Deployment options

IBM Vault Self-Managed for Z and LinuxONE supports multiple deployment options to meet different infrastructure requirements and operational needs.

Overview

Choose the deployment option that best fits your infrastructure, security requirements, and operational model. Each option provides enterprise-grade secret management with high availability and disaster recovery capabilities.

Deployment platforms

z/OS Container Extensions (zCX)

Deploy Vault directly on z/OS using container technology. This option provides:

  • Native integration with z/OS environment.
  • Docker-based container deployment.
  • Direct access to z/OS resources and security features.
  • Simplified deployment for z/OS-centric environments.
  • High availability through HAProxy load balancing.
Red Hat OpenShift Container Platform

Deploy Vault on OpenShift for Kubernetes-native orchestration. This option provides:

  • Kubernetes-native deployment and management.
  • Helm chart-based installation.
  • Built-in high availability with Raft consensus.
  • OpenShift-native monitoring and logging.
  • Integration with OpenShift security features.

Integration options

Vault Secrets Operator (VSO)

Integrate Vault with OpenShift applications using the Vault Secrets Operator. This option provides:

  • Kubernetes-native secret synchronization.
  • Automatic secret injection into pods.
  • Dynamic secret rotation.
  • Declarative secret management.

Choosing a deployment option

Consider the following factors when selecting your deployment platform:

Infrastructure
  • Use zCX if you have z/OS infrastructure and want to run Vault on the mainframe.
  • Use OpenShift if you have a Kubernetes environment and want container orchestration.
Operational model
  • zCX provides Docker-based management familiar to z/OS administrators.
  • OpenShift provides Kubernetes-native operations with Helm and operators.
Integration requirements
  • zCX offers direct integration with z/OS security features (RACF, certificates).
  • OpenShift offers native Kubernetes integration with VSO for application secret management.
High availability
  • zCX uses HAProxy for load balancing across Vault instances.
  • OpenShift uses Raft consensus protocol for built-in HA clustering.