Onboarding a virtual server image for VPC
This tutorial walks you through how to onboard a sample virtual server image for virtual private cloud (VPC) to your account. By completing this tutorial, you learn how to create a private catalog, import the image, validate that it can be installed on a selected deployment target, and make the virtual server image available to users who have access to your account. As you complete the tutorial, adapt each step to match your organization's goal. This tutorial includes steps for deploying a virtual server image to a target IBM Cloud Virtual Private Cloud (VPC). As a result, you incur associated infrastructure charges.
Onboarding Virtual Server Images for VPC with IBM Z® deployment support is available in private catalogs. The onboarding experience for IBM Z-supported Virtual Server Images is the same as how you onboard other Virtual Server Images in your private catalog.
Before you begin
-
Verify that you're using a Pay-As-You-Go or Subscription account. See Viewing your account type for more details.
-
Virtual server images for VPC must first be imported and validated in your VPC. If your virtual server image is already imported and validated in your VPC, you can skip these steps:
- Create your VPC.
- Create an instance of IBM Cloud Object Storage and upload your image to a bucket.
- Import and validate your custom image in your VPC. Do this for each region in which you want your software to be available and verify that the SHA or checksum matches for the imported image in each region.
-
Make sure you're assigned the following access in IBM Cloud Identity and Access Management (IAM):
- Editor role or higher on the catalog management service.
- Manager role or higher on the Schematics service.
See Assigning access to account management services for more information.
Create a private catalog
- In the IBM Cloud console, go to Manage > Catalogs, and click Create a catalog.
- Select Product default as the catalog type.
- Enter the name of your catalog, for example,
Sample virtual server image
. - Select No products to exclude all products in the IBM Cloud® catalog from your catalog.
- Click Create.
Import the virtual server image to your private catalog
-
From the Private products page, click Add.
-
Select Virtual server image for VPC as the deployment method.
-
Select Software as the kind of product that you're adding.
-
Select the image you'd like to onboard.
If the virtual server image you want to add is not included in the list of available images, click Import a new image to import it. Your image must be imported into IBM Cloud VPC, in an available status, with an x86 or s390x architecture in order for you to onboard it to a private catalog. Also, your image can't be used with a bare metal profile or instance groups, or encrypted. An image can only be added to one product within one private catalog at a time. If the image you want to import is already imported into another product, you must remove the image from that product or delete the product before you add the image to a new product.
-
Enter the software version, for example,
1.0.0
. -
Select Developer tools as the category.
-
Click Add product.
Review the image details
- From the Version list table, click the row that contains your virtual server image.
- Review your images and click Add region if you want to add an image from another region. Images that you add must have the same digest or checksum as the original image that you added in step 2.
- After you review your images, click Next.
Review the version details
Review the details of this version of your software, and click Next.
Set the license requirements
If users are required to accept any license agreements beyond the IBM Cloud Services Agreement, provide the URL to each agreement. Or, if users can bring their own licenses, you can provide that URL as well.
- Click Add license.
- Enter the name and URL of the license, and click Add license.
- Click Next.
Edit your readme file
Use the readme file template to document the instructions for installing your software. For the purposes of this tutorial, the following steps describe how to edit the description of the readme file.
- Click the Edit icon .
- Copy and paste the contents of the readme file template and make updates as needed.
- Click Save > Next.
Validate the virtual server image
Validating your virtual server image involves running a test deployment of your software. Validating your image proves that it's provisionable with your VPC. The first image you added to your product is validated. Additional regions are not included in this validation.
-
Configure the validation target by selecting a VPC, an SSH key, a subnet, and a profile. Then, cilck Next.
-
Optionally, configure the Schematics workspace by specifying a name and selcting a resource group and a Schematics region. Then, click Next.
In the Tags field, you can enter a name of a specific tag to attach to your virtual server image. Tags provide a way to organize, track usage costs, and manage access to the resources in your account.
-
In the Validation version section, select I have read and agree to the following license agreements.
-
Click Validate.
To monitor the progress of the validation process, click View logs.
Manage compliance
You can add profiles and controls to your software to prove that it meets security and compliance requirements. You must use Security and Compliance Center to scan the resources created during validation.
Only profiles and controls that are supported by the Security and Compliance Center and validated by Security and Compliance Center scans appear in the catalog.
Run a Security and Compliance Center scan
When you claim profiles and controls, you must evaluate the resources that were created during validation to ensure compliance. To run a scan, complete the following steps:
- In the IBM Cloud console, click the Menu icon > Security and Compliance to access Security and Compliance Center.
- In the navigation, click Profile.
- Click the Overflow menu in the row of the profile that you want to evaluate and select Run scan.
- Click Run scan.
After your scan completes, you can return to your private catalog to continue the onboarding process.
Adding compliance controls
Add the profiles and controls that you want to claim.
- In the Manage compliance section of your product, select Add claims.
- Select the profile that you want to add.
- Choose to add the entire profile or a subset of controls.
- If you choose an entire profile, continue to the next step. If you choose to add a subset of controls, select the controls that you want to add.
- Click Add.
Applying Security and Compliance Center scans
Add the scans that you previously ran in the Security and Compliance Center. Security and Compliance Center scans determine adherence to regulatory controls. For more information, see Scanning your resources.
- Click Add scan.
- Select the profile that you used for the evaluation.
- Select the Security and Compliance Center scan.
- Click Apply scan.
- Click Next.
Review requirements
You must complete validation and any other requirements to share your product to your account. When you're ready to share your product, click Ready to share. As a result, the virtual server image is available only to users who
have access to the Sample virtual server image
private catalog in your account.
Next steps
If you want to share your product to your account or enterprise as well as your private catalog, click the name of the product in the navigation to go to the product details page. From the Actions menu, click Share. Select where you want to share your product, and click Share.
You can also use the Partner Center to publish your product to the IBM Cloud catalog. If you publish your product to the IBM Cloud catalog, it will be publicly available to all IBM Cloud users. For more information, see Publishing your software.