IBM Cloud Data Guard Technology Preview

IBM Cloud Data Guard provides runtime memory encryption for applications to protect data in use. Cloud Data Guard is powered by Fortanix Runtime Encryption platform that uses Intel® SGX technology. Cloud Data Guard provides services and toolkits to transform containerized applications into protected counterparts enabling organizations with sensitive data to leverage cloud computing.

Bring Your Own App

The applications above are just examples. You can also run your own custom applications using Cloud Data Guard! Currently, the "Bring Your Own App" option supports applications delivered as a Docker container image.

Build a Docker image for your application

A tool is available to prepare your application's container to run using Cloud Data Guard. The tool can retrieve your container image from either a public registry or a private registry. If your application is not yet packaged as a Docker container image, instructions to build and upload a docker image are available here: https://docs.docker.com/get-started/part2/

Push your container image to a registry

Image references have the form <registry>/<repository>/<image-name>:<tag>. If the registry is not specified, the public hub.docker.com registry is assumed. If the tag (version) is not specified, latest is assumed.

Some examples: The image reference fortanix/sdkms-nginx refers to the image named sdkms-nginx in repository fortanix in the public hub.docker.com registry. The image reference myregistry.company.com:5000/testing/test-image:v2 refers to the image named test-image, version v2, in repository testing, in the private registry myregistry.company.com:5000.

Use our REST API

Our migration tool provides a REST API which you can use to create a new container image of your application image, secured using Runtime Encryption. The new image can be used in Cloud Data Guard just like the other featured apps, and with the same level of security. To use the REST API, simply:
  1. Submit a request to build your application:
    POST https://api.ibmdataguard.com/tools/build-app

    Sample JSON request body:

    {
    	"registry": "myregistry.company.com:5000",  // optional, default is hub.docker.com
    	"image": "testing/test-image:v2"            // repository, image name, and tag
    }

    Sample JSON response body:

    {
    	"newImage" : "registry.ibmdataguard.com/earlyaccess/test-image:latest"
    }
  2. The new image can be run in your Cloud Data Guard evaluation cluster.
If you encounter issues, please contact us using one of the contact methods below.

Example

To see the power of Cloud Data Guard, we provide a sample three-tier web application with all three tiers secured using Runtime Encryption.

Set up the sample application in your Kubernetes instance with the following command:

kubectl create -f https://www.ibmdataguard.com/files/demo/kubernetes/ewallet-sgx.yaml

This creates a pod with three containers: the application, an NGINX frontend, and a MySQL backend.

Look up the node where the frontend is running with kubectl describe pod ewallet-sgx | grep ^Node:. Note that it may take a few minutes for the container to deploy and start.

You can access the sample application by navigating to the frontend node address in your web browser.

Build your own app

Coming soon