This is what we do in the implementation phase:
|2||Set up a domain name system (DNS).|
|3||Set up an SMTP server.|
|4||Set up an NTP server.|
|5||Set up a connection to the customer's data center.|
|6||Set up the environments (e.g., Development, Test, Pre-Production, and Production).|
|7||Implement monitoring and alerting.|
|9||Implement backup and disaster recovery.|
|10||Manage users and permissions.|
|11||Manage environments and artifacts.|
|12||Manage logs and backups.|
|Hand over the production environment to the customer.|
Set up remote access to the customer's
|Table of Contents|
Remote access to on-premise data center
WSO2 manages the data center in the customer's environment. The VMs, servers, and operating systems should be made available by the customer according to the infrastructure needs (e.g., minimum memory) given by WSO2. WSO2 is responsible for setting up WSO2 products in the given servers, monitoring the servers, setting up applications etc.
We can identify two ways in which WSO2 can access the servers in the customer's data center as depicted in the diagrams below:
- Access using an IP-whitelisted bastion host
<Diagram coming up soon>
- Access using a customer-provided VPN
<Diagram coming up soon>
Amazon EC2 instance
The other method of access is when WSO2 does all the Managed Cloud deployments in an Amazon Virtual Private Cloud (Amazon VPC). A VPC enables you to launch Amazon Web Services (AWS) into a virtual network that you define. A VPC improves the security of your data by providing network-level control and isolation for the AWS. This virtual network closely resembles a traditional network but with improved security, reliability, and scalability.
The customers peer their VPC(s) within the WSO2-managed VPC, which is an extension of the WSO2 corporate network as shown in the diagram below:
Diagram: Remote access to the customer's EC2
This setup allows WSO2 Cloud Ops to access the customer's Production and non-production VPCs. This connectivity is built up on top of an IPSec VPN tunnel and a VPC peer interface that are managed by the AWS.
The WSO2 Managed Cloud offering is for hosting and maintaining WSO2 products in an Amazon EC2 instance that the customer purchases. Here are the tasks performed by the WSO2 Managed Cloud team when setting up the environments. For additional services, the customer can purchase WSO2 Support.
|Tasks within the WSO2 Managed Cloud SLA||Tasks covered by WSO2 Support services|
|Set up an AWS account upon the customer's request (excluding the costs pertaining to the hosting services).|
Develop and deploy applications and services.
Set up the virtual machines and networking in the customer's AWS.
Execute IT management tasks (e.g., creating users).
Deploy the WSO2 products that the customer purchased, according to the deployment architecture that was created in the Planning phase.
Execute quality assurance on the system.
(WSO2 will outsource Vulnerability Assessment and Penetration tests t o third-party consultants.)
Create user accounts with admin privileges for the customer to log in to the Management Consoles of the WSO2 products.
Conduct trainings on WSO2 products.
|Guarantee the availability of the Managed Cloud (See Support and Maintenance).||Perform upgrades of custom solutions and end-to-end testing of custom solutions during deployment, upgrade or migration.|
|Upgrade the WSO2 products and install software patches upon request. Security patches provided by the OS vendor are installed automatically.|
If the customer wants to synchronize his/her monitoring with that of WSO2, the operations teams from both sides need to agree on certain technical requirements such as additional agents that must be installed on hosts, how to expose dashboards to other networks, how to send alerts to additional email addresses and phones etc.
|Network and infrastructure-level security||As the Managed Cloud solutions are deployed in AWS, they inherit the security measures mentioned in https://aws.amazon.com/security/.|
|Operating system security|
Implement backup and disaster recovery