s390x virtual server images
When you provision IBM Cloud® Virtual Servers for Virtual Private Cloud on IBM Z (s390x processor architecture) in IBM Cloud, you can select from the supported stock images. Now, IBM Hyper Protect is also supported as an operating system and the associated IBM Hyper Protect Container Runtime image can be provisioned for your IBM Cloud Hyper Protect Virtual Servers for IBM Cloud® Virtual Private Cloud instance.
The IBM Hyper Protect Container Runtime image has container runtime support and the image is not SSH enabled (is a locked down image). Even if you select and pass in an SSH key, it will not be used and the key cannot be used to connect to the instance. Container details are provided at instance creation through the contract, specified in the User Data field on the order form. Once the containers start, you can interact with the workload that is brought up on the containers. For more information, see Contract.
Available stock images
The following operating systems are available as stock images when you create a virtual server.
IBM Hyper Protect Container Runtime image
You can now choose IBM Hyper Protect as the operating system for the virtual server instance. On the create virtual server page, under Confidential computing, click the Run your workload with an OS and a profile protected by Secure Execution toggle, to activate support for secure execution images. Then, in the Operating system field, "IBM Hyper Protect" operating system and the "hyper-protect-container-runtime" image must be selected to create an IBM Cloud Hyper Protect Virtual Server for IBM Cloud VPC instance. For more information, see Confidential computing with LinuxONE.
You can choose a profile based on your requirements. You can choose from balanced, compute, and memory secure execution enabled profiles. For more information, see s390x instance profiles. Ensure that you select a secure execution enabled profile (for example, bz2e-1x4) when you enable the Run your workload with an OS and a profile protected by Secure Execution toggle. Selecting any profile that is not secure execution enabled will cause the provisioning of the virtual instance to fail.
Supported IBM Z or LinuxONE stock image operating systems
| Image | Architectures |
|---|---|
| Ubuntu 22.04.x, 20.04.x | s390x |
| SUSE Linux Enterprise server (SLES) 15 SP3 | s390x |
| IBM z/OS (IBM Wazi as a Service) | s390x |
The IBM Wazi aaS z/OS dev and test stock image is available in the US South (Dallas), Japan (Tokyo), Brazil (São Paulo), Canada (Toronto), United Kingdom (London), Spain (Madrid), US East (Washington DC), and US South (Dallas) regions. For more information, see IBM Wazi as a Service documentation.
For more information about images for x86 processor architecture, see x86 virtual server images.
With a cloud-init enabled image, you can provide user data. In the User Data field on the order form, you can enter optional cloud-init user data for the server. For more information about user data and automation, see User data.
When using the IBM Hyper Protect Container Runtime image, container details are provided at instance creation through the contract, specified in the User Data field on the order form. Once the containers start, you can interact with the workload that is brought up on the containers. For more information, see Contract.
You can access details about each operating system, such as the url for the operating system, by using the API call, List all operating systems.
Stock image naming conventions
All IBM-provided stock, public images are named by using the following convention:
ibm-<family>-<version>-<type>-<architecture>-<build>
The following example shows the image naming convention.
ibm-hyper-protect-container-runtime-1-0-s390x-14
It is recommended that you use the latest images because they are valid for longer and have the latest security fixes. Upgrade to the latest image because the earlier images will expire soon.
The following list explains the variables that make up the components of the image name:
- The leading prefix of
ibm-is used for IBM-provided images. Custom images cannot be named with this prefix. - The
familycomponent provides the operating system family, such as redhat, debian or in this example hyper-protect. - The
versioncomponent provides the operating system version, such as 18-04 for Ubuntu 18.04, or 1.0 for hyper-protect. - The
typecomponent provides the minimization level of the operating system image, such as minimal or full. - The
architecturecomponent provides the vCPU architecture that is supported by the operating system image, such as amd64 or s390x. - The
buildcomponent is a small, non-negative integer that is incremented each time a new build of the operating system is created. For image names that are otherwise identical, the image with the highest build value is the most recent image for that operating system.
You can obtain the current list of images, including stock images, by running the following command in the command-line interface: ibmcloud is images.
The image naming convention is subject to change. The list of image names is not intended to be programmatically parsed or interpreted. You can use the GET /images API to obtain metadata in a structured format.
Custom images
You can import an image from IBM Cloud Object Storage to use for creating a new virtual server instance.
To create secure execution based custom images by using the IBM Cloud Object Storage option, see Preparing the workload. For more information about creating secure execution based images, see IBM Secure Execution for Linux.
The IBM Wazi as a Service (Wazi aaS) custom image can be created only by using IBM Wazi Image Builder, which is a separately orderable product from IBM Passport Advantage. Extra requirements are needed to use Wazi Image Builder. The image cost is the premium that is applied to cover the cost of technologies that allows for z/OS dev and test images to run on IBM Z hardware on IBM’s cloud infrastructure as a service layer.
The z/OS Wazi aaS custom image must meet the following requirements:
- qcow2 format
- z/OS 2.4 or z/OS 2.5 operating system
- See Prerequisites for required PTF fixes on z/OS and other IBM software products to allow them to run as a guest of alternate IBM hypervisor, IBM Z Hypervisor as a Service (zHYPaaS).
For more information, see Bringing your own image with Wazi Image Builder.
Requirements
All custom images must meet the following requirements:
- Contain a single file or volume.
- Be in qcow2 or vhd format.
- Be cloud-init enabled or bootable by using ESXi kickstart.
- Size doesn't exceed 250 GB.
- The minimum size is 10 GB. For any image that is less than 10 GB, the size is rounded up to 10 GB.
For more information about custom images, see Getting started with custom images.
Next steps
After you choose a profile, it's time to plan for and create an instance.