Merge pull request #4370 from ovh/HB-RACI-Object-storage

OVH-Team-Guides · web-flow · commit e7de064370d0 · 2023-03-20T17:32:17.000+01:00
Hb raci object storage
diff --git a/pages/account/responsibility-sharing/product.en-gb.md b/pages/account/responsibility-sharing/product.en-gb.md
@@ -14,6 +14,8 @@ order: 6
 >
 >  - [RACI Public Cloud Instances](https://docs.ovh.com/gb/en/public-cloud/raci-instances-public-cloud/)
 >
+>  - [RACI Public Cloud Object Storage](https://docs.ovh.com/gb/en/storage/object-storage/s3/raci-object-storage-public-cloud/)
+>
 >  - [RACI Block Storage](https://docs.ovh.com/gb/en/public-cloud/raci-block-storage-public-cloud/)
 >
 >  - [RACI Log Data Platform](https://docs.ovh.com/gb/en/logs-data-platform/responsibility-model/)
diff --git a/pages/account/responsibility-sharing/product.fr-fr.md b/pages/account/responsibility-sharing/product.fr-fr.md
@@ -14,6 +14,8 @@ order: 6
 >
 >  - [RACI Public Cloud Instances](https://docs.ovh.com/fr/public-cloud/raci-instances-public-cloud/)
 >
+>  - [RACI Public Cloud Object Storage](https://docs.ovh.com/fr/storage/object-storage/s3/raci-object-storage-public-cloud/)
+>
 >  - [RACI Block Storage](https://docs.ovh.com/fr/public-cloud/raci-block-storage-public-cloud/)
 >
 >  - [RACI Log Data Platform](https://docs.ovh.com/fr/logs-data-platform/responsibility-model/)
diff --git a/pages/cloud/storage/object_storage/s3_object_storage_responsibility_model/guide.en-gb.md b/pages/cloud/storage/object_storage/s3_object_storage_responsibility_model/guide.en-gb.md
@@ -0,0 +1,139 @@
+---
+title: "Object Storage - Shared Responsibility RACI"
+slug: s3/raci-object-storage-public-cloud
+section: General information
+excerpt: "Shared responsibilities between OVHcloud and the customer for Public Cloud Object Storage"
+order: 030
+updated: 2023-03-20
+---
+
+**Last update 20th March 2023**
+
+## Objectif
+
+The RACI below details shared responsibilities between OVHcloud and the customer for the Public Cloud Object Storage service. This shared model can help relieve the customer’s operational burden for the following service ranges : 
+
+- Standard Object Storage-S3 API
+- High Performance Object Storage-S3 API
+- Standard Object Storage-Swift API
+
+| Roles |
+| --- |
+|R : Is in charge of carrying out the process|
+|A : Accountable for the successful completion of the process|
+|C : Is consulted during the process|
+|I : Is informed of the results of the process|
+
+### 1. Before subscription
+
+#### 1.1. Specify service as needed
+
+| **Activity** | **Customer** | **OVHcloud** |
+| --- | --- | --- |
+| Choose the Object Storage container service range following business needs (SWIFT, S3 High Speed, S3 Standard, ...) | RA | I |
+| Provide personal data needed for service subscription | RA | I |
+| Choose service location| RA | I |
+
+### 2. Service availability
+
+#### 2.1. Install the service
+
+| **Activity** | **Customer** | **OVHcloud** |
+| --- | --- | --- |
+| Produce, route, deliver and maintain physical Instances and hosting buldings | I | RA |
+
+#### 2.2. Customer Information System setup
+
+| **Activity** | **Customer** | **OVHcloud** |
+| --- | --- | --- |
+| Create S3 credentials for an OpenStack user | RA |  |
+
+### 3. Service usage
+
+#### 3.1. Operations
+
+##### **3.1.1. Daily operations**
+
+| **Activity** | **Customer** | **OVHcloud** |
+| --- | --- | --- |
+| Provide and manage Containers and objects' accessibility  |  | RA |
+| Manage Containers and objects' security created (object lock, SSE-C, etc ...  | RA |  |
+| Administrate service storage | I | RA |   
+| Administrate data | RA |   |
+| Manage backups | RA |  |
+
+##### **3.1.2. Access management**
+
+| **Activity** | **Customer** | **OVHcloud** |
+| --- | --- | --- |
+| Manage access rights to the OVHcloud Control Panel | RA | I |
+| Manage physical and logical access to infrastructures for OVHcloud teams |  | RA |
+| Manage S3 security policy of containers and object created | RA |  |
+
+##### **3.1.3. Monitoring**
+
+| **Activity** | **Customer** | **OVHcloud** |
+| --- | --- | --- |
+| Manage and monitor physical servers in support of the Object Storage service |  | RA |
+| Retain logs of the Object Storage service   |   | RA |
+| Monitor the proper functioning of physical devices (utilities) in support of the service | I | RA |
+| Create, modify, control, restore, delete backups | RA  |  |
+| Maintain storage devices used for the service |  | RA |
+
+##### **3.1.4. Storage**
+
+| **Activity** | **Customer** | **OVHcloud** |
+| --- | --- | --- |
+| Manage data encryption before importing in the Object Storage | RA |  |
+| Manage data encryption on the allowed storage space using SSE-C and with encryption keys provided by the Client | A | R |
+
+##### **3.1.5. Management**
+
+| **Activity** | **Customer** | **OVHcloud** |
+| --- | --- | --- |
+| Provide inventory of containers and objects used | I | RA |
+| Manage the security of management infrastructure (API, control plane) |   | RA |
+| Manage physical security of equipments and hosted infrastructures | I | RA |
+
+##### **3.1.6. Business continuity**
+
+| **Activity** | **Customer** | **OVHcloud** |
+| --- | --- | --- |
+| Perform periodic restoration tests | RA |  |
+| Maintain a business continuity and disaster recovery plan for the hosted IS | RA |  |
+| Manage automatic management systems for the infrastructure provided | I | RA |
+
+#### 3.2. Event management
+
+##### **3.2.1. Incidents**
+
+| **Activity** | **Customer** | **OVHcloud** |
+| --- | --- | --- |
+| Process incidents on the service (tickets and contacts) | AI | RA |
+| Replace faulty hardware on physical servers of Object Storage clusters |  | RA |
+
+### 4. Reversibility
+
+#### 4.1. Reversibility Model
+
+| **Activity** | **Customer** | **OVHcloud** |
+| --- | --- | --- |
+| Plan reversibility operations | RA |  |
+| Choose fallback infrastructures | RA | CI |
+| Choose data format to export | RA |  |
+
+#### 4.2. Data recovery
+
+| **Activity** | **Customer** | **OVHcloud** |
+| --- | --- | --- |
+| Manage reversibility operations | RA |  |
+| Migrate/transfer data | RA |  |
+
+### 5. End of service
+
+#### 5.1. Data destruction
+
+| **Activity** | **Customer** | **OVHcloud** |
+| --- | --- | --- |
+| Destroy data from the Object Storage Containers Service via API S3 | RA |  |
+| Destroy end-of-life storage devices |  | RA |
diff --git a/pages/cloud/storage/object_storage/s3_object_storage_responsibility_model/guide.fr-fr.md b/pages/cloud/storage/object_storage/s3_object_storage_responsibility_model/guide.fr-fr.md
@@ -0,0 +1,139 @@
+---
+title: "Object Storage - Partage des responsabilités (RACI)"
+slug: s3/raci-object-storage-public-cloud
+section: Informations générales
+excerpt: "RACI entre OVHcloud et le client pour l'utilisation du Object Storage Public Cloud"
+order: 030
+updated: 2023-03-20
+---
+
+**Dernière mise à jour le 20/03/2023**
+
+## Objectif
+
+Le RACI ci-dessous détaille le partage des responsabilités entre OVHcloud et le client pour le service Object Storage Public Cloud. Ce modèle peut aider le client à utiliser au mieux les gammes de services suivantes : 
+
+- Standard Object Storage-S3 API
+- High Performance Object Storage-S3 API
+- Standard Object Storage-Swift API
+
+| Rôles |
+| --- |
+|R : Est en charge de la **R**éalisation du processus|
+|A : Est **A**pprobateur de la réalisation du processus|
+|C : Est **C**onsulté pendant le processus|
+|I : Est **I**nformé des résultats du processus|
+
+### 1. Avant la souscription
+
+#### 1.1. Spécifier le service en fonction des besoins
+
+| **Activité** | **Client** | **OVHcloud** |
+| --- | --- | --- |
+| Choisir la gamme de Conteneur Object Storage en fonction des besoins (SWIFT, S3 High Speed, S3 Standard, ...)| RA | I |
+| Renseigner les données à caractère personnel nécessaires pour la souscription au service | RA | I |
+| Choisir la localisation du service| RA | I |
+
+### 2. Mise à disposition du service
+
+#### 2.1. Installer le service
+
+| **Activité** | **Client** | **OVHcloud** |
+| --- | --- | --- |
+| Produire, acheminer, livrer et maintenir les instances physiques et les bâtiments d’hébergement | I | RA |
+
+#### 2.2. Installation du SI client
+
+| **Activité** | **Client** | **OVHcloud** |
+| --- | --- | --- |
+| Créer les identifiants de connexion S3 pour un utilisateur OpenStack | RA |  |
+
+### 3. Utilisation du service
+
+#### 3.1. Opérations
+
+##### **3.1.1. Opérations quotidiennes**
+
+| **Activité** | **Client** | **OVHcloud** |
+| --- | --- | --- |
+| Fournir, gérer l'accessibilité des conteneurs et objets |  | RA |
+| Gérer la sécurité des conteneurs et objets créés (object lock, SSE-C, etc) | RA |  |
+| Administrer le service de stockage | I | RA  |
+| Administrer les données | RA |   |
+| Réaliser les backups | RA |  |
+
+##### **3.1.2. Gestion des accès**
+
+| **Activité** | **Client** | **OVHcloud** |
+| --- | --- | --- |
+| Gérer l’accès à l'interface de gestion (espace client OVHcloud) | RA | I |
+| Gérer les accès physiques et logiques des équipes OVHcloud aux infrastructures |  | RA |
+| Gérer la sécurité logique (politique de sécurité S3) des conteneurs et objets créés | RA |  |
+
+##### **3.1.3. Monitoring**
+
+| **Activité** | **Client** | **OVHcloud** |
+| --- | --- | --- |
+| Gérer et monitorer la capacité des serveurs physiques utilisés pour le Service Object Storage |  | RA |
+| Conserver les logs du Service Object Storage|  | RA |
+| Monitorer le bon fonctionnement des dispositifs physiques en support du stockage| I | RA |
+| Créer, modifier, contrôler, restaurer, supprimer les backups | RA |  |
+| Réaliser la maintenance des dispositifs de stockage fournis |  | RA |
+
+##### **3.1.4. Stockage**
+
+| **Activité** | **Client** | **OVHcloud** |
+| --- | --- | --- |
+| Gérer le chiffrement des données avant le dépôt sur l'Object Storage | RA |  |
+| Gérer le chiffrement des données sur l'espace de stockage alloué en utilisant SSE-C et avec les clés fournies par le Client | A | R |
+
+##### **3.1.5. Gestion**
+
+| **Activité** | **Client** | **OVHcloud** |
+| --- | --- | --- |
+| Fournir l'inventaire sur les conteneurs et objets créés | I | RA |
+| Gérer la sécurité de l'infrastructure de gestion (API, control plane) |   | RA |
+| Gérer la sécurité physique des équipements et infrastructures hébergés | I | RA |
+
+##### **3.1.6. Continuité d'activité**
+
+| **Activité** | **Client** | **OVHcloud** |
+| --- | --- | --- |
+| Réaliser des tests périodiques de restauration de données | RA |  |
+| Maintenir un plan de continuité d’activité et de reprise d’activité pour le SI hébergé | RA |  |
+| Gérer les systèmes de gestion automatiques de l’infrastructure mise à disposition | I | RA |
+
+#### 3.2. Gestion des évènements
+
+##### **3.2.1. Incidents**
+
+| **Activité** | **Client** | **OVHcloud** |
+| --- | --- | --- |
+| Traiter les incidents sur le service (tickets et contacts téléphoniques) | AI | RA |
+| Remplacer les éléments matériels défectueux sur les clusters Object Storage |  | RA |
+
+### 4. Réversibilité
+
+#### 4.1. Modèle de réversibilité
+
+| **Activité** | **Client** | **OVHcloud** |
+| --- | --- | --- |
+| Planifier les opérations de réversibilité | RA |  |
+| Choisir les infrastructures de repli | RA | CI |
+| Choisir le format des données à exporter | RA |  |
+
+#### 4.2. Récupération des données
+
+| **Activité** | **Client** | **OVHcloud** |
+| --- | --- | --- |
+| Gérer les opérations de réversibilité | RA |  |
+| Migrer / transférer les données | RA |  |
+
+### 5. Fin de service
+
+#### 5.1. Destruction des données
+
+| **Activité** | **Client** | **OVHcloud** |
+| --- | --- | --- |
+| Supprimer les données du Service Conteneurs Object Storage via les API S3 | RA |  |
+| Détruire les supports de stockage arrivés en fin de vie ou sur lesquels le processus de destruction sécurisé génère des erreurs |  | RA |
diff --git a/pages/cloud/storage/object_storage/s3_object_storage_responsibility_model/meta.yaml b/pages/cloud/storage/object_storage/s3_object_storage_responsibility_model/meta.yaml
@@ -0,0 +1,2 @@
+id: 6db98c2f-6c86-4877-b3ac-60450763544d
+full_slug: public-cloud-storage-shared-responsibility
diff --git a/pages/index.md b/pages/index.md
@@ -1458,6 +1458,7 @@
             + [Object Storage - S3 Compliancy](cloud/storage/object_storage/s3_s3_compliancy)
             + [Object Storage - Technical Limitations](cloud/storage/object_storage/s3_limitations)
             + [Object Storage - Endpoints and Object Storage geoavailability](cloud/storage/object_storage/s3_location)
+            + [Object Storage - Shared Responsibility RACI](cloud/storage/object_storage/s3_object_storage_responsibility_model)
         + [General guides to start](storage-object-storage-general-guides-to-start)
             + [Object Storage - Getting started with Object Storage](cloud/storage/object_storage/s3_getting_started_with_object_storage)
             + [Object Storage - Identity and access management](cloud/storage/object_storage/s3_identity_and_access_management)

Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,8 @@ order: 6`
`14`	`14`	`>`
`15`	`15`	`> - [RACI Public Cloud Instances](https://docs.ovh.com/gb/en/public-cloud/raci-instances-public-cloud/)`
`16`	`16`	`>`
	`17`	`+> - [RACI Public Cloud Object Storage](https://docs.ovh.com/gb/en/storage/object-storage/s3/raci-object-storage-public-cloud/)`
	`18`	`+>`
`17`	`19`	`> - [RACI Block Storage](https://docs.ovh.com/gb/en/public-cloud/raci-block-storage-public-cloud/)`
`18`	`20`	`>`
`19`	`21`	`> - [RACI Log Data Platform](https://docs.ovh.com/gb/en/logs-data-platform/responsibility-model/)`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+id: 6db98c2f-6c86-4877-b3ac-60450763544d`
	`2`	`+full_slug: public-cloud-storage-shared-responsibility`