Storage for VPC reference architecture

IBM® Cloud Block Storage for Virtual Private Cloud

Block Storage for VPC provides hypervisor-mounted, high-performance data storage for your virtual server instances that you can provision within a VPC. The VPC infrastructure provides rapid scaling across zones and extra performance and security.

Block Storage for VPC is used for both primary boot volumes and secondary data volumes. Boot volumes are automatically created and attached during instance provisioning. Data volumes can be created and attached during instance provisioning as well, or as stand-alone volumes that you can later attach to an instance. To protect your data, you should use KYOK encryption with Hyper Protect Crypto Services.

To learn more and to start creating Block Storage for VPC volumes, see the following resources:

• About Block Storage for VPC
• Create and attach a block storage volume when you create a new instance
• Create a stand-alone block storage volume
• Creating block storage volumes with customer-managed encryption

IBM Cloud® Object Storage

Object Storage stores encrypted and dispersed data across multiple geographic locations. Object Storage is available with three types of resiliency: Cross Region, Regional, and Single Data Center. Cross Region provides higher durability and availability than using a single region at the cost of slightly higher latency. Regional service reverses those tradeoffs, and distributes objects across multiple availability zones within a single region. If a given region or availability zone is unavailable, the object store continues to function without impediment. Single Data Center distributes objects across multiple machines within the same physical location.

Users of Object Storage refer to their binary data, such as files, images, media, archives, or even entire databases as objects. Objects are stored in a bucket, the container for their unstructured data. Buckets contain both inherent and user-defined metadata. Finally, objects are defined by a globally unique combination of the bucket name and the object key, or name.

All Object Storage buckets must be encrypted with KYOK by using keys that are managed by Hyper Protect Crypto Services. For more information, see Encryption at rest. In addition, a geographically separate region should be used as an alternative storage site. This means you should use cross region resiliency for all of your Object Storage buckets.

To start working with Object Storage, see the following instructions:

• About Object Storage
• Getting started with Object Storage
• Connecting to Object Storage from VPC
• Encrypting your data

Related controls in IBM Cloud Framework for Financial Services

More details on some of the major IBM Cloud Framework for Financial Services controls related to storage can be found in the following articles:

• Encryption at rest
• Backup and recovery

Next steps

• Audit logging of IBM Cloud events