Shared Responsibility Model

Welcome to Codebeamer AI Help Center > Setting Up the Codebeamer AI > Customer-hosted Codebeamer AI > Shared Responsibility Model

This topic explains how responsibilities are shared between PTC and customers for a customer-hosted Codebeamer AI deployment. Understanding these boundaries helps you plan,operate, and support your environment effectively.

Component	PTC Responsibilities	Customer Responsibilities
Identity and access management	Provide documentation for supported roles, permissions, and integration patterns.	Create and manage identities, role assignments, user consent, and access lifecycle policies.
Deployment templates	Provide and maintain reference Terraform modules, sample Helm charts, and deployment guidance.	Customize templates and values for your environment, deploy the solution, and manage change approvals.
Container images	Build, scan, version, and deliver approved container images with release notes.	Store images in your registry, manage registry access and networking, and use approved versions.
Infrastructure provisioning and policies	Provide validated infrastructure-as-code templates and guidance for Azure deployments.	Provision and operate Azure resources, including networking, AKS, identity, logging, quotas, and policies.
Observability and monitoring	Provide guidance on observability integrations, recommended metrics, and dashboards.	Deploy and operate monitoring tools stack, configure alerts, retain logs, and handle incident response.
Application upgrades	Publish updated images, templates, and documented upgrade instructions.	Plan, test, and execute upgrades within your SDLC andvalidatepost-upgrade behavior.
Security patching	Release patched images and templates addressing product vulnerabilities.	Apply patches in your environment,validateresults, and complete rollout within your timelines.
Security and compliance controls	Provide security baseline recommendations and hardening guidance.	Enforce policies, manage RBAC, meet compliance requirements, and maintain audit evidence.
Support and service levels	Support product defects, deployment asset issues, and escalations as outlined in your contract.	Operate and monitor the runtime environment and provide first-line support as agreed.
Data handling	Document product data flows and telemetry behavior.	Manage data governance, residency, backups, restores, and tenant-specific data protection.
Backup, restore, and disaster recovery	Document recovery behavior and limitations for stateless components.	Define RPO and RTO, implement infrastructure-level disaster recovery, and run recovery tests.
Decommissioning and uninstall	Document teardown and cleanup steps, and how to disable integrations and telemetry, identities, and permissions.	Back up required data, remove access, decommission infrastructure, and meet audit requirements.
Incident management	Define the incident model, escalation paths, and diagnostic processes.	Monitor the environment, manage on-callresponses, coordinate incidents, and conduct post-incident reviews.

Was this helpful?