🤝RACI
Sharing responsibilities
Objective and Definitions
To have a common understanding about the responsibilities and duties between cegedim.cloud and the customer, we use a RACI matrix.
R | Responsible | Assigned to complete the task or deliverable |
A | Accountable | Has final decision-making authority and accountability for completion (only 1 per task) |
C | Consulted | An adviser, stakeholder, or subject matter expert who is consulted before a decision or action |
I | Informed | Must be informed after a decision or action |
Generic RACI Matrix
Below is the RACI matrix describing actions related to managed products from cegedim.cloud's catalog.
There are slight differences according to the plan subscribed by the customer :
| Plan | Description |
|---|---|
Self Service | The customer can create resources directly through ITCare, using self-service and pay-per-usage. |
On Request | Resources are provisioned and delivered by cegedim.cloud on request by the customer. |
| Actions | Plan | cegedim.cloud | customer | Comments |
|---|---|---|---|---|
Create, Stop, Start, Delete or Resize an instance or a cluster | Self Service | I | A / R | The decision of provisioning / stopping / starting / deleting a deployment and associated parameters is done by the customer. The actions are performed :
|
Use an instance or a cluster | * | I | A / R | Customer is responsible of the healthy usage of the product. |
Modify configurations | On request | A / R | I | Certain configuration parameters can be modified at the customer's request. |
Standard Monitoring | * | A / R | I | Monitoring is mandatory, and accessible to customer through ITCare. |
Performance metrics | * | R | I | Performance metrics are provided by default and reachable through ITCare. |
Backup and Restoration | * | R | A / I | Backup policy is defined by customer and applied by cegedim.cloud, which is responsible of ensuring that backups are done, and restoration of data when requested. Customer has information about the backup in ITCare. |
Disaster Recovery Protection | * | R | A / I | Disaster Recovery is activated by customer and applied by cegedim.cloud, which is responsible of ensuring that associated RTO and RPO are reached. Customer has information about the Disaster Recovery Protection in ITCare. |
Security Patches | * | R | A / I | Cegedim.cloud passes security patches in the execution environment, quarterly, during "Patch parties", by default. |
Version Upgrades | On Request or Self Service | R | A / I / R | Upgrade can be done by the customer from the ITCare in autonomy when possible OR a request can be issued by the customer, and if the transition is possible, cegedim.cloud will upgrade or update the product version. |
Specific RACI Matrix
Some of our products have specific actions that can be carried out autonomously and in self-service from our ITCare cloud management tool. The matrices below are therefore complementary to the generic RACI matrix.
Kubernetes
| Actions | Plan | cegedim.cloud | customer | Comments |
|---|---|---|---|---|
Add a Kubernetes node | Self-service | I | A / R | Customer can add Kubernetes nodes in self-service using ITCare. |
Resize Kubernetes nodes | Self-service | I | A / R | Customer can resize Kubernetes nodes in self-service using ITCare. |
Remove a Kubernetes node | Self-service | I | A / R | Customer can remove a Kubernetes node in self-service using ITCare. |
Enable HA mode | Self-service | I | A / R | Customer can enable High Availability on a Kubernetes cluster in self-service using ITCare. |
MariaDB
| Actions | Plan | cegedim.cloud | customer | Comments |
|---|---|---|---|---|
Add a MariaDB read-only Replica | On Request | A / R | I | On request, a read only MariaDB replica can be configured for a standalone MariaDB node. |
OpenSearch
| Actions | Plan | cegedim.cloud | customer | Comments |
|---|---|---|---|---|
Index management | * | I | A / R | Customer is responsible of the creating and managing his indices. cegedim.cloud do not have access to them except for the security_audit index. |
PostgreSQL
| Actions | Plan | cegedim.cloud | customer | Comments |
|---|---|---|---|---|
Restore source PostgreSQL on a destination (seed) | Self-service | I | A / R | The decision to restore a PostgreSQL farm to another PostgreSQL farm is made by the client. The actions are carried out:
|
Convert to High availability | Self-service | I | A / R | The decision to restore a PostgreSQL farm to another PostgreSQL farm is made by the client. The actions are carried out:
|
Apache Kafka
| Actions | Plan | cegedim.cloud | customer | Comments |
|---|---|---|---|---|
Manage Apache Kafka objects | * | I | A / R | Customer is responsible of the Apache Kafka objects management (topics, partitions, etc..) and its healthy usage. |
RabbitMQ
| Actions | Plan | cegedim.cloud | customer | Comments |
|---|---|---|---|---|
Manage RabbitMQ objects | * | I | A / R | Customer is responsible of the RabbitMQ objects management (exchanges, queues, etc..) and its healthy usage. |
Bot Defense
| Actions | Plan | cegedim.cloud | customer | Commentaires |
|---|---|---|---|---|
Enable / Disable Bot Defense option on a Load Balancer | Self-service | I | A / R | The decision of enabling / disabling the Bot Defense option is done by the customer. |
Add or delete Whitelisted IP | Self-service | I | A / R | Customer can add or delete whitelisted IP. |
Access to DDOS and blocked requests from Bot Defense and Dos Protection | Self-service | I | A / R | Report in real time blocked request (Including blocked ip, blocking reason and the support ID). |
Request details on blocked request | On Request | A / R | I | Upon request by the customer, more information can be provided for a blocked request by providing the support ID |
Data Masking
| Actions | Plan | cegedim.cloud | customer |
|---|---|---|---|
Designate a champion and define data masking objectives | * | I | A / R |
Define the context of the masking | * | I | A / R |
Identify sensitive data to be masked (specifications) | * | I | A / R |
Identify data integrity constraints within the database | * | I | A / R |
PDM : discover and sensitive data tag | * | A / R | I / C |
PDM : Masking rules and masking policy definition | * | A / R | I / C |
PDM : Optional : custom rules and dictionaries implementation | * | A / R | I / C |
PDM : Masking plan creation and execution*
| * | A / R | I / C |
Results verification and masking effectiveness validation | * | I | A / R |
*Each execution includes: prerequisite check, script execution, monitoring of the execution by an IT security expert in direct contact with the customer
Vault
| Actions | Plan | cegedim.cloud | customer | Comments |
|---|---|---|---|---|
Manage secrets paths | * | A / R | Creating the paths in Vault where secrets are saved | |
Manage secrets engines | * | A / R | Creating, editing and removing secrets engine in Vault | |
Manage authentication methods | * | A / R | Creating ACL for limiting user access right | |
Configure endpoints | * | A / R | Configure endpoints (can be servers, script, etc). |
GlusterFS
| Actions | Plan | cegedim.cloud | customer | Comments |
|---|---|---|---|---|
Manage storage volumes | Self-service | I | A / R | Customer is responsible of the management (creation, deletion, resize) of the storage volumes for his cluster. |
Object Storage
| Actions | Plan | cegedim.cloud | customer | Comments |
|---|---|---|---|---|
Create an Object Store | Self-service | I | A / R | The decision of provisioning / Deleting / modify an Object Store and associated parameters is done by the customer. The actions are performed :
|
Manage Object Store Quota | Self-service | I | A / R | |
Delete a Object Store | Self-service | I | A / R | |
Create an Object User | Self-service | I | A / R | The decision of creating an Object User and associated parameters is done by the customer. The actions are performed :
|
Manage Object Users | Self-service | I | A / R | The decision of modify an Object User and associated parameters is done by the customer. These actions include the Secret Key renewal or Object User locking. The actions are performed :
|
Delete Object Users | Self-service | I | A / R | The decision of Delete an Object User and associated parameters is done by the customer. The actions are performed :
|
Create Bucket | Self-service | I | A / R | Bucket creation and associated parameters is done by the customer. The actions are performed using the S3 API. |
Delete Bucket | Self-service | I | A / R | Bucket deletion and associated parameters is done by the customer. The actions are performed using the S3 API. |
Manage Bucket Policy | Self-service | I | A / R | Bucket Policy management is done by the customer. The actions are performed using the S3 API. |
Manage Lifecycle Configuration | Self-service | I | A / R | Lifecycle Configuration management is done by the customer. The actions are performed using the S3 API. |
Manage Object Configuration | Self-service | I | A / R | Object Lock configuration on Bucket or object is done by the customer. The actions are performed using the S3 API. |
Availability and Monitoring | * | R / A | I | cegedim.cloud will ensure the Object Storage Service is globally available and healthy at all times. |
Multi Region Replication | * | R / A | I | Data replication between region is done by cegedim.cloud, which is responsible of ensuring that associated RTO and RPO are reached. Customer has information about the Disaster Recovery Protection in ITCare. |
Security Patches | * | R / A | I | cegedim.cloud apply security patches. it is transparent for customers and this does not lead to an interruption of service. |
Version Upgrades | * | R / A | I | cegedim.cloud apply upgrade patches. it is transparent for customers and this does not lead to an interruption of service. S3 API may change. |
Last updated
