IBM Cloud Private v2.1.0.3 Boosts Scalability and Security

IBM® just announced the release of version 2.1.0.3 of IBM Cloud Private which provides guidance for General Data Protection Regulation (GDPR) compliance and adds new capabilities for securing, managing, and scaling your platform. Additionally, 2.1.0.3 includes support for both Microclimate and select open source runtimes. See What’s new in Version 2.1.0.3 in the product documentation for more details. Or read on for the highlights!

General Data Protection Regulation

The new GDPR regulation is now in effect in the European Union. IBM has developed a dedicated web page about IBM Cloud Private platform considerations for GDPR readiness to provide you with information about features that you can configure, and aspects of the product’s use that you should consider to help your organization with GDPR readiness.

Latest version of Kubernetes

IBM Cloud Private continues to evolve in lock step with the community. This release includes version 1.10.0 of Kubernetes.

Tighter security options for administrators

We continue to tighten security on the platform and provide more options for administrators to control access to various parts of the system. The following enhancements are now available in 2.1.0.3:

• Role-Based Access Control (RBAC) for Helm repos and individual charts within a repo. You can now control which teams have access to which charts, limiting who can deploy, update, and delete your most critical applications.

• Use Service IDs and Service API Keys to better control which programs can access services running on your platform and to customize their access privileges.

• Use the IBM Cloud Private CLI to manage Kubernetes Secret passwords that secure communications to key services in the IBM Cloud Private platform. For example, you can set your own password for our built-in MongoDB service that stores authorization and authentication information. You can also set up password rules that ensure only strong passwords are used to protect your system.

• Audit logging of authentication and authorization actions on your system is now available.

• Set up end-to-end TLS encryption for your ELK stack. When enabled, all data passed between the Elasticsearch, Logstash and Kibana components is encrypted and secured with PKI-based authentication.

Certified scalability to 1000 nodes (!)

We continue to increase the scale testing and have now certified IBM Cloud Private to work with up to 1000 nodes. See our blog, Journey to 1000 Nodes, and learn about the challenges we hit as we scaled up and how our architecture addresses them.

Day 2 Management & Usability

IBM Cloud Private was designed from the ground up using a microservices-based architecture. It was therefore natural in version 2.1.0.3 to use Helm to deploy our optional services, such as metering, monitoring, service catalog, ISTIO, and Vulnerability Advisor. This makes future adds, removes, updates and rollbacks of management services much easier. In this release, we start by providing the ability to enable the Vulnerability Advisor post-installation.

Clients also need to change their cluster topology post-installation. For quite some time you had the option to add or remove worker nodes in your cluster. IBM Cloud Private now supports post-installation addition or removal of proxy, management, host groups, and Vulnerability Advisor nodes by using the CLI. We can also leverage a VMware or OpenStack Cloud Provider to provision worker or proxy nodes from images.

Other enhancements that make your management of the product easier includes:

• “Launch” links in the dashboard so that you can directly open an application’s UI with one click

• More catalog filters, so you can find and launch applications faster

• Release notes information for each Helm chart, including the version, what’s new, and any fixes, or enhancements added.

• The internal Helm repository named local-charts can now be added to the Helm CLI as an external repository.

• The ability to use the metering service to measure usage of your own applications as well as IBM products running outside the IBM Cloud Private cluster.

Cloud Foundry Enhancements

IBM Cloud Private now provides a better way to deploy and manage Cloud Foundry. This improved Cloud Foundry now includes a new management console (technology preview), container-to-container networking, integrated monitoring, updated buildpacks, new OpenStack support, and an upgrade to Cloud Foundry version 270.29. For more information, see What’s New in IBM Cloud Private Cloud Foundry Version 2.1.0.3.

Microclimate and Runtimes Support

Whether modernizing existing applications or building new cloud native microservices, cloud-based applications are increasingly composed of components built using multiple programming languages and frameworks. This is why IBM Cloud Private now includes support for Microclimate and open source Java, Node.js and Swift runtimes along with select web and microservice frameworks. Microclimate enables end to end development that lets you rapidly create and edit Java, Node.js and Swift applications and deploy them through an automated DevOps pipeline using Jenkins. (Microclimate replaces Microservice Builder, which was available in earlier releases.) Together Microclimate, Runtimes Support and IBM Cloud Private provides a complete, end-to-end solution for development and deployment on the most popular open source frameworks.

Betas and Technology Previews

Container Storage Interface (CSI) is now available as Beta.

The following features are available as Technology Previews:

• ISTIO is now deployable by Helm

• Horizontal pod auto scaling by using custom metrics

• Installing your cluster by using containerd as a runtime for cluster nodes is available

We invite you to join our open community on ibm-cloud-tech.slack.com and give us your feedback, or ask questions on Stack Overflow tagged ibm-cloud-private.