A Certified solution is the third and final level in the IBM Cloud Paks and Edge Computing ecosystem program, following Compatible and Verified. To achieve this level, partners have to demonstrate that their solution is enterprise ready, secure, quality assured, and lifecycle managed, to IBM Cloud Pak requirements.
Red Hat Image and Operator certifications are prerequisites to the Certified for IBM Cloud Paks process. IBM deploys the solution in an OpenShift cluster and runs ~200 linter checks for Kubernetes and container best practices. IBM also reviews aspects of the solution architecture and documentation. Here are examples of the certification requirements that have to be met by the partner solution:
  • Data encryption in-flight and at-rest:
    • Encrypt all data in transit using TLS 1.2
    • Encrypt all data at rest
    • Store secrets in an approved service
  • Network protection and implementation:
    • Only expose required ports/services from each container
    • Limit traffic between pods
    • Containers do not communicate with the host
  • Limit security privilege:
    • Run with a restricted security context constraint (SCC)
    • Provide custom SCC with exact security context
    • Provide mechanism to track all components of a workload
  • Keys and certificate implementation and management:
    • Use a key management system
    • Support key rotation
    • Allow customer-provided keys
    • Provide the ability to replace customer keys
    • Use an approved certificate manager
    • Products must support certificate rotation
    • Must follow best practices for Public Key Infrastructure
    • Allow customer-provided certificates
    • Ability to replace customer certificates
Detailed instructions for how to meet these requirements are provided on the subsequent pages of this guide. To get started certifying your solution, click the Next button below.
Copy link