It is your responsibility to inform yourself beforehand about the permitted and prohibited use cases for your server and to adhere to them throughout your usage.
Scaleway Bare Metal Shared Responsibility Model
On this page, we outline the roles and responsibilities for maintaining and securing your Bare Metal servers. Our shared responsibility model clarifies the division of duties between Scaleway and our users, ensuring clarity in managing server availability, backups, configurations, and security measures. By understanding this shared responsibility, you can optimize the performance, reliability, and security of your Scaleway Bare Metal services.
Product resiliency
Availability
Bare Metal Products target the following power supplies and connectivity SLOs:
- For Dedibox servers:
- Start: 99.9% availability
- Pro and Store: 99.95% availability
- Core: 99.99% availability
- For Elastic Metal servers:
- Aluminium: 99.9% availability
- Beryllium and Lithium: 99.95% availability
- Iridium: 99.99% availability
- For Apple silicon servers:
- Mac mini: 99.95% availability
The detailed SLAs measurements and guarantees can be found at Service Level Agreement for Bare Metal Services.
Once the resource is in your hands, we have no access to the machine and therefore no way to monitor its operation. In case of any operational issues, we invite you to consult our documentation or create a ticket with our support team. We will then do our utmost to ensure that you regain access to your resources as quickly as possible.
Backups and snapshots
You are fully responsible for managing your machine and its data.
It is your responsibility to ensure data redundancy if necessary, by relying on backups or internal server redundancy through solutions such as RAID.
In the event of a disk or a hardware failure, we cannot guarantee that you will regain access to your machine and data. The failure may require a complete replacement of the machine. Therefore, it is your responsibility to ensure in advance that you have a backup or redundancy of your data on another server. We cannot be held responsible for the loss of your data.
Backups and snapshots must be configured by you. Please refer to our documentation for assistance in setting up backups for Dedibox, Elastic Metal, and Apple silicon. Restoring snapshots or backups needs to be triggered by you.
Configuration and version management
Installation and configuration
We provide a range of Linux, Windows and macOS server distributions for automatic installation from the Scaleway console. These distributions come with a default configuration designed for standard use cases, ensuring security, usage efficiency, and reliability. During the setup of your machine, you can modify and customize this initial configuration. However, you are responsible for any impact on your server’s availability, security, or performance.
Apple Silicon servers, in particular, are enrolled with a Scaleway-operated mobile device management server. Removing the enrolment, or any of the associated configuration profiles, may impact Scaleway’s ability to monitor & restart your server on your behalf, for instance, in case of power loss.
In the event that you use a custom image, it is your responsibility to ensure a reliable and secure configuration of your machine.
Updates and version management
We regularly provide OS version updates, allowing you to upgrade your environment if desired. It is your responsibility to update your machine to the desired version and thus maintain its compatibility with all internal and external resources at Scaleway.
If you perform manual upgrades without reinstalling your machine with an image provided by Scaleway, it is your responsibility to ensure the reliability and stability of your machine’s configuration.
Usage compliance
You are responsible for the proper use of your resources. In this regard, you are responsible for maintaining the use of your server in accordance with Scaleway’s compliance policy, as well as those of the various operating systems you use.
Data protection
Encryption in transit
Bare Metal servers support SSH connections to secure your communication with the server. You remain responsible for configuring SSH keys.
Data encryption
You are responsible for encrypting the disks on your server. We are not responsible for data encryption, especially in cases of sensitive applications or additional security requirements.
Data deletion
When you delete your server, we are responsible for removing all of your data. To ensure their protection, the deleted server remains attached to your account and is therefore inaccessible to anyone else until all of your data has been erased and the cleaning process has been completed with a 100% success rate.
In the event of a defective storage disk, it will be destroyed to ensure the confidentiality of your data.
Scaleway access
We do not have the technical capability to access your machine once it is installed, nor the data stored on it. We have no visibility into your use of the server and its configuration. Therefore, it is your responsibility to ensure the security of your machine and data.
Identity and access management
Elastic Metal servers provide IAM permissions sets which allow or restrict specific actions a user or application can perform, such as creating or deleting Elastic Metal servers. You remain responsible for giving these permissions to the relevant users or applications and reviewing these accesses frequently.
Dedibox servers provide outsourcing services features, allowing you to delegate resource management. You remain responsible for giving access and management permissions to the relevant users or outsourcing providers and reviewing these accesses frequently.
Managing access and permissions for creating, modifying, using, and deleting a resource remains in any case your responsibility.
Platform security
Our security guarantees are available at https://www.scaleway.com/en/security-and-resilience/, and our certifications and commitments are available in our Trust Center.
Security best practices
For optimal security, we recommend that you:
- replace and strengthen your password after installation,
- use an SSH key to access your machine, rather than using username and password authentication,
- check and update the firewall and filtering rules if necessary,
- regularly update the operating system to take advantage of configuration updates and security patches,
- limit access to the preconfigured VNC server and access it through tunneled SSH connections (for Apple silicon servers).