VMware Engine shared responsibility model

This page describes what you, as a Google Cloud VMware Engine customer, are responsible for and what Google is responsible for.

Introduction

Trusted security in Google Cloud is achieved through the shared responsibilities of customers and Google as a service provider. This model is intended to provide higher security and eliminate single points of failure. The following sections list the responsibilities by role.

Google's responsibilities

VMware Engine service elements:

  • Deploying and lifecycle management of hosts and management services in a private cloud
  • ESXi patch and upgrade
  • vCenter Server patch and upgrade
  • NSX patch and upgrade
  • vSAN patch and upgrade
  • HCX - initial installation, configuration, and monitoring of HCX
  • Backup and Restore of management services (does not include customer workloads)
  • Backup and Restore vCenter Server
  • Backup and Restore NSX Manager
  • Replacing failed hosts
  • Maintaining adequate capacity
  • Acquiring and maintaining industry and regulatory compliance certifications for Google-managed services and infrastructure

Physical infrastructure elements:

  • Physical infrastructure
  • Google Cloud regions
  • Compute, network, storage (deployment & lifecycle)
  • Rack and Power Bare Metal Hosts and network equipments
  • Acquiring and maintaining industry and regulatory compliance certifications for Google-managed services and infrastructure

Customer's responsibilities

  • Deploying VMware Engine private clouds
  • Network range for management appliances and resources
  • Configuring private cloud networking and security
  • Configuring VMware Engine firewall, regional settings, client VPN, and external IP address allocations
  • Configuring NSX based firewalls, VPN, and NAT settings
  • Provisioning NSX segments
  • Deploying and managing Virtual Machines
  • Installing guest operating systems
  • Patching guest operating systems
  • Installing and managing antivirus software on customer environments and workloads
  • Installing and managing backup software on customer environments and workloads
  • Installing and managing any configuration management
  • Migrating Virtual Machines to VMware Engine
  • Migration tools
  • Capacity planning & reservations
  • vSAN KEK encryption key lifecycle (KEK rotation)
  • vCenter and NSX user management (identity, access control)
  • HCX - lifecycle management of HCX Cloud and service appliances like HCX-IX Interconnect
  • Acquiring and maintaining industry and regulatory compliance certifications for customer environments and workloads

What's next