The RACI below details shared responsibilities between OVHcloud and the customer for the OVHcloud KMS service. This shared model can help relieve the customer’s operational burden.
| Roles |
| R: Is in charge of carrying out the process |
| A: Accountable for the successful completion of the process |
| C: Is consulted during the process |
| I: Is informed of the results of the process |
1. Before subscription
1.1. Specify service as needed
| Activity |
Customer |
OVHcloud |
| Provide personal data needed for service subscription |
RA |
I |
| Choose service location aligned with location of Instances |
RA |
I |
2. Service availability
2.1. Install the service
| Activity |
Customer |
OVHcloud |
| Produce, route, deliver and maintain physical Instances, and hosting buildings |
I |
RA |
| Install internal functional bricks needed to maintain the Service in operational and security conditions |
I |
RA |
2.2. Reversibility model for CMK
| Activity |
Customer |
OVHcloud |
| Import/export stored objects |
RA |
I |
| Activity |
Customer |
OVHcloud |
| Choose key type and size adapted to the need |
RA |
I |
3. Service usage
3.1. Operations
3.1.1. Daily operations
| Activity |
Customer |
OVHcloud |
| Manage data security hosted on the service (confidentiality, integrity, backups, etc |
|
RA |
| Manage network accessibility of the Service |
|
RA |
| Administrate the service |
|
RA |
| Manage backups |
|
RA |
| Administrate keys stored on the KMS |
RA |
|
3.1.2. Access management
| Activity |
Customer |
OVHcloud |
| Manage access rights to the OVHcloud Control Panel |
RA |
I |
| Manage physical and logical access to infrastructures for OVHcloud teams |
I |
RA |
| Manage access and security policy for service users for CMK |
RA |
I |
3.1.3. Monitoring
| Activity |
Customer |
OVHcloud |
| Manage and monitor the Service capacity |
|
RA |
| Retain logs of control plane |
|
RA |
| Monitor the proper functioning of the service |
I |
RA |
| Maintain storage and backup devices used for the service |
|
RA |
| Keep logs generated by the Service |
RA |
|
3.1.4. Storage
| Activity |
Customer |
OVHcloud |
| Manage data continuity and sustainability |
|
RA |
3.1.5. Connectivity
| Activity |
Customer |
OVHcloud |
| Manage the functioning of automatic network management systems (architecture, implementation, software, and hardware maintenance for deployed public and private networks, primary IP of dedicated server) |
I |
RA |
3.1.6. Management
| Activity |
Customer |
OVHcloud |
| Provide inventory of services used |
I |
RA |
| Manage the security of management infrastructure (API, control plane) |
|
RA |
3.1.7. Business continuity
| Activity |
Customer |
OVHcloud |
| Maintain a business continuity and disaster recovery plan for the Service |
I |
RA |
3.2. Event management
3.2.1. Incidents
| Activity |
Customer |
OVHcloud |
| Handle incidents (tickets) |
AI |
RA |
| Qualify, Intervene on managed service elements |
I |
RA |
3.2.2. Changes
| Activity |
Customer |
OVHcloud |
| Deploy patches, updates, and configurations on software and middleware of the Service elements |
I |
RA |
4. Reversibility
4.1. Reversibility Model for CMK
| Activity |
Customer |
OVHcloud |
| Manage reversibility operations |
RA |
I |
4.2. Data recovery
| Activity |
Customer |
OVHcloud |
| Migrate/transfer data for KMIP object |
RA |
|
5. End of service
5.1. Destroy configurations
| Activity |
Customer |
OVHcloud |
| Destroy configurations at end of service following contract termination |
I |
RA |
5.2. Data destruction
| Activity |
Customer |
OVHcloud |
| Destroy data hosted on volumes storage |
|
RA |
Go further
For more information and tutorials, please see our other Manage & Operate support guides or explore the guides for other OVHcloud products and services.
