Shared responsibility model
Deployment options
Cloud service provider managed Kubernetes
- Deploys Halo artefacts including Helm charts and container images into a Customer managed Kubernetes cluster hosted in public, private, or government cloud environments such as Azure, AWS, or Oracle.
- Uses native cloud PaaS and SaaS services for storage and key or secret management and is validated internally against each supported platform.
- Customers typically pull Halo artefacts directly from the Glasswall container registry at glasswallhub.azurecr.io.
- Artefacts are preconfigured for each supported cloud platform.
- Installation guidance is available in the Glasswall documentation.
On prem customer managed Kubernetes
- Deploys Halo artefacts into a Customer managed Kubernetes cluster hosted in an on prem environment such as Rancher Enterprise, VMware Tanzu, or Red Hat OpenShift.
- Requires integration with Customer managed storage and key or secret management services.
- Customers typically pull artefacts from glasswallhub.azurecr.io.
- Some environments may require additional configuration.
- General deployment guidance is available in the Glasswall documentation.
- Due to platform variability, professional services support is commonly required during deployment.
On prem customer managed virtual machine single node
- Deploys a Halo single node VHD or OVA into a Customer virtualisation environment such as VMware.
- Artefacts are typically downloaded via Kiteworks.
- Delivered preconfigured, with scalability limited by single virtual machine resources.
- Scaling or high availability requires Customer managed networking such as load balancing.
- Installation guidance is available in the Glasswall documentation.
- While simpler than Kubernetes based deployments, targeted support is often required during installation.
Shared responsibility matrix
| Responsibility | Cloud service provider managed Kubernetes | On prem Customer managed Kubernetes | On prem Customer managed virtual machine |
|---|---|---|---|
| Access to deployment assets | Glasswall | Glasswall | Glasswall |
| CDR functionality | Glasswall | Glasswall | Glasswall |
| Technical and compliance documentation | Glasswall | Glasswall | Glasswall |
| Application logging accuracy and guidance | Glasswall | Glasswall | Glasswall |
| Helm chart configuration and testing | Glasswall | Glasswall and Customer | Glasswall |
| Deployment documentation and scripts | Glasswall | Customer | Glasswall |
| Infrastructure integration guidance and scripts | Glasswall | Customer | Customer |
| Integration with business applications | Customer | Customer | Customer |
| Identity providers, credentials, and cluster integration | Customer | Customer | Customer |
| External network integration including TLS and security | Customer | Customer | Customer |
| External storage configuration and security | CSP and Customer | Customer | Customer |
| Infrastructure and cluster monitoring and logging | CSP and Customer | Customer | Customer |
| Infrastructure access, resiliency, and availability | CSP | Customer | Customer |
| Host operating system security and hardening | CSP and Customer | Customer | Glasswall |