OKMS - Shared responsibilities

Knowledge Base

KB0065221

OKMS - Shared responsibilities


Icons/System/eye-open Created with Sketch. 235 Views 21.10.2025 Key Management Service (KMS)

Objective

The RACI below details shared responsibilities between OVHcloud and the customer for the OKMS service. This shared model can help relieve the customer’s operational burden.

Roles
R : Is in charge of carrying out the process
A : Accountable for the successful completion of the process
C : Is consulted during the process
I : Is informed of the results of the process

1. Before subscription

1.1. Specify service as needed

ActivityCustomerOVHcloud
Provide personal data needed for service subscriptionRAI
Choose service location aligned with location of InstancesRAI

2. Service availability

2.1. Install the service

ActivityCustomerOVHcloud
Produce, route, deliver and maintain physical Instances and hosting buildingsIRA
Install internal functional bricks needed to maintain the Service in operational and security conditionsIRA

2.2. Reversibility model for CMK

ActivityCustomerOVHcloud
Import/export stored objectsRAI

2.3. Customer Information System setup

ActivityCustomerOVHcloud
Choose key type and size adapted to the needRAI

3. Service usage

3.1. Operations

3.1.1. Daily operations
ActivityCustomerOVHcloud
Manage data security hosted on the service (confidentiality, integrity, backups, …)RA
Manage network accessibility of the ServiceRA
Administrate the serviceRA
Manage backupsRA
Administrate keys and secrets stored on the OKMSRA
3.1.2. Access management
ActivityCustomerOVHcloud
Manage access rights to the OVHcloud Control PanelRAI
Manage physical and logical access to infrastructures for OVHcloud teamsIRA
Manage access and security policy for service users for CMKRAI
3.1.3. Monitoring
ActivityCustomerOVHcloud
Manage and monitor the Service capacityRA
Retain logs of control planeRA
Monitor the proper functioning of the serviceIRA
Maintain storage and backup devices used for the serviceRA
Keep logs generated by the ServiceRA
3.1.4. Storage
ActivityCustomerOVHcloud
Manage data continuity and sustainabilityRA
3.1.5. Connectivity
ActivityCustomerOVHcloud
Manage the functioning of automatic network management systems (architecture, implementation, software and hardware maintenance for deployed public and private networks, primary IP of dedicated server)IRA
3.1.6. Management
ActivityCustomerOVHcloud
Provide inventory of services usedIRA
Manage the security of management infrastructure (API, control plane)RA
3.1.7. Business continuity
ActivityCustomerOVHcloud
Maintain a business continuity and disaster recovery plan for the ServiceIRA

3.2. Event management

3.2.1. Incidents
ActivityCustomerOVHcloud
Handle incidents (tickets and telephone contacts)AIRA
Qualify, Intervene on managed service elementsIRA
3.2.2. Changes
ActivityCustomerOVHcloud
Deploy patches, updates and configurations on softwares, middlewares of the Service elementsIRA

4. Reversibility

4.1. Reversibility Model for CMK

ActivityCustomerOVHcloud
Manage reversibility operationsRAI

4.2. Data recovery

ActivityCustomerOVHcloud
Migrate/transfer data for KMIP objectRA

5. End of service

5.1. Destroy configurations

ActivityCustomerOVHcloud
Destroy configurations at end of service following contract terminationIRA

5.2. Data destruction

ActivityCustomerOVHcloud
Destroy data hosted on volumes storageRA

Related articles