CloudGuard Dome9 User Guide
Dome9 Managed Service Providers
The Dome9 MSP portal (msp.dome9.com) allows MSPs and Dome9 resellers to create and manage their customers' Dome9 accounts.
MSPs and MSSPs
Managed Service Providers provide services to business customers to manage their IT needs. This could include procurement, setup, and ongoing operational monitoring. For customers using cloud-based IT, or a cloud-based web presence, these services are in the cloud (on providers such as AWS and Azure). Resellers are MSPs, selling Dome9 and cloud platform services to customers.
Managed Security Service Providers, in addition, provide network security services to their customers. This could include configuring a secure network, monitoring their security posture, and responding to security events. These additional services can be applied to the cloud if the customer's presence is located there.
How Dome9 can help MSPs for cloud-based computing
Dome9 provides cloud security and compliance services for customers with a presence on AWS, Azure or GCP. This includes analysis of a customer's current security posture, or compliance, ongoing monitoring, and corrective actions to remedy problems.
MSPs, working through Dome9, can offer these services on to their customers. Further, they can use different use-case models with their customers. These are described in the next section.
Resellers can use the Dome9 MSP portal to create Dome9 accounts for their customers.
MSPs can work with Dome9 in different ways.
In one model, the MSP provides a full service to the customer, creating accounts for them with the cloud provider and with Dome9, and with full access to the customer's Dome9 account to act on their behalf, and generate reports for them.
In another model, the MSP or Reseller provides the accounts, and bills the customer for them, while the customer manages these accounts on their own.
In yet another model, a large enterprise, with a number of business units, can work with Dome9 as an MSP, with each individual business unit a separate account, managed by one overall MSP account (in either of the above models, in which they are all actively managed by the 'MSP', or in which each unit manages its own account).
The MSP could build this flexibility in managing customer accounts into their business and pricing models, and offer full services for customers who do not want to be bothered with the day-to-day management of their network, or reduced services for customers who do want to manage their own account, but yet want to procure all their services from one provider. They can also choose which of the Dome9 services they wish to offer their customers.
Dome9 account types
There are two types of Dome9 accounts that you can manage:
Enterprise accounts are for regular Dome9 enterprise customers.
Reseller/MSP/Distributor accounts are for customers who will have and manage enterprise customers of their own. You must sign-on to the portal with this type of account.
An MSP account itself is a Super User, with full permissions over itself and its enterprise accounts. You can sign-on to a managed account in Dome9 with any of the roles that are defined for the account, including as a Super User. You can define roles with specific permissions for each account (see Add a Role).
Cross-account trust capability
When you, as an MSP, create enterprise accounts for your customers, you can choose to allow the MSP account to sign-on to them and assume a role on them. This is called cross-account trust (also referred to as federated access), and allows you, as the MSP, to actively manage customer accounts in Dome9.