Roles and responsibilities for IBM Cloud gateways and firewalls
Overview of shared responsibilities
IBM Cloud provides several Gateway Appliances and firewall offerings. These offerings are not managed services. As a result, it's important that you understand the shared responsibilities between the client (or their managed services provider) and IBM when you use these services. The following sections detail these responsibilities by using the following guidelines.
- Responsible (R)
- Has the duty and the obligation to do the work. Also, has a duty to exercise independent judgement to raise appropriate issues.
- Accountable (A)
- Has the authority to decide, and is the recipient of, any consequences (there can be only one "A" per-process step).
- Consulted (C)
- Must be allowed to influence plans and decisions before finalization by the "Responsible" party.
- Informed (I)
- Is informed of progress, key decisions, and deliverables by the "Responsible" party.
- Order (O)
- Has the ability to place an order.
Monitoring
The client (or their managed services provider) is responsible for monitoring the performance, connectivity, and hardware of their devices. IBM Cloud does not monitor individual customer devices, their configurations, or network status or assignments. Should issues arise, you can open a support ticket to schedule hardware replacement.
| Activity | Client | IBM |
|---|---|---|
| Supervision and technical monitoring of devices (gateways, firewalls, bare metal / virtual servers) | R, A | C, I |
| Supervision and technical monitoring of hardware infrastructure outside of the direct customer environment | C, I | R, A |
| Customer hardware and component monitoring | R, A | C, I |
MRO (Maintenance, repair, and operations)
The client (or their managed services provider) is responsible for ongoing maintenance and operation of their devices including firmware and operating system upgrades (for example, VyOS and Juniper). The client team provides all relevant details regarding initial troubleshooting that has been completed and might request additional assistance by using a support ticket, live chat, or phone call to IBM Cloud technical support.
| Activity | Client | IBM |
|---|---|---|
| General maintenance of devices in customer infrastructure | R, A | C, I |
| Disaster recovery and high availability testing | R, A | C, I |
| Regularly scheduled device backups | R, A | C, I |
| Initial operating system setup and configuration (pre-provision and handoff to client) | C, I | R, A |
| Hardware maintenance and replacement | C, I, O | R, A |
| Break/fix support | C, I | R, A |
Administration (ongoing device management)
The client (or their managed services provider) is responsible for the ongoing administration of their environment, devices, user accounts, and so on. IBM Cloud technical support is available to provide guidance, answer questions, and escalation to internal teams or vendors for complex issues that require additional assistance. IBM Cloud technical support does not perform migrations. Our technical staff is always available for assistance should an issue occur during a migration event/window. However, we will not be able to join the entirety of a scheduled migration event call.
| Activity | Client | IBM |
|---|---|---|
| Configuration and management of services (post-provision) | R, A | C, I |
| Configuration and management of firewalls, gateway devices, and underlying hosts (where applicable, post-provision) | R, A | C, I |
| Perform change requests on firewall and gateway devices (configuration changes, operating system or firmware updates) | R, A | C, I |
| Manage VLAN associations (post provision) | R, A, O | C, I |
| Configuration and management of IPSec/GRE tunnels to remote client environment | R, A | C, I |
| Migrations - planning, preparation, implementation - moving from one solution to another | R, A | C, I |
LCM (Life Cycle Management)
When a device or operating system reaches its End of Support (EOS) or End of Life (EOL), IBM Cloud no longer can provide support for it. After the device is upgraded to a supported firmware or operating system, support can resume on the device.
| Activity | Client | IBM |
|---|---|---|
| Upgrade an operating system that has reached EOS/EOL | R, A, O | C, I |
| Upgrade the hardware of a device | R, A, O | C, I |
| Support of devices after EOS/EOL | R, A |
Additional notes and scope of support
For Consulting (C) and Informing (I), IBM Cloud technical support occurs through support tickets, live chats, or phone calls. It is expected that the client (or their managed services provider) provides technical resources with a strong understanding of the environment to aid with troubleshooting issues. IBM Cloud technical support is available to augment the client's own technical team and provide guidance and support as needed, bringing in any relevant internal team or vendor for additional assistance if warranted. Any break/fix support provided by IBM Cloud technical support (beyond restoring a device to its original working configuration) is done on a "best effort" basis.