Skip to content

IBM Power Systems

Virtual Server Key

Service Name: IBM Power Systems Virtual Server

Service Description: IBM Power Systems Virtual Server is a cloud offering that provides access to IBM Power Systems hardware in IBM Cloud data centers. It allows users to deploy and manage virtual machines running AIX, IBM i, or Linux operating systems on IBM Power hardware.

Service Address: https://cloud.ibm.com/power

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the service level through IBM Cloud IAM policies and network access controls.

Secret Access Scope: Grants programmatic access to create, manage, and control IBM Power Systems Virtual Server resources, including virtual machines, storage volumes, networks, and images.

Secret Revokement URL: https://cloud.ibm.com/iam/apikeys

Secret Example: PwVS.abcdef1234ghijklmn5678opqrstuvwxyz9012

Suspicious Activity Investigation Instructions:

  • Review IBM Cloud Activity Tracker logs for unusual API calls or resource access
  • Check for unexpected virtual server instances, networks, or storage volumes created in your account
  • Monitor for unusual traffic patterns or connections to your Power Systems resources
  • Verify resource utilization for unexpected spikes that might indicate unauthorized usage
  • Check for changes to network configurations or security groups

Mitigation Instructions:

  • Log in to the IBM Cloud console at https://cloud.ibm.com
  • Navigate to Manage > Access (IAM) > API keys
  • Locate the compromised API key in the list
  • Click the "Actions" menu (three dots) next to the key and select "Delete"
  • Create a new API key with appropriate permissions if needed
  • Review and update IAM policies to ensure proper access controls
  • Investigate any resources that may have been created or modified using the compromised key
  • Enable multi-factor authentication for all IBM Cloud accounts if not already enabled