IBM Cloud VPC continues to evolve with a strong focus on security and operational efficiency. The latest enhancement brings VPC Metadata Service support to Bare Metal Servers, unlocking new capabilities for identity management. This release also introduces encryption in transit (EIT) for VPC File Storage across both Bare Metal and Virtual Server Instances, universalizing the platform’s security posture.
Metadata Service Access for Bare Metal Servers
Previously exclusive to virtual server instances, the VPC Metadata Service is now available to bare metal servers. This means bare metal workloads can securely retrieve instance-specific metadata during initialization, enabling automation and configuration without manual intervention. To learn how to use the metadata service on bare metal servers, check out the official documentation: Using the metadata service for bare metal servers (https://cloud.ibm.com/docs/vpc?topic=vpc-get-metadata-bare-metal).
IAM Identity Assignment via Trusted Profiles
With this update, users can now assign Cloud IAM identities to bare metal servers using IAM trusted profiles. This allows bare metal servers to obtain IAM access tokens securely during boot time, eliminating the need to manually manage and distribute IAM secrets. This is a major step forward in secure identity management for infrastructure-level workloads.
For implementation details and examples, check out our IBM cloud Docs, here.
VPC Identity API Integration
The IBM Cloud® Virtual Private Cloud (VPC) Identity API provides methods through the VPC Metadata service to retrieve resources, such as certificates and access tokens for the calling identity. Tokens eliminate the risk of accidental exposure of API keys, passwords, and long-lived access tokens used by automation on bare metal servers. The Identity API includes support for virtual server instances and bare metal servers.
The VPC Identity API plays a central role in enabling this functionality. It allows bare metal servers to interact with IAM services programmatically, using the trusted profile to request access tokens and authenticate securely. This API is essential for integrating identity-aware services into your infrastructure automation workflows.
You can generate an IAM token from an identity token to gain access to virtual server instances or bare metal servers. If an IBM Cloud Identity and Access Management (IAM) trusted profile is used to establish a trust relationship with the virtual server instance, the Identity API provides the ability for the virtual server instance to get access tokens for other IAM-enabled cloud services, such as API Connect, Event Streams, Secrets Manager, and Cloud Object Storage.
Encryption in Transit for VPC File Storage
Security-conscious users will appreciate the newly added support for encryption in transit (EIT) for VPC File Storage. Both Bare Metal and Virtual Server Instances can now leverage EIT, ensuring that data is protected not just at rest but also while in motion across the network. This enhancement aligns with best practices for data protection and regulatory compliance, making VPC a more robust choice for sensitive workloads.
From metadata to IAM tokens; VPC integrates Zero Trust at every layer.
Get started today:
1. Sign Up: Create a new IBM Cloud account or log in to your existing account.
2. Apply Promo Code: Use the promo code VPC1000 when provisioning your VPC Bare Metal Servers to receive $1000 in Cloud Credits
(For additional Discounts and Special Offers beyond our VPC platform, you can explore those promotions here.)
3. Get Started: Begin leveraging scalability and security features natively built into VPC.
If you have questions, don’t hesitate to reach out to our teams via Chat to learn more about our VPC platform, the security we implement by default, and the granular control you have for running your business operations in the cloud.