Getting started
Db2® SaaS BYOC on Azure is a fully managed, cloud-native database solution that lets you deploy and control data processing infrastructure within your own Azure tenant, ensuring greater security, compliance, and operational visibility.
Key Benefits of Bring Your Own Cloud
The key benefits of Bring Your Own Cloud are:
-
Compliance
While Software as a Service can meet many standard compliance regulations, a BYOC SaaS allows you to achieve compliance within your own environment. This enables you to meet strict data sovereignty requirements that demand enhanced observability.
-
Security Monitoring and Auditing
BYOC gives you the ability to monitor and audit the entire environment down to the network level, eliminating blind spots in observability.
-
Connectivity
BYOC allows you to connect applications within and outside your VNet without requiring special network configurations. You also gain granular control over your network boundaries, which are not shared.
-
Azure Marketplace Integration
You can leverage your cloud provider credits for your infrastructure as well as Db2 SaaS BYOC components.
Prerequisites
Requirements that must be met before setting up your Db2 SaaS environment on Azure.
The following prerequisites must be met before deploying Db2 SaaS BYOC on Azure:
- Azure Resource provider registrations
-
Before deploying the template, ensure that the required Azure Resource Providers are registered in your subscription.
-
Open the Azure Portal.
-
Navigate to the Subscription where you plan to deploy the template.
-
Go to Settings > Resource providers.
- Confirm that the following providers are registered:
- Microsoft.ApiManagement
- Microsoft.App
- Microsoft.Authorization
- Microsoft.Cache
- Microsoft.Compute
- Microsoft.ContainerInstance
- Microsoft.ContainerService
- Microsoft.DurableTask
- Microsoft.Features
- Microsoft.Insights
- Microsoft.ManagedIdentity
- Microsoft.Network
- Microsoft.OperationalInsights
- Microsoft.OperationsManagement
- Microsoft.ResourceHealth
- Microsoft.Resources
- Microsoft.ServiceBus
- Microsoft.Storage
- Microsoft.Support
- Microsoft.Web
-
- Azure Administrative Access
-
To deploy this Azure Resource Manager (ARM) template, you must have sufficient administrative privileges. The deployment will create and configure several Azure resources, including:
- Resource groups
- Managed identities
- Role assignments
- Azure Lighthouse delegation for IBM-managed access
To verify that your account has the required permissions:
- Open the Azure Portal.
- Navigate to the subscription or resource group where you plan to deploy the template.
- Go to Access control (IAM).
- Select View my access.
- Review the roles assigned to your user account. You must have either the Owner role or a custom role that includes the necessary permissions.
Below is an example of a custom role definition that meets the required access level:{ "id": "/subscriptions/{Subscription ID}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionID}", "properties": { "roleName": "byoc-db2b-custom-role", "description": "", "assignableScopes": [ "/subscriptions/bcb14895-0def-48c6-959a-bd82a80f2632" ], "permissions": [ { "actions": [ "Microsoft.ManagedServices/registrationDefinitions/*", "Microsoft.ManagedServices/registrationAssignments/*", "Microsoft.ManagedIdentity/userAssignedIdentities/*", "Microsoft.Storage/storageAccounts/*", "Microsoft.Network/virtualNetworks/*", "Microsoft.Network/networkSecurityGroups/*", "Microsoft.Network/publicIPAddresses/*", "Microsoft.Network/loadBalancers/*", "Microsoft.Network/networkInterfaces/*", "Microsoft.Compute/virtualMachines/*", "Microsoft.Compute/disks/*", "Microsoft.ContainerService/*", "Microsoft.ContainerInstance/*", "Microsoft.App/*", "Microsoft.Cache/*", "Microsoft.ServiceBus/*", "Microsoft.Web/*", "Microsoft.Insights/*", "Microsoft.Monitor/*", "Microsoft.OperationalInsights/*", "Microsoft.OperationsManagement/*", "Microsoft.NetApp/*", "Microsoft.ApiManagement/*", "Microsoft.DurableTask/*", "Microsoft.Resources/subscriptions/resourceGroups/*", "Microsoft.Resources/deployments/*", "Microsoft.Authorization/roleAssignments/read", "Microsoft.Authorization/roleAssignments/write", "Microsoft.Authorization/roleAssignments/delete", "Microsoft.Authorization/roleDefinitions/read", "Microsoft.Authorization/*/read", "Microsoft.Features/*", "Microsoft.ResourceHealth/*/read" ], "notActions": [ "Microsoft.Authorization/elevateAccess/Action", "Microsoft.Authorization/classicAdministrators/*", "Microsoft.Authorization/denyAssignments/*" ], "dataActions": [], "notDataActions": [] } ] } }
- Azure Subscription Quotas
-
Verify that your Azure subscription has adequate resource quotas to support the required infrastructure components (e.g., compute, storage, networking).
- Sign in to the Azure Portal.
- In the top search bar, type "Quotas" and select Quotas from the results.
- On the Quotas page, select My quotas from the left-hand menu.
- Use the filters at the top to narrow down by:
- Subscription
- Region
- Provider (for example,
Microsoft.ComputeandMicrosoft.Network)
- Review the displayed quota categories. Each entry shows current usage versus the allowed limit.
- Expand any category to view detailed metrics and ensure capacity is sufficient for deployment.
- IBMid Account Requirement
-
An active IBMid is required to subscribe to and provision the Db2 SaaS BYOC service.
To create an IBMid:- Go to the IBMid registration page: https://www.ibm.com/account/us-en/signup/register.html.
- Fill in the required information, including:
- Business email (this becomes your IBMid)
- Password
- First and last name
- Country or region
- Company (optional)
- Verify your email. IBM will send a verification code to the email address you provided.
- Optionally, complete multi-factor authentication setup.
Resources
To access the Db2 SaaS Bring Your Own Cloud (BYOC) API, refer to the following resource:
BYOC Plan: IBM Db2 as a Service (Bring Your Own Cloud) REST API