You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Key Management Service (KMS) - Shared responsibilities
Shared responsibilities between OVHcloud and the customer for OVHcloud KMS
2024-11-25
Objective
The RACI below details shared responsibilities between OVHcloud and the customer for the OVHcloud KMS service. This shared model can help relieve the customer’s operational burden.
Roles
R : Is in charge of carrying out the process
A : Accountable for the successful completion of the process
C : Is consulted during the process
I : Is informed of the results of the process
1. Before subscription
1.1. Specify service as needed
Activity
Customer
OVHcloud
Provide personal data needed for service subscription
RA
I
Choose service location aligned with location of Instances
RA
I
2. Service availability
2.1. Install the service
Activity
Customer
OVHcloud
Produce, route, deliver and maintain physical Instances and hosting buildings
I
RA
Install internal functional bricks needed to maintain the Service in operational and security conditions
I
RA
2.2. Reversibility model for CMK
Activity
Customer
OVHcloud
Import/export stored objects
RA
I
2.3. Customer Information System setup
Activity
Customer
OVHcloud
Choose key type and size adapted to the need
RA
I
3. Service usage
3.1. Operations
3.1.1. Daily operations
Activity
Customer
OVHcloud
Manage data security hosted on the service (confidentiality, integrity, backups, …)
RA
Manage network accessibility of the Service
RA
Administrate the service
RA
Manage backups
RA
Administrate keys stored on the KMS
RA
3.1.2. Access management
Activity
Customer
OVHcloud
Manage access rights to the OVHcloud Control Panel
RA
I
Manage physical and logical access to infrastructures for OVHcloud teams
I
RA
Manage access and security policy for service users for CMK
RA
I
3.1.3. Monitoring
Activity
Customer
OVHcloud
Manage and monitor the Service capacity
RA
Retain logs of control plane
RA
Monitor the proper functioning of the service
I
RA
Maintain storage and backup devices used for the service
RA
Keep logs generated by the Service
RA
3.1.4. Storage
Activity
Customer
OVHcloud
Manage data continuity and sustainability
RA
3.1.5. Connectivity
Activity
Customer
OVHcloud
Manage the functioning of automatic network management systems (architecture, implementation, software and hardware maintenance for deployed public and private networks, primary IP of dedicated server)
I
RA
3.1.6. Management
Activity
Customer
OVHcloud
Provide inventory of services used
I
RA
Manage the security of management infrastructure (API, control plane)
RA
3.1.7. Business continuity
Activity
Customer
OVHcloud
Maintain a business continuity and disaster recovery plan for the Service
I
RA
3.2. Event management
3.2.1. Incidents
Activity
Customer
OVHcloud
Handle incidents (tickets and telephone contacts)
AI
RA
Qualify, Intervene on managed service elements
I
RA
3.2.2. Changes
Activity
Customer
OVHcloud
Deploy patches, updates and configurations on softwares, middlewares of the Service elements
I
RA
4. Reversibility
4.1. Reversibility Model for CMK
Activity
Customer
OVHcloud
Manage reversibility operations
RA
I
4.2. Data recovery
Activity
Customer
OVHcloud
Migrate/transfer data for KMIP object
RA
5. End of service
5.1. Destroy configurations
Activity
Customer
OVHcloud
Destroy configurations at end of service following contract termination