CloudGuard (Dome9) Managed Service Providers
The CloudGuard (Dome9) MSP portal (msp.dome9.com) allows MSPs and CloudGuard (Dome9) resellers to create and manage their customers' CloudGuard (Dome9) accounts.
MSPs and MSSPs
Managed Service Providers provide services to business customers to manage their IT needs. This could include procurement, setup, and ongoing operational monitoring. For customers using cloud-based IT, or a cloud-based web presence, these services are in the cloud (on providers such as AWS and Azure). Resellers are MSPs, selling CloudGuard (Dome9) and cloud platform services to customers.
Managed Security Service Providers, in addition, provide network security services to their customers. This could include configuring a secure network, monitoring their security posture, and responding to security events. These additional services can be applied to the cloud if the customer's presence is located there.
How CloudGuard (Dome9) can help MSPs for cloud-based computing
CloudGuard (Dome9) provides cloud security and compliance services for customers with a presence on AWS, Azure or GCP. This includes analysis of a customer's current security posture, or compliance, ongoing monitoring, and corrective actions to remedy problems.
MSPs, working through CloudGuard (Dome9), can offer these services on to their customers. Further, they can use different use-case models with their customers. These are described in the next section.
Resellers can use the CloudGuard (Dome9) MSP portal to create CloudGuard (Dome9) accounts for their customers.
MSPs can work with CloudGuard (Dome9) in different ways.
In one model, the MSP provides a full service to the customer, creating accounts for them with the cloud provider and with CloudGuard (Dome9), and with full access to the customer's CloudGuard (Dome9) account to act on their behalf, and generate reports for them.
In another model, the MSP or Reseller provides the accounts, and bills the customer for them, while the customer manages these accounts on their own.
In yet another model, a large enterprise, with a number of business units, can work with CloudGuard (Dome9) as an MSP, with each individual business unit a separate account, managed by one overall MSP account (in either of the above models, in which they are all actively managed by the 'MSP', or in which each unit manages its own account).
The MSP could build this flexibility in managing customer accounts into their business and pricing models, and offer full services for customers who do not want to be bothered with the day-to-day management of their network, or reduced services for customers who do want to manage their own account, but yet want to procure all their services from one provider. They can also choose which of the CloudGuard (Dome9) services they wish to offer their customers.
CloudGuard (Dome9) account types
There are two types of CloudGuard (Dome9) accounts that you can manage:
Enterprise accounts are for regular CloudGuard (Dome9) enterprise customers.
Reseller/MSP/Distributor accounts are for customers who will have and manage enterprise customers of their own. You must sign-on to the portal with this type of account.
An MSP account itself is a Super User, with full permissions over itself and its enterprise accounts. You can sign-on to a managed account in CloudGuard (Dome9) with any of the roles that are defined for the account, including as a Super User. You can define roles with specific permissions for each account (see Add a Role).
Cross-account trust capability
When you, as an MSP, create enterprise accounts for your customers, you can choose to allow the MSP account to sign-on to them and assume a role on them. This is called cross-account trust (also referred to as federated access), and allows you, as the MSP, to actively manage customer accounts in CloudGuard (Dome9).