Customer Roles and Responsibilities for Security

The following table summarizes the security responsibilities based on the deployment architecture chosen.  The exact responsibilities differ based on the environment that the customer (you) has chosen for their deployment environment. For more information about deployment architectures, see Summary of Security Architecture for Deployment Environments.

In particular, the responsibilities are different between:

  • a Solace-controlled environment (for example: a Solace-controlled cloud region in the public cloud; a Solace-controlled cloud region dedicated to a single customer)
  • a customer-controlled environment (for example: a customer-controlled cloud region; an on-premises customer-controlled network, such as a Kubernetes cluster)

The following tables summarize the responsibilities of the customer and Solace for security-related tasks.

Infrastructure and Networking Security Responsibilities

The following table describes the security responsibilities of various aspects of a deployment and components in the security architecture.

Task Description Responsibility Notes
Solace Customer

Security updates for the Solace Home Cloud and PubSub+ Cloud Console.

Solace-controlled region (includes customer-dedicated region)

 

The Solace Home Cloud and PubSub+ Cloud Console are in Solace-controlled regions and therefore security updates and upgrades are managed by Solace.

 

Customer-controlled private region (includes Kubernetes and VM-based)

 

Coordination with Datadog (third-party service) to maintain and update the central monitoring service.

Solace-controlled Region (includes customer-dedicated region)

 

The central monitoring service (Datadog) collects logs, metrics, and statistics from Event Broker Service. Solace handles all interactions with Datadog that are related to PubSub+ Cloud.

 

Customer-controlled private region (includes Kubernetes and VM-based)

 

Deploying and upgrading the Mission Control Agents

Solace-controlled region (includes customer-dedicated region)

 

Solace manages upgrades to the Mission Control Agent for event broker services in Solace-controlled regions.

Customer-controlled private region (includes Kubernetes and VM-based)

Since the Mission Control Agent is deployed in the customer-controlled region, the customer is responsible for the Mission Control Agent, but the activity of performing the upgrade is a joint effort with Solace. The customer must contact Solace when they want to upgrade their Mission Control Agent.

Security updates to Event broker services

Solace-controlled Region (includes customer-dedicated region)

 
  • For the PubSub+ Event Broker: Cloud software version, Solace and customer coordinate to determine when the best time to perform the upgrade with the customer update it. The lead time required is usually two weeks.
  • In customer-controlled environments, the customer is responsible to monitor for product notices and request upgrades when they are available; this includes taking appropriate actions as required.
 

Customer-controlled private region (includes Kubernetes and VM-based)

 

Security for networking and network access of the event broker service (e.g., maintenance of NAT, load balancers)

Solace-controlled region (includes customer-dedicated region)

Solace manages the network access for dedicated-customer regions and manages security updates for the Solace-controlled parts of the network.

Customer-controlled private region (includes Kubernetes and VM-based)

 

If the client applications can connect from within a customer-controlled private network, the customer is responsible to manage access of those applications, manage security updates, and configure their network so that the client applications can access event broker services.

Configuring VPC/VNet routes as required between the event broker services and client applications (this includes VPC peering, VPN connectivity)

Solace-controlled region (includes customer-dedicated region)

In a Solace-controlled region, Solace is responsible for configuring, monitoring and resolving issues with VPC peering and VPN connectivity.

Peering between a Solace-controlled region and a customer VPC requires that the customer assist with configuration and provide Solace with the required access to the customer network. In this scenario, Solace is responsible for maintaining only the Solace-controlled parts of the network.

For Solace-controlled, customer-dedicated regions, Solace exchanges custom routes between the dedicated region for VPC/VNet peering with the customer.

Customer-controlled private region (includes Kubernetes and VM-based)

 

In a customer-controlled region, the customer is responsible for configuring, monitoring, and resolving issues with VPC peering and VPN connectivity.

Peering between a Solace-controlled region and a customer VPC requires that the customer assist with configuration and provide Solace with the required access to the customer network. In this scenario, Solace is responsible for maintaining only the Solace-controlled parts of the network.

The customer is responsible to coordinate with their infrastructure teams to configure secure connectivity (VPC/VNet peering , VPN, Transit Gateway, etc.) between the where client applications reside and event broker services in the Kubernetes cluster. This may also include configuring load balancers, gateways, and NAT access.

Network infrastructure security of the client messaging applications

Solace-controlled region (includes customer-dedicated region)

 

The security infrastructure that the client application runs on is managed by the customers.

 

Customer-controlled private region (includes Kubernetes and VM-based)

 

Security of the infrastructure where the event broker services are deployed [includes Kubernetes clusters (GCP), the VM images (AWS/Azure), and the supporting infrastructure]. This includes security maintenance updates.

Solace-controlled region (includes customer-dedicated region)

 

Solace ensures that the most recent security measures and best practices are implemented to address on-going security threats for the infrastructure where the event broker services run that include the VPC/VNET (VM-based deployments ) and Kubernetes cluster.

For a summary of the various processes in place and best practices, see Operational Procedures and Policies and Considerations for Additional Security and Best Practices.

Customer-controlled Private Region (includes Kubernetes and VM-based)

  • The customer is responsible for setting up, managing, securing, and maintaining their private region (VPC/VNET) for VM-based deployments and the Kubernetes cluster.
  • Solace pushes updated VM images and docker images where event broker services are deployed. In customer-controlled environments, the customer is responsible for monitoring for product notices and request upgrades when they are available; this includes taking appropriate actions as required.

User Control Responsibilities

The users (the customers) are responsible for establishing their own system of internal control and enforcing those controls. It is not feasible for all trust services criteria to be solely achieved by Solace. User control encompasses access from users, which includes both people and client application access.

Task Description Responsibility Notes
Solace Customer

The security and integrity of data stored and processed in facilities, infrastructure, and environments

Solace-controlled region (includes customer-dedicated region)

 

The event broker services run on Solace-controlled infrastructure. The data in on the messaging plane portion of the event broker services is not accessible to Solace. Any data stored or captured by the client applications are under the customer's control.

Customer-controlled Private Region (includes Kubernetes and VM-based)

 

The event broker services run on customer-controlled infrastructure. Any data stored or captured by the client applications are under the customer's control.

Managing access to the customer's PubSub+ Cloud account (configuring access such as Single Sign-On access, adding/deleting users, review, implementation of logical access security measures)

 

Solace-controlled region (includes customer-dedicated region)

 

  • The customers is responsible for managing the appropriate access (credentials, roles) for their users in their PubSub+ Cloud account.
  • The customer is responsible for adding or removing users for their PubSub+ Cloud account.
  • The customer is responsible for performing periodic review of their access and configuration in their PubSub+ Cloud account.
  • The customer is responsible for enabling OpenID and integrating with their Identity Provider for Single Sign-On (SSO) and/or Multi-factor Authentication (MFA).
  • Customers who use OpenID Connect (OIDC) can use SSO deploy appropriate auditing controls for logging of their users  when accessing the OpenID Identity Provider.
  • Customers using Solace-Controlled, customer dedicated regions are responsible for reviewing and approving the security configuration of the VPC/VNet as well as access to the event broker services.

The customer can contact Solace as required for assistance for access issues. For more information about integrating with OpenID Connect , see PubSub+ Cloud SSO with OpenID Connect

Customer-controlled private region (includes Kubernetes and VM-based)