks such as providing dependencies on disaster recovery sites, provisioning disaster recovery environments, data and configuration backup, replicating data and configuration to the disaster recovery environment, and failover on disaster events.
| Item | IBM responsibilities | Your responsibilities |
|---|---|---|
| Backup of management configuration data | Conduct backups of the management component configurations. These backups include single-tenant vCenter Server, VMware NSX-T, VMware Cloud Director™, and service configurations. Offsite immutable backup copies are enabled in an independent backup account and they run daily. | |
| Backup of workloads | Enable backup services for customer workload. | Choose and implement a backup provider for critical workloads. For more information, see Understanding business continuity and disaster recovery. |
| Recovery of configuration | Conduct recovery in the original data center after the infrastructure is available. | |
| Recovery of workloads | Restore capabilities are available in normal operations. For configuration restores, provide customer restore services after the infrastructure is available. If an offsite recovery is required, IBM works with the customer to help recover. | Restore backups from your chosen backup provider. For more information, see Understanding business continuity and disaster recovery. |
Operating system licensing
Operating system (OS) licensing refers to the operating system software and configuration that are deployed in virtual machines or underlying bare metal servers.
| Item | IBM responsibilities | Your responsibilities |
|---|---|---|
| Workload OS licensing | Provide OS licensing for infrastructure tools part of the service, such as VMware and add-on services solution components. | For single-tenant instances, you must bring your own OS license for your workloads that are running inside your virtual data centers' VMs or vApps. For multitenant instances, bring your own license is not supported and you must purchase IBM licenses. |