diff --git a/en/docs/references/private-data-plane-management-models.md b/en/docs/references/private-data-plane-management-models.md new file mode 100644 index 0000000..a5022d0 --- /dev/null +++ b/en/docs/references/private-data-plane-management-models.md @@ -0,0 +1,497 @@ +# Private Data Plane Management Models + +Devant supports various management models for private data planes (PDPs), fostering collaboration between WSO2 and customers across diverse scenarios. The following sections provide insights into WSO2's fully managed solutions and shared responsibility models, allowing you to make informed decisions regarding cloud-based operations and security. + +## WSO2 fully managed (infrastructure and PDP in WSO2 subscription) model + +WSO2 fully managed private data planes are supported only on Azure, AWS, and GCP cloud providers. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
TaskTask descriptionResponsible partyAccountableConsultedInformed
Subscription prerequisites- Create subscriptions
+ - Check quota and service limits
+ - Run the Devant compatibility prerequisite script		WSO2WSO2Customer (If required)Customer (If required)
Remote access for installationProvide owner accessWSO2WSO2WSO2WSO2
Network management- Obtain customers backend CIDR in case of VPN/peering
+ - Check end-to-end connectivity (primary and failover)		WSO2/CustomerWSO2/CustomerCustomerCustomer
Firewall rules/access controlSet up firewall and required rules depending on the security tierWSO2WSO2CustomerCustomer
Infrastructure provisioning- Provision Bastion
+ - Provision Kubernetes clusters		WSO2WSO2-Customer(If required)
Kubernetes cluster management- Manage Kubernetes versions
+ - Increase node pool size		WSO2WSO2CustomerCustomer
Infrastructure monitoringSet up alertsWSO2WSO2-Customer(If required)
DNS management for Devant system- Manage DNS infrastructure
+ - Manage SSL certificates for Devant system components		WSO2/CustomerWSO2/CustomerCustomerCustomer
Devant system components deploymentSet up PDP agents via HelmWSO2WSO2--
Devant system components managementUpgrade/patch/debug versionsWSO2WSO2-Customer(If required)
Devant system components monitoring- Set up continuous monitoring 24x7
+ - Provide monthly uptime reports		WSO2WSO2-Customer
Devant system security monitoringIf basic tier
+ - CSPM
+ - Apply security patches
+ - Manage supply chain security (Image scanning, SAST)
+ - Manage security incidents
+ If standard tier/premium tier
+ - CSPM
+ - Apply security patches
+ - Manage supply chain security
+ - Monitor runtime security alerts (Azure Defender)
+ - Monitor security incident and event management (SIEM) alerts
+ - Manage security incidents
+ - Adhere to compliance standards		WSO2/CustomerWSO2/CustomerWSO2/CustomerWSO2/Customer
Devant application creation/deploymentCustomerCustomerCustomerCustomer
Devant application managementCustomerCustomerCustomerCustomer
Devant application monitoringCustomerCustomerCustomerCustomer
Devant application logsCustomerCustomerCustomerCustomer
+ +## WSO2 fully managed (infrastructure and PDP in customer subscription) model + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
TaskTask descriptionResponsible partyAccountableConsultedInformed
Subscription prerequisites- Create subscriptions
+ - Check quota and service limits
+ - Run the Devant compatibility prerequisite script		CustomerCustomerWSO2-
Remote access for installationProvide accessCustomerCustomerWSO2WSO2
Network management- Obtain customers backend CIDR in case of VPN/peering
+ - Check end-to-end connectivity (primary and failover)		WSO2/CustomerWSO2/CustomerCustomerCustomer
Firewall rules/access controlSet up firewall and required rules depending on the security tierWSO2/CustomerWSO2/CustomerCustomerCustomer
Infrastructure provisioning- Provision Bastion
+ - Provision Kubernetes clusters		WSO2WSO2CustomerCustomer
Kubernetes cluster management- Manage Kubernetes versions
+ - Increase node pool size		WSO2WSO2CustomerCustomer
Infrastructure monitoringSet up alertsWSO2WSO2-Customer(If required)
DNS management for Devant system- Manage DNS infrastructure
+ - Manage SSL certificates for Devant system components		WSO2/CustomerWSO2/CustomerCustomerCustomer
Devant system components deploymentSet up PDP agents via HelmWSO2WSO2Customer-
Devant system components managementUpgrade/patch/debug versionsWSO2WSO2-Customer(If required)
Devant system components monitoring- Set up continuous monitoring 24x7
+ - Provide monthly uptime reports		WSO2WSO2-Customer
Devant system security monitoringIf basic tier
+ - CSPM
+ - Apply security patches
+ - Manage supply chain security (Image scanning, SAST)
+ - Manage security incidents
+ If standard tier/premium tier
+ - CSPM
+ - Apply security patches
+ - Manage supply chain security
+ - Monitor runtime security alerts (Azure Defender)
+ - Monitor security incident and event management (SIEM) alerts
+ - Manage security incidents
+ - Adhere to compliance standards		WSO2/CustomerWSO2/CustomerWSO2/CustomerWSO2/Customer
Devant application creation/deploymentCustomerCustomerCustomerCustomer
Devant application managementCustomerCustomerCustomerCustomer
Devant application monitoringCustomerCustomerCustomerCustomer
Devant application logsCustomerCustomerCustomerCustomer
+ +## Customer self-managed (WSO2 provides installation script and updates) model + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
TaskTask descriptionResponsible partyAccountableConsultedInformed
Subscription prerequisites- Create subscriptions
+ - Check quota and service limits
+ - Run the Devant compatibility prerequisite script		CustomerCustomerWSO2WSO2
Remote access for installationProvide owner accessCustomerCustomerWSO2-
Network management- Obtain customers backend CIDR in case of VPN/peering
+ - Check end-to-end connectivity (primary and failover)		CustomerCustomerWSO2WSO2
Firewall rules/access controlSet up firewall and required rules depending on the security tierCustomerCustomerWSO2WSO2
Infrastructure provisioning- Provision Bastion
+ - Provision Kubernetes clusters		CustomerCustomerWSO2WSO2(If required)
Kubernetes cluster management- Manage Kubernetes versions
+ - Increase node pool size		CustomerCustomerWSO2WSO2(If required)
Infrastructure monitoringSet up alertsCustomerCustomerWSO2-
DNS management for Devant system- Manage DNS infrastructure
+ - Manage SSL certificates for Devant system components		CustomerCustomerWSO2-
Devant system components deploymentSet up PDP agents via HelmCustomerCustomerWSO2-
Devant system components managementUpgrade/patch/debug versionsCustomerCustomerWSO2-
Devant system components monitoring- Set up continuous monitoring 24x7
+ - Provide monthly uptime reports		CustomerCustomerWSO2-
Devant system security monitoringIf basic tier
+ - CSPM
+ - Apply security patches
+ - Manage supply chain security (Image scanning, SAST)
+ - Manage security incidents
+ If standard tier/premium tier
+ - CSPM
+ - Apply security patches
+ - Manage supply chain security
+ - Monitor runtime security alerts (Azure Defender)
+ - Monitor security incident and event management (SIEM) alerts
+ - Manage security incidents
+ - Adhere to compliance standards		WSO2/CustomerWSO2/CustomerWSO2/CustomerWSO2/Customer
Devant application creation/deploymentCustomerCustomerCustomerCustomer
Devant application managementCustomerCustomerCustomerCustomer
Devant application monitoringCustomerCustomerCustomerCustomer
Devant application logsCustomerCustomerCustomerCustomer
diff --git a/en/mkdocs.yml b/en/mkdocs.yml index 6ce2f63..7df8978 100644 --- a/en/mkdocs.yml +++ b/en/mkdocs.yml @@ -146,6 +146,7 @@ nav: - Autoscale: - Autoscale Component Replicas: devops-and-ci-cd/autoscale/autoscale-component-replicas.md - Autoscale Components with Scale-to-Zero: devops-and-ci-cd/autoscale/autoscale-components-with-scale-to-zero.md + - Private Data Plane Management Models: references/private-data-plane-management-models.md # Markdown extensions markdown_extensions: