Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This is what we do in the implementation phase:

...

Set up remote access to the customer's

...

Table of Contents
maxLevel4
minLevel4
typeflat

Remote access to on-premise data center

WSO2 manages the data center in the customer's environment. The VMs, servers, and operating systems should be made available by the customer according to the infrastructure needs (e.g., minimum memory) given by WSO2. WSO2 is responsible for setting up WSO2 products in the given servers, monitoring the servers, setting up applications etc.

We can identify two ways in which WSO2 can access the servers in the customer's data center as depicted in the diagrams below:

  • Access using an IP-whitelisted bastion host
    <Diagram coming up soon>
  • Access using a customer-provided VPN
    <Diagram coming up soon>

...

Amazon EC2 instance

The other method of access is when WSO2 does all the Managed Cloud deployments in an Amazon Virtual Private Cloud (Amazon VPC). A VPC enables you to launch Amazon Web Services (AWS) into a virtual network that you define. A VPC improves the security of your data by providing network-level control and isolation for the AWS. This virtual network closely resembles a traditional network but with improved securityreliability, and scalability.

...

The WSO2 Managed Cloud offering is for hosting and maintaining WSO2 products in an Amazon EC2 instance that the customer purchases. Here are the tasks performed by the WSO2 Managed Cloud team when setting up the environments. For additional services, the customer can purchase WSO2 Support.

Tasks within the WSO2 Managed Cloud SLATasks covered by WSO2 Support services
Set up an AWS account upon the customer's request (excluding the costs pertaining to the hosting services).

Develop and deploy applications and services.

Set up the virtual machines and networking in the customer's AWS.

Execute IT management tasks (e.g., creating users).

Deploy the WSO2 products that the customer purchased, according to the deployment architecture that was created in the Planning phase.

Execute quality assurance on the system.

(WSO2 will outsource Vulnerability Assessment and Penetration tests t o third-party consultants.)

Create user accounts with admin privileges for the customer to log in to the Management Consoles of the WSO2 products. 

Conduct trainings on WSO2 products.

Guarantee the availability of the Managed Cloud (See Support and Maintenance).Perform upgrades of custom solutions and end-to-end testing of custom solutions during deployment, upgrade or migration.
Upgrade the WSO2 products and install software patches upon request. Security patches provided by the OS vendor are installed automatically.

Anchor
monitor
monitor
Implement monitoring and alerting

...

If the customer wants to synchronize his/her monitoring with that of WSO2, the operations teams  from both sides need to agree on certain technical requirements such as additional agents that must be installed on hosts, how to expose dashboards to other networks, how to send alerts to additional email addresses and phones etc.  

Implement security

Network and infrastructure-level securityAs the Managed Cloud solutions are deployed in AWS, they inherit the security measures mentioned in https://aws.amazon.com/security/.
Operating system security
  • The Amazon Machine Image (AMI) instances can be either or both of the following:
  • Operating system patches and updates:
    • Can download Red Hat patches from Amazon-provided Red Hat repositories.
    • Can download Ubuntu patches and updates from the official Ubuntu repositories.

Implement backup and disaster recovery

...