Securing your instance
IBM watsonx Orchestrate is built with a multi-layered security architecture and robust operational safeguards to meet the demands of enterprise IT environments. From IP allowlisting and TLS tunnel configuration to data encryption and activity tracking, every component is designed to protect your workloads and data across regions.
Whether you're deploying on IBM Cloud, AWS, or managing outbound connectivity, this section provides essential resources to help you secure your instance effectively.
Data isolation
Understand how watsonx Orchestrate isolates tenant data to ensure:
- Privacy between environments
- Protection against cross-tenant data leakage
- Compliance with data governance standards
Enhancing security for instances on IBM Cloud
Learn how to secure your IBM watsonx Orchestrate service on IBM Cloud by:
- Managing IAM access and roles
- Understanding architecture and workload isolation
- Securing data at rest and in transit
- Tracking activity events for auditing and compliance
Enhancing security for instances on AWS
Explore best practices for securing your IBM watsonx Orchestrate service on AWS, including:
- Understanding data retention and restore mechanisms
- Backup responsibilities
Regional availability and outbound IP addresses
Access the list of outbound IP addresses used by watsonx Orchestrate instances hosted on IBM Cloud or AWS. This is essential for:
- Configuring firewalls and allowlists
- Ensuring secure and uninterrupted connectivity
- Supporting compliance with regional data policies
Using private network endpoints
Connect securely to your IBM watsonx Orchestrate instance over the IBM Cloud private network by using IBM Cloud service endpoints.
Private endpoints help you:
- Keep traffic within IBM Cloud to avoid exposure to the public internet
- Ensure stronger data isolation and compliance
- Simplify secure access without needing a VPN connection