Private Data Plane Management Models
Choreo supports various management models for private data planes (PDPs), fostering collaboration between WSO2 and customers across diverse scenarios. The following sections provide insights into WSO2's fully managed solutions and shared responsibility models, allowing you to make informed decisions regarding cloud-based operations and security.
WSO2 fully managed (infrastructure and PDP in WSO2 subscription) model
WSO2 fully managed private data planes are supported only on Azure, AWS, and GCP cloud providers.
| Task |
Task description |
Responsible party |
Accountable |
Consulted |
Informed |
| Subscription prerequisites |
- Create subscriptions
- Check quota and service limits
- Run the Choreo compatibility prerequisite script |
WSO2 |
WSO2 |
Customer (If required) |
Customer (If required) |
| Remote access for installation |
Provide owner access |
WSO2 |
WSO2 |
WSO2 |
WSO2 |
| Network management |
- Obtain customers backend CIDR in case of VPN/peering
- Check end-to-end connectivity (primary and failover) |
WSO2/Customer |
WSO2/Customer |
Customer |
Customer |
| Firewall rules/access control |
Set up firewall and required rules depending on the security tier |
WSO2 |
WSO2 |
Customer |
Customer |
| Infrastructure provisioning |
- Provision Bastion
- Provision Kubernetes clusters |
WSO2 |
WSO2 |
- |
Customer(If required) |
| Kubernetes cluster management |
- Manage Kubernetes versions
- Increase node pool size |
WSO2 |
WSO2 |
Customer |
Customer |
| Infrastructure monitoring |
Set up alerts |
WSO2 |
WSO2 |
- |
Customer(If required) |
| DNS management for Choreo system |
- Manage DNS infrastructure
- Manage SSL certificates for Choreo system components |
WSO2/Customer |
WSO2/Customer |
Customer |
Customer |
| Choreo system components deployment |
Set up PDP agents via Helm |
WSO2 |
WSO2 |
- |
- |
| Choreo system components management |
Upgrade/patch/debug versions |
WSO2 |
WSO2 |
- |
Customer(If required) |
| Choreo system components monitoring |
- Set up continuous monitoring 24x7
- Provide monthly uptime reports |
WSO2 |
WSO2 |
- |
Customer |
| Choreo system security monitoring |
If basic tier
- CSPM
- Apply security patches
- Manage supply chain security (Image scanning, SAST)
- Manage security incidents
If standard tier/premium tier
- CSPM
- Apply security patches
- Manage supply chain security
- Monitor runtime security alerts (Azure Defender)
- Monitor security incident and event management (SIEM) alerts
- Manage security incidents
- Adhere to compliance standards |
WSO2/Customer |
WSO2/Customer |
WSO2/Customer |
WSO2/Customer |
| Choreo application creation/deployment |
|
Customer |
Customer |
Customer |
Customer |
| Choreo application management |
|
Customer |
Customer |
Customer |
Customer |
| Choreo application monitoring |
|
Customer |
Customer |
Customer |
Customer |
| Choreo application logs |
|
Customer |
Customer |
Customer |
Customer |
WSO2 fully managed (infrastructure and PDP in customer subscription) model
| Task |
Task description |
Responsible party |
Accountable |
Consulted |
Informed |
| Subscription prerequisites |
- Create subscriptions
- Check quota and service limits
- Run the Choreo compatibility prerequisite script |
Customer |
Customer |
WSO2 |
- |
| Remote access for installation |
Provide access |
Customer |
Customer |
WSO2 |
WSO2 |
| Network management |
- Obtain customers backend CIDR in case of VPN/peering
- Check end-to-end connectivity (primary and failover) |
WSO2/Customer |
WSO2/Customer |
Customer |
Customer |
| Firewall rules/access control |
Set up firewall and required rules depending on the security tier |
WSO2/Customer |
WSO2/Customer |
Customer |
Customer |
| Infrastructure provisioning |
- Provision Bastion
- Provision Kubernetes clusters |
WSO2 |
WSO2 |
Customer |
Customer |
| Kubernetes cluster management |
- Manage Kubernetes versions
- Increase node pool size |
WSO2 |
WSO2 |
Customer |
Customer |
| Infrastructure monitoring |
Set up alerts |
WSO2 |
WSO2 |
- |
Customer(If required) |
| DNS management for Choreo system |
- Manage DNS infrastructure
- Manage SSL certificates for Choreo system components |
WSO2/Customer |
WSO2/Customer |
Customer |
Customer |
| Choreo system components deployment |
Set up PDP agents via Helm |
WSO2 |
WSO2 |
Customer |
- |
| Choreo system components management |
Upgrade/patch/debug versions |
WSO2 |
WSO2 |
- |
Customer(If required) |
| Choreo system components monitoring |
- Set up continuous monitoring 24x7
- Provide monthly uptime reports |
WSO2 |
WSO2 |
- |
Customer |
| Choreo system security monitoring |
If basic tier
- CSPM
- Apply security patches
- Manage supply chain security (Image scanning, SAST)
- Manage security incidents
If standard tier/premium tier
- CSPM
- Apply security patches
- Manage supply chain security
- Monitor runtime security alerts (Azure Defender)
- Monitor security incident and event management (SIEM) alerts
- Manage security incidents
- Adhere to compliance standards |
WSO2/Customer |
WSO2/Customer |
WSO2/Customer |
WSO2/Customer |
| Choreo application creation/deployment |
|
Customer |
Customer |
Customer |
Customer |
| Choreo application management |
|
Customer |
Customer |
Customer |
Customer |
| Choreo application monitoring |
|
Customer |
Customer |
Customer |
Customer |
| Choreo application logs |
|
Customer |
Customer |
Customer |
Customer |
Customer self-managed (WSO2 provides installation script and updates) model
| Task |
Task description |
Responsible party |
Accountable |
Consulted |
Informed |
| Subscription prerequisites |
- Create subscriptions
- Check quota and service limits
- Run the Choreo compatibility prerequisite script |
Customer |
Customer |
WSO2 |
WSO2 |
| Remote access for installation |
Provide owner access |
Customer |
Customer |
WSO2 |
- |
| Network management |
- Obtain customers backend CIDR in case of VPN/peering
- Check end-to-end connectivity (primary and failover) |
Customer |
Customer |
WSO2 |
WSO2 |
| Firewall rules/access control |
Set up firewall and required rules depending on the security tier |
Customer |
Customer |
WSO2 |
WSO2 |
| Infrastructure provisioning |
- Provision Bastion
- Provision Kubernetes clusters |
Customer |
Customer |
WSO2 |
WSO2(If required) |
| Kubernetes cluster management |
- Manage Kubernetes versions
- Increase node pool size |
Customer |
Customer |
WSO2 |
WSO2(If required) |
| Infrastructure monitoring |
Set up alerts |
Customer |
Customer |
WSO2 |
- |
| DNS management for Choreo system |
- Manage DNS infrastructure
- Manage SSL certificates for Choreo system components |
Customer |
Customer |
WSO2 |
- |
| Choreo system components deployment |
Set up PDP agents via Helm |
Customer |
Customer |
WSO2 |
- |
| Choreo system components management |
Upgrade/patch/debug versions |
Customer |
Customer |
WSO2 |
- |
| Choreo system components monitoring |
- Set up continuous monitoring 24x7
- Provide monthly uptime reports |
Customer |
Customer |
WSO2 |
- |
| Choreo system security monitoring |
If basic tier
- CSPM
- Apply security patches
- Manage supply chain security (Image scanning, SAST)
- Manage security incidents
If standard tier/premium tier
- CSPM
- Apply security patches
- Manage supply chain security
- Monitor runtime security alerts (Azure Defender)
- Monitor security incident and event management (SIEM) alerts
- Manage security incidents
- Adhere to compliance standards |
WSO2/Customer |
WSO2/Customer |
WSO2/Customer |
WSO2/Customer |
| Choreo application creation/deployment |
|
Customer |
Customer |
Customer |
Customer |
| Choreo application management |
|
Customer |
Customer |
Customer |
Customer |
| Choreo application monitoring |
|
Customer |
Customer |
Customer |
Customer |
| Choreo application logs |
|
Customer |
Customer |
Customer |
Customer |