VMware Cloud Well-Architected Framework for Azure VMware Solution: Shared Responsibility Model
VMware Cloud Shared Responsibility
A shared responsibility model is common among the different VMware Cloud Infrastructure Service providers, which defines distinct roles and responsibilities between the VMware Cloud Infrastructure Services provider and an organization consuming the service.
Disclaimer: The intent of this document is to provide guidance and best practices for VMware Cloud Infrastructure Service providers regarding the shared responsibilities of the service.
Azure VMware Solution
Azure VMware Solution implements a shared responsibility model that defines distinct roles and responsibilities for VMware, Microsoft, 3rd party vendors, customers, and tenants.
Azure VMware Solution is a first party Azure service, customers should work directly with Microsoft support. This solution is fully supported and verified by VMware.
Customer Responsibility: Security in the Cloud
Customers are responsible for the deployment and ongoing configuration of their SDDC, virtual machines, and data that reside therein. In addition to determining the network firewall, ExpressRoute and VPN configuration, customers are responsible for managing virtual machines (including in guest security and encryption) and using Azure role-based access control (or Azure Active Directory) along with vCenter Roles and Permissions to apply the appropriate controls for users.
Microsoft Responsibility: Azure VMware Solution Security of the Cloud
Microsoft is responsible for the physical facilities, physical security, infrastructure, and hardware underlying the entire service. Details on the shared responsibility model employed by Azure VMware Solution can be found in the table below. You can see that a great deal of low-level operational work is handled by the Microsoft leaving the customer to focus on managing their workloads.
Microsoft is responsible for protecting the software and systems that make up the Azure VMware Solution service. This software infrastructure is composed of the compute, storage, and networking software comprising the SDDC, along with the service consoles used to provision Azure VMware Solution.
Shared Responsibility Matrix
The following is not an exhausted list of responsibilities but encompass the most frequent tasks and definitions. For further questions, please contact Microsoft.
Partners provide support for their own products and solutions.