To set up the Cloud Pak for Data as a Service platform for your organization, sign up for Cloud Pak for Data as a Service, upgrade to a paid plan, set up the services that you need, and add your users with the appropriate permissions.
The Cloud Pak for Data as a Service platform includes cloud-based services that provide data governance, data engineering, data analysis, and AI modeling capabilities that you can combine to implement a data fabric solution. You can add services from the Cloud Pak for Data as a Service catalog as you need them. The Cloud Pak for Data as a Service platform is protected by the same powerful security constraints that are available on IBM Cloud.
| Task | Location | Required Role | Description |
|---|---|---|---|
| Set up the IBM Cloud account | IBM Cloud | Account Owner | Set up a paid account. |
| Manage users and access | IBM Cloud | Administrator | Invite users to join the account, create user access groups, and assign roles or access groups to users to provide access. |
| Set up IBM Cloud Object Storage for use with Cloud Pak for Data as a Service | IBM Cloud and Cloud Pak for Data as a Service | Administrator | Create a test project to initialize IBM Cloud Object Storage and set the location to Global in each user's profile. |
| Set up the watsonx.ai Studio and watsonx.ai Runtime services | IBM Cloud and Cloud Pak for Data as a Service | Administrator | Upgrade to a paid plan. |
| Set up IBM Knowledge Catalog | IBM Cloud and Cloud Pak for Data as a Service | Administrator | Assign roles, set up catalogs and categories, and plan for data governance. |
| Create the Platform assets catalog | Cloud Pak for Data as a Service | Administrator or Manager role for the Cloud Pak for Data service | Add connections to the platform assets catalog for use by collaborators. |
| Set up Data Virtualization | IBM Cloud and Cloud Pak for Data as a Service | Administrator | Provision a service instance and create IAM service credentials. |
| Set up DataStage | IBM Cloud and Cloud Pak for Data as a Service | Administrator or Editor | Provision a service instance. |
| Set up watsonx.governance | IBM Cloud and Cloud Pak for Data as a Service | Administrator or Editor | Create access policies and assign roles to users. |
| Configure firewall access (if necessary) | Cloud Pak for Data as a Service and cloud provider firewall configuration | Administrator | Configure inbound access through a firewall. |
| Provision more services | IBM Cloud and Cloud Pak for Data as a Service | Administrator or Editor | Add services as needed. |
| Optional. Configure security mechanisms | IBM Cloud | Administrator | Cloud Pak for Data as a Service has five security levels to ensure that data, application endpoints, and identity are protected. For a list of common security mechanisms, see Common security mechanisms. |
| Optional. Connect to data behind a firewall | IBM Cloud | Administrator | Securely connect to databases that are hosted behind a firewall. |
| Optional. Configure integrations with other cloud platforms | IBM Cloud and Cloud Pak for Data as a Service | Administrator | Connect to services on other cloud platforms. |
Common security mechanisms
As an IBM Cloud account owner or administrator, you set up security for the account by providing single sign-on, IAM role-based access control, secure communication, and other security constraints.
Following are common security mechanisms for the Cloud Pak for Data as a Service platform:
- Encrypt your instance with your own key. See Encrypt your IBM Cloud Object Storage instance with your own key.
- Use IBM Key Protect to encrypt key data assets in Cloud Object Storage. See Encrypting at rest data.
- Support single sign-on using SAML federation or Active Directory. See SSO with Federated IDs.
- Provide role-based access control for users and groups. See IAM access roles and Access groups.
- Configure secure connections to databases that are behind a firewall. See Connecting to data behind a firewall
- Configure secure communication between services with Service Endpoints. See Private network service endpoints.
- Control access at the IP address level. See Allow specific IP addresses.
- Require personal credentials when creating connections. The default setting is shared credentials. See Managing your account settings.
Learn more
- See The Cloud Pak for Data as a Service data fabric solution to learn about IBM's data fabric solution.
- See IBM Cloud services for a list of available services.
- HIPAA readiness is available for some regions and plans. See HIPAA readiness.
- See Security for Cloud Pak for Data as a Service for a complete list of security constraints available in Cloud Pak for Data as a Service.
- See Overview of Cloud Pak for Data as a Service to understand the architecture of the platform.
Parent topic: Getting started