Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

This is what we do in the implementation phase:


Set up remote access to the customer's


Table of Contents

Remote access to on-premise data center

WSO2 manages the data center in the customer's environment. The VMs, servers, and operating systems should be made available by the customer according to the infrastructure needs (e.g., minimum memory) given by WSO2. WSO2 is responsible for setting up WSO2 products in the given servers, monitoring the servers, setting up applications etc.

We can identify two ways in which WSO2 can access the servers in the customer's data center as depicted in the diagrams below:

  • Access using an IP-whitelisted bastion host
    <Diagram coming up soon>
  • Access using a customer-provided VPN
    <Diagram coming up soon>


Amazon EC2 instance

The other method of access is when WSO2 does all the Managed Cloud deployments in an Amazon Virtual Private Cloud (Amazon VPC). A VPC enables you to launch Amazon Web Services (AWS) into a virtual network that you define. A VPC improves the security of your data by providing network-level control and isolation for the AWS. This virtual network closely resembles a traditional network but with improved securityreliability, and scalability.

The customers peer their VPC(s) within the WSO2-managed VPC, which is an extension of the WSO2 corporate network as shown in the diagram below:

Diagram: Remote access to the customer's EC2

This setup allows WSO2 Cloud Ops to access the customer's Production and non-production VPCs. This connectivity is built up on top of an IPSec VPN tunnel and a VPC peer interface that are managed by the AWS. 


The WSO2 Managed Cloud offering is for hosting and maintaining WSO2 products in an Amazon EC2 instance that the customer purchases. Here are the tasks performed by the WSO2 Managed Cloud team when setting up the environments. For additional services, the customer can purchase WSO2 Support.

Tasks within the WSO2 Managed Cloud SLATasks covered by WSO2 Support services
Set up an AWS account upon the customer's request (excluding the costs pertaining to the hosting services).

Develop and deploy applications and services.

Set up the virtual machines and networking in the customer's AWS.

Execute IT management tasks (e.g., creating users).

Deploy the WSO2 products that the customer purchased, according to the deployment architecture that was created in the Planning phase.

Execute quality assurance on the system.

(WSO2 will outsource Vulnerability Assessment and Penetration tests t o third-party consultants.)

Create user accounts with admin privileges for the customer to log in to the Management Consoles of the WSO2 products. 

Conduct trainings on WSO2 products.

Guarantee the availability of the Managed Cloud (See Support and Maintenance).Perform upgrades of custom solutions and end-to-end testing of custom solutions during deployment, upgrade or migration.
Upgrade the WSO2 products and install software patches upon request. Security patches provided by the OS vendor are installed automatically.

Implement monitoring and alerting


If the customer wants to synchronize his/her monitoring with that of WSO2, the operations teams  from both sides need to agree on certain technical requirements such as additional agents that must be installed on hosts, how to expose dashboards to other networks, how to send alerts to additional email addresses and phones etc.  

Implement security

Network and infrastructure-level securityAs the Managed Cloud solutions are deployed in AWS, they inherit the security measures mentioned in
Operating system security
  • The Amazon Machine Image (AMI) instances can be either or both of the following:
  • Operating system patches and updates:
    • Can download Red Hat patches from Amazon-provided Red Hat repositories.
    • Can download Ubuntu patches and updates from the official Ubuntu repositories.

Implement backup and disaster recovery