Deployment Roles and Responsibilities
Deploying and managing
In particular, the responsibilities are different between:
- Solace-controlled environments. This includes Public Regions (shared infrastructure) and Dedicated Regions (not shared; reserved for a single customer).
- Customer-Controlled Regions. This includes customer-owned cloud regions and on-premises customer-owned networks, such as Kubernetes clusters.
The detailed responsibilities for installing and maintaining PubSub+ Cloud are listed in the sections that follow. For security-specific responsibilities, see Customer Roles and Responsibilities for Security.
Mission Control Agent
Installation
Task Description | Responsibility | Notes | ||
---|---|---|---|---|
Solace | Customer | |||
Technical requirements gathering |
Solace works with the customer to gather the technical requirements of the deployment. For Kubernetes, you can determine many of the technical details by answering the questions in Questionnaire: Deploying in a Customer-Controlled Region. |
|||
Ensuring that IaaS resources are available for install |
Dedicated Region and Public Region |
In a Public Region, Solace is responsible for the cluster configuration, including ensuring that sufficient IaaS resources are available. |
||
Customer-Controlled Region |
In a Customer-Controlled Region, the customer is responsible for cluster configuration, including ensuring that sufficient IaaS resources are available. Solace can assist with solution architecture. |
|||
Installation and validation |
Public Region or Dedicated Region |
In a Public Region or Dedicated Region, Solace installs and validates the Mission Control Agent. |
||
Customer-Controlled Region |
In a Customer-Controlled Region, the customer is responsible for installing the Mission Control Agent, using a |
|||
Post-installation validation |
Solace works with the customer to set up the first event broker service and validate end-to-end functioning. This step does not include validating customer applications. |
|||
Creating additional PubSub+ Cloud datacenters or regions |
Solace can create new data centers or regions at the customer's request. To request additional data centers or regions, contact Solace. |
|||
Network Connectivity |
Responsibility for network connectivity depends on the environment. See Networking, below. |
Configuration of Event Broker Services
Task Description | Responsibility | Notes | |
---|---|---|---|
Solace | Customer | ||
Creating services |
Customers create event broker services using Mission Control. |
||
System-level configuration (HA, config-sync, message spool, etc.) |
These system-level settings are configured automatically by PubSub+ Cloud when you create your event broker service. |
||
Application-level configuration (users, queues, JNDI, etc.) |
Customers directly configure application-level settings using Broker Manager or SEMP. |
||
Manually Enabled Capabilities (Private Load Balancers, Message Retain, Replay, bridge certificates) |
Certain functionality must be manually configured and enabled by the PubSub+ Cloud team. To request this functionality, contact Solace. |
||
VPN Bridge Configuration |
You can configure VPN Bridges using Broker Manager or SEMP. |
||
Event mesh configuration |
You can configure your event mesh using Mesh Manager. If you are configuring event mesh with replication (for the proposes of disaster recovery), see Using Replication for Disaster Recovery of Event Broker Services.
|
||
DMR Cluster |
See Note |
If you require an internally-linked DMR cluster, it must be manually configured by Solace. To request this functionality, contact Solace For the DMR clusters required for configuring replication, you are responsible. For more information, see Using Replication for Disaster Recovery of Event Broker Services. |
|
Configuring emails and tuning alert levels for PubSub+ Insights. |
After PubSub+ Insights is enabled in your account, you can set up the email addresses that you want to use and tune the alerts that you want to receive. |
||
Disaster Recovery (Replication): connectivity and system-level configuration |
|
Replication must be manually configured. To request this functionality, contact Solace. For more information, see Using Replication for Disaster Recovery of Event Broker Services. |
|
Disaster Recovery (Replication): application-level configuration (topics, sync vs. async, etc.) |
After replication has been configured for your event broker services, you can modify the related application-level settings using Broker Manager. |
||
Adoption / Go-live Checklist / Validation |
Solace works with the customer to ensure that the deployment can correctly create event broker services during deployment. The customer is responsible to ensure that the event broker services are correctly configured and ready to go live. |
Monitoring
Task Description | Responsibility | Notes | ||
---|---|---|---|---|
Solace | Customer | |||
Solace Infrastructure: Monitoring, Incident Management, and Communication |
Solace is responsible for monitoring, managing, and communicating incidents concerning Public Region and Dedicated Region infrastructure, including:
Solace follows internal Incident Management Procedures that comply with SOC2 standards. |
|||
IaaS resources: Customer-Controlled Region |
The customer is responsible for monitoring IaaS resources in cloud regions that they control. Joint troubleshooting with Solace may be required to resolve some IaaS issues. |
|||
Application-level monitoring and notification (queue depths, discards, etc) |
The customer is responsible for monitoring their applications using Insights. The default configuration provides this functionality for customers. |
|||
Certificate expiry and renewal (customer-owned certificates) |
The customer must update certificates before they expire. To request assistance, contact Solace . |
|||
Event Mesh monitoring and notification (DMR Links, Bridges) |
The customer is responsible for proactively monitoring their event mesh using Insights. Solace can provide assistance to resolve issues. |
|||
Disaster Recovery (Replication):
|
The customer is responsible for monitoring their replication connectivity and status using SEMPv2 or Insights. Solace can provide assistance to resolve issues. For more information, see Using Replication for Disaster Recovery of Event Broker Services. |
|||
VPC peering |
Responsibility for network connectivity depends on the environment. See Networking, below. |
Operation
Task Description | Responsibility | Notes | ||
---|---|---|---|---|
Solace | Customer | |||
IaaS Operations—cluster, network, Kubernetes upgrades, Kubernetes patches |
Public Regions and Public Regions |
In a Public Region or Dedicated Region, Solace is responsible for maintaining IaaS operations. See Upgrading Public Regions and Dedicated Regions. |
||
Customer-Controlled Region |
In a Customer-Controlled Region, the customer is responsible for maintaining IaaS operations, including the health of the Kubernetes cluster. See Upgrading Customer-Controlled Regions. Solace can provide assistance to resolve issues. |
|||
Troubleshooting—application-level issues |
The customer is responsible for troubleshooting and resolving application-level issues. Solace can provide assistance to resolve issues. |
|||
Disaster Recovery (Replication) |
The customer is responsible for keeping replication operationally up. Joint troubleshooting with Solace may be required to resolve some issues. For more information, see Using Replication for Disaster Recovery of Event Broker Services. |
|||
VPC peering, VPN connectivity |
Responsibility for network connectivity depends on the environment. See Networking, below. |
Capacity Planning
Task Description | Responsibility | Notes | |
---|---|---|---|
Solace | Customer | ||
Event broker services (service classes) |
The customer is responsible for ensuring that the event broker services, are adequately scaled. Solace can assist with solution architecture and capacity planning. |
||
Understanding and planning when to upscale (or scale up) |
The customer is responsible for planning when to upscale their event broker services. Upscaling may require additional configuration or activation in the PubSub+ Home Cloud. Consult Solace for assistance with this activity. For more information about upscaling, see Upscaling Event Broker Services. |
||
IaaS resources: Customer-Controlled Region |
In a customer-controlled environment, the customer is responsible for adequately provisioning their IaaS resources and planning their Kubernetes clusters. Solace can assist with solution architecture and capacity planning. |
Solution Restoration
Task Description | Responsibility | Notes | ||
---|---|---|---|---|
Solace | Customer | |||
Restoration of services post-deletion |
Public Region or Dedicated Region |
N/A |
N/A |
PubSub+ Cloud currently does not support restoring event broker services after deletion. |
Customer-Controlled Region |
N/A |
N/A |
PubSub+ Cloud currently does not support restoring event broker services after deletion. |
|
Restoration of service after IaaS issues |
Public Region or Dedicated Region |
In a Solace-controlled region, Solace is responsible for restoring service after IaaS problems. |
||
Customer-Controlled Region |
In a Customer-Controlled Region, the customer is responsible for restoring service after IaaS problems. Solace can provide assistance to troubleshoot and resolve issues. |
|||
Broker configuration: backup and restore |
|
Event broker services are automatically configured as high-availability (HA) services. Optionally, you can also configure disaster recovery (DR) using the replication feature. With both HA and DR configured, backing up and restoring the broker configuration should not be necessary. PubSub+ Cloud does not provide any built-in functionality to back up and restore broker configuration. The customer must configure an alternative solution if required. For more information, see Backing up Event Broker Services. |
||
Customer-owned certificates: backup and restore |
PubSub+ Cloud does not provide any built-in functionality to back up and restore certificates. The customer must configure an alternative solution. |
Kubernetes Cluster
Task Description | Responsibility | Notes | ||
---|---|---|---|---|
Solace | Customer | |||
Configuration, monitoring, and operation of the Kubernetes cluster. |
Public Region or Dedicated Region |
|
|
In a Public Region, Solace is responsible for the configuration, monitoring, and operation of the Kubernetes cluster. |
Customer-Controlled Region |
|
|
In a Customer-Controlled Region, the customer is responsible for the configuration, monitoring, and operation of the Kubernetes cluster. |
Networking
Task Description | Responsibility | Notes | ||
---|---|---|---|---|
Solace | Customer | |||
Configuration, monitoring, and resolving issues with VPC peering |
Public Region or Dedicated Region |
|
In Public Regions, Solace is responsible for configuring, monitoring and resolving issues with VPC peering. Peering between Dedicated Regions or Public Regions and customer VPCs requires that the customer assist with configuration and provide Solace with the required access to the customer network. In this scenario, Solace is responsible for maintaining only the Public Region and Dedicated Region parts of the network. |
|
Customer-Controlled Region |
|
In Customer-Controlled Regions, the customer is responsible for configuring, monitoring, and resolving issues with VPC peering and VPN connectivity. Peering between Public Regions or Dedicated Regions, and customer VPCs requires that the customer assist with configuration and provide Solace with the required access to the customer network. In this scenario, Solace is responsible for maintaining only the Public Region or Dedicated Regions. |
Upgrades to Mission Control Agent and Event Broker Services
To upgrade event broker services to adopt security fixes, critical fixes, or features, the responsibilities of the customer and Solace are listed in the following table.
Task Description | Responsibility | Notes | ||
---|---|---|---|---|
Solace | Customer | |||
Upgrades to the PubSub+ Cloud platform ( includes the PubSub+ Cloud Console) |
Solace updates both the PubSub+ Cloud platform and the PubSub+ Cloud Console. |
|||
Upgrades to the Mission Control Agent that are deployed on Kubernetes. |
Public Region or Dedicated Region |
|
In a Public Region, Solace is responsible for upgrading the Mission Control Agent. |
|
Customer-Controlled Region |
|
In a Customer-Controlled Region, the Mission Control Agent is self-upgrading in Kubernetes deployments, and Solace is responsible for the upgrade. Any upgrade issues are coordinated with the customer. |
||
Upgrades to Event Broker Services for New Releases and Maintenance Loads |
Public Region or Dedicated Region |
You are responsible for scheduling an upgrade slot after the full support phase ends. When the technical support phase ends, if you have not yet scheduled an upgrade slot for your event broker services, Solace automatically upgrades them to the latest production release (that supports upgrades). For more information about scheduling an upgrade slot and upgrades, see Upgrading Event Broker Services in PubSub+ Cloud . Generally, customers don't need to be present on a call to coordinate the upgrade, but it is recommended to include contact information when booking an upgrade slot in Calendly in case issues arise. In some deployments to Customer-Controlled Regions, the customer is required to be present on a call based on the network connectivity configuration. For details about upgrades, availability, and release cadence, see Upgrading Event Broker Services in PubSub+ Cloud . |
||
Customer-Controlled Region |
You are responsible for scheduling an upgrade slot after the full support phase ends. When the technical support phase ends, if you have not yet scheduled an upgrade slot for your event broker services, Solace automatically upgrades them to the latest production release (that supports upgrades). For more information about scheduling an upgrade slot and upgrades, see Upgrading Event Broker Services in PubSub+ Cloud . When booking an upgrade slot in Calendly, customers must include contact information. Customer also must be available on a call with Solace since the deployment is within a Customer-Controlled Region. For details about upgrades, see Upgrading Event Broker Services in PubSub+ Cloud . |