Stay organized with collections
Save and categorize content based on your preferences.
VMware Engine shared responsibility model
This page describes what you, as a Google Cloud VMware Engine customer, are responsible
for and what Google is responsible for.
Introduction
Trusted security in Google Cloud is achieved through the shared responsibilities
of customers and Google as a service provider. This model is intended to provide higher security and eliminate single points of failure. The following sections list the responsibilities by role.
Google's responsibilities
VMware Engine service elements:
Deploying and lifecycle management of hosts and management services in a
private cloud
ESXi patch and upgrade
vCenter Server patch and upgrade
NSX patch and upgrade
vSAN patch and upgrade
HCX - initial installation, configuration, and monitoring of HCX
Backup and Restore of management services (does not include customer
workloads)
Backup and Restore vCenter Server
Backup and Restore NSX Manager
Replacing failed hosts
Maintaining adequate capacity
Acquiring and maintaining industry and regulatory compliance certifications
for Google-managed services and infrastructure
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[],[],null,["# VMware Engine shared responsibility model\n=========================================\n\nThis page describes what you, as a Google Cloud VMware Engine customer, are responsible\nfor and what Google is responsible for.\n\nIntroduction\n------------\n\nTrusted security in Google Cloud is achieved through the shared responsibilities\nof customers and Google as a service provider. This model is intended to provide higher security and eliminate single points of failure. The following sections list the responsibilities by role.\n\nGoogle's responsibilities\n-------------------------\n\nVMware Engine service elements:\n\n- Deploying and lifecycle management of hosts and management services in a private cloud\n- ESXi patch and upgrade\n- vCenter Server patch and upgrade\n- NSX patch and upgrade\n- vSAN patch and upgrade\n- HCX - initial installation, configuration, and monitoring of HCX\n- Backup and Restore of management services (does not include customer workloads)\n- Backup and Restore vCenter Server\n- Backup and Restore NSX Manager\n- Replacing failed hosts\n- Maintaining adequate capacity\n- Acquiring and maintaining industry and regulatory compliance certifications for Google-managed services and infrastructure\n\nPhysical infrastructure elements:\n\n- Physical infrastructure\n- Google Cloud regions\n- Compute, network, storage (deployment \\& lifecycle)\n- Rack and Power Bare Metal Hosts and network equipments\n- Acquiring and maintaining industry and regulatory compliance certifications for Google-managed services and infrastructure\n\nCustomer's responsibilities\n---------------------------\n\n- Deploying VMware Engine private clouds\n- Network range for management appliances and resources\n- Configuring private cloud networking and security\n- Configuring VMware Engine firewall, regional settings, client VPN, and external IP address allocations\n- Configuring NSX based firewalls, VPN, and NAT settings\n- Provisioning NSX segments\n- Deploying and managing Virtual Machines\n- Installing guest operating systems\n- Patching guest operating systems\n- Installing and managing antivirus software on customer environments and workloads\n- Installing and managing backup software on customer environments and workloads\n- Installing and managing any configuration management\n- Migrating Virtual Machines to VMware Engine\n- Migration tools\n- Capacity planning \\& reservations\n- vSAN KEK encryption key lifecycle (KEK rotation)\n- vCenter and NSX user management (identity, access control)\n- HCX - lifecycle management of HCX Cloud and service appliances like HCX-IX Interconnect\n- Acquiring and maintaining industry and regulatory compliance certifications for customer environments and workloads\n\nWhat's next\n-----------\n\n- [Security bulletins](/vmware-engine/docs/security-bulletins)."]]