A look back at the year 2022 by the team creating the IBM Cloud Solution Tutorials.

Similar to 2021’s review post, it’s once again the time of year to take some time and look at the work done, new experiences gained and interesting things seen. Without further ado, let’s get into it: Four different short views, written by members of the IBM Cloud Solution Tutorials team who you know from previous blog posts.


When was the last time you…?: That’s a question I heard often over the past 12 months. The pandemic caused many changes — in the ways we live, we work and everything in between (think “home office”). When was the last time you were in the office, met a co-worker, a customer or partner? When was the last time you attended a conference in person? When was the last time you heard a similar question?

Fortunately, those questions came often this year. And I was happy to hear them because it was at some in-person events. Being in the home office or traveling implies accessing work-related systems remotely. So, let me ask this question: When was the last time you had to use a VPN (Virtual Private Network) connection to access corporate resources?

Depending on your company and the kind of work you do, the need for VPN access (get within the perimeter) got reduced or eliminated. Many organizations have started to move toward a zero trust architecture. Instead of assuming that everything within the perimeter is secure, a zero trust approach assumes a breach. Hence the motto is “never trust, always validate.” The goal is to enforce accurate, least-privilege-per-request access decisions:

With context-based restrictions in place, this access is denied because of its origin.

In my cloud account, I have enabled MFA (multi-factor authentication) for all users to tighten security. I also made use of custom roles for more fine-grained access management. Custom roles are useful to implement the principle of least privilege. To quickly and securely onboard/offboard teams and always assign the right set of privileges, I started to use Terraform code to roll out new IAM (Identity and Access Management) access groups combined with other security features.

Moreover, I am actively tracking down inactive identities to reduce risks. Finally, I am adding context-based restrictions to my account to limit which resources and endpoints are exposed. And to prove my security skills, I got certified for the IBM Cloud Security Engineer Specialty.

So, let me ask this question: When was the last time you got certified?

A good way to build up skills for certifications is by going through the provided training material and by hands-on experience. Personally, I learn and grow by going through the IBM Cloud solution tutorials (or creating new ones).

In my latest tutorial, I not only share my experience, but also insights into how to “Share Resources Across Your IBM Cloud Accounts.” So, let me ask this question: When was the last time you read (and tried) one of our IBM Cloud solution tutorials?


I love the cloud. Creating a scalable and highly available architecture in my on-premises data center would be challenging, but making this happen in the IBM Cloud is straight forward. IBM has a collection of multizone regions (MZRs) around the world. Each regional zone has isolated power, network, cooling, etc. Workloads can be balanced across multiple servers in multiple zones. In the event of a server failure or the unlikely event of a zone failure, a workload can remain accessible:

There is no single point of failure since even the global load balancer is a highly available system provided by IBM’s partner Cloudflare. Using Infrastructure as Code in IBM Cloud Schematics allows the infrastructure to be developed and tested in my account before delivering to production through a DevSecOps environment.

A variation of this architecture for on-premises private access to cloud workloads across zones is also possible by layering on Direct Link and using the global load balancer in the IBM Cloud DNS Service:


Automate: Last year, I was referring to a lot of work done around automation. This is my new normal. I have a hard time remembering when I provisioned resources manually. Most of the times it was when playing with a new service or feature, but for any serious work, I go through some form of automation — Terraform being the standard when it comes to cloud. Even my personal projects, my own domains, my Git repos and my laptop configuration, are all captured as-code! There’s no doubt this will continue this year — more automation, more as-code for everything.

Secure: In the face of increasingly sophisticated cyber threats, security is also a critical concern for organizations. One way to improve security is to adopt a zero trust approach. This means that no user or device is automatically trusted, and all access to resources must be authenticated and authorized.

To allow users to connect to cloud resources, a company may deploy services like a bastion, establish a site-to-site VPN connection or deploy a more traditional client-to-site VPN. I had the opportunity to look at our client-to-site VPN and how it can be fully configured with Terraform:

Once you are authenticated and authorized, you want to make sure the system you are accessing is using the latest security fixes. For virtual servers, one approach is to build hardened custom images and to consider them immutable. As new fixes are released, new custom images are built and deployed. And guess what, that is another place for automation because with a tool like Packer can be integrated in a CI/CD pipeline to build custom images:

AI: In the last weeks of 2022, artificial intelligence (AI) dominated the headlines again. The trend is to make it more and more accessible to everyone with use-cases that we can all relate to (e.g., generate your social media avatar, craft nice emails, write a full essay from a bullet list, summarize a long article or a book). This is a trend we will likely see continue in 2023, in many fields:

Disclaimer: This section may or may not have been partially written by an artificial intelligence.


Last year, I described work in progress on a process I was using to manage SSH keys on virtual servers running in a Virtual Private Cloud. I published the “Using Instance Metadata and Trusted Profiles for Managing SSH Keys” post a few weeks later with the steps and source code I am using. I was glad to see a few uses of it as is, as well as some cloning and repurposing of the code for similar requirements (for example, to configure ephemeral storage on a compute resource after a restart).

For parts of 2022, I worked with several technical individuals that interact directly with our clients to help identify and start addressing gaps in our documentation and tooling that would help first-time users of IBM Cloud. As part of that effort, I developed and released a tool to help identify potential conflicts between IP ranges in on-premises environment(s) and IP ranges used in our IBM Cloud classic infrastructure. It is a common requirement, and you can perform a quick search using the IP Ranges Calculator tool. The tool allows you to also download the IP ranges in JSON format.

We also published in our cloud documentation a checklist for getting started on IBM Cloud. This checklist is based on experiences from our field teams on tasks they found are required for most users onboarding to IBM Cloud. It is meant as a one-stop shop, with some links to our existing documentation.

When I write tools like the IP ranges calculator tool, I use the IBM Cloud Code Engine service as my compute environment. With the source code usually available on GitHub, I needed a way to manage updates and validation without too much effort. I wrote a set of small GitHub actions — Set up the IBM Cloud CLI and Create, Update and Delete to IBM Cloud Code Engine — and I now use these to deploy all my apps. I hope you find these as useful as I do.

Engage with us

If you have feedback, suggestions, or questions about this post, please reach out to us on Twitter (@data_henrik, @l2fprod, @powellquiring) or LinkedIn (Dimitri, Frederic, Henrik, Powell). 

Use the feedback button on individual tutorials to provide suggestions. Moreover, you can open GitHub issues on our code samples for clarifications. We would love to hear from you.


More from Cloud

IBM Cloud inactive identities: Ideas for automated processing

4 min read - Regular cleanup is part of all account administration and security best practices, not just for cloud environments. In our blog post on identifying inactive identities, we looked at the APIs offered by IBM Cloud Identity and Access Management (IAM) and how to utilize them to obtain details on IAM identities and API keys. Some readers provided feedback and asked on how to proceed and act on identified inactive identities. In response, we are going lay out possible steps to take.…

IBM Cloud VMware as a Service introduces multitenant as a new, cost-efficient consumption model

4 min read - Businesses often struggle with ongoing operational needs like monitoring, patching and maintenance of their VMware infrastructure or the added concerns over capacity management. At the same time, cost efficiency and control are very important. Not all workloads have identical needs and different business applications have variable requirements. For example, production applications and regulated workloads may require strong isolation, but development/testing, training environments, disaster recovery sites or other applications may have lower availability requirements or they can be ephemeral in nature,…

IBM accelerates enterprise AI for clients with new capabilities on IBM Z

5 min read - Today, we are excited to unveil a new suite of AI offerings for IBM Z that are designed to help clients improve business outcomes by speeding the implementation of enterprise AI on IBM Z across a wide variety of use cases and industries. We are bringing artificial intelligence (AI) to emerging use cases that our clients (like Swiss insurance provider La Mobilière) have begun exploring, such as enhancing the accuracy of insurance policy recommendations, increasing the accuracy and timeliness of…

IBM NS1 Connect: How IBM is delivering network connectivity with premium DNS offerings

4 min read - For most enterprises, how their users access applications and data is an essential part of doing business, and how they service those application and data responses has a direct correlation to revenue generation.    According to We Are Social’s Digital 2023 Global Overview Report, there are 5.19 billion people around the world using the internet in 2023. There’s an imperative need for businesses to trust their networks to deliver meaningful content to address customer needs.  So how responsive is the…