Deployment Roles and Responsibilities

Deploying and managing PubSub+ Cloud in a Customer-Controlled Region requires coordination between you and Solace. The exact roles and responsibilities differ depending on the deployment environment.

In particular, the responsibilities are different between:

  • Solace-controlled environments. This includes Public Regions (shared infrastructure) and Dedicated Regions (not shared; reserved for a single customer).
  • Customer-Controlled Regions. This includes customer-owned cloud regions and on-premises customer-owned networks, such as Kubernetes clusters.

The detailed responsibilities for installing and maintaining PubSub+ Cloud are listed in the sections that follow. For security-specific responsibilities, see Customer Roles and Responsibilities for Security.

Mission Control Agent

Installation

Task Description Responsibility Notes
Solace Customer
Technical requirements gathering Solace  

Solace works with the customer to gather the technical requirements of the deployment.

For Kubernetes, you can determine many of the technical details by answering the questions in Questionnaire: Deploying in a Customer-Controlled Region.

Ensuring that IaaS resources are available for install

Dedicated Region and Public Region

Solace  

In a Public Region, Solace is responsible for the cluster configuration, including ensuring that sufficient IaaS resources are available.

Customer-Controlled Region

  Customer

In a Customer-Controlled Region, the customer is responsible for cluster configuration, including ensuring that sufficient IaaS resources are available. Solace can assist with solution architecture.

Installation and validation

Public Region or Dedicated Region

Solace  

In a Public Region or Dedicated Region, Solace installs and validates the Mission Control Agent.

Customer-Controlled Region

  Solace

In a Customer-Controlled Region, the customer is responsible for installing the Mission Control Agent, using a values.yaml configuration file (see Private Regions) with assistance from Solace.

Post-installation validation

Solace  

Solace works with the customer to set up the first event broker service and validate end-to-end functioning. This step does not include validating customer applications.

Creating additional PubSub+ Cloud datacenters or regions

Solace  

Solace can create new data centers or regions at the customer's request. To request additional data centers or regions, contact Solace.

Network Connectivity

Solace Customer

Responsibility for network connectivity depends on the environment. See Networking, below.

Configuration of Event Broker Services

Task Description Responsibility Notes
Solace Customer

Creating services

  Solace

Customers create event broker services using Mission Control.

System-level configuration (HA, config-sync, message spool, etc.)

Solace  

These system-level settings are configured automatically by PubSub+ Cloud when you create your event broker service.

Application-level configuration (users, queues, JNDI, etc.)

  Solace

Customers directly configure application-level settings using Broker Manager or SEMP.

Manually Enabled Capabilities (Private Load Balancers, Message Retain, Replay, bridge certificates)

Solace  

Certain functionality must be manually configured and enabled by the PubSub+ Cloud team. To request this functionality, contact Solace.

VPN Bridge Configuration

  Solace

You can configure VPN Bridges using Broker Manager or SEMP.

Event mesh configuration

  Solace

You can configure your event mesh using Mesh Manager.

If you are configuring event mesh with replication (for the proposes of disaster recovery), see Using Replication for Disaster Recovery of Event Broker Services.

 

DMR Cluster

Solace See Note

If you require an internally-linked DMR cluster, it must be manually configured by Solace. To request this functionality, contact Solace

For the DMR clusters required for configuring replication, you are responsible. For more information, see Using Replication for Disaster Recovery of Event Broker Services.

Configuring emails and tuning alert levels for PubSub+ Insights.

  Solace

After PubSub+ Insights is enabled in your account, you can set up the email addresses that you want to use and tune the alerts that you want to receive.

Disaster Recovery (Replication): connectivity and system-level configuration

 

Solace

Replication must be manually configured. To request this functionality, contact Solace. For more information, see Using Replication for Disaster Recovery of Event Broker Services.

Disaster Recovery (Replication): application-level configuration (topics, sync vs. async, etc.)

  Solace

After replication has been configured for your event broker services, you can modify the related application-level settings using Broker Manager.

Adoption / Go-live Checklist / Validation

  Solace

Solace works with the customer to ensure that the deployment can correctly create event broker services during deployment. The customer is responsible to ensure that the event broker services are correctly configured and ready to go live.

Monitoring

Task Description Responsibility Notes
Solace Customer

Solace Infrastructure: Monitoring, Incident Management, and Communication

Solace  

Solace is responsible for monitoring, managing, and communicating incidents concerning Public Region and Dedicated Region infrastructure, including:

  • PubSub+ Home Cloud
  • PubSub+ Mission Control
  • PubSub+ Event Portal
  • PubSub+ Insights
  • PubSub+ Cloud Console
  • event broker services and IaaS resources in Public Region and Dedicated Region

Solace follows internal Incident Management Procedures that comply with SOC2 standards.

IaaS resources:

Customer-Controlled Region

  Solace

The customer is responsible for monitoring IaaS resources in cloud regions that they control. Joint troubleshooting with Solace may be required to resolve some IaaS issues.

Application-level monitoring and notification (queue depths, discards, etc)

  Solace

The customer is responsible for monitoring their applications using Insights. The default configuration provides this functionality for customers.

Certificate expiry and renewal (customer-owned certificates)

  Solace

The customer must update certificates before they expire. To request assistance, contact Solace .

Event Mesh monitoring and notification (DMR Links, Bridges)

  Solace

The customer is responsible for proactively monitoring their event mesh using Insights.

Solace can provide assistance to resolve issues.

Disaster Recovery (Replication):
Connectivity and Status

 

  Solace

The customer is responsible for monitoring their replication connectivity and status using SEMPv2 or Insights.

Solace can provide assistance to resolve issues. For more information, see Using Replication for Disaster Recovery of Event Broker Services.

VPC peering

Solace Customer

Responsibility for network connectivity depends on the environment. See Networking, below.

Operation

Task Description Responsibility Notes
Solace Customer

IaaS Operations—cluster, network, Kubernetes upgrades, Kubernetes patches

Public Regions and Public Regions

Solace  

In a Public Region or Dedicated Region, Solace is responsible for maintaining IaaS operations. See Upgrading Public Regions and Dedicated Regions.

Customer-Controlled Region

  Solace

In a Customer-Controlled Region, the customer is responsible for maintaining IaaS operations, including the health of the Kubernetes cluster. See Upgrading Customer-Controlled Regions.

Solace can provide assistance to resolve issues.

Troubleshooting—application-level issues

    Solace

The customer is responsible for troubleshooting and resolving application-level issues.

Solace can provide assistance to resolve issues.

Disaster Recovery (Replication)

    Solace

The customer is responsible for keeping replication operationally up. Joint troubleshooting with Solace may be required to resolve some issues. For more information, see Using Replication for Disaster Recovery of Event Broker Services.

VPC peering, VPN connectivity

  Solace Customer

Responsibility for network connectivity depends on the environment. See Networking, below.

Capacity Planning

Task Description Responsibility Notes
Solace Customer

Event broker services (service classes)

  Solace

The customer is responsible for ensuring that the event broker services, are adequately scaled.

Solace can assist with solution architecture and capacity planning.

Understanding and planning when to upscale (or scale up)

  Solace

The customer is responsible for planning when to upscale their event broker services.

Upscaling may require additional configuration or activation in the PubSub+ Home Cloud. Consult Solace for assistance with this activity. For more information about upscaling, see Upscaling Event Broker Services.

IaaS resources:

Customer-Controlled Region

  Solace

In a customer-controlled environment, the customer is responsible for adequately provisioning their IaaS resources and planning their Kubernetes clusters.

Solace can assist with solution architecture and capacity planning.

Solution Restoration

Task Description Responsibility Notes
Solace Customer

Restoration of services post-deletion

Public Region or Dedicated Region

N/A

N/A

PubSub+ Cloud currently does not support restoring event broker services after deletion.

Customer-Controlled Region

N/A

N/A

PubSub+ Cloud currently does not support restoring event broker services after deletion.

Restoration of service after IaaS issues

Public Region or Dedicated Region

Solace

In a Solace-controlled region, Solace is responsible for restoring service after IaaS problems.

Customer-Controlled Region

Solace

In a Customer-Controlled Region, the customer is responsible for restoring service after IaaS problems.

Solace can provide assistance to troubleshoot and resolve issues.

Broker configuration: backup and restore

 

Solace

Event broker services are automatically configured as high-availability (HA) services. Optionally, you can also configure disaster recovery (DR) using the replication feature. With both HA and DR configured, backing up and restoring the broker configuration should not be necessary.

PubSub+ Cloud does not provide any built-in functionality to back up and restore broker configuration. The customer must configure an alternative solution if required. For more information, see Backing up Event Broker Services.

Customer-owned certificates: backup and restore

  Solace

PubSub+ Cloud does not provide any built-in functionality to back up and restore certificates. The customer must configure an alternative solution.

Kubernetes Cluster

Task Description Responsibility Notes
Solace Customer

Configuration, monitoring, and operation of the Kubernetes cluster.

Public Region or Dedicated Region

Solace

 

In a Public Region, Solace is responsible for the configuration, monitoring, and operation of the Kubernetes cluster.

Customer-Controlled Region

 

Solace

In a Customer-Controlled Region, the customer is responsible for the configuration, monitoring, and operation of the Kubernetes cluster.

Networking

Task Description Responsibility Notes
Solace Customer

Configuration, monitoring, and resolving issues with VPC peering

Public Region or Dedicated Region

Solace

 

In Public Regions, Solace is responsible for configuring, monitoring and resolving issues with VPC peering.

Peering between Dedicated Regions or Public Regions and customer VPCs requires that the customer assist with configuration and provide Solace with the required access to the customer network. In this scenario, Solace is responsible for maintaining only the Public Region and Dedicated Region parts of the network.

Customer-Controlled Region

 

Solace

In Customer-Controlled Regions, the customer is responsible for configuring, monitoring, and resolving issues with VPC peering and VPN connectivity.

Peering between Public Regions or Dedicated Regions, and customer VPCs requires that the customer assist with configuration and provide Solace with the required access to the customer network. In this scenario, Solace is responsible for maintaining only the Public Region or Dedicated Regions.

Upgrades to Mission Control Agent and Event Broker Services

To upgrade event broker services to adopt security fixes, critical fixes, or features, the responsibilities of the customer and Solace are listed in the following table.

Task Description Responsibility Notes
Solace Customer
Upgrades to the PubSub+ Cloud platform ( includes the PubSub+ Cloud Console) Solace  

Solace updates both the PubSub+ Cloud platform and the PubSub+ Cloud Console.

Upgrades to the Mission Control Agent that are deployed on Kubernetes.

Public Region or Dedicated Region

Solace

 

In a Public Region, Solace is responsible for upgrading the Mission Control Agent.

Customer-Controlled Region

Solace

 

In a Customer-Controlled Region, the Mission Control Agent is self-upgrading in Kubernetes deployments, and Solace is responsible for the upgrade.

Any upgrade issues are coordinated with the customer.

Upgrades to Event Broker Services for New Releases and Maintenance Loads

Public Region or Dedicated Region

Solace Customer

You are responsible for scheduling an upgrade slot after the full support phase ends.

When the technical support phase ends, if you have not yet scheduled an upgrade slot for your event broker services, Solace automatically upgrades them to the latest production release (that supports upgrades). For more information about scheduling an upgrade slot and upgrades, see Upgrading Event Broker Services in PubSub+ Cloud .

Generally, customers don't need to be present on a call to coordinate the upgrade, but it is recommended to include contact information when booking an upgrade slot in Calendly in case issues arise. In some deployments to Customer-Controlled Regions, the customer is required to be present on a call based on the network connectivity configuration.

For details about upgrades, availability, and release cadence, see Upgrading Event Broker Services in PubSub+ Cloud .

Customer-Controlled Region

Solace Customer

You are responsible for scheduling an upgrade slot after the full support phase ends. When the technical support phase ends, if you have not yet scheduled an upgrade slot for your event broker services, Solace automatically upgrades them to the latest production release (that supports upgrades). For more information about scheduling an upgrade slot and upgrades, see Upgrading Event Broker Services in PubSub+ Cloud .

When booking an upgrade slot in Calendly, customers must include contact information. Customer also must be available on a call with Solace since the deployment is within a Customer-Controlled Region.

For details about upgrades, see Upgrading Event Broker Services in PubSub+ Cloud .