Securing your data in VCF as a Service
To ensure that you can securely manage your data when you use IBM Cloud® for VMware Cloud Foundation as a Service, it is important to know exactly what data is stored and encrypted and how you can delete any stored data. All VMware Cloud Foundation (VCF) as a Service instances come with encryption enabled that uses a unique cloud provider key per instance. Each VCF as a Service instance is configured with the following unique resources:
- Dedicated Key Protect instance
- Dedicated keys per instance
- Dedicated KMIP™ adapter per instance
How your data is stored and encrypted in VCF as a Service
The VCF as a Service data plane consists of the following types of data:
- Customer VCF as a Service instance metadata
- Customer data
All data types and all solution data are regionally isolated. For each region that is supported by the VCF as a Service offering, all runtime data is maintained within region. The exception is backup data, which is isolated inside the regions geo-political boundaries for data resiliency if a full region disaster occurs.
Protecting your sensitive data in VCF as a Service
Customer VCF as a Service instance metadata
This data is client metadata that is associated with the created VCF as a Service instance.
VCF as a Service is public in that the same service is supporting many different customers. As instances are created, modified, and deleted by customers, metadata about each customer instance is maintained by the service. The instance metadata describes the details of the VCF as a Service instances.
Some of the metadata is collected directly from the customer and other metadata is generated as an artifact of the automation logic that is used to order and configure the instance such as the hosts, storage, networking, and service data. Instance metadata includes:
- Client cloud account and contact information
- Instance names and IDs of VMware® by Broadcom instances that are deployed for customers
- VMware instances locations
- Installed services, for example, Veeam®, Zerto, or HCX™
- Deployment state of each instance, for example Deploying, Failed, or Ready
- Configuration of user solutions and the underlying components that are used in customer solutions (Compute, networking, storage, licenses)
- Credentials to access the underlay IaaS and VMware components that are hosting the customers' workloads
- Management logs generated from automation
- Support data that is associated with helping the client resolve issues and questions
VCF as a Service does not collect any client or special personal information.
About customer-managed keys
Customer keys (BYOK) are not initially supported. VCF as a Service generates the keys uniquely per instance.
Deleting your data in VCF as a Service
Deleting VCF as a Service metadata
Client metadata is associated with the VMware instances that the client creates. When the VMware instance is deleted by the client that the metadata is maintained in the DB where the instance state is set to deleted. Client metadata is maintained in the DB unless the client specifically requests that the data is removed by using a support ticket.
Logs and support data that is associated with the instance are retained by IBM Cloud policy for 1 year unless requested for deletion through an IBM Support ticket.
Deleting VCF as a Service customer data
VCF as a Service customer data is deleted including any customer backups of data by using the service in association with the deletion of the service instance. The cloud service provided data encryption key used by customers to encrypt data is destroyed on deletion. This event renders the data unusable there forward.