Page Comparison

Responsibility Layer

With Stonebranch SaaS:

• Stonebranch fully manages all back-end resources.  SaaS customers have no access to the back-end servers, databases, or other resources.
• All customer access occurs via the Controller GUI or API.  Customers are responsible for their agents, workload, bundle and promotion between environments, and user/group management.  This includes ensuring that secure passwords are used.

By contrast, customers that perform an on-premise Controller installation are responsible for every aspect of their environment.

Controller Time Zone

Authentication

For Stonebranch SaaS, customers must decide what login method they will use:

• Local users
• LDAP
• Single Sign-On

A customer requesting Single Sign-On must work with Stonebranch for implementation.:

• Inform Stonebranch which identity provider they will use.
• Provide Stonebranch with an IdP file.

Networking

Stonebranch SasS customers can only run workload on agents they connect to the Controller or via API.

Based on the customers networking requirements/restrictions, firewall modifications may need to be implemented to allow communication between the agents and the Stonebranch back end.  

One example of this is modifying an on-site firewall to allow outbound connections to an IP:PORT provided by Stonebranch.

There currently are two connectivity options:

• Agents connecting to the Stonebranch SaaS Controller via TLS over the internet.
• Site-to-site VPN between Stonebranch and customer data center.

If site-to-site VPN is requested, customers must work with Stonebranch for implementation by providing the following information:

• Gateway vendor to be used (for example: Cisco, Palo Alto, SonicWALL, Check Point).
• IP(s) used for their public-facing gateway.
• Private subnet to be used (for example, 172.16.0.0/16).