Welcome to the IBM Secure Service Container Beta Program!

The Secure Service Container beta program is designed to share the future Secure Service Container vision and design plans with select users through Design Thinking and Sponsor User engagements while partnering to co-create the proposed offering based on user feedback.

The IBM Secure Service Container (SSC) is a framework for securely building and deploying software appliances on IBM Z and LinuxONE servers.

TO APPLY for the Beta program, submit a nomination form.

To complete the nomination form, you will need an "IBMid".

If you do not have an "IBMid", please  click here to Register for an IBMid

Participants can become Sponsor Users and engage in 2 ways:

Observing: Sponsor User is engaged in discussions with IBM team on offering Hills*, observes and provides feedback on iterative design changes

Hands-On: In addition to the “Observing” experience, the Sponsor User would gain access to a hosted environment to try out an early version of the technology

This is the table caption.
Expectations
Observing
Hands-on

IBM will provide:
  • Structured User Interviews including share vision, Hills and “Who, What, Wow” for users to validate*
  • Playbacks highlighting iterative design updates
  • Availability to users (address issues, questions, etc.)
  • Commitments TO Observing Sponsor Users PLUS
  • 30-day access to SSC-mode LPAR instance and resources**

USER will provide:
  • User stories, requirements, pain points, etc.
  • Feedback on hills and “observed” playbacks*
  • Commitments OF Observing Sponsor Users PLUS
  • User Demos – willingness to periodically demonstrate to IBM how they are utilizing technology (Design Thinking: virtually observe users in their workspace)*
 

See the IBM Design Thinking website for more information on Design Thinking practices.

** Continued hands-on access to the Secure Service Container beta environment will be re-evaluated after 30 days.  Beta hands-on environment may be reclaimed and redistributed to another interested user contingent upon current sponsor user’s interest and activity

For any questions or comments regarding the Beta program,

please contact Diana Henderson, dmhender@us.ibm.com

What is the IBM Secure Service Container?

TODAY: the IBM Secure Service Container provides a framework for securely deploying IBM offered software appliances on IBM Z and LinuxONE servers.  The framework provides the base infrastructure for integrating an operating system, middleware, and software components into a virtual appliance, which works autonomously and provides core services and infrastructure focusing on consumability and security.

​The Secure Service Container technology provides: 

secureion.jpgIndustry leading peer isolation leverages LinuxONE’s EAL5+ certified LPAR isolation for near ‘air-gap’ separation of appliance environments, on a single footprint, obfuscating workloads from the underlying infrastructure.



secureion.jpgVertical isolation and protection of data from privileged users Direct (SSH) operating system access via a shell or command-line interface is disabled by design for appliances configured in 'SSC Mode' LPARs; appliance management and communication are permitted only through well-defined RESTful APIs and web interfaces, prohibiting access by users with elevated system authority; only users authorized for the Secure Service Container LPAR and the appliance running within are granted access to it, thus protecting the appliance’s data and execution environment from the insider threat, whether inadvertent or malicious. 

 

secureion.jpgConfidentiality of data and code –in flight and at rest Direct memory access to a Secure Service Container appliance is disabled, and various layers of encryption and signatures are implemented to ensure that no bit of data leaves the appliance memory without being encrypted



 

secureion.jpgValidation of appliance code to reduce risk of tampering or malware
Secure Service Container appliances are secured from creation in a trusted firmware boot sequence before software deployment and made tamper resistant through signature verification.

In the Future

IBM intends to make the IBM Secure Service Container framework available to users for deploying container-based applications, on-premise, for IBM Z and LinuxONE servers.  This will enable users’ applications to leverage the capabilities of the Secure Service Container technology while dynamically scaling up to millions of containers in a single IBM Z or LinuxONE footprint and integrating them with users' enterprise-wide, cross-platform, container and devOps strategy.

The IBM Secure Service Container framework is planned to expand and include (but not limited to):

  • Docker Container Technology
  • Container Orchestration
  • CI / CD pipeline integration
  • End to End container security capabilities