Master Data Management on Cloud Managed Service

Product Documentation

Abstract

IBM® Master Data Management on Cloud Managed (MDM on Cloud Managed) provides IBM InfoSphere® Master Data
Management (InfoSphere MDM) Advanced Edition on the IBM SoftLayer global cloud infrastructure where IBM takes care of the infrastructure and security of the cloud service.

Offering the rich features of an on-premises MDM deployment without the cost, complexity, and risk of managing the infrastructure and security.

Content

Chapter 1 - Overview
Chapter 2 - Accessing the Cloud Service
Chapter 3 - Access Management and User Permissions
Chapter 4 - Loading Data or files into you Cloud Service
Chapter 5 - Available Programmatic Interfaces
Chapter 6 - Shared Storage and log file access
Chapter 7 - Backup and Recovery Options
Chapter 8 - Patching and Upgrading
Chapter 9 - Access Restrictions
Chapter 10 - How to get Support
Chapter 11 - Security and Compliance
Chapter 12 - Disaster Recovery
Chapter 13 - Non-Production (dev/test) Details
Chapter 14 - Additional Resources and FAQ

Chapter 1 - Overview and Architecture

Based on IBM InfoSphere® Master Data Management Advanced Edition ("MDM"), MDM on Cloud Managed is a solution that comes preinstalled and ready to run in small, medium, large and extra extra large server configurations.

Depending on the configuration MDM on Cloud Managed can also include capabilities from IBM Business Process Manager ("BPM") and IBM InfoSphere Information Server ("IIS"). MDM Managed provides a cost-effective entry point to MDM and a path to easily add new environment(s).

Each data center facility where MDM on Cloud Managed is provisioned has the same specifications regarding quality deployment and management methodologies. Leveraging the standardization across all geographic locations, IBM optimizes key data center performance variables such as space, power, network, personnel, and internal infrastructure.

The following diagram is a responsibility comparison between the MDM managed cloud service responsibilities and traditional on-premises solution. What is important to understand is that while the IBM managed team takes care of the majority of the cloud service, the management of the MDM application / solution including the data is a shared responsibility. Application wise IBM is deploying changes and performing maintenance of the application. Additional MDM services like solution and / or application development or implementation assistance are available as add-ons for an additional fee.

IBM responsibilities include:

Actively monitor and resolve any issues that are encountered with the cloud service.
Maintain the software platform, Master Data Management and the operating system, to meet security standards.
Maintain software firewalls on servers that face the internet to provide the required protection.
Provide user access to the cloud service once the cluster is provisioned, by sharing the web address, username, and password.
Ensure the continuity, compatibility, and performance of the cloud service by installing only permissible software, including any open source packages, and apply patches and upgrades to the cloud service environment and operating system.
Create and maintain regular backups of data.

Client responsibilities include:

Submitting problems/requests/tickets electronically through the proper support system
Keeping issues separate (questions, problems or changes requests) and focus on one issue per ticket, incident or case
Selecting a Severity based on your judgment of the business impact
User testing: testing and coordination after an environment update, fix, change, development artifact, customization or extension is applied resulting from a ticket, or after scheduled maintenance.
Providing timely feedback and keeping IBM informed, so the IBM support team can close out the issue when it has been resolved. If the issue reoccurs, or you want to request a change rollback/back out, you may reopen the original support ticket, incident or case by resubmitting it electronically.
Coordination and communication: IBM will notify the designated contacts it’s up the client for further that communication to additional users regarding usage, upcoming maintenance and outage windows.
Troubleshooting and fix validation: working with IBM to help reproduce problems including debugging and tuning your application.
Development of the application: Customizations, development artifacts, integrations, and testing MDM, IIS or ISC applications.
Setup and Definition: Maintenance of all LDAP users and groups related to any MDM application solutions
Change requests: logging of change request tickets in which you provide IBM enough notice including a recommended 2-hour deployment window, relevant change files, documentation/instructions, rollback plan, additional names for notification, and test results for the change request (includes extensions, development artifacts, CBAs, DB2 scripts, .jar file updates, job file and project file updates).
Ongoing management of the applications and data including the quality and performance of programs, applications, and jobs that are developed for IBM MDM on Cloud Managed

Multiple servers are provisioned including various technical specifications for each machine, the following is representation only of a typical software stack including servers details that will be provisioned as part of the cloud service.

NOTE: Configurations and specifications are subject to change as required, exact details will be shared with Clients in the welcome letter.

High Level Architecture (Small, Medium, Large and XXL Configurations):

Each of the small, medium, large and XXL configurations are Highly available configurations, see below technical specifications for additional details as well as the Service Description link found in Chapter 14 - Additional Resources and FAQ to see what each of the environments are rated for in terms of workload.

Machine Specification and Software Stack (Production offerings):

_{Machine Name}	_Small	_Medium	_Large	_{Extra Extra Large}	_{Software Stack}
_{MDM primary server}	_{4 core, 2 nodes, 16 GB memory per} _{node, 2 disks 100GB + 300GB SAN disk} _{virtual machines}	_{8 core, 2 nodes, 32 GB memory per} _{node, 2 disks 100GB + 300GB SAN disk} _{virtual machines}	_{12 core, 2 nodes, 64 GB memory per} _{node, I TB SATA Bare metal machines}	_{24 Cores,}_{2 nodes,}_{2.60 GHz 256 GB RAM, Red Hat Enterprise Linux 7.x (64 bit) - Disk controller - RAID 1 960 GB SSD x 2 Network interface 10 Gbps Redundant Public & Private Network}	_{InfoSphere MDM Advanced Edition 11.6.x,} _{IBM WebSphere® Application Server 9}
_{MDM secondary server}	_{4 core, 2 nodes, 16 GB memory per} _{node, 2 disks 100GB + 300GB SAN disk} _{virtual machines}	_{8 core, 2 nodes, 32 GB memory per} _{node, 2 disks 100GB + 300GB SAN disk} _{virtual machines}	_{12 core, 2 nodes, 64 GB memory per} _{node, I TB SATA Bare metal machines}	_{24 Cores, 2.60 GHz 256 GB RAM Red Hat Enterprise Linux 7.x (64 bit) - Disk controller - RAID 1 960 GB SSD x 2 Network interface 10 Gbps Redundant Public & Private Network}	_{InfoSphere MDM Advanced Edition 11.6.x} _{WebSphere® Application Server 9}
_{MDM database}	_{4 core, 1 node, 32 GB per node, 100 +1} _{SAN disk 1TB virtual machines}	_{8 core, 1 node, 64 GB per node, 100+1} _{SAN disk 2TB virtual machines}	_{12 core, 1 node, 256 GB per node, 5} _{disk: Each 1.7TB SSD + Raid controller} _{Bare metal machines}	_{64 Cores, 2.10 GHz 6144 GB RAM Red Hat Enterprise Linux 7.x (64 bit) Disk controller - RAID 10 960 GB SSD x 24}	_{IBM DB2® 11.1.x}
_{MDM database (standby)}	_{4 core, 1 node, 32 GB per node, 100 +1} _{SAN disk 1TB virtual machines}	_{8 core, 1 node, 64 GB per node, 100+1} _{SAN disk 2TB virtual machines}	_{12 core, 1 node, 256 GB per node, 5} _{disk: Each 1.7TB SSD + Raid controller} _{Bare metal machines}	_{64 Cores, 2.10 GHz 6144 GB RAM Red Hat Enterprise Linux 7.x (64 bit) Disk controller - RAID 10 960 GB SSD x 24}	_{IBM DB2® 11.1.x}
_{IBM Business Process Manager primary}	_{8 core, 1 node, 32 GB per node, 100+ 1} _{SAN disk 1TB virtual machines}	_{8 core, 1 node, 64 GB per node, 100+ 1} _{SAN disk 2 TB virtual machines}	_{16 core, 1 node, 64 GB per node, 5} _{disk: Each 1.7TB SSD + Raid controller} _{Bare metal machines}	_{24 Cores, 2.60 GHz 256 GB RAM Red Hat Enterprise Linux 7.x (64 bit) 1 - Disk controller - RAID 5 960 GB SSD x 4 Network interface 10 Gbps Redundant Public &}	_{IBM Business Process Manager 8.6, IBM} _{WebSphere® Application Server 8.5.x, IBM} _{DB2® 11.1.x}
_{IBM Business Process Manager secondary}	_{8 core, 1 node, 32 GB per node, 100+ 1} _{SAN disk 1TB virtual machines}	_{8 core, 1 node, 64 GB per node, 100+ 1} _{SAN disk 2 TB virtual machines}	_{16 core, 1 node, 64 GB per node, 5} _{disk: Each 1.7TB SSD + Raid controller} _{Bare metal machines}	_{24 Cores, 2.60 GHz 256 GB RAM Red Hat Enterprise Linux 7.x (64 bit) 1 - Disk controller - RAID 5 960 GB SSD x 4 Network interface 10 Gbps Redundant Public &}	_{IBM Business Process Manager 8.6, IBM} _{WebSphere® Application Server 8.5.x, IBM} _DB2®11.1
_{InfoSphere Information Server}	_{8 core, 1 node, 32 GB per node, 2 SAN} _{disk (100GB +500GB) 1TB virtual} _machines	_{8 core, 1 node, 32 GB per node, 2 SAN} _{disk (100GB +500GB) 1TB virtual} _Machines	_{8 core, 1 node, 32 GB per node, 5 disk:} _{Each 1.7TB SSD + Raid controller} _{Bare metal machines}	_{Not included as part of this configuration}	_{IBM InfoSphere Information Server 11.7.x,} _{IBM WebSphere® Application Server,} _{IBM DB2®}
_{InfoSphere Information Server}	_{8 core, 1 node, 32 GB per node, 2 SAN} _{disk (100GB +500GB) 1TB virtual} _machines	_{8 core, 1 node, 32 GB per node, 2 SAN} _{disk (100GB +500GB) 1TB virtual} _machines	_{8 core, 1 node, 32 GB per node, 5 disk:} _{Each 1.7TB SSD + Raid controller} _{Bare metal machines}	_{Not included as part of this configuration}	_{IBM InfoSphere Information Server 11.7.x,} _{IBM WebSphere® Application Server,} _{IBM DB2®}
_{IBM Spectrum Protect Server}	8 core, 1 node, 64 GB per node, 100GB + 4TB SAN disk + 1 TB Performance ( 4000 IOPS ) _virtual machines	_{8 core, 1 node, 64 GB per node, 100GB} _{+ 8TB SAN disk + 1 TB Performance} _{( 6000 IOPS ) virtual machines}	_{12 core, 1 node, 128 GB per node, 6} _{disk: Each 1.7TB SSD , 8 TB SATA +} _{Raid controller for SSD, Bare metal} _machines	_{Intel Xeon E5-2690 v3 24 Cores, 2.60 GHz 512 GB RAM Red Hat Enterprise Linux 7.x (64 bit) Disk controller - RAID 1 1.9 TB SSD x 2 Network interface 10 Gbps Redundant}	_{IBM Spectrum Protect Server, IBM DB2®}
_{Cloud Object Storage}	_{2 TB}	_{5 TB}	_{10 TB}	_{30 TB}
_{FreeIPA/LDAP Primary Server}	_{2 Cores, memory: 4096 disks: 100 + 100 GB}	_{2 Cores, memory: 4096 disks: 100 + 100 GB}		_{4 Cores, 3.50 GHz 8 GB RAM Red Hat Enterprise Linux 7.x (64 bit) Disk controller - RAID 1 960 GB SSD x 2 Network interface 1 Gbps Redundant}
_{FreeIPA /LDAP Secondary Server}	_{2 Cores, memory: 4096 disks: 100 + 100 GB}	_{2 Cores, memory: 4096 disks: 100 + 100 GB}		_{4 Cores, 3.50 GHz 8 GB RAM Red Hat Enterprise Linux 7.x (64 bit) Disk controller - RAID 1 960 GB SSD x 2 Network interface 1 Gbps Redundant}

High Level Architecture (Dev/Test):

The small dev/test environments include the following server configurations as example:

image-20190613085723-1

Machine Specification and Software Stack (DEV/TEST):

_{Machine Name}	_Small	_Medium	_{Software Stack}
_{MDM Server 1}	_{16 core, 1 node, 64 GB memory per node, 2 disks 100GB + 2000GB SAN disk} _{virtual machines}	_{16 core, 1 nodes, 64 GB memory per node, 2 disks 100GB + 2000GB SAN disk} _{virtual machines}	_{InfoSphere MDM Advanced Edition 11.6.x,} _{IBM WebSphere® Application Server 9.0.x, DB2 Server 11.1.x, IBM IM 1.8.x, RAD, 9.6, IBM MDM workbench 11.6.x} _{*contains 2 MDM installations (dev & qa)}
_{MDM Server 2}	_{16 core, 1 node, 64 GB memory per node, 2 disks 100GB + 2000GB SAN disk} _{virtual machines}	_{16 core, 1 nodes, 64 GB memory per node, 2 disks 100GB + 2000GB SAN disk} _{virtual machines}	_{InfoSphere MDM Advanced Edition 11.6.x,} _{IBM WebSphere® Application Server 9.0.x, DB2 Server 11.1.x, IBM IM 1.8.x, RAD, 9.6, IBM MDM workbench 11.6.x} _{*contains 2 MDM installations (dev & qa)}
_{MDM Server 3}		_{16 core, 1 nodes, 128 GB memory per node, 2 disks 100GB + 2000GB +1.5 TB storage} _{virtual machines}	_{InfoSphere MDM Advanced Edition 11.6.x,} _{IBM WebSphere® Application Server 9.0.x, DB2 Server 11.1.x, IBM IM 1.8.x, RAD, 9.6, IBM MDM workbench 11.6.x} _{*contains 2 MDM installations (dev & qa)}
_{BPM Server}	_{16 core, 1 node, 64 GB memory per node, 2 disks 100GB + 500GB SAN disk} _{virtual machines}	_{16 core, 1 nodes, 64 GB memory per node, 2 disks 100GB + 500GB SAN disk} _{virtual machines}	_{IBM Business Process Manager 8.6, IBM WebSphere Application Server 8.5.x, IBM Db2 Express}
_{Information Server}	_{8 core, 1 node, 32 GB per node, 100 +500GB SAN disk} _{virtual machines}	_{8 core, 1 node, 32 GB per node, 100+500GB SAN disk} _{virtual machines}	_{IBM Information Server 11.7.x, IBM WebSphere Application Server 9.0.x, IBM Db2 11.1.x}
_{Windows Development Client(s)} _{x2 small} _{x5 for medium}	_{8 core, 1 node, 32 GB per node, 100+ 1} _{SAN disk 1TB virtual machines}	_{8 core, 1 node, 64 GB per node, 100+ 1} _{SAN disk 2 TB virtual machines}	_{IBM Information Server Clients 11.7.x, BPM Designer Clients 8.6, IBM Installation Manager 1.8.5, RAD 9.6, IBM MDM workbench 11.6.0.x}

* Note by default a backup server (Spectrum Protect) is not included for the dev/test services, however can be optionally added on for an additional monthly charge.

* Note above is the MDM software installed in the cloud, please see the below reference table for clarity.

Supporting Programs (On-Prem)	MDM Managed Entitlement	Remarks/Comments
IBM Business Process Manager	Y	Will be replaced by Business Automation Workflow in future versions
IBM Business Automation Workflow	Y	BAW v19 with future MDM Managed releases
IBM Content Integrator	N	MDM CE supporting program; not applicable for MDM Managed AE/SE
IBM DB2 Enterprise Server Edition	Y
IBM Cognos Business Intelligence	N
IBM InfoSphere Information Server	Y
IBM Integration Bus Healthcare Pack	N
IBM Integration Bus Express Edition	N	Part of the Healthcare Pack n/a
IBM Watson Explorer	N	used for flex search in SE; optional implementation, needs its own server
IBM Rational Application Developer for WebSphere Software	Y	This is a developer tool and installed in cloud services designated as "Dev/test" only
IBM WebSphere Application Server Network Deployment	Y	available in production and the QA environment of the "Dev/test" cloud service
IBM WebSphere Application Server Base v9.0	Y	available in dev/test non-prod only
IBM WebSphere MQ client & IBM Websphere MQ Server	Y	Only supporting the installation of the WebSphere MQ client and not the server; Client has the option to connect to their own WebSphere MQ server
IBM Installation Manager & IBM Packaging Utility for Rational Software Development Platform	Y
IBM Security Directory Server	N	MDM Managed comes with with a Identity Management (IDM) LDAP (FreeIPA)
IBM InfoSphere Big Match for Hadoop	N
IBM WebSphere Liberty Core	N	part of BigMatch, embedded program n/a
IBM Entity Insight	N
IBM MDM Publisher	N
IBM MDM Connect	N	previously Operational Cache

Chapter 2 - Accessing the Cloud Service

Once the Cloud Service has been provisioned and clients have received their welcome letter(s) the environment is ready for use including configuration and code deployment. The first step is that clients will work with the Operations and Support team in order to establish initial VPN connectivity.

Exact details on URLs and IP addresses for accessing each of the services are provided as part of the Welcome letter clients will receive after the MDM managed environment is provisioned and ready for use.

NOTE: In the welcome letter the servers will have two sets of hostnames as shown below as example.

Connectivity from a Client environment would be either on the internal or the non-internal depending on the way the Clients VPN endpoint is configured.

For the majority of the Clients, this is done on the non-internal interfaces.

Connectivity between cluster members (ie from engine to WebSphere) is on the internal hostnames.

NOTE: Please use either the internal or external URL’s depending upon your VPN setup

MDM Applications:
WebSphere Admin Console*	Internal: https://<orderid>-<s-m-l->-mdmp.<orderid>.internal.iacs.ibm.com:9043/admin External: https://<orderid>-<s-m-l->-mdmp.<orderid>.iacs.ibm.com:9043/admin

MDM Administration Services	Internal: https://mdm.<orderid>.internal.iacs.ibm.com:1025/CustomerBusinessAdminWeb External: https://mdm.<orderid>.iacs.ibm.com:1025/CustomerBusinessAdminWeb

IBM InfoSphere MDM Inspector	Internal: https://mdm.<orderid>.internal.iacs.ibm.com:1025/inspector External: https://mdm.<orderid>.iacs.ibm.com:1025/inspector

IBM®Initiate®Web Reports	Internal: https://mdm.<orderid>.internal.iacs.ibm.com:1025/webreports External: https://mdm.<orderid>.iacs.ibm.com:1025/webreports

IBM InfoSphere MDM Consent Management	Internal: https://mdm.<orderid>.internal.iacs.ibm.com:1025/mdmconsent External: https://mdm.<orderid>.iacs.ibm.com:1025/mdmconsent

IBM®Initiate®Enterprise Viewer	Internal: https://mdm.<orderid>.internal.iacs.ibm.com:1025/accessweb External: https://mdm.<orderid>.iacs.ibm.com:1025/accessweb

BPM Applications:
WebSphere Admin Console*	Internal: https://<orderid>-<s-m-l->-bpmp.<orderid>.internal.iacs.ibm.com:9043/admin External: https://<orderid>-<s-m-l->-bpmp.<orderid>.internal.iacs.ibm.com:9043/admin

BPM Process Admin Console / IBM Stewardship Center	Internal: https://bpm.<orderid>.internal.iacs.ibm.com:1025/ProcessPortal External: https://bpm.<orderid>.iacs.ibm.com:1025/ProcessPortal

BPM Process Admin Console	Internal: https://bpm.<orderid>.internal.iacs.ibm.com:1025/ProcessAdmin External: https://bpm.<orderid>.iacs.ibm.com:1025/ProcessAdmin

IIS Applications:
WebSphere Integrated Solutions Console	Internal: https://iis.<orderid>.internal.iacs.ibm.com:9043/admin External: https://iis.<orderid>.iacs.ibm.com:9043/admin

IBM InfoSphere Information Server	Internal: https://iis.<orderid>.internal.iacs.ibm.com:9446/ibm/iis/launchpad/ External: https://iis.<orderid>.iacs.ibm.com:9446/ibm/iis/launchpad/

IDM/LDAP:
Primary IDM/Freeipa	Internal: https://<orderid>-<s-m-l->-idp1.<orderid>.internal.iacs.ibm.com/ipa/ui/ External: https://<orderid>-<s-m-l->-idp1.<orderid>.iacs.ibm.com/ipa/ui/
Secondary IDM/Freeipa	Internal: https://<orderid>-<s-m-l->-idp2.<orderid>.internal.iacs.ibm.com/ipa/ui/ External: https://<orderid>-<s-m-l->-idp2.<orderid>.iacs.ibm.com/ipa/ui/

*Administration purposes only and may be blocked

For full details on how to use IBM® Master Data Management product please refer to the product documentation link available in Chapter 14 - Additional Resources and FAQ

The out of the box cloud service provides HTTPS access to relevant application user interfaces, including MDM, BPM, LDAP (restricted to user groups) and if applicable IIS. No access is provided for OS level root access and / or software administrative console(s).

The MDM Managed Cloud Service restricts SSH root level access. For environments not designated as dev/test, access to administrative software consoles is also restricted.

More details regarding access restrictions for this Cloud Service please see section Chapter 9 - Access Restrictions and section 5.5 in the Service Description link found in Chapter 14 - Additional Resources and FAQ

MDM Managed Cloud Services comes with an integrated LDAP service. Access to various services are controlled via the LDAP service. For more information regarding the LDAP service and associated customizations see Chapter 3 - Access Management and User Permissions.

Chapter 3 - Access Management and User Permissions

A stand-alone Identity Management (IDM) LDAP configuration is provisioned as part of this Cloud Service. The IDM will be used for monitoring and controlling the IBM managed service access as well as for client self-serve capabilities to add users and granting permission to MDM user roles. Additional user administration for example modifying, deleting of users, creation of new groups or roles can be accomplished by logging a support ticket with the managed operations and support team for assistance. When the cloud service provisioning is complete a limited administrative user will be created by IBM for the cloud service and the details will be provided in the welcome letter.

IBM provides the ability to leverage IdM's native capability to synchronize the Cloud based LDAP service with Client's on-premises Active Directory("AD"). There are options available including support for SAML 2.0 authentication to the various web application. For implementation and discussions (including restrictions) please discuss with your Cloud Services Coordinator.

Clients typically will work with the Analytics Cloud Service Operations and Support for initial configuration and information on setting up new users, for self-help options please see the following link to add users to the Cloud LDAP -> How to: Create users in the managed cloud service LDAP

Additional details regarding the LDAP Directory for this Cloud Service please see section 5.2 in the Service Description link found in Chapter 14 - Additional Resources and FAQ

**Please note for authentication to the any of the dev/test windows servers or services via the use of an LDAP or on-premises directory integration is not supported. Local userid's must be used for these clients. Additional userid's can be created on request.

The following document outlines the procedures for clients to request additional access to the Cloud Service.

For additional details see the link on User Access Management Procedures found in Chapter 14 - Additional Resources and FAQ

Chapter 4 - Change Management and Loading data or files

Clients expect their environment to be compliant with IBM security policies and external compliance regulations. IBM adheres to a change request process to keep our Client’s systems safe and highly available. IBM will provide a Secure File Transport (SFTP) service in order to facilitate file transfers for loading or extracting data from the Cloud Service.

In order to facilitate requests for configuration or changes (including loading files like customizations or extensions) to the Cloud Service please see the Change Management documentation link found in Chapter 14 - Additional Resources and FAQ

Examples requests, process flow and timing details for (critical and non-critical) change requests see the Change Request Details documentation link found in in Chapter 14 - Additional Resources and FAQ

Chapter 5 - Available Programmatic Interfaces

Included in the Managed Cloud Service are various programmatic interfaces including HTTPS (for application access), Web Services and JMS over HTTPS (for on premises application to Cloud IS/MDM integration) and a secure file transport service for loading data into MDM. Client's have a choice of integration methods to consume these services via an Application Programming Interface ("API"); Web Services or JMS.

Rest API access over HTTPS
JMS over HTTPS

Chapter 6 - Shared Storage and log file access

Application level log files can be shared via SFTP shared storage, requests for access can be logged with the managed cloud service operations and support team.

IBM will provide a Secure File Transport service (SFTP access) in order to facilitate file transfers for loading or extracting data from MDM or Information Server.

SFTP Shared storage for uploading files for batch MDM loads
ability to customize MDM batch scheduler through by logging a ticket

Chapter 7 - Backup and Recovery Options

If the cloud service is not designated as dev/test or entitlement to an add-on daily backup service for dev/test exists, two instances of IBM Spectrum Protect server are configured on a dedicated machine for each deployment of the service.

Daily incremental scheduled file system backups (recommended files), daily incremental database backups are provided. Full database backups are provided on a weekly basis. Minor disruptions may occur during the backups, (scheduled during off hours). Some of the services need to be restarted in order to ensure backup consistency for in-flight transactions are captured properly. Periodically, backup files will be remotely stored in IBM Cloud Object Storage and retained for up to 28 days. Clients will be able to request through the operations and support team up to two backup/restores per month.

Default Backup Policies

Db2 databases - Full, incremental & transaction log backup
WebSphere Application Server profiles - deployment Manager, App Server & Proxy Server profile backup
Others - Configuration & properties files, iptables, certificate, keystore etc

Additional restores or increased system backup frequency greater than on a daily basis can be performed under a separate Statement of Work for an additional charge.

For custom content beyond the default backup policy clients can log a ticket to request additional files/directories to be included in the backup schedule.

Snapshot or Windows backup are not provided.

Additional details regarding Backup and Restore for this Cloud Service please see section 5.3 in the Service Description link found in Chapter 14 - Additional Resources and FAQ

Chapter 8 - Patching and Upgrading

Cloud Service Major and Minor updates or patches will be evaluated for installation within a monthly maintenance window. Two weeks prior to the maintenance window, IBM will publish the list of Major and Minor updates being applied along with a brief description of the updates. During the maintenance window, the Cloud service may be unavailable.

If required, IBM will notify the Client that the Cloud Services will not be available during the maintenance window. Where possible, IBM will minimize Service disruptions for maintenance activities, with a monthly downtime goal to not exceed four (4) hours.

Additional details regarding Cloud Service Environment Updates please see section 5.1 in the Service Description link found in Chapter 14 - Additional Resources and FAQ

Chapter 9 - Access Restrictions

Since IBM is managing the Cloud Service, certain limitations and access restrictions are in place depending on the cloud service. For example, IBM is not providing direct access to the individual servers, OS level, or application admin consoles for MDM, WebSphere Application Server, BPM, Information Server, LDAP or DB2;

For offerings not designated as dev/test, No direct SSH access to servers
No root passwords or IP addresses provided
Dev/Test environments will allow administrative access to dev tooling and GUIs/Consoles like WebSphere Application Server (WAS), Db²

Additional details regarding Access Restrictions for this Cloud Service please see section 5.5 in the Service Description link found in Chapter 14 - Additional Resources and FAQ

Chapter 10 - How to get Support

The Analytics Cloud Operations Support team is available to help with technical issues with the MDM managed cloud service, once the environment has been provisioned and a welcome letter sent IBM will assign a Cloud Service Coordinator (CSC) support team that will provide:

single point of Client contact for incident and change management oversight;
guide the client through the on-boarding process and how to open a support ticket.
management of maintenance intervals;
monitoring of problem or failure events, tracking events to closure and root cause analysis for Severity 1 outages;
monthly service level objective reporting; and
monitoring and tracking trouble tickets to resolution.

The CSC support team conducts operating service reviews through weekly status meetings with the Client to review incidents and change management.

For additional details on Support see the link for Cloud Service Support Guide found in Chapter 14 - Additional Resources and FAQ

Chapter 11 - Security and Compliance

IBM manages the infrastructure (network, storage and compute resources) applies fixes to the application and maintains the IBM software, IBM is also responsible for the security and privacy controls for this Cloud Service. The measures implemented and maintained by IBM within this Cloud Service are subject to annual certification of compliance with ISO 27001.

Evidence of stated compliance and accreditation, such as certifications or attestations can be downloaded from here -> https://www.ibm.com/cloud/compliance/global.

Direct link for current ISO 27001 certification -> https://www.ibm.com/support/pages/sites/default/files/inline-files/$FILE/saas_27k_ver0.pdf

For additional details review any of the following sites available in Chapter 14 - Additional Resources and FAQ

1. IBM Master Data Management on Cloud Managed - Offering Security data sheet

2. IBM Cloud Compliance

3. IBM Data Security and Privacy Document for IBM Cloud Services

4. IBM Cloud Services Agreement

Chapter 12 - Disaster Recovery

In the event of an IBM declared Disaster, IBM will communicate with Client on an hourly basis as to the status of the recovery process, including progress regarding the Recovery Time Objective (RTO) and Recovery Point Objective (RPO).

IBM will provide a projected RTO and RPO, based on the clients existing cloud service subscription, to perform recovery activities for Cloud Service Environment(s).

Additional details in the Service Description link found in Chapter 14 - Additional Resources and FAQ

Out of the BOX the (Small, Medium, Large and XXL) cloud service configurations allow for Seven (7) day Recovery Time Objective and (1) day / 24 hours Recovery Point Objective.

However, optional add-on services can be purchased to improve recovery objectives. For additional details on the published RTO/RPO improvements these services offer review Section 1.2 in the Service Description link found in Chapter 14 - Additional Resources and FAQ

An annual validated business continuity and disaster recovery test is included with the cloud service optional DR subscription. Additional frequency testing and validation greater than on an annual basis can be performed under a separate Statement of Work for an additional charge.

Please note if the Cloud Service Environment is designated as dev/test unavailability of the environment will be treated as a Severity 3 support case and
resolve the issue by way of restoring to the last known working backup or reinstalling.

Chapter 13 - Non-Production (dev/test) details

The Managed (dev/test) plan offers MDM installed into a virtualized environment. It is suitable as an environment for development, customization, and functional testing of MDM and related processes. The dev/test cloud service includes two shared MDM runtime instances: one for development integration testing and a second for QA testing.

The Small dev/test contains 7 virtual machines with the following software:

• Two MDM developer virtual machines. Each developer machine contains MDM, WebSphere Application Server, DB2, Rational® Application Developer, and the MDM workbench. Two instances of MDM Advanced Edition runtime.

• One IBM BPM Process Center & Process Server on one virtual machine

• One IBM Information Server virtual machine

• One FreeIPA Cloud LDAP virtual machine

• Two Windows client machines with MDM workbench, BPM Designer and IIS Client installed.

To get started with the dev/test cloud service please see the following document for setting up Rational Application Developer ("RAD")

https://www.ibm.com/support/pages/how-setup-rational-application-developer-master-data-management-cloud-managed

Application URL’s
Please use the internal or external URL’s depending upon your VPN setup
Developer
MDM Applications:
WebSphere Admin Console*	Internal: https://<orderid>-ds-mdc1.<orderid>.internal.iacs.ibm.com:9043/admin External: https://<orderid>-ds-mdc1.<orderid>.iacs.ibm.com:9043/admin

MDM Administration Services	Internal: https://<orderid>-ds-mdc1.<orderid>.internal.iacs.ibm.com:9443/CustomerBusinessAdminWeb External: https://<orderid>-ds-mdc1.<orderid>.iacs.ibm.com:9443/CustomerBusinessAdminWeb

IBM InfoSphere MDM Inspector	Internal: https://<orderid>-ds-mdc1.<orderid>.internal.iacs.ibm.com:9443/inspector External: https://<orderid>-ds-mdc1.<orderid>.iacs.ibm.com:9443/inspector

IBM®Initiate®Web Reports	Internal: https://<orderid>-ds-mdc1.<orderid>.internal.iacs.ibm.com:9443/webreports External: https://<orderid>-ds-mdc1.<orderid>.iacs.ibm.com:9443/webreports

IBM InfoSphere MDM Consent Management	Internal: https://<orderid>-ds-mdc1.<orderid>.internal.iacs.ibm.com:9443/mdmconsent/ External: https://<orderid>-ds-mdc1.<orderid>.iacs.ibm.com:9443/mdmconsent/

IBM®Initiate®Enterprise Viewer	Internal: https://<orderid>-ds-mdc1.<orderid>.internal.iacs.ibm.com:9443/accessweb External: https://<orderid>-ds-mdc1.<orderid>.iacs.ibm.com:9443/accessweb

BPM Applications:
WebSphere Admin Console*	https://<orderid>-ds-bdpc.<orderid>.internal.iacs.ibm.com:9043/admin

BPM Process Admin Console / IBM Stewardship Center	https://<orderid>-ds-bdpc.<orderid>.internal.iacs.ibm.com:9443/ProcessPortal

BPM Process Admin Console	https://<orderid>-ds-bdpc.<orderid>.internal.iacs.ibm.com:9443/ProcessAdmin

BPM Process Center	https://<orderid>-ds-bdpc.<orderid>.internal.iacs.ibm.com:9443/ProcessCenter

IIS Applications:
WebSphere Integrated Solutions Console	https://<orderid>-ds-iisd.<orderid>.internal.iacs.ibm.com:9043/admin

WebSphere IIS Console	https://<orderid>-ds-iisd.<orderid>.internal.iacs.ibm.com:9446/ibm/iis/console

IBM InfoSphere Information Server	https://<orderid>-ds-iisd.<orderid>.internal.iacs.ibm.com:9446/ibm/iis/launchpad/

QA
MDM Applications:
WebSphere Admin Console*	https://<orderid>-ds-mdc1.<orderid>.internal.iacs.ibm.com:9044/admin

MDM Business Administration Services	https://<orderid>-ds-mdc1.<orderid>.internal.iacs.ibm.com:9445/CustomerBusinessAdminWeb

IBM InfoSphere MDM Inspector	https://<orderid>-ds-mdc1.<orderid>.internal.iacs.ibm.com:9445/inspector

IBM®Initiate®Web Reports	https://<orderid>-ds-mdc1.<orderid>.internal.iacs.ibm.com:9445/webreports

IBM InfoSphere MDM Consent Management	https://<orderid>-ds-mdc1.<orderid>.internal.iacs.ibm.com:9444/mdmconsent/

IBM®Initiate®Enterprise Viewer	https://<orderid>-ds-mdc1.<orderid>.internal.iacs.ibm.com:9445/accessweb

BPM Process Server Application:
WebSphere Admin Console*	https://<orderid>-ds-bdpc.<orderid>.iacs.ibm.com:30001/admin

BPM Process Admin Console / IBM Stewardship Center	https://<orderid>-ds-bdpc.<orderid>.internal.iacs.ibm.com:30026/ProcessPortal

BPM Process Admin Console	https://<orderid>-ds-bdpc.<orderid>.internal.iacs.ibm.com:30026/ProcessAdmin

For additional details see the link on User Access Management Procedures found in Chapter 14 - Additional Resources and FAQ

Chapter 14 - Additional Resources and FAQ

Change Management Process -> http://www.ibm.com/support/docview.wss?uid=ibm10874428

User Access Management Procedures -> http://www.ibm.com/support/docview.wss?uid=ibm10874452

Configuration and Change Request Technical Details -> http://www.ibm.com/support/docview.wss?uid=ibm10874400

Service Description ("SD") -> https://www-03.ibm.com/software/sla/sladb.nsf/sla/sd-8168-05

Offering Security data sheet -> https://www.ibm.com/software/reports/compatibility/clarity-reports/report/html/softwareReqsForProduct?deliverableId=3FC503E0646911E89B7C7F20C63AA31F

Managed Support Guide -> https://www.ibm.com/support/home/pages/support-guide/?product=4017323

IBM Cloud Compliance -> https://www.ibm.com/cloud/compliance/global

Master Data Management documentation for version 11.6 -> https://www.ibm.com/support/knowledgecenter/SSWSR9_11.6.0/com.ibm.mdmhs.homepage.doc/mdm11.6_welcome.html

IBM Data Security and Privacy Principals ("DSP")->https://www-03.ibm.com/software/sla/sladb.nsf/sla/dsp?OpenDocument
IBM Cloud Services Agreement("CSA") -> https://www.ibm.com/support/customer/csol/contractexplorer/cloud/csa/us-en/10

1. What is the RTO/RPO for the managed service?

The out of the box offering allows for Seven (7) day Recovery Time Objective and (1) day / 24 hours Recovery Point Objective, optional add-on services are available for purchase to improve recovery objectives for business continuation. Additional details in the link for the Service Description found in Chapter 12 - Disaster Recovery

2. How does IBM perform patching and maintenance?

Refer to Chapter 8 - Patching and Upgrading of the User Guide

3. Is the out of the box MDM Managed offering High Availability (HA)?

Yes, the MDM Managed solution is HA, MDM is configured in an Active/Active architecture. Db2, BPM and Information Server (IIS) are configured in an Active/Passive architecture.

4. The UIs (Stewardship Center, Inspector, and workbench) we can all run as if they are on our network, right?

Stewardship Center and Inspector are provided, and the associated URLs are published "publicly" through the private VPN, i.e. they are available to the client within their environment through a standard URL but not through the public internet. Workbench is considered a development tool and currently only available with the dev/test offering.

5. What is the answer (architecturally) to handle messaging with WebSphere MQ not being included?

The offering supports JMS over HTTPS Out of the Box. Upon request, IBM will enable connectivity to the WebSphere MQ client in the managed service environment. WebSphere MQ as a managed service is considered a custom add on and would require a Statement of work (SOW) to provide support.

6. Where can I find warranty information for Managed MDM, including all conditions, resources, exclusions and time frames.

Please refer to the IBM Base Terms agreement (including the Cloud Services Agreement) and the specific details in the MDM Managed Service Description Additional details in the link for the Service Description found in Chapter 13 of the User Guide

7. For what period are major and minor product upgrades included in the purchase price of the product?

The MDM Managed is a subscription to a Managed Cloud Service, the current version installed and configured in the MDM Managed Cloud service is the latest release of MDM 11.6.x and IIS 11.7.x.

8. Describe the process and estimate the time required to install subsequent releases/versions of your product.

Three Levels of change control are defined within the Offering:

Immediate Patches: (for security/integrity issues)
-   Notification will be provided through the event management infrastructure of the patch update schedule
-   IBM will then process the change including stopping the service if required
-   Notification will be provided that the patch has been completed and the service is fully available
Monthly Patches: (fixes that don’t affect application functionality)
-   Notification will be provided 2 weeks prior to the monthly maintenance window of the update
-   Client has the ability to delay the patch within 7 days and for up to 45 days
-   Patch will be performed during the stated Monthly maintenance window
Updates: (fixes that may affect application functionality)
-   Notification will be provided 45 days prior to the monthly maintenance window of the update
-   Client has the ability to delay the update within 30 days for up to 6 months
-   Client has the responsibility for testing/making any required changes to their application or data

IBM will coordinate any Client initiated application changes with Clients (including scheduling of application/data updates)

Additional details in the link for the Service Description found in Chapter 13 of the User Guide

9. What is the (average) frequency of new releases and upgrades?

This can vary, please see description above (Q8) of estimated categories of changes.

10. What is your support policy on older software releases?

The MDM on Cloud Managed is a subscription to a Managed Cloud Service, the latest version of the on-premises MDM/IIS software is pre-installed, there is no option to install other older versions. Specifications of all the software installed in the MDM on Cloud Managed Service is in Chapter 1 - Overview

11. List any planned enhancements with planned release dates.

As the MDM on Cloud Managed service is on the current release of the software there is nothing to list, for additional details of the current feature packs of the MDM or IIS software see the relevant product support page link, available from the resources above.

For the MDM on Cloud Managed Service, IBM will provide clients notice of patches, feature packs as they become available (please see details in the process question below).

12. Do upgrades include regulatory requirement changes? Does this affect the frequency of upgrade releases?

This can vary, please see description above (Q8) of estimated categories of changes.

13. Are any customization automatically included in any upgrades?

Customizations or Extensions are the responsibility of the Client and not included in this offering, however, services are available for IBM to code, develop, and test customizations/extensions these services can be purchased through a separate statement of work. Additional details in the Service Description found in Chapter 13 of the User Guide

14. Does customization incur additional annual maintenance costs?

The ability for Clients to deploy Client customized MDM/IIS solutions or Extensions within the Cloud service through a support ticket process is included in this offering at no additional cost. Upgrading, developing, and maintaining the customizations is the responsibility of the Client.

Additional Services are available for IBM to code, develop, and test customizations/extensions these services which can be purchased through a separate statement of work.

15. Disaster recovery, HA, backup and restore …

Each Cloud Service is assessed separately (defined, documented and maintained annually) for business continuity and DR requirement and documented risk management guidelines. Please refer to the Data Security and Privacy Principals for additional information and details Section 6.d. -> https://www-03.ibm.com/software/sla/sladb.nsf/sla/dsp

For the MDM on Cloud (Managed) offering High Availability ("HA") is built into the small, medium, large and XXL configurations.

With all of the above configurations IBM performs backups and restores Chapter 7 - Backup and Recovery Options. In addition certain configuration offer a multi data center DR add-on solution. Refer to Chapter 12 for additional details on Disaster Recovery.

16. Do Clients have the rights to directly deploy MDM customizations to the managed service within the MDM Cloud environment?

Short answer is No. To keep environments safe and secure, access is restricted to the IBM operations and support team, code/customization deployments are not done by clients but by IBM. Clients can however submit tickets 24x7 to the support team for deployment of customization artifacts like (CBAs, JAR files, DB Scripts). For additional details please see the managed Change Request documentation link in Chapter 13 of the User Guide

17. How is my data processed and protected?

IBM takes clients data security and protection very seriously, for additional information please see Chapter 11 Security and Compliance

18. What certifications has the MDM managed offering achieved?

IBM takes clients data security and protection very seriously, a list of certifications are published on the data sheet for our managed offering, for additional information see the data sheet Chapter 11 Security and Compliance

19. Does the managed service allow for access to logs?

Application level logs (MDM,BPM,IIS, and WebSphere Application Server) can be made available to authorized client contacts upon request. However, no access is provided to infrastructure, network, or OS level logs as the management of these functions are considered part of the base managed service. For additional details see Chapter 6 - Shared Storage and log file access

20. Do SLA's credits apply if MDM goes down?

No, the managed services does not provide individual application component SLA's credits. However, for any critical system or application down issues, IBM does provide an operations and support objective for severity 1 issues and will work with clients 24*7 365 days a year to restore the service as soon as possible, including restoration via the daily backups as required. See the operations and support guide link above in this Chapter.

21. Is Penetration (PEN) testing performed on the service?

Yes, our managed service adheres to the IBM Data Security and Privacy policy and includes at a minimum an annual test, for more information see section 6 in the DSP https://www-03.ibm.com/software/sla/sladb.nsf/sla/dsp?OpenDocument

22. How can I authenticate or integrate on-prem LDAP with the MDM on Cloud Managed Service?

A stand-alone LDAP configuration is included as part of the Cloud Service, which includes options for integrating with Clients on premises directory implementation. For additional details see, Chapter 3 Access Management and User Permissions

23. What happens when the service encounters problems?

Through the managed service monitoring software our IBM operations team is automatically alerted and will begin to take action and troubleshoot the service. In addition to this, on request IBM can work with Clients to setup an email distribution list for notifications of a reduced functionality or loss of service. These types of notifications would be distributed to Clients without undue delay upon confirmation of such an issue that is known or reasonably suspected by IBM to affect the Client. IBM will provide Client with reasonably requested information about such issue and the status of any IBM remediation and restoration activities.

24. On which Cloud Service Provider is the service or application hosted? For example like AWS, Azure, GCP, etc.

This offering is only available on IBM Cloud.

25. What are the Integration services and Protocols supported by this Product?

See Chapter 5 for details Available Programmatic Interfaces

26. Which Data Center locations are available for this offering?

The list of available Data Centers is (Dallas, San Jose, Washington D.C, London, Frankfurt, Amsterdam, Hong Kong, Chennai, Sydney, Melbourne, Singapore, Toronto, Montreal) Additionally most IBM Cloud data centers can be supported, if Clients have a different location in mind, please verify with your IBM account rep on availability.

For a full list of IBM Data Centers please see http://www.softlayer.com/data-centers

27. Is the offering single or multi-tenant?

The managed offering is a single tenant offering.

28. What kind of policy is in place for data destruction and record retention?

Refer to Section 2 in the Cloud Services Agreement https://www.ibm.com/support/customer/csol/contractexplorer/cloud/csa/us-en/10 , in addition backup data is stored for 28 days after a contract has expired or is terminated and then it is deleted. For additional information and a link to the data sheet please see Chapter 11 Security and Compliance

29. Is data movement encrypted in this offering?

Yes, all in-flight data transmissions are encrypted.

For additional information and a link to the data sheet please see Chapter 11 Security and Compliance

30. What kind of availability does the offering support?

The default availability for non dev/test environments is 99.9% excluding planned outages, however we do offer certain configurations that provide full 99.99% availability without planned maintenance windows.

Please refer to section 1.2.5 and section 3 in the Service Description link found in Chapter 13 - Additional Resources and FAQ

31. Do you offer the ability to provision an additional MDM environment in the same environment as the base offering?

Yes, optional add-on services are available for purchase to deploy an additional MDM environment into an existing configuration.

For more information see Section 1.2.x in the the Service Description link found in Chapter 13 - Additional Resources and FAQ

32. Is this Cloud Service HIPAA ready?

Yes, at time of provisioning Clients can request an environment to be HIPAA ready. In order for an environment to be provisioned as HIPAA ready, an IBM Business Associate Addendum ("BAA") agreement must be signed and validated prior to provisioning. The following link has BAA documents ready for signature -> https://www-03.ibm.com/software/sla/sladb.nsf/sla/baa?OpenDocument

33. How are the environments accessed via the network?

By default, the servers are accessible through a Client site to site VPN on the server’s public IP addresses. These public IP addresses are utilized in order avoid conflicts with Clients internal IP private subnets.

Public IP’s are protected by the VPN and not accessible on the public internet.

DNS resolution will be provided by default, which will be sufficient for a majority of customers. Alternatively, Client may setup access through their own internal DNS service.

34. How can I provide ideas for improving offerings / products?

Please post your idea/suggestion to our IBM Analytics Ideas portal: https://ibmanalytics.ideas.aha.io/

35. Where can I find additional information on IBM Data Security of the Cloud Service and privacy principals.

Refer to the DSP https://www-03.ibm.com/software/sla/sladb.nsf/sla/dsp?OpenDocument

34. Do you provide the ability to add-on additional storage?

Yes, optional add-on parts are available for purchase. Please refer to the the Service Description link found in Chapter 13 - Additional Resources and FAQ

35. How do I open a support ticket?

Once the welcome letter is received Clients are entitled to log support cases, the designated Cloud Service Coordinator (CSC) will walk Clients through the registration and setup process.

For reference tickets for the any of the 'Analytics Cloud Service' products the link is available here -> https://www.ibm.com/mysupport/s/?language=en_US additional details on Support please see section Chapter 10 - How to get Support

Document Location

Worldwide

[{"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSGLWG","label":"IBM Master Data Management on Cloud"},"ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Tips

Master Data Management on Cloud Managed Service - User Guide