KB0065217
OKMS - Shared responsibilities
119 viste
21.10.2025 
KMS
Objective
The RACI below details shared responsibilities between OVHcloud and the customer for the OKMS service. This shared model can help relieve the customer’s operational burden.
| Roles |
|---|
| R : Is in charge of carrying out the process |
| A : Accountable for the successful completion of the process |
| C : Is consulted during the process |
| I : Is informed of the results of the process |
1. Before subscription
1.1. Specify service as needed
| Activity | Customer | OVHcloud |
|---|---|---|
| Provide personal data needed for service subscription | RA | I |
| Choose service location aligned with location of Instances | RA | I |
2. Service availability
2.1. Install the service
| Activity | Customer | OVHcloud |
|---|---|---|
| Produce, route, deliver and maintain physical Instances and hosting buildings | I | RA |
| Install internal functional bricks needed to maintain the Service in operational and security conditions | I | RA |
2.2. Reversibility model for CMK
| Activity | Customer | OVHcloud |
|---|---|---|
| Import/export stored objects | RA | I |
2.3. Customer Information System setup
| Activity | Customer | OVHcloud |
|---|---|---|
| Choose key type and size adapted to the need | RA | I |
3. Service usage
3.1. Operations
3.1.1. Daily operations
| Activity | Customer | OVHcloud |
|---|---|---|
| Manage data security hosted on the service (confidentiality, integrity, backups, …) | RA | |
| Manage network accessibility of the Service | RA | |
| Administrate the service | RA | |
| Manage backups | RA | |
| Administrate keys and secrets stored on the OKMS | RA |
3.1.2. Access management
| Activity | Customer | OVHcloud |
|---|---|---|
| Manage access rights to the OVHcloud Control Panel | RA | I |
| Manage physical and logical access to infrastructures for OVHcloud teams | I | RA |
| Manage access and security policy for service users for CMK | RA | I |
3.1.3. Monitoring
| Activity | Customer | OVHcloud |
|---|---|---|
| Manage and monitor the Service capacity | RA | |
| Retain logs of control plane | RA | |
| Monitor the proper functioning of the service | I | RA |
| Maintain storage and backup devices used for the service | RA | |
| Keep logs generated by the Service | RA |
3.1.4. Storage
| Activity | Customer | OVHcloud |
|---|---|---|
| Manage data continuity and sustainability | RA |
3.1.5. Connectivity
| Activity | Customer | OVHcloud |
|---|---|---|
| Manage the functioning of automatic network management systems (architecture, implementation, software and hardware maintenance for deployed public and private networks, primary IP of dedicated server) | I | RA |
3.1.6. Management
| Activity | Customer | OVHcloud |
|---|---|---|
| Provide inventory of services used | I | RA |
| Manage the security of management infrastructure (API, control plane) | RA |
3.1.7. Business continuity
| Activity | Customer | OVHcloud |
|---|---|---|
| Maintain a business continuity and disaster recovery plan for the Service | I | RA |
3.2. Event management
3.2.1. Incidents
| Activity | Customer | OVHcloud |
|---|---|---|
| Handle incidents (tickets and telephone contacts) | AI | RA |
| Qualify, Intervene on managed service elements | I | RA |
3.2.2. Changes
| Activity | Customer | OVHcloud |
|---|---|---|
| Deploy patches, updates and configurations on softwares, middlewares of the Service elements | I | RA |
4. Reversibility
4.1. Reversibility Model for CMK
| Activity | Customer | OVHcloud |
|---|---|---|
| Manage reversibility operations | RA | I |
4.2. Data recovery
| Activity | Customer | OVHcloud |
|---|---|---|
| Migrate/transfer data for KMIP object | RA |
5. End of service
5.1. Destroy configurations
| Activity | Customer | OVHcloud |
|---|---|---|
| Destroy configurations at end of service following contract termination | I | RA |
5.2. Data destruction
| Activity | Customer | OVHcloud |
|---|---|---|
| Destroy data hosted on volumes storage | RA |
Getting started with OVHcloud Key Management Service (KMS)
644