Anthos shared responsibility

Running a business-critical application on Anthos requires multiple parties to carry different responsibilities. While not an exhaustive list, the following tables list the roles and responsibilities for both Google and the customer.

Google's responsibilities

GKE on Google Cloud Anthos clusters on VMware Anthos clusters on AWS
(multi-cloud)
Anthos attached clusters
Provide upgraded GKE versions and node operating systems, such as Container-Optimized OS (COS) or Ubuntu. GKE makes any patches to these images available. Maintain and distribute the Anthos clusters on VMware software package including Kubernetes, vCenter and F5 controllers, Ingress controller, Connect and Cloud Monitoring and Cloud Logging agents, and gkectl command line tool. Maintain and distribute the Anthos clusters on AWS software package including Kubernetes, base images, the AWS integration features, the Ingress controller, the Connect agent, and the anthos-gke command line tool. Provide a list of supported Kubernetes distributions and versions.
Protect underlying infrastructure, including hardware, firmware, kernel, OS, storage, network, and more. This includes encrypting data at rest by default, encrypting data in transit, using custom-designed hardware, laying private network cables, protecting data centers from physical access, and following secure software development practices.
Automatically upgrade clusters enrolled in Release Channels or with auto-upgrade enabled. Manage the GKE control plane, which includes the master VMs, the API server and other components running on those VMs, as well as the etcd database. This includes upgrades and patching, scaling, and repairs, all backed by an SLO. Maintain and distribute the Ubuntu admin workstation and node machine images including regular patching and security fixes. Maintain and distribute the management layer, control plane, and node pool machine images, including regular patching and security fixes.
Notify users of available upgrades for Anthos clusters on VMware, and producing upgrade scripts for the previous version; Anthos clusters on VMware supports sequential upgrades only (1.2 → 1.3 → 1.4 only and not 1.2 → 1.4). Notify users of available upgrades for Anthos clusters on AWS, and producing upgrade instructions for the previous version. Anthos clusters on AWS supports sequential upgrades only (1.2 → 1.3 → 1.4 only and not 1.2 → 1.4). Notify users of available upgrades for Anthos components, and producing upgrade instructions for the previous version. Anthos supports sequential upgrades only (1.2 → 1.3 → 1.4 only and not 1.2 → 1.4).
Provide Google Cloud integrations for Connect, Identity and Access Management, Cloud Audit Logs, Google Cloud's operations suite, Cloud Key Management Service, Security Command Center, and others. Provide Google Cloud integrations for Connect and Google Cloud's operations suite. Provide Google Cloud integrations for Connect. Provide Google Cloud integrations for Connect.
Troubleshooting with Cloud Support Troubleshooting, providing workarounds, and correcting the root cause of any issues related to Google-provided components. Troubleshooting, providing workarounds, and correcting the root cause of any issues related to Google-provided components. Troubleshooting, providing workarounds, and correcting the root cause of any issues related to Google-provided components.

Customer's responsibilities

Anthos clusters on Google Cloud Anthos clusters on VMware Anthos clusters on AWS
(multi-cloud)
Anthos attached clusters
Overall system administration for on-premises clusters. Overall system administration for Anthos GKE on AWS clusters. For example, configuring them to work within the corporate VPC environment. Provide a modern Kubernetes platform that meets Google's specifications. The platform includes, but is not limited to: hardware, OS, Kubernetes API server, VPC configuration, and other attributes.
Maintain any application workload deployed on the cluster. Maintain any application workload deployed on the cluster. Maintain any application workload deployed on the cluster. Maintain any application workload deployed on the cluster.
Operate, maintain, and patch infrastructure, including networks, servers, storage, and connectivity to Google Cloud. Operate and maintain the AWS environment, including networking configuration, and connectivity to Google Cloud. Operate, maintain, and patch infrastructure, including networks, servers, storage, and connectivity to Google Cloud.
Operate, maintain, and patch vSphere and network load balancers. Operate, maintain, and patch any infrastructure needed to run cluster
Maintain support contracts with VMware and F5 (if deployed). Maintain support contracts with AWS. Maintain support contracts with third-parties. For example: networking, container orchestration, computing resource, and storage vendors.
Enroll clusters in auto-upgrade or upgrading clusters to supported versions Upgrade Anthos clusters on VMware to a supported version on a regular basis. Upgrade Anthos clusters on AWS to a supported version on a regular basis. Upgrade Kubernetes to a supported version on a regular basis.
Deploy and test your workloads on updated node machine images. Deploy and test updated Admin workstation images in your environment. Raise concerns to Google through Cloud Support.
Monitor the cluster and applications and respond to any incidents. Monitor the cluster and applications and respond to any incidents. Monitor the cluster and applications and respond to any incidents. Monitor the cluster and applications and respond to any incidents.
Ensure Logging and Monitoring agents are deployed to clusters. Without logs, support is available on a best-effort basis. Keep the cluster connected to Google services. Keep the cluster connected to Google services.
Provide Google with environmental details for troubleshooting purposes. Provide Google with environmental details (for example, network configuration) for troubleshooting purposes. Provide Google with environmental details (for example, AWS VPC configuration) for troubleshooting purposes. Provide Google with environmental details (for example, network configuration) for troubleshooting purposes.