To set up the watsonx platform for your organization, sign up for IBM watsonx.ai, upgrade to a paid plan, set up the services that you need, and add your users with the appropriate permissions.
IBM watsonx.ai on the watsonx platform includes cloud-based services that provide data preparation, data science, and AI modeling capabilities. The watsonx platform is protected by the same powerful security constraints that are available on IBM Cloud.
| Task | Location | Required Role | Description |
|---|---|---|---|
| Set up the IBM Cloud account | IBM Cloud | Account Owner | Set up a paid account. |
| Manage users and access | IBM Cloud | Administrator | Invite users to join the account, create user access groups, and assign roles or access groups to users to provide access. |
| Set up IBM Cloud Object Storage for use with IBM watsonx | IBM Cloud and IBM watsonx | Administrator | Create a test project to initialize IBM Cloud Object Storage and set the location to Global in each user's profile. |
| Set up the watsonx.ai Studio and watsonx.ai Runtime services | IBM Cloud and IBM watsonx | Administrator | Upgrade to a paid plan. |
| Create the Platform assets catalog | IBM watsonx | Administrator or Manager role for the Cloud Pak for Data service | Add connections to the platform assets catalog for use by collaborators. Also provides storage for AI use case inventories. |
| Set up watsonx.governance | IBM Cloud and IBM watsonx | Administrator or Editor | Create access policies and assign roles to users. |
| Configure firewall access (if necessary) | IBM watsonx and cloud provider firewall configuration | Administrator | Configure inbound access through a firewall. |
| Optional. Configure security mechanisms | IBM Cloud | Administrator | IBM watsonx has five security levels to ensure that data, application endpoints, and identity are protected. For a list of common security mechanisms, see Common security mechanisms. |
| Optional. Connect to data behind a firewall | IBM Cloud | Administrator | Securely connect to databases that are hosted behind a firewall. |
| Optional. Configure integrations with other cloud platforms | IBM Cloud and IBM watsonx | Administrator | Connect to services on other cloud platforms. |
Common security mechanisms
As an IBM Cloud account owner or administrator, you set up security for the account by providing single sign-on, IAM role-based access control, secure communication, and other security constraints.
Following are common security mechanisms for the IBM watsonx platform:
- Encrypt your instance with your own key. See Encrypt your IBM Cloud Object Storage instance with your own key.
- Use IBM Key Protect to encrypt key data assets in Cloud Object Storage. See Encrypting at rest data.
- Support single sign-on using SAML federation or Active Directory. See SSO with Federated IDs.
- Configure secure connections to databases that are behind a firewall. See Connecting to data behind a firewall
- Configure secure communication between services with Service Endpoints. See Private network service endpoints.
- Control access at the IP address level. See Allow specific IP addresses.
- Require personal credentials when creating connections. The default setting is shared credentials. See Managing your account settings.
Learn more
- HIPAA readiness is available for some regions and plans. See HIPAA readiness.
- See Security for IBM watsonx for a complete list of security constraints available in IBM watsonx.
- See Overview of watsonx to understand the architecture of the platform.
Parent topic: Getting started