Skip to content

Latest commit

 

History

History
201 lines (167 loc) · 13.9 KB

responsibilities.md

File metadata and controls

201 lines (167 loc) · 13.9 KB
copyright lastupdated subcollection keywords
years
2021
2021-09-16
codeengine
code engine, responsibilities, compliance, management, app, data, job, disaster recovery

{:DomainName: data-hd-keyref="APPDomain"} {:DomainName: data-hd-keyref="DomainName"} {:android: data-hd-operatingsystem="android"} {:api: .ph data-hd-interface='api'} {:apikey: data-credential-placeholder='apikey'} {:app_key: data-hd-keyref="app_key"} {:app_name: data-hd-keyref="app_name"} {:app_secret: data-hd-keyref="app_secret"} {:app_url: data-hd-keyref="app_url"} {:audio: .audio} {:authenticated-content: .authenticated-content} {:beta: .beta} {:c#: .ph data-hd-programlang='c#'} {:c#: data-hd-programlang="c#"} {:cli: .ph data-hd-interface='cli'} {:codeblock: .codeblock} {:curl: #curl .ph data-hd-programlang='curl'} {:curl: .ph data-hd-programlang='curl'} {:deprecated: .deprecated} {:dotnet-standard: .ph data-hd-programlang='dotnet-standard'} {:download: .download} {:external: .external target="_blank"} {:external: target="_blank" .external} {:faq: data-hd-content-type='faq'} {:fuzzybunny: .ph data-hd-programlang='fuzzybunny'} {:generic: data-hd-operatingsystem="generic"} {:generic: data-hd-programlang="generic"} {:gif: data-image-type='gif'} {:go: .ph data-hd-programlang='go'} {:help: data-hd-content-type='help'} {:hide-dashboard: .hide-dashboard} {:hide-in-docs: .hide-in-docs} {:important: .important} {:ios: data-hd-operatingsystem="ios"} {:java: #java .ph data-hd-programlang='java'} {:java: .ph data-hd-programlang='java'} {:java: data-hd-programlang="java"} {:javascript: .ph data-hd-programlang='javascript'} {:javascript: data-hd-programlang="javascript"} {:middle: .ph data-hd-position='middle'} {:navgroup: .navgroup} {:new_window: target="_blank"} {:node: .ph data-hd-programlang='node'} {:note: .note} {:objectc: .ph data-hd-programlang='Objective C'} {:objectc: data-hd-programlang="objectc"} {:org_name: data-hd-keyref="org_name"} {:php: .ph data-hd-programlang='PHP'} {:php: data-hd-programlang="php"} {:pre: .pre} {:preview: .preview} {:python: .ph data-hd-programlang='python'} {:python: data-hd-programlang="python"} {:release-note: data-hd-content-type='release-note'} {:right: .ph data-hd-position='right'} {:route: data-hd-keyref="route"} {:row-headers: .row-headers} {:ruby: .ph data-hd-programlang='ruby'} {:ruby: data-hd-programlang="ruby"} {:runtime: architecture="runtime"} {:runtimeIcon: .runtimeIcon} {:runtimeIconList: .runtimeIconList} {:runtimeLink: .runtimeLink} {:runtimeTitle: .runtimeTitle} {:screen: .screen} {:script: data-hd-video='script'} {:service: architecture="service"} {:service_instance_name: data-hd-keyref="service_instance_name"} {:service_name: data-hd-keyref="service_name"} {:shortdesc: .shortdesc} {:space_name: data-hd-keyref="space_name"} {:step: data-tutorial-type='step'} {:step: data-tutorial-type='step'} {:subsection: outputclass="subsection"} {:support: data-reuse='support'} {:swift: #swift .ph data-hd-programlang='swift'} {:swift: .ph data-hd-programlang='swift'} {:swift: data-hd-programlang="swift"} {:table: .aria-labeledby="caption"} {:term: .term} {:terraform: .ph data-hd-interface='terraform'} {:tip: .tip} {:tooling-url: data-tooling-url-placeholder='tooling-url'} {:topicgroup: .topicgroup} {:troubleshoot: data-hd-content-type='troubleshoot'} {:tsCauses: .tsCauses} {:tsResolve: .tsResolve} {:tsSymptoms: .tsSymptoms} {:tutorial: data-hd-content-type='tutorial'} {:ui: .ph data-hd-interface='ui'} {:unity: .ph data-hd-programlang='unity'} {:url: data-credential-placeholder='url'} {:user_ID: data-hd-keyref="user_ID"} {:vbnet: .ph data-hd-programlang='vb.net'} {:video: .video}

Understanding your responsibilities when using {{site.data.keyword.codeengineshort}}

{: #responsibilities-ce}

Learn about the management responsibilities and terms and conditions that you have when you use {{site.data.keyword.codeenginefull_notm}}. For a high-level view of the service types in {{site.data.keyword.cloud}} and the breakdown of responsibilities between the customer and {{site.data.keyword.IBM_notm}} for each type, see Shared responsibilities for {{site.data.keyword.cloud_notm}} offerings. {: shortdesc}

Review the following sections for the specific responsibilities for you and for {{site.data.keyword.IBM_notm}} when you use {{site.data.keyword.codeenginefull_notm}}. For the overall terms of use, see {{site.data.keyword.cloud}} Terms and Notices.

If you use other {{site.data.keyword.cloud_notm}} products such as {{site.data.keyword.cos_short}}, responsibilities that are marked as yours in the following table, such as disaster recovery for Data, might be IBM's or shared. Consult those products' documentation for your responsibilities. {: note}

Tasks for shared responsibilities by area

{: #task-responsibilities}

See what tasks you and IBM share responsibility for each area and resource when you use {{site.data.keyword.codeengineshort}}. {: shortdesc}

In the following tables, {{site.data.keyword.codeengineshort}} entities include apps, jobs, and builds, as well as any other workload configuration artifacts. {: note}

Incident and operations management

{: #incident-and-ops}

You and IBM share responsibilities for the set-up and maintenance of your {{site.data.keyword.codeengineshort}} environment for your {{site.data.keyword.codeengineshort}} projects and entities. You are responsible for incident and operations management of your workloads and data. {: shortdesc}

Task IBM responsibilities Your responsibilities
{{site.data.keyword.codeengineshort}} projects and entities
  • Deploy a fully managed, highly available platform in a secured, IBM-owned account to host projects.
  • Fulfill requests for more infrastructure, such as adding, reloading, updating, and removing worker nodes.
  • Fulfill automation requests to help recover projects.
  • Use the provided CLI or console tools to adjust the runtime options (including scaling characteristics) of your workload.
Observability
  • Provide {{site.data.keyword.la_short}} and {{site.data.keyword.mon_short}} to enable observability of your {{site.data.keyword.codeengineshort}} projects and entities.
  • Provide integration with {{site.data.keyword.at_short}} and send {{site.data.keyword.codeengineshort}} events for auditability.
  • Set up and monitor the health of your {{site.data.keyword.codeengineshort}} projects and entities.
  • Set up and send logs to {{site.data.keyword.at_short}}.
{: summary="The rows are read from left to right. The resource area of comparing responsibilities is in the first column, with the responsibilities of IBM in the second column and your responsibilities in the third column."}
{: caption="Table 2. Responsibilities for incident and operations management" caption-side="top"}

Change management

{: #change-management}

You and IBM share responsibilities for keeping your images at the latest container platform and operating system versions, along with recovering infrastructure resources that might require changes. You are responsible for change management of your application data. {: shortdesc}

Task IBM responsibilities Your responsibilities
{{site.data.keyword.codeengineshort}} projects and entities
  • Provide infrastructure operating system (OS), version, and security updates.
  • Use the CLI or console tools to apply any app or job required updates.
{: summary="The rows are read from left to right. The resource area of comparing responsibilities is in the first column, with the responsibilities of IBM in the second column and your responsibilities in the third column."}
{: caption="Table 3. Responsibilities for change management" caption-side="top"}

Identity and access management

{: #iam-responsibilities}

You and IBM share responsibilities for controlling access to your {{site.data.keyword.codeengineshort}} projects. For {{site.data.keyword.iamlong}} responsibilities, consult that product's documentation. You are responsible for identity and access management to your application data. {: shortdesc}

Task IBM responsibilities Your responsibilities
General
  • Create projects with a service ID so that your deployments in the project can pull images from {{site.data.keyword.registrylong_notm}}.
  • Maintain responsibility for any service roles that you create.
Observability
  • Provide integration of {{site.data.keyword.at_full_notm}} with your {{site.data.keyword.codeengineshort}} project entities to audit any activity.
  • Set up {{site.data.keyword.at_full_notm}} or other capabilities to track user activity.
{: summary="The rows are read from left to right. The resource area of comparing responsibilities is in the first column, with the responsibilities of IBM in the second column and your responsibilities in the third column."}
{: caption="Table 4. Responsibilities for identity and access management" caption-side="top"}

Security and regulation compliance

{: #security-compliance}

IBM is responsible for the security and compliance of {{site.data.keyword.codeengineshort}}. You are responsible for the security and compliance of any {{site.data.keyword.codeengineshort}} entities that run in the {{site.data.keyword.codeengineshort}} environment and your associated data. {: shortdesc}

Task IBM responsibilities Your responsibilities
General
  • Maintain controls commensurate to various industry compliance standards.
  • Monitor, isolate, and recover user projects.
  • Provide highly available replicas of your projects and entities.
  • Monitor and report the health of the project and entities in the various interfaces.
  • Automatically apply security patch updates for infrastructure.
  • Enable certain security settings, such as encrypted disks.
  • Disable certain insecure actions, such as not permitting users to SSH into the host.
  • Encrypt communication with TLS.
  • Continuously monitor {{site.data.keyword.codeengineshort}} projects and entities to detect vulnerability and security compliance issues.
  • Provide options for network connectivity.
  • Integrate {{site.data.keyword.codeengineshort}} with {{site.data.keyword.cloud_notm}} Identity and Access Management (IAM).
  • Set up and maintain security and regulation compliance for your {{site.data.keyword.codeengineshort}} entities and data.
  • As part of your incident and operations management responsibilities for {{site.data.keyword.codeengineshort}} entities and data, apply any security updates.
  • Do not include sensitive or private information in {{site.data.keyword.codeengineshort}} resource metadata, including configuration values.
Building from source
  • Continuously update the build tools, including BuildKit, and Paketo buildpacks to the latest version.
  • Resubmit builds to pick up fixes in the base image of your Dockerfile-based builds and to pick up operating system and runtime environment fixes in your Buildpacks-based builds.
{: summary="The rows are read from left to right. The resource area of comparing responsibilities is in the first column, with the responsibilities of IBM in the second column and your responsibilities in the third column."}
{: caption="Table 5. Responsibilities for security and regulation compliance" caption-side="top"}

Disaster recovery

{: #disaster-recovery}

IBM is responsible for the recovery of {{site.data.keyword.codeengineshort}} projects and entities in case of disaster. You are responsible for the recovery of the workloads and your workload data. If you integrate with other {{site.data.keyword.cloud_notm}} services such as file, block, object, cloud database, logging, or audit event services, consult those services' disaster recovery information. {: shortdesc}

Task IBM responsibilities Your responsibilities
General
  • Maintain service availability across worldwide regions so that customers can deploy projects across zones and regions for higher DR tolerance.
  • Provision projects with three replicas in the same region for high availability.
  • Continuously monitor {{site.data.keyword.codeengineshort}} infrastructure to ensure the reliability and availability of the service environment by site reliability engineers.
  • Update and recover operational {{site.data.keyword.codeengineshort}} entities.
  • Back up and recover {{site.data.keyword.codeengineshort}} infrastructure data, as well as your {{site.data.keyword.codeengineshort}} entity configuration files.
  • Provide integration with other {{site.data.keyword.cloud_notm}} services such as storage providers so that data can be backed up and restored.
  • Set up and maintain disaster recovery capabilities for your {{site.data.keyword.codeengineshort}} entities and data. For example, to prepare your project for HA/DR scenarios, follow the guidance in High availability for {{site.data.keyword.codeengineshort}}. Note that persistent storage of data such as logs and metrics is not set up by default.
{: summary="The rows are read from left to right. The resource area of comparing responsibilities is in the first column, with the responsibilities of IBM in the second column and your responsibilities in the third column."}
{: caption="Table 6. Responsibilities for disaster recovery" caption-side="top"}