Customer
Understanding the Red Hat, cloud provider, and customer responsibilities for the OpenShift Dedicated managed service.
While Red Hat manages the OpenShift Dedicated service, the customer shares responsibility with respect to certain aspects. The OpenShift Dedicated services are accessed remotely, hosted on public cloud resources, created in either Red Hat or customer-owned cloud service provider accounts, and have underlying platform and data security that is owned by Red Hat.
If the |
Resource | Incident and operations management | Change management | Access and identity authorization | Security and regulation compliance | Disaster recovery |
---|---|---|---|---|---|
Customer data |
Customer |
Customer |
Customer |
Customer |
Customer |
Customer applications |
Customer |
Customer |
Customer |
Customer |
Customer |
Developer services |
Customer |
Customer |
Customer |
Customer |
Customer |
Platform monitoring |
Red Hat |
Red Hat |
Red Hat |
Red Hat |
Red Hat |
Logging |
Red Hat |
Shared |
Shared |
Shared |
Red Hat |
Application networking |
Shared |
Shared |
Shared |
Red Hat |
Red Hat |
Cluster networking |
Red Hat |
Shared |
Shared |
Red Hat |
Red Hat |
Virtual networking |
Shared |
Shared |
Shared |
Shared |
Shared |
Control plane and infrastructure nodes |
Red Hat |
Red Hat |
Red Hat |
Red Hat |
Red Hat |
Worker nodes |
Red Hat |
Red Hat |
Red Hat |
Red Hat |
Red Hat |
Cluster version |
Red Hat |
Shared |
Red Hat |
Red Hat |
Red Hat |
Capacity management |
Red Hat |
Shared |
Red Hat |
Red Hat |
Red Hat |
Virtual storage |
Red Hat and cloud provider |
Red Hat and cloud provider |
Red Hat and cloud provider |
Red Hat and cloud provider |
Red Hat and cloud provider |
Physical infrastructure and security |
Cloud provider |
Cloud provider |
Cloud provider |
Cloud provider |
Cloud provider |
The customer and Red Hat share responsibility for the monitoring and maintenance of an OpenShift Dedicated cluster. This documentation illustrates the delineation of responsibilities by area and task.
The customer is responsible for incident and operations management of customer application data and any custom networking the customer has configured for the cluster network or virtual network.
Resource | Red Hat responsibilities | Customer responsibilities |
---|---|---|
Application networking |
Monitor cloud load balancers and native OpenShift router service, and respond to alerts. |
|
Virtual networking |
|
Monitor network traffic that is optionally configured through VPC to VPC connection, VPN connection, or Direct connection for potential issues or security threats. |
Applies to OpenShift Dedicated on Google Cloud Platform (GCP) clusters with PSC only.
Red Hat is responsible for enabling changes to the cluster infrastructure and services that the customer will control, as well as maintaining versions for the control plane nodes, infrastructure nodes and services, and worker nodes. The customer is responsible for initiating infrastructure change requests and installing and maintaining optional services and networking configurations on the cluster, as well as all changes to customer data and customer applications.
Resource | Red Hat responsibilities | Customer responsibilities |
---|---|---|
Logging |
|
|
Application networking |
|
|
Cluster networking |
|
|
Virtual networking |
|
|
Cluster version |
|
|
Capacity management |
|
|
Applies to OpenShift Dedicated on Google Cloud Platform (GCP) clusters with PSC only.
The access and identity authorization matrix includes responsibilities for managing authorized access to clusters, applications, and infrastructure resources. This includes tasks such as providing access control mechanisms, authentication, authorization, and managing access to resources.
Resource | Red Hat responsibilities | Customer responsibilities |
---|---|---|
Logging |
|
|
Application networking |
Provide native OpenShift RBAC and |
|
Cluster networking |
|
|
Virtual networking |
Provide customer access controls through OpenShift Cluster Manager. |
Manage optional user access to public cloud components through OpenShift Cluster Manager. |
The following are the responsibilities and controls related to compliance:
Resource | Red Hat responsibilities | Customer responsibilities |
---|---|---|
Logging |
Send cluster audit logs to a Red Hat SIEM to analyze for security events. Retain audit logs for a defined period of time to support forensic analysis. |
Analyze application logs for security events. Send application logs to an external endpoint through logging sidecar containers or third-party logging applications if longer retention is required than is offered by the default logging stack. |
Virtual networking |
|
|
Disaster recovery includes data and configuration backup, replicating data and configuration to the disaster recovery environment, and failover on disaster events.
Resource | Red Hat responsibilities | Customer responsibilities |
---|---|---|
Virtual networking |
Restore or recreate affected virtual network components that are necessary for the platform to function. |
|
The customer is responsible for the applications, workloads, and data that they deploy to OpenShift Dedicated. However, Red Hat provides various tools to help the customer manage data and applications on the platform.
Resource | Red Hat responsibilities | Customer responsibilities |
---|---|---|
Customer data |
|
Maintain responsibility for all customer data stored on the platform and how customer applications consume and expose this data. |
Customer applications |
|
|