IBM Support

Information Server on Cloud Managed Service - User Guide

Product Documentation


Abstract

IBM® Information Server on Cloud Managed (IIS on Cloud Managed) provides IBM InfoSphere® Information Server on the IBM cloud infrastructure where IBM takes care of the infrastructure and security of the cloud service allowing clients to focus on their business.

Offering the rich features of an on-premises IIS deployment without the cost, complexity, and risk of managing the infrastructure and security.

Content

Chapter 1 - Overview
Based on IBM InfoSphere® Information Server Enterprise Edition ("IIS") on Cloud Managed is a solution that comes preinstalled and ready to run in small, medium, and large server configurations.
Each data center facility where IIS on Cloud Managed is provisioned has the same specifications regarding quality deployment and management methodologies. Leveraging the standardization across all geographic locations, IBM optimizes key data center performance variables such as space, power, network, personnel, and internal infrastructure.
The following diagram is a responsibility comparison between the IIS managed cloud service responsibilities and traditional on-premises solution.  What is important to understand is that while the Managed Clould team takes care of the majority of the cloud service, the management of the IIS application / solution including the data is the responsibility of the client. Application wise IBM is deploying changes and performing maintenance of the application.   Additional IIS  solution and / or application implementation add-on services are available for an additional fee.
 

image-20190422092040-2

IBM responsibilities include:

  •  Actively monitor and resolve any issues that are encountered with the cloud service.
  •  Maintain the software platform, IIS and the operating system, to meet security standards.
  •  Maintain software firewalls on servers that face the internet to provide the required protection.
  •  Provide user access to the cloud service once the cluster is provisioned, by sharing the web address, username, and password.
  •  Ensure the continuity, compatibility, and performance of the cloud service by installing only permissible software, including any open source packages, and apply patches and upgrades to the cloud service environment and operating system.
  • Create and maintain regular backups of data.

Client responsibilities include:

  • Submitting problems/requests/tickets electronically through the proper support system
  • Keeping issues separate (questions, problems or changes requests) and focus on one issue per ticket, incident or case
  • Selecting a Severity based on your judgment of the business impact
  • User testing: testing and coordination after an environment update, fix, change, development artifact, customization or extension is applied resulting from a ticket, or after scheduled maintenance.
  • Providing timely feedback and keeping IBM informed, so the IBM support team can close out the issue when it has been resolved. If the issue reoccurs, or you want to request a change rollback/backout, you may reopen the original support ticket, incident or case by resubmitting it electronically.
  • Coordination and communication: IBM will notify the designated contacts it’s up the client for further that communication to additional users regarding usage, upcoming maintenance and outage windows.
  • Troubleshooting and fix validation: working with IBM to help reproduce problems including debugging and tuning your application.
  • Development of the application: Customizations, development artifacts, integrations, and testing  IIS applications.
  • Setup and Definition: Maintenance of all LDAP users and groups related to any IIS application solutions
  • Change requests: logging of change request tickets in which you provide IBM enough notice including a recommended 2-hour deployment window, relevant change files, documentation/instructions, rollback plan, additional names for notification, and test results for the change request (includes extensions, development artifacts, CBAs, DB2 scripts, .jar file updates, job file and project file updates).
  • Ongoing management of the applications and data including the quality and performance of programs, applications, and jobs that are developed for IBM IIS on Cloud Managed
 
Multiple servers are provisioned including various technical specifications for each machine, the following is representation of the software stack and servers details that will be provisioned as part of the cloud service, subject to change as required.
 
High Level Architecture (Small, Medium or Large):
image 3350
image 5679
High Level Architecture (High Availability HA Small, Medium or Large ):
*Not all IIS Cloud Services are HA, refer to your transaction document for entitlement
image 3348
Engine Tier: is the logical group of engine components and communication agents

Services & Repository Tier: consists of the application server, common services, and product services for the suite and product modules. The repository tier consists of the metadata repository hosted on DB2

Enterprise Search: is an extension to services tier which provides enterprise search and related capabilities
Client Tier: consists of the client programs and consoles that are used for development, administration, and other tasks
IBM Spectrum Protect: provides automated, centrally scheduled, policy-managed backup and archive capabilities
For additional details on IBM Information Server please refer to the IIS production documentation, refer to transaction documents for any exclusions of IIS in the Cloud Service -> https://www.ibm.com/support/knowledgecenter/SSZJPZ_11.7.0/com.ibm.swg.im.iis.productization.iisinfsv.overview.arch.doc/topics/wsisinst_pln_configurations.html
Machine Specification and Software Stack (Production offerings):
image-20200213132317-3

Machine Specification and Software Stack (DEV/TEST):

image-20200213132406-4

Machine Specification and Software Stack High Availability (Small HA):
*also available (but not shown) is the enhanced HA-with Disaster Recovery improvements
**medium and large specs also available on request

image 3353

** Cognos and BPM are not included but can scoped / priced separately on request for the HA offering

Chapter 2 - Accessing the Cloud Service
Once the Cloud Service has been provisioned and clients have received their welcome letter(s) the environment is ready for use including configuration and code deployment.  The first step is that clients will work with the Operations and Support team in order to establish initial VPN connectivity. 
Once the VPN connectivity is setup, Clients can access IIS by using the IIS Launchpad (single web interface for opening various clients or consoles).
The following URL would be used -> https://<server>:<port>/ibm/iis/launchpad
For full details on how to use IBM® InfoSphere® Information Server product please refer to the product documentation link available in Chapter 13 - Additional Resources and FAQ
The out of the box cloud service provides HTTPS access to relevant application user interfaces, including IIS and LDAP (restricted to user groups). IIS Managed Cloud Service restricts SSH root level access. In addition cloud services not designated as dev/test,  access to administrative software consoles is also restricted.  No access is provided for OS level root access and / or software administrative console(s).    
More details regarding any access restrictions for this Cloud Service please review Chapter 9 - Access Restrictions  and section 5.5 in the Service Description link found in Chapter 13 - Additional Resources and FAQ

IIS Managed Cloud Services comes with an integrated LDAP service.   Access to various services are controlled via the LDAP service.   For more information regarding the LDAP service and associated customizations see  Chapter 3 - Access Management and User Permissions

Chapter 3 - Access Management and User Permissions
In version 2.0 of the IIS managed offering a stand-alone Identity Management (IDM) LDAP configuration is provisioned as part of this Cloud Service.  The IDM will be used for monitoring and controlling the IBM managed service access as well as for client self-serve capabilities to add users and granting permission to IIS user roles.  Additional user administration for example modifying, deleting of users, creation of new groups or roles can be accomplished by logging a support ticket with the managed operations and support team for assistance.  When the cloud service provisioning is complete a limited administrative user will be created by IBM for the cloud service and the details will be provided in the welcome letter.
IBM provides the ability to leverage IdM's native capability to synchronize the Cloud based LDAP service with Client's on-premises Active Directory("AD").  There are options available support for SAML 2.0 authentication to the various web application.  For implementation and discussions (including restrictions) please review options available for your Cloud Services Coordinator.
Clients typically will work with the Analytics Cloud Service Operations and Support for initial configuration and information on setting up new users, however additional self-help options are available following link to add users to the Cloud LDAP -> How to: Create users in the managed cloud service LDAP
 
Additional details regarding the LDAP Directory for this Cloud Service please see section 5.2 in the Service Description link found in Chapter 13 - Additional Resources and FAQ
The following document outlines the procedures for clients to request additional access to the Cloud Service.
For additional details see the link on User Access Management Procedures found in Chapter 13 - Additional Resources and FAQ

Chapter 4 - Change Management and Loading data or files
Clients expect their environment to be compliant with IBM security policies and external compliance regulations. IBM adheres to a change request process to keep our Client’s systems safe and highly available.  IBM will provide a Secure File Transport (SFTP) service in order to facilitate file transfers for loading or extracting data from the Cloud Service.
 
In order to facilitate requests for configuration or changes (including loading files like customizations or extensions) to the Cloud Service please see the Change Management documentation link found in Chapter 13 - Additional Resources and FAQ
Examples requests, process flow and timing details for (critical and non-critical) change requests see the Change Request Details documentation link found in in Chapter 13 - Additional Resources and FAQ

Chapter 5 - Available Programmatic Interfaces
Included in the Managed Cloud Service are various programmatic interfaces including HTTPS for thin client applications like Operations Console, Information Analyzer, IGC, IGD, DQ Exception Console, IMAM etc
DataStage thick client access to Designer, Director.
Secure file transport service for loading data into IIS.

Chapter 6 - Shared Storage and log file access
Application level log files can be shared via SFTP shared storage, requests for access can be logged with the managed cloud service operations and support team.
IBM will provide a Secure File Transport service (SFTP access) in order to facilitate file transfers for loading or extracting data from IIS.
  • SFTP Shared storage for uploading files for batch IIS loads

Chapter 7 - Backup and Recovery Options
If the cloud service is not designated as dev/test two instances of IBM Spectrum Protect server are configured on a dedicated machine for each
deployment of the service.
Daily file system backups (recommended files) and periodic (daily / weekly / monthly) database backups are provided. Periodically, backup files will be remotely stored in IBM Cloud Object Storage and retained for up to 28 days.  Clients will be able to request through the operations and support team up to two backup/restores per month.
image-20190408174427-1
Default Backup Policies
  • Db2 databases -  Full, incremental & transaction log backup
  • IBM WebSphere Application Server (WAS) profiles - deployment Manager, App Server & Proxy Server profile backup
  • Others - Configuration & properties files, iptables, certificate, keystore etc
Additional restores or increased system backup frequency greater than on a daily basis can be performed under a separate Statement of Work for an additional charge.
 
Snapshot Backup is not provided.
For environments designated as dev/test where clients are looking for daily scheduled backups talk to the Cloud Service Coordinator as options are available for an additional charge through a separate statement of work (SOW).
Additional details regarding Backup and Restore for this Cloud Service please see section 5.3 in the Service Description link found in Chapter 13 - Additional Resources and FAQ

Chapter 8 - Patching and Upgrading
Cloud Service Major and Minor updates or patches will be evaluated for installation within a monthly maintenance window. Two weeks prior to the maintenance window, IBM will publish the list of Major and Minor updates being applied along with a brief description of the updates. During the maintenance window, the Cloud service may be unavailable.
If required, IBM will notify the Client that the Cloud Services will not be available during the maintenance window. Where possible, IBM will minimize Service disruptions for maintenance activities, with a monthly downtime goal to not exceed four (4) hours. 
Additional details regarding Cloud Service Environment Updates please see section 5.1 in the Service Description link found in Chapter 13 - Additional Resources and FAQ

Chapter 9 - Access Restrictions
Since IBM is managing the Cloud Service, certain limitations and access restrictions are in place depending on the cloud service. For example,  IBM is not providing direct access to the individual servers, OS level, WebSphere Application Server,  Information Server, LDAP or Db2;
  • No direct SSH access to servers
  • No root passwords or IP addresses provided
  • Dev/Test environments will allow administrative access to dev tooling and GUIs/Consoles like WAS, Db2
Additional details regarding Access Restrictions for this Cloud Service please see section 5.5 in the Service Description link found in Chapter 13 - Additional Resources and FAQ

Chapter 10 - How to get Support
The Analytics Cloud Operations Support team is available to help with technical issues with the IIS managed cloud service.
IBM will assign a Cloud Service Coordinator (CSC) support team that will provide:
  • single point of Client contact for incident and change management oversight;
  • management of maintenance intervals;
  • monitoring of problem or failure events, tracking events to closure and root cause analysis for Severity 1 outages;
  • monthly service level objective reporting; and
  • monitoring and tracking trouble tickets to resolution.
The CSC support team conducts operating service reviews through weekly status meetings with the Client to review incidents and change management.
For additional details on Support see the link for Cloud Service Support Guide found in Chapter 13 - Additional Resources and FAQ

Chapter 11 - Security and Compliance
IBM manages the infrastructure (network, storage and compute resources) applies fixes to the application and maintains the IBM software, IBM is also responsible for the security and privacy controls for this Cloud Service.   The measures implemented and maintained by IBM within this Cloud Service are subject to annual certification of compliance with ISO 27001.
 
Evidence of stated compliance and accreditation, such as certifications or attestations can be downloaded from here -> https://www.ibm.com/cloud/compliance/global.  
 
For additional details see the link to the Security Data Sheet found in Chapter 13 - Additional Resources and FAQ
1. IBM Information Server on Cloud Managed - Offering Security Data Sheet
2. IBM Cloud Compliance
3. IBM Data Security and Privacy Document for IBM Cloud Services
4. IBM Cloud Services Agreement

Chapter 12 - Disaster Recovery
In the event of an IBM declared Disaster, IBM will communicate with Client on an hourly basis as to the status of the recovery process, including progress regarding the Recovery Time Objective (RTO) and Recovery Point Objective (RPO).
IBM will provide a projected RTO and RPO, based on the clients existing cloud service subscription, to perform recovery activities for Cloud Service Environment(s).
The out of the box IIS (non-HA-DR) cloud service offerings allows for Seven (7) day Recovery Time Objective and (1) day / 24 hours Recovery Point Objective.
The High Availability and Disaster Recovery (HA-DR) cloud service offerings allow for improvement to recovery objectives for business continuation with four (4) hours Recovery Time Objective and near real time Recovery Point Objective.   Also included with the HA-DR subscription is an annual client specific disaster recovery test.
Additional frequency testing and validation greater than on an annual basis can be performed under a separate Statement of Work for an additional charge.
If the Cloud Service Environment is designated as dev/test unavailability of the environment will be treated as a Severity 3 support case and
resolve the issue by way of restoring to the last known working backup or reinstalling.
Additional details in the Service Description (link available in Additional Resources Section)

Chapter 13 - Additional Resources and FAQ

a. Change Management Process -> http://www.ibm.com/support/docview.wss?uid=ibm10874428
b. User Access Management Procedures -> http://www.ibm.com/support/docview.wss?uid=ibm10874452
c. Configuration and Change Request Technical Details -> http://www.ibm.com/support/docview.wss?uid=ibm10874400
d. Service Description ("SD")  -> https://www-03.ibm.com/software/sla/sladb.nsf/sla/sd-8403-02 f. Managed Support Guide -> https://www.ibm.com/support/home/pages/support-guide/?product=4017323
 
1. What is the RTO/RPO for the managed service? 
The out of the box offering allows for Seven (7) day Recovery Time Objective and (1) day / 24 hours Recovery Point Objective, the HA-DR service can be purchased to improve recovery objectives for business continuation with four (4) hours Recovery Time Objective and near real time Recovery Point Objective. Additional details in the link for the Service Description found in Chapter 12 - Disaster Recovery
2. How does IBM perform patching and maintenance?
Refer to Chapter 8 - Patching and Upgrading of the User Guide 
3. Is the out of the box IIS Managed offering High Availability (HA)?
Depends on the service purchased, please refer to the Service Description offering details.
4. For what period are major and minor product upgrades included in the purchase price of the product?
The IIS Managed is a subscription to a Managed Cloud Service, the current version installed and configured in the IIS Managed Cloud service is the latest release of 11.7.
5. Describe the process and estimate the time required to install subsequent releases/versions of your product.
Three Levels of change control are defined within the Offering:
Immediate Patches: (for security/integrity issues)
-    Notification will be provided through the event management infrastructure of the patch update schedule
-    IBM will then process the change including stopping the service if required
-    Notification will be provided that the patch has been completed and the service is fully available
Monthly Patches: (fixes that don’t affect application functionality)
-    Notification will be provided 2 weeks prior to the monthly maintenance window of the update
-    Client has the ability to delay the patch within 7 days and for up to 45 days
-    Patch will be performed during the stated Monthly maintenance window
Updates:  (fixes that may affect application functionality)
-    Notification will be provided 45 days prior to the monthly maintenance window of the update
-    Client has the ability to delay the update within 30 days for up to 6 months
-    Client has the responsibility for testing/making any required changes to their application or data
IBM will coordinate any application updates with Clients (including scheduling of application/data updates)
Additional details in the link for the Service Description found in Chapter 13 of the User Guide 

6. What is the (average) frequency of new releases and upgrades?
This can vary, please see description above (Q8) of estimated categories of changes.
7.  What is your support policy on older software releases?
The IIS on Cloud Managed is a subscription to a Managed Cloud Service, the latest version of the on-premises IIS software is pre-installed, there is no option to install other older versions. Specifications of all the software installed in the IIS on Cloud Managed Service is in Chapter  1 - Overview
8. Do upgrades include regulatory requirement changes? Does this affect the frequency of upgrade releases?
This can vary, please see description above (Q5) of estimated categories of changes.
13. Are any customization automatically included in any upgrades?
Customizations, Custom Code, or Extensions are the responsibility of the Client and not included in this offering, however, services are available for IBM to code, develop, and test customizations/extensions these services can be purchased through a separate statement of work. Additional details in the Service Description found in Chapter 13 of the User Guide
14. Does customization incur additional annual maintenance costs?
The ability for Clients to deploy Client customized IIS solutions and Extensions within the Cloud environment through a support ticket process is included in this offering at no additional cost, upgrading, developing, maintaining the customizations is the responsibility of the client.  Additional Services are available for IBM to code, develop, and test customizations/extensions these services which can be purchased through a separate statement of work.

15. Disaster recovery, HA, backup and restore …
Each Cloud Service is assessed separately (defined, documented and maintained annually) for business continuity and DR requirement and documented risk management guidelines.  Please refer to the Data Security and Privacy Principals for additional information and details Section 6.d. -> https://www-03.ibm.com/software/sla/sladb.nsf/sla/dsp
16. Do customers still have all the rights to deploy to the managed servers on our schedule?
Short answer is No. To keep clients environment safe and secure access is restricted to the operations and support team, code/customization deployments are not done by clients but by IBM. Clients can however submit tickets 24x7 to the support team for application of specific customization artifacts (CBAs, JAR files, DB Scripts).  For additional details please the managed Change Request documentation link  in Chapter 13 of the User Guide 
17. How is my data processed and protected?
IBM takes clients data security and protection very seriously, for additional information please see Chapter 11 Security and Compliance 
18. What certifications has the IIS managed offering achieved?
IBM takes clients data security and protection very seriously, for additional information please see Chapter 11 Security and Compliance 
19. Does the managed service allow for access to logs?
Application level logs (IIS) can be made available to authorized client contacts upon request. However no access is provided to infrastructure, network, or OS level logs as the management of these functions are considered part of the base managed service. For additional details see Chapter 6 - Shared Storage and log file access

20. Do SLA's credits apply if IIS goes down?

No, the managed services does not provide individual application component SLA's credits. However for any critical system or application down issues,  IBM does provide an operations and support objective for severity 1 issues and will work with clients 24*7 / 7 days a week to restore the service as soon as possible, including restoration via the daily backups as required.  See the operations and support guide link above in this Chapter.

21. Is Penetration testing performed on the service?
Yes, our managed service adheres to the IBM Data Security and Privacy policy and includes at a minimum an annual test, for more information see section 6 in the DSP https://www-03.ibm.com/software/sla/sladb.nsf/sla/dsp?OpenDocument
22. How can I authenticate or integrate on-prem LDAP with the IIS on Cloud Managed Service?
A stand-alone LDAP configuration is included as part of the Cloud Service, which includes options for integrating with Clients on premises directory implementation see Chapter 3 Access Management and User Permissions 

23. What happens when the service encounters problems?

Through the managed service monitoring software our IBM operations team is automatically alerted and will begin to take action and troubleshoot the service. In addition to this, on request IBM can work with Clients to setup an email distribution list for notifications of a reduced functionality or loss of service. These types of notifications would be distributed to Clients without undue delay upon confirmation of such an issue that is known or reasonably suspected by IBM to affect the Client. IBM will provide Client with reasonably requested information about such issue and the status of any IBM remediation and restoration activities.
 

24. On which Cloud Service Provider is the service or application hosted? For example like AWS, Azure, GCP, etc.

This offering is only available on IBM Cloud.
 

25. What are the Integration services and Protocols supported by this Product?

See Chapter 5 for details Available Programmatic Interfaces
 

26. Which Data Center locations are available for this offering?

The list of available Data Centers is (Dallas, San Jose, Washington D.C, London, Frankfurt, Amsterdam, Hong Kong, Chennai, Sydney, Melbourne, Singapore, Toronto, Montreal) Additionally most IBM Cloud data centers can be supported, if Clients have a different location in mind, please verify with your IBM account rep on availability.
 
For a full list of IBM Data Centers please see http://www.softlayer.com/data-centers
 

27. Is the offering single or multi-tenant?

The managed offering is a single tenant offering.
 

28. What kind of policy is in place for data destruction and record retention?

Refer to Section 2 in the Cloud Services Agreement https://www.ibm.com/support/customer/csol/contractexplorer/cloud/csa/us-en/10 , in addition backup data is stored for 28 days after a contract has expired or is terminated and then it is deleted.  For additional information and a link to the data sheet please see Chapter 11 Security and Compliance 
 

29. Is data movement encrypted in this offering?

Yes, all in-flight data transmissions are encrypted. 
For additional information and a link to the data sheet please see Chapter 11 Security and Compliance 

30.  What kind of availability does the offering support?

The default availability for non dev/test environments is 99.5% excluding planned outages, HA 99.9%
31.  How are the environments accessed via the network?
 
By default, the servers are accessible through a Client site to site VPN on the server’s public IP addresses. These public IP addresses are utilized in order avoid conflicts with Clients internal IP private subnets.
Public IP’s are protected by the VPN and not accessible on the public internet. 
DNS resolution will be provided by default, which will be sufficient for a majority of customers. Alternatively, Client may setup access through their own internal DNS service.
 
32.   How can I provide ideas for improving offerings / products?
 
Please post your idea/suggestion to our IBM Analytics Ideas portal: https://ibmanalytics.ideas.aha.io/

 
33. Where can I find additional information on IBM Data Security of the Cloud Service and privacy principals.
 
34. 
How do I open a support ticket?
 
Once the welcome letter is received Clients are entitled to log support cases, the designated Cloud Service Coordinator (CSC) will walk Clients through the registration and setup process. 
For reference tickets for the any of the 'Analytics Cloud Service' products the link is available here -> https://www.ibm.com/mysupport/s/?language=en_US additional details on Support please see section Chapter 10 - How to get Support

Document Location

Worldwide

[{"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSGLHQ","label":"IBM Information Server on Cloud"},"Component":"Information Server Enterprise Edition on Cloud Managed Service","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
14 January 2022

UID

ibm11072004

Page Feedback