Welcome to the IBM Secure Service Container Beta Program!
The Secure Service Container beta program is designed to share the future Secure Service Container vision and design plans with select users through Design Thinking and Sponsor User engagements while partnering to co-create the proposed offering based on user feedback.
The IBM Secure Service Container (SSC) is a framework for securely building and deploying software appliances on IBM Z and LinuxONE servers.
TO APPLY for the Beta program, submit a nomination form.
To complete the nomination form, you will need an "IBMid".
If you do not have an "IBMid", please click here to Register for an IBMid
Participants can become Sponsor Users and engage in 2 ways:
Observing: Sponsor User is engaged in discussions with IBM team on offering Hills*, observes and provides feedback on iterative design changes
Hands-On: In addition to the “Observing” experience, the Sponsor User would gain access to a hosted environment to try out an early version of the technology
|
|
|
---|---|---|
IBM will provide: |
|
|
USER will provide: |
|
|
See the IBM Design Thinking website for more information on Design Thinking practices.
** Continued hands-on access to the Secure Service Container beta environment will be re-evaluated after 30 days. Beta hands-on environment may be reclaimed and redistributed to another interested user contingent upon current sponsor user’s interest and activity
For any questions or comments regarding the Beta program,
please contact Diana Henderson, dmhender@us.ibm.com
What is the IBM Secure Service Container?
TODAY: the IBM Secure Service Container provides a framework for securely deploying IBM offered software appliances on IBM Z and LinuxONE servers. The framework provides the base infrastructure for integrating an operating system, middleware, and software components into a virtual appliance, which works autonomously and provides core services and infrastructure focusing on consumability and security.
The Secure Service Container technology provides:
Industry leading peer isolation leverages LinuxONE’s EAL5+ certified LPAR isolation for near ‘air-gap’ separation of appliance environments, on a single footprint, obfuscating workloads from the underlying infrastructure.
Vertical isolation and protection of data from privileged users Direct (SSH) operating system access via a shell or command-line interface is disabled by design for appliances configured in 'SSC Mode' LPARs; appliance management and communication are permitted only through well-defined RESTful APIs and web interfaces, prohibiting access by users with elevated system authority; only users authorized for the Secure Service Container LPAR and the appliance running within are granted access to it, thus protecting the appliance’s data and execution environment from the insider threat, whether inadvertent or malicious.
Confidentiality of data and code –in flight and at rest Direct memory access to a Secure Service Container appliance is disabled, and various layers of encryption and signatures are implemented to ensure that no bit of data leaves the appliance memory without being encrypted
Validation of appliance code to reduce risk of tampering or malware
Secure Service Container appliances are secured from creation in a trusted firmware boot sequence before software deployment and made tamper resistant through signature verification.
In the Future
IBM intends to make the IBM Secure Service Container framework available to users for deploying container-based applications, on-premise, for IBM Z and LinuxONE servers. This will enable users’ applications to leverage the capabilities of the Secure Service Container technology while dynamically scaling up to millions of containers in a single IBM Z or LinuxONE footprint and integrating them with users' enterprise-wide, cross-platform, container and devOps strategy.
The IBM Secure Service Container framework is planned to expand and include (but not limited to):
- Docker Container Technology
- Container Orchestration
- CI / CD pipeline integration
- End to End container security capabilities