| copyright | lastupdated | keywords | subcollection | ||
|---|---|---|---|---|---|
|
2022-06-27 |
schematics , hybrid, multi-cloud, RACI |
schematics |
{{site.data.keyword.attribute-definition-list}}
{: #sc-responsibilities}
Learn about the management responsibilities and terms and conditions that you have when you use {{site.data.keyword.bplong}}. For a high-level view of the service types in {{site.data.keyword.cloud_notm}} and the breakdown of responsibilities between you as the client and {{site.data.keyword.IBM_notm}} for each type, see Shared responsibilities for {{site.data.keyword.cloud_notm}} offerings. {: shortdesc}
Review the following sections for the specific responsibilities for you and for {{site.data.keyword.IBM_notm}} when you use {{site.data.keyword.bplong_notm}}. For the overall terms of use, see {{site.data.keyword.cloud_notm}} Terms and Notices. For responsibilities that you have for other {{site.data.keyword.cloud_notm}} services that you use with {{site.data.keyword.bpshort}}, refer to the documentation of those services, such as {{site.data.keyword.openshiftlong_notm}} responsibilities.
| Resource | Description | {{site.data.keyword.bpshort}} service | {{site.data.keyword.bpshort}} agents |
|---|---|---|---|
| Data | Customer-owned content that includes all data that is managed and controlled by the customer. Examples include information that are stored into volumes, files, and databases hosted on {{site.data.keyword.cloud_notm}} resources and data processed, stored, and logged by the client applications hosted on {{site.data.keyword.cloud_notm}}. It doesn't include client metadata, the information that is used by {{site.data.keyword.IBM_notm}} to provide services to the client support and operate the client account, services, and resources that are always considered to be shared responsibility between client and {{site.data.keyword.IBM_notm}}. | Customer-owned such as Templates, Git repository URL, input data, Terraform logs, state file. Client metadata such as Client email ID, workspace, action names. |
Customer-owned content such as Agent data, Agent policies. Client metadata such as Agent location, Agent name. |
| Applications | Customer-owned software components, such as executables, web applications, middleware, frameworks, libraries, and other software packages that the client developed or acquired by third parties and deployed in {{site.data.keyword.cloud_notm}}. | None | Customer-owned software components installed in agents runtime. |
| Service instance | An entity that consists of resources that are reserved for a particular service. | {{site.data.keyword.bpshort}} service instance such as Workspaces, Actions, Inventories | {{site.data.keyword.bpshort}} service instance such as agents instance. |
| Operating systems | The Operating System software and configuration that are deployed in virtual or bare metal servers, such as Linux, Windows, or similar to the ones provided in stock images. | Universal Base Image (UBI-8) | Universal Base Image (UBI-8) |
| Virtual and bare metal servers | The virtual or bare metal servers that are ordered and managed through {{site.data.keyword.cloud_notm}} services. | {{site.data.keyword.IBM_notm}} owns the IKS used by {{site.data.keyword.bpshort}}. | Client manages the IKS / ROKS / Kubernetes cluster where agents are deployed. |
| Virtual storage | The block, file, or Object Storage buckets ordered and managed through {{site.data.keyword.cloud_notm}}. | {{site.data.keyword.IBM_notm}} owns Cloudant, COS, RabbitMQ, Redis - used by {{site.data.keyword.bpshort}} | Client owns and manages the instances. {{site.data.keyword.IBM_notm}} owns the IKS local storage used by {{site.data.keyword.bpshort}} agents COS that are used by {{site.data.keyword.bpshort}} agents |
| Virtual network | Network resources such as VLAN, VPC, subnets, or IPs provided by classic infrastructure and VPC services that are ordered and managed through {{site.data.keyword.cloud_notm}}. |
{{site.data.keyword.IBM_notm}} owned Network resources used by {{site.data.keyword.bpshort}} | Client owns and manages the network resources such as ingress, egress policies used by agents. |
| Hypervisor | The software and configuration that is deployed in physical servers to host and manage the lifecycle of virtual servers. | {{site.data.keyword.IBM_notm}} owns the IKS used by {{site.data.keyword.bpshort}} | Client owns IKS / ROKS / Kubernetes cluster only if client uses cluster provided by {{site.data.keyword.IBM_notm}} IKS. |
| Physical servers and memory | The physical compute devices and resources, such as cores, memory, and GPUs used to host the virtual or bare metal servers. | {{site.data.keyword.IBM_notm}} owns the IKS used by {{site.data.keyword.bpshort}} | Client owns, if cluster provided by Customer. {{site.data.keyword.IBM_notm}} owns if the cluster is provided by IKS / ROKS / Kubernetes. |
| Physical storage | The physical storage devices and resources, such as disks and storage devices that are used to host the virtual block, file, or Object Storage buckets. | {{site.data.keyword.IBM_notm}} owns the IKS used by {{site.data.keyword.bpshort}} | Client owns, if cluster provided by Customer. {{site.data.keyword.IBM_notm}} owns if the cluster is provided by IKS / ROKS / Kubernetes. |
| Physical network and devices | The physical network devices and resources, such as switches, routers, gateways, firewalls, and load balancers that are used to host the virtual network resources. | {{site.data.keyword.IBM_notm}} owns the IKS used by {{site.data.keyword.bpshort}} | Client owns, if cluster provided by Customer. {{site.data.keyword.IBM_notm}} owns if the cluster is provided by IKS / ROKS / Kubernetes. |
| Facilities and data centers | The physical data center buildings with power, cooling, and rooms for all the {{site.data.keyword.cloud_notm}} physical equipment. | {{site.data.keyword.IBM_notm}} owns the IKS used by {{site.data.keyword.bpshort}} | Client owns, if cluster provided by Customer. {{site.data.keyword.IBM_notm}} owns if the cluster is provided by IKS / ROKS / Kubernetes. |
| {: caption="Shared responsibilities for the managed products" caption-side="top"} |
{: #incident-ops-mgt}
Includes tasks such as monitoring, event management, high availability, problem determination, recovery, and full state backup and recovery.
{: #change-mgt}
Includes tasks such as deployment, configuration, upgrades, patching, configuration changes, and deletion.
{: #iam}
Includes tasks such as authentication, authorization, access control policies, and approving, granting, and revoking access.
{: #security-reg-compliance}
Includes tasks such as security controls implementation and compliance certification.
{: #disaster-recovery}
Includes tasks such as providing dependencies on disaster recovery sites, provision disaster recovery environments, data and configuration backup, replicating data and configuration to the disaster recovery environment, and failover on disaster events.