VMware Cloud Well-Architected Framework for VMware Cloud Providers: Shared Responsibility Model

VMware Cloud Shared Responsibility

A shared responsibility model is common among the different VMware Cloud Infrastructure Service providers, which defines distinct roles and responsibilities between the VMware Cloud Infrastructure Services provider and an organization consuming the service.

Disclaimer: The intent of this document is to provide guidance and best practices for VMware Cloud Infrastructure Service providers regarding the shared responsibilities of the service.

VMware Cloud Provider Program

VMware Cloud Provider Program implements a shared responsibility model that defines distinct roles and responsibilities of the two parties involved in the offering: Customer and VMware Partners.

Graphical user interface</p> <p>Description automatically generated

Shared Responsibility Model

Customer should work directly with the VMware Cloud Provider Program for support. When building a service under the VMware Cloud Provider Program, the solution is supported and verified by VMware.

Customer Responsibility: Security in the Cloud

Customers are responsible for the deployment and ongoing configuration of their SDDC, virtual machines, and data that reside therein depending on the service of choice. In addition to determining the network firewall, connectivity and VPN configuration, customers are responsible for managing virtual machines (including in guest security and encryption) and using Partner’s role-based access control along with vCenter Roles and Permissions to apply the appropriate controls for users.

Customer Responsibility: Security of the Cloud

VMware Cloud Provider Partner is responsible for protecting the software and systems that make up the service. This software infrastructure is composed of the compute, storage, and networking software comprising the SDDC, along with the service consoles used to provision.

VMware Partner Responsibility: Security of the Infrastructure

Partner is responsible for the physical facilities, physical security, infrastructure, and hardware underlying the entire service (notice that Partner can make use of VMware Cloud or other service options). Details on the shared responsibility model can be exemplified in the table below. You can see that a great deal of low-level operational work is handled by the Partner leaving the customer to focus on managing their workloads.

Shared Responsibility Matrix

The following is not an exhausted list of responsibilities but encompass the most frequent tasks and definitions. The table below will vary from the different VMware Cloud Provider Partner offerings.

For further questions, please contact the specific VMware Cloud Provider Partner.

 

Entity

Responsibility/Activity

Customer
  • Deploying Software Defined Data Centers (SDDCs)
  • Host Count
  • Management Network Range
  • HCX Network Range
  • Configuring SDDC Network & Security (NSX)
  • Tier-1 Routers
  • Firewall
  • IPsecVPN
  • NAT
  • Public IP Addresses
  • Network Segments
  • Distributed Firewall
  • Network extension (via HCX or NSX)
  • Configuring SDDC Network & Security (VSAN)
  • Define and maintain VSAN VM Policies
  • Add hosts
  • Deploying Virtual Machines
  • Installing Operating Systems
  • Patching Operating Systems
  • Installing Antivirus Software
  • Installing Backup Software
  • Installing Configuration Management Software
  • Migrating Virtual Machines
  • HCX Configuration
  • HCX Updates
  • Live vMotion
  • Cold Migration
  • Content Library Sync
  • Managing Virtual Machines
  • Installing software
  • Implementing backup solution
  • Implementing Antivirus solution

Partner - VMware Solution
  • SDDC Lifecyle
  • ESXi patch and upgrade
  • vCenter Server patch and upgrade
  • NSX patch and upgrade
  • vSAN patch and upgrade
  • SDDC Networking (NSX)
  • Tier-0 Router
  • Connectivity from Tier-0 to Customer Network
  • SDDC Backup/Restore
  • Backup and Restore vCenter Server
  • Backup and Restore NSX Manager
  • SDDC Health
  • Replace failed hosts

Partner - Infrastructure
  • Physical Infrastructure
  • Regions
  • Availability Zones
  • Compute / Network / Storage
  • Rack and Power Bare Metal Hosts
  • Rack and Power Network Equipment

 

References

Cloud Provider Program – Product Usage Guide

 

In the next section, learn about the different considerations for managing infrastructure and application services.

 

Filter Tags

General VMware Cloud Providers Document Design