Responsibility sharing for the Hosted Private Cloud by VMware service under the SecNumCloud qualification

View as Markdown

Responsibility sharing between OVHcloud and the customer for the use of the VMware on OVHcloud product under the SecNumCloud qualification

Objective

The RACI below details shared responsibilities between OVHcloud and the customer for the Hosted Private Cloud by VMware service under the SecNumCloud qualification. This model is designed to help the customer make the best use of the VMware on OVHcloud service.

Roles
R: Is in charge of carrying out the process
A: is Accountable for the successful completion of the process
C: Is Consulted during the process
I: Is Informed of the results of the process

1. Before subscription

1.1. Specify service as needed

Activity	Customer	OVHcloud
Choose the location of infrastructures	RA	I
Size infrastructures as needed	RA	I
Choose options as needed	RA	I

2. Service availability

2.1. Install service

Activity	Customer	OVHcloud
Produce, route, deliver and maintain physical machines and hosting buildings	CI	RA
Purchase and own the licences and rights of use for the OS purchased from OVHcloud	RI	RA
Purchase and own the licences and rights of use for softwares provided by OVHcloud	I	RA
Purchase and own the licences and rights of use for the VMware solution (Private Cloud)	I	RA
Purchase and own the licences and rights of use for the backup solutions provided by OVHcloud	I	RA
Deploy the initial service in compliance with the SecNumCloud framework	I	RA
Deploy the initial network configuration to devices	I	RA

2.2. Reversibility

Activity	Customer	OVHcloud
Provide the technical documentation corresponding to the SecNumCloud offer	I	RA
Draft a business continuity and disaster recovery plan for the hosted IS, in line with the sensitivity of the hosted IS	RA

2.3. Customer's IS installation

Activity	Customer	OVHcloud
Create / install / optimise new VMs	RA	I
Install and configure softwares and middlewares on the Infrastructure as a Service	RA
Purchase and own the licences and rights of use for OS with Bring Your Own Licence mode	RA
Configure virtual instances deployed on the IaaS	RA	I

3. Service Usage

3.1. Operations

3.1.1. Daily operations

Activity	Customer	OVHcloud
Operate all the virtual instances deployed in the IaaS	RA	I
Decide to add/remove resources on the virtual datacentre	RA	I
Add/remove resources on the virtual datacentre	I	RA
Add/remove resources on VMs	RA

3.1.2. Access management

Activity	Customer	OVHcloud
Manage access and security policy of the Service users	RA
Manage physical and logical access of OVHcloud teams to the infrastructures	I	RA
Manage access to the Control Panel	RA	I
Manage access to the virtualisation management interface	RA	I

3.1.3. Monitoring

Activity	Customer	OVHcloud
Monitor the proper functioning of physical devices (utilities) supporting the Infrastructure as a Service	I	RA
Monitor physical resource performances	RI	A
Monitor VMs performances	RA	I
Process and acknowledge alarms from managed devices of the Infrastructure as a Service	I	RA
Keep logs generated by the Infrastructure as a Service	I	RA
Keep logs of the information system hosted on the Infrastructure as a Service	RA	I

3.1.4. Storage

Activity	Customer	OVHcloud
Create, modify, control, restore, delete backup jobs	RA
Manage content hosted on infrastructures	RA
Manage data continuity and integrity	RA
Carry out maintenance on the storage and backup devices provided by OVHcloud	C	RA

3.1.5. Connectivity

Activity	Customer	OVHcloud
Manage the functioning of automatic network management systems (architecture, implementation, software and hardware maintenance for deployed public and private networks)	I	RA
Manage IP addressing plan	RA	I

3.1.6. Management

Activity	Customer	OVHcloud
Maintain an inventory of devices provided by OVHcloud	I	RA
Maintain a complete inventory of all devices	RA
Draft and provide a monthly report on the handling of incidents, changes and requests handled by OVHcloud	I	RA
Maintain and provide the technical documentation corresponding to the SecNumCloud offer	I	RA
Manage security of the management infrastructures (API, SSL Gateway) of the IaaS	I	RA
Manage security of the hosted management infrastructures (API, bastion, etc.)	RA	I
Manage security of VMs	RA	I
Manage security of softwares and middlewares installed on VMs	RA	I
Manage security of data placed by the Customer on the IaaS	RA	I
Manage physical security of equipment and infrastructures hosted at OVHcloud	I	RA
Maintain the VMware managed solution and its extensions	C	RA
Carry out the commercial and contractual follow-up of the Customer (quote, order, delivery and invoicing)	I	RA
Carry out the commercial and contractual follow-up of the service provided (quote, order, delivery and invoicing)	RA	I
Obtain expert support through the Technical Account Manager	A	R

3.1.7. Business continuity

Activity	Customer	OVHcloud
Manage automatic management systems for the infrastructure provided	I	RA
Maintain a business continuity and disaster recovery plan for the hosted IS	RA	C

3.2. Event management

3.2.1. Incidents

Activity	Customer	OVHcloud
Replace the defective hardware elements in support of the IaaS	I	RA
Intervene on the managed elements of the IaaS	C	RA
Qualify incidents occurring on the managed elements of the IaaS	C	RA
Draft and provide a post-mortem analysis	C	RA
Cooperate with OVHcloud as part of incident resolution	RA	CI
Cooperate with the Customer as part of incident resolution	CI	RA

3.2.2. Change

Activity	Customer	OVHcloud
Deploy patches, updates and configurations on softwares, middlewares and IS hosted on the IaaS	RA	C
Optimise VMs	RA	C
Validate the request for an infrastructure hardware change submitted by OVHcloud	A	R
Update the components embedded in the virtual instances	RA	C
Plan changes requested by the customer	C	RA
Carry out the changes required to maintain the compliance of the IaaS with SecNumCloud	I	RA
Issue the acceptance	RA	C
Deploy patches, updates and configurations on all the constituent elements of the Infrastructure as a Service	I	RA
Deploy patches, updates and configurations on all the constituent elements of the information system hosted on the IaaS	RA	C
Carry out preventive interventions on the managed elements of the IaaS	A	R
Update the hypervisor	I	RA
Update VMs	RA	I

4. Reversibility

4.1. Reversibility model

Activity	Customer	OVHcloud
Schedule reversibility operations	RA	I
Choose fallback infrastructures	RA

4.2. Data recovery

Activity	Customer	OVHcloud
Manage reversibility operations	RA	I
Migrate/transfer data	RA

5. End of service

5.1. Destroying configurations

Activity	Customer	OVHcloud
Request the end of all or part of the Service	RA	I
Uncommission the Private Cloud configurations and options associated with the customer following contract termination	I	RA

5.2. Data destruction

Activity	Customer	OVHcloud
Securely destroy data on storage media		RA
Destroy storage media that has reached their end of life or when the secure destruction processes are generating errors		RA
Provide a certificate of destruction (upon request)	I	RA

Was this page helpful?