Skip to content

Private Data Plane Management Models

Choreo supports various management models for private data planes (PDPs), fostering collaboration between WSO2 and customers across diverse scenarios. The following sections provide insights into WSO2's fully managed solutions and shared responsibility models, allowing you to make informed decisions regarding cloud-based operations and security.

WSO2 fully managed (infrastructure and PDP in WSO2 subscription) model

WSO2 fully managed private data planes are supported only on Azure, AWS, and GCP cloud providers.

Task Task description Responsible party Accountable Consulted Informed
Subscription prerequisites - Create subscriptions
- Check quota and service limits
- Run the Choreo compatibility prerequisite script		 WSO2 WSO2 Customer (If required) Customer (If required)
Remote access for installation Provide owner access WSO2 WSO2 WSO2 WSO2
Network management - Obtain customers backend CIDR in case of VPN/peering
- Check end-to-end connectivity (primary and failover)		 WSO2/Customer WSO2/Customer Customer Customer
Firewall rules/access control Set up firewall and required rules depending on the security tier WSO2 WSO2 Customer Customer
Infrastructure provisioning - Provision Bastion
- Provision Kubernetes clusters		 WSO2 WSO2 - Customer(If required)
Kubernetes cluster management - Manage Kubernetes versions
- Increase node pool size		 WSO2 WSO2 Customer Customer
Infrastructure monitoring Set up alerts WSO2 WSO2 - Customer(If required)
DNS management for Choreo system - Manage DNS infrastructure
- Manage SSL certificates for Choreo system components		 WSO2/Customer WSO2/Customer Customer Customer
Choreo system components deployment Set up PDP agents via Helm WSO2 WSO2 - -
Choreo system components management Upgrade/patch/debug versions WSO2 WSO2 - Customer(If required)
Choreo system components monitoring - Set up continuous monitoring 24x7
- Provide monthly uptime reports		 WSO2 WSO2 - Customer
Choreo system security monitoring If basic tier
- CSPM
- Apply security patches
- Manage supply chain security (Image scanning, SAST)
- Manage security incidents
If standard tier/premium tier
- CSPM
- Apply security patches
- Manage supply chain security
- Monitor runtime security alerts (Azure Defender)
- Monitor security incident and event management (SIEM) alerts
- Manage security incidents
- Adhere to compliance standards		 WSO2/Customer WSO2/Customer WSO2/Customer WSO2/Customer
Choreo application creation/deployment Customer Customer Customer Customer
Choreo application management Customer Customer Customer Customer
Choreo application monitoring Customer Customer Customer Customer
Choreo application logs Customer Customer Customer Customer

WSO2 fully managed (infrastructure and PDP in customer subscription) model

Task Task description Responsible party Accountable Consulted Informed
Subscription prerequisites - Create subscriptions
- Check quota and service limits
- Run the Choreo compatibility prerequisite script		 Customer Customer WSO2 -
Remote access for installation Provide access Customer Customer WSO2 WSO2
Network management - Obtain customers backend CIDR in case of VPN/peering
- Check end-to-end connectivity (primary and failover)		 WSO2/Customer WSO2/Customer Customer Customer
Firewall rules/access control Set up firewall and required rules depending on the security tier WSO2/Customer WSO2/Customer Customer Customer
Infrastructure provisioning - Provision Bastion
- Provision Kubernetes clusters		 WSO2 WSO2 Customer Customer
Kubernetes cluster management - Manage Kubernetes versions
- Increase node pool size		 WSO2 WSO2 Customer Customer
Infrastructure monitoring Set up alerts WSO2 WSO2 - Customer(If required)
DNS management for Choreo system - Manage DNS infrastructure
- Manage SSL certificates for Choreo system components		 WSO2/Customer WSO2/Customer Customer Customer
Choreo system components deployment Set up PDP agents via Helm WSO2 WSO2 Customer -
Choreo system components management Upgrade/patch/debug versions WSO2 WSO2 - Customer(If required)
Choreo system components monitoring - Set up continuous monitoring 24x7
- Provide monthly uptime reports		 WSO2 WSO2 - Customer
Choreo system security monitoring If basic tier
- CSPM
- Apply security patches
- Manage supply chain security (Image scanning, SAST)
- Manage security incidents
If standard tier/premium tier
- CSPM
- Apply security patches
- Manage supply chain security
- Monitor runtime security alerts (Azure Defender)
- Monitor security incident and event management (SIEM) alerts
- Manage security incidents
- Adhere to compliance standards		 WSO2/Customer WSO2/Customer WSO2/Customer WSO2/Customer
Choreo application creation/deployment Customer Customer Customer Customer
Choreo application management Customer Customer Customer Customer
Choreo application monitoring Customer Customer Customer Customer
Choreo application logs Customer Customer Customer Customer

Customer self-managed (WSO2 provides installation script and updates) model

Task Task description Responsible party Accountable Consulted Informed
Subscription prerequisites - Create subscriptions
- Check quota and service limits
- Run the Choreo compatibility prerequisite script		 Customer Customer WSO2 WSO2
Remote access for installation Provide owner access Customer Customer WSO2 -
Network management - Obtain customers backend CIDR in case of VPN/peering
- Check end-to-end connectivity (primary and failover)		 Customer Customer WSO2 WSO2
Firewall rules/access control Set up firewall and required rules depending on the security tier Customer Customer WSO2 WSO2
Infrastructure provisioning - Provision Bastion
- Provision Kubernetes clusters		 Customer Customer WSO2 WSO2(If required)
Kubernetes cluster management - Manage Kubernetes versions
- Increase node pool size		 Customer Customer WSO2 WSO2(If required)
Infrastructure monitoring Set up alerts Customer Customer WSO2 -
DNS management for Choreo system - Manage DNS infrastructure
- Manage SSL certificates for Choreo system components		 Customer Customer WSO2 -
Choreo system components deployment Set up PDP agents via Helm Customer Customer WSO2 -
Choreo system components management Upgrade/patch/debug versions Customer Customer WSO2 -
Choreo system components monitoring - Set up continuous monitoring 24x7
- Provide monthly uptime reports		 Customer Customer WSO2 -
Choreo system security monitoring If basic tier
- CSPM
- Apply security patches
- Manage supply chain security (Image scanning, SAST)
- Manage security incidents
If standard tier/premium tier
- CSPM
- Apply security patches
- Manage supply chain security
- Monitor runtime security alerts (Azure Defender)
- Monitor security incident and event management (SIEM) alerts
- Manage security incidents
- Adhere to compliance standards		 WSO2/Customer WSO2/Customer WSO2/Customer WSO2/Customer
Choreo application creation/deployment Customer Customer Customer Customer
Choreo application management Customer Customer Customer Customer
Choreo application monitoring Customer Customer Customer Customer
Choreo application logs Customer Customer Customer Customer