...

IBM Cloud Security Overview

Access to an GCP IBM cloud instance can be controlled by 

• an external firewall,
• the operating system firewall of the instance,
• GCPIBM-specific security groups, and
• IBM-specific firewall settingssubnet ACLs.

In addition to allowing SSH access, the different firewall levels must be configured to permit at least TCP port 8080 to enable license server access.

GCP Firewall Rules

In addition to firewall rules created by the customer, there are other rules that can affect incoming or outgoing traffic:

• Certain IP protocols, such as GRE, are not allowed within a VPC network. For more information, see always blocked traffic.

• Communication between a VM instance and its corresponding metadata server (169.254.169.254). Is always allowed.

• Every network has two implied firewall rules that permit outgoing connections and block incoming connections. Firewall rules that you create can override these implied rules.

• The default network is pre-populated with firewall rules that can be deleted or modified.

VPC firewall rule characteristics:

...

access to any required license servers.

IBM Cloud Security Groups

<tbd>

IBM Cloud Subnet ACLs

<tbd>

Connecting to the Cloud Instance

During the configuration of your instance you should have created a security group allowing at the minimum SSH access to the instance. If this has been done correctly, you can, for example, use SSH from the command-line or from a tool such as PuTTY to access the command-line of the user sshuser on the Charon-SSP instance.

...