Skip to content

Responsibilities#

This page describes the responsibilities of Stakater and customers with respect to the various parts of SAAP. In essence, Stakater takes responsibility for the platform and platform data, while customer takes responsibility for their own applications and application data.

Data and Applications#

Customers are completely responsible for their own applications, workloads, and data that they deploy to SAAP. SAAP provides tools to help customers setup, manage, secure, integrate and optimize their apps.

Stakater Responsibilities Customer Responsibilities
  • Maintain platform-level standards for data encryption
  • Provide components to help manage application data such as secrets
  • Enable integration with third-party data services to store and manage data outside the cluster or cloud provider
  • All customer data stored on the platform and how customer applications consume and expose this data
  • Backup and restore
Stakater Responsibilities Customer Responsibilities
  • Create clusters with SAAP components installed, so that you can access SAAP to deploy and manage your containerized apps
  • Install and provide fully managed SAAP add-ons to extend your app's capabilities
  • Provide storage classes and plug-ins to support persistent volumes for use with your apps
  • Provide a container image registry, so customers can securely store application container images on the cluster to deploy and manage applications
  • Complete lifecycle¬†of customer applications and customer chosen third-party applications:
    • Monitoring
    • Configuration
    • Deployment
    • Version management
    • Resource limits
    • Cluster sizing
    • Permissions
    • Integrations
    • Backup and restore

Change Management#

Stakater is responsible for change management of the control plane nodes, infrastructure nodes and services, and worker nodes. The customer is responsible for initiating infrastructure change requests needed for customer applications, and installing and maintaining optional services and networking configurations on the cluster, as well as all changes to customer data and customer applications.

Stakater Responsibilities Customer Responsibilities
  • Aggregate and monitor platform logs
  • Provide and maintain a logging operator to enable the customer to deploy a logging stack for default application logging
  • Install, configure, and maintain any optional app logging solutions in addition to the provided ones
  • Modify size and frequency of application logs being produced by customer applications if they are affecting the stability of the cluster
Stakater Responsibilities Customer Responsibilities
  • Provide the ability to set up private load balancers when required
  • Provide the ability to set the OpenShift router as private
  • Install, configure, and maintain OpenShift SDN components for default internal pod traffic
  • Assist the customer with NetworkPolicy and EgressNetworkPolicy objects
  • Configure non-default pod network permissions for project and pod networks, pod ingress, and pod egress using NetworkPolicy objects
  • Request and configure any additional service load balancers for specific services
  • Configure any necessary DNS forwarding rules
Stakater Responsibilities Customer Responsibilities
  • Set up cluster management components, such as public or private service endpoints and necessary integration with virtual networking components
  • Set up internal networking components required for internal cluster communication between worker, infrastructure, and control plane nodes
  • Provide optional non-default IP address ranges for machine CIDR, service CIDR, and pod CIDR if needed through the SAAP console when the cluster is created
Stakater Responsibilities Customer Responsibilities
  • Set up and configure virtual networking components required to provision the cluster, including virtual private cloud, subnets, load balancers, internet gateways, NAT gateways
  • Provide the ability for the customer to manage VPN connectivity with on-premises resources, VPC to VPC connectivity, and direct connectivity as required
  • Set up and maintain optional public cloud networking components
Stakater Responsibilities Customer Responsibilities
  • Own the cluster upgrade scheduling process
  • Publish changelogs and release notes for upgrades
  • Schedule patch version upgrades either immediately or at a specific date
  • Acknowledge and schedule minor and major version upgrades
  • Test customer applications on all versions to ensure compatibility
Stakater Responsibilities Customer Responsibilities
  • Monitor use of control plane nodes and infrastructure nodes
  • Scale or resize control plane nodes to maintain quality of service
  • Monitor use of customer resources including network, storage and compute capacity. Where autoscaling features are not enabled, alert customer for any changes required to cluster resources.
  • Respond to Stakater notifications regarding cluster resource requirements

Disaster Recovery#

Stakater Responsibilities Customer Responsibilities
  • Recovery of SAAP in case of disaster
  • Recovery of the workloads that run the cluster and your applications' data
  • Disaster recovery for any third-party integrations with other cloud services such as file, block, object, cloud database, logging, or audit event services

Incident Operations Management#

The customer is responsible for incident and operations management of customer application data and any custom networking the customer might have configured for the cluster network or virtual network.

Stakater Responsibilities Customer Responsibilities
  • Respond to platform-component related alerts
  • Monitor cloud load balancers and native OpenShift router services
  • Monitor health of customer service load balancer endpoints
  • Monitor health of customer application routes, and the endpoints behind them
Stakater Responsibilities Customer Responsibilities
  • Monitor cloud load balancers, subnets, and public cloud components necessary for default platform networking
  • Monitor network traffic that is optionally configured through VPC to VPC connection, VPN connection, or direct connection

Identity Access Management#

Stakater Responsibilities Customer Responsibilities
  • Just-in-time access to relevant logs via Privileged Access Management (PAM)
  • Configure OpenShift RBAC to control access to projects and by extension a project's application logs
  • For third-party or custom application logging solutions, the customer is responsible for access management
Stakater Responsibilities Customer Responsibilities
  • Just-in-time access to relevant logs via Privileged Access Management (PAM)
  • Manage organization administrators for Stakater to grant access to SAAP console
Stakater Responsibilities Customer Responsibilities
  • Just-in-time access to relevant logs via Privileged Access Management (PAM)
  • Manage organization administrators for Stakater to grant access to SAAP console
Stakater Responsibilities Customer Responsibilities
  • Just-in-time access to relevant logs via Privileged Access Management (PAM)
  • Manage optional user access to public cloud components

Security Regulation Compliance#

Stakater Responsibilities Customer Responsibilities
  • Retain audit logs for security incidents for a defined period of time to support forensic analysis
  • Analyze application logs for security events
Stakater Responsibilities Customer Responsibilities
  • Monitor virtual networking components for potential issues and security threats
  • Monitor optionally-configured virtual networking components for potential issues and security threats