Cover image for Securing Your Critical Workloads with IBM Hyper Protect Services

Securing Your Critical Workloads with IBM Hyper Protect Services

Release Date: 2021/03/01
ISBN: 9780738458618
Topic:
0%
16
Chapters
0-1
Hours read
0k
Total Words
    Start Reading Now    
       Add to Wishlist       
View table of contents

Many organizations must protect their mission-critical applications in production, but security threats can also surface during the development and pre-production phases. Also, during deployment and production, insiders who manage the infrastructure that hosts critical applications can pose a threat given their super-user credentials and level of access to secrets or encryption keys.
Organizations must incorporate secure design practices in their development operations and embrace DevSecOps to protect their applications from the vulnerabilities and threat vectors that can compromise their data and potentially threaten their business.

IBM® Cloud Hyper Protect Services provide built-in data-at-rest and data-in-flight protection to help developers easily build secure cloud applications by using a portfolio of cloud services that are powered by IBM LinuxONE.

The LinuxONE platform ensures that client data is always encrypted, whether at rest or in transit. This feature gives customers complete authority over sensitive data and associated workloads (which restricts access, even for cloud admins) and helps them meet regulatory compliance requirements. LinuxONE also allows customers to build mission-critical applications that require quick time to market and dependable rapid expansion.

The purpose of this IBM Redbooks® publication is to:


  • Introduce the IBM Hyper Protect Services that are running on IBM LinuxONE on the IBM Cloud™ and on-premises
  • Provide high-level design architectures
  • Describe deployment best practices
  • Provide guides to getting started and examples of the use of the Hyper Protect Services

The target audience for this book is IBM Hyper Protect Virtual Services technical specialists, IT architects, and system administrators.

Table of Contents

  1. Front cover
  2. Notices
    1. Trademarks
  3. Preface
    1. Authors
    2. Now you can become a published author, too!
    3. Comments welcome
    4. Stay connected to IBM Redbooks
  4. Chapter 1. Introduction to IBM Hyper Protect Services
    1. 1.1 Industry and IBM Hyper Protect Services portfolio overview
    2. 1.2 Hyper Protect Crypto Services
    3. 1.3 Hyper Protect Database as a Service
    4. 1.4 Hyper Protect Virtual Servers
    5. 1.5 Hyper Protect Virtual Servers (on-premises)
    6. 1.5.1 Building images with integrity: Securing continuous integration and continuous delivery
    7. 1.5.2 Managing infrastructure with least privilege access to applications and data
    8. 1.5.3 Deploying images with trusted provenance
    9. 1.6 Security features
    10. 1.6.1 Cryptography
    11. 1.6.2 IBM Secure Service Container
  5. Chapter 2. IBM Cloud Hyper Protect Crypto Services
    1. 2.1 Overview
    2. 2.2 Creating an instance of Hyper Protect Crypto Services on the public IBM Cloud
    3. 2.2.1 Creating an instance by using the IBM Cloud console
    4. 2.2.2 Getting your service instance ready for use
    5. 2.3 Using the Key Management Services feature of Hyper Protect Crypto Services
    6. 2.3.1 Creating a root key
    7. 2.3.2 Creating a standard key
    8. 2.3.3 Wrapping a standard key
    9. 2.3.4 Unwrapping a standard key
    10. 2.3.5 Importing a key as a root key
    11. 2.3.6 Importing a key as a standard key
    12. 2.3.7 Listing all keys
    13. 2.3.8 Listing a specific key
    14. 2.4 Using the GREP11 feature of Hyper Protect Crypto Services
    15. 2.4.1 Functions available with the GREP11 API
    16. 2.5 Code examples
    17. 2.5.1 Setting up the GREP11 API
    18. 2.5.2 GREP11 code examples
    19. 2.6 Hyper Protect Crypto Services use cases
    20. 2.6.1 Protecting IBM Cloud services
    21. 2.6.2 Using the GREP11 API
  6. Chapter 3. IBM Cloud Hyper Protect DBaaS
    1. 3.1 Introduction to IBM Cloud Hyper Protect DBaaS
    2. 3.2 Sizing and topology
    3. 3.3 Public Cloud Service instantiation
    4. 3.3.1 Prerequisites
    5. 3.3.2 Web Interface
    6. 3.3.3 IBM Cloud CLI
    7. 3.3.4 Hyper Protect DBaaS RESTful API
    8. 3.4 Administration and operations
    9. 3.4.1 Managing a Hyper Protect DBaaS Service
    10. 3.4.2 Managing database instances
    11. 3.4.3 Managing database users
    12. 3.4.4 Logging and monitoring
    13. 3.4.5 Back up and restore
    14. 3.5 Security and compliance
    15. 3.6 Use case: Encrypting databases with your keys protected
    16. 3.7 API interaction and code samples
    17. 3.7.1 Cloning the GitHub example Python code
    18. 3.7.2 Setting up a Python virtual environment with requests
    19. 3.7.3 Running the example file
  7. Chapter 4. IBM Cloud Hyper Protect Virtual Servers
    1. 4.1 Introduction to IBM Cloud Hyper Protect Virtual Servers
    2. 4.2 IBM Cloud Hyper Protect Virtual Servers use cases
    3. 4.3 Public Cloud service instantiation
  8. Chapter 5. IBM Hyper Protect Virtual Servers on-premises
    1. 5.1 Introduction to IBM Hyper Protect Virtual Servers on-premises
    2. 5.2 IBM Hyper Protect Virtual Servers key features
    3. 5.2.1 Trusted CI/CD
    4. 5.2.2 GREP11
    5. 5.2.3 User management
    6. 5.2.4 Bring Your Own Image
    7. 5.2.5 Encryption
    8. 5.3 IBM Hyper Protect Virtual Servers use cases
    9. 5.4 IBM Hyper Protect Virtual Servers architecture overview
    10. 5.5 A sample use case: Hyper Protect Virtual Server for secure storage
    11. 5.5.1 Creating a Secure Storage Server in Hyper Protect Virtual Servers
  9. Chapter 6. IBM Hyper Protect Virtual Servers on-premises installation
    1. 6.1 Planning and prerequisites for Hyper Protect Virtual Servers on-premises
    2. 6.2 Networking for Hyper Protect Virtual Servers
    3. 6.2.1 Networking in Hosting Appliance (networking for Hyper Protect Virtual Servers containers)
    4. 6.2.2 Creating an Ethernet interface
    5. 6.2.3 Creating a VLAN interface
    6. 6.3 Installation of Hyper Protect Virtual Servers components on-premises
    7. 6.3.1 Preparing SSC LPAR for Hyper Protect Virtual Servers
    8. 6.3.2 Pushing the base images to the Docker repository
    9. 6.3.3 Secure Build Container
    10. 6.3.4 Enabling monitoring on SSC LPAR
    11. 6.3.5 Integrating with EP11 Library (GREP11)
    12. 6.4 Public Cloud service instantiation
  10. Chapter 7. IBM Hyper Protect Virtual Servers key features
    1. 7.1 User roles in Hyper Protect Virtual Servers
    2. 7.2 Trusted CI/CD: Building and deploying containers securely
    3. 7.2.1 Importance of establishing a trusted CI/CD pipeline
    4. 7.2.2 Trusted CICD pipeline architecture
    5. 7.2.3 Using the secure build application to build and store an image in a repository
    6. 7.2.4 Building an image from a trusted base image
    7. 7.3 Monitoring
    8. 7.3.1 Deploying a monitoring container
    9. 7.3.2 Viewing the metrics from the monitoring service
    10. 7.4 GREP11 (EP11 over gRPC)
    11. 7.4.1 Checking the LPAR for GREP11 support
    12. 7.4.2 Deploying a GREP11 container
    13. 7.4.3 Adding GREP11 functionality into your applications
    14. 7.5 Bring Your Own Image (Trusted Repository Registration)
    15. 7.5.1 Registering a repository as a trusted repository
    16. 7.5.2 Creating a repository registration file for a repository to which a Secure Build Instance pushes images
    17. 7.5.3 Creating a repository registration file to which a generic build server pushes images
    18. 7.5.4 Registering a repository on your SSC LPAR using the repository registration file
    19. 7.5.5 Registering repository by using public key and private key (optional)
    20. 7.5.6 Deploying a securely built image from a trusted repository
  11. Chapter 8. Secure Bitcoin Wallet: A sample use case that spans multiple IBM Hyper Protect services
    1. 8.1 Secure Bitcoin Wallet
    2. 8.1.1 Procure Hyper Protect Services in the IBM Cloud
    3. 8.1.2 Logging in to your Hyper Protect Virtual Server and cloning the code repository
    4. 8.1.3 Building the wallet docker image
    5. 8.1.4 Running the wallet container
    6. 8.1.5 Using and testing the wallet
  12. Appendix A. Additional material
    1. Locating the GitHub material
    2. Cloning the GitHub material
  13. Related publications
    1. IBM Redbooks
    2. Online resources
    3. Help from IBM
  14. Back cover
18.117.9.186