AWS Thinkbox Deadline Shared Responsibility Model

AWS Thinkbox, like AWS, has a shared responsibility for Security and Compliance with the customer. AWS takes responsibility for Security “of” the Cloud and customers hold responsibility for Security “in” the Cloud. This shared model can help relieve customer’s operational burden as AWS operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. The customer assumes responsibility and management of the guest operating system (including updates and security patches), other associated application software as well as the configuration of the AWS provided security group firewall. AWS’s Shared Responsibility Model details how Security and Compliance is shared between AWS and our customers

This shared responsibility extends to Deadline render farms deployed by AWS Thinkbox customers either on-premise and in the cloud. Customers should carefully consider the software they use in the render farms as their responsibilities vary based on how render applications, project managements, asset management systems and other software integrate with their IT environment. The nature of this shared responsibility provides the flexibility and customer control that permits the deployment.

AWS Thinkbox Responsibility

AWS Thinkbox is responsible for managing and protecting the communication between Deadline Components in a deployment, the render queue metadata (Jobs, Tasks, Queues, Status, and so on) and the movement and protection of assets between Deadline components.

Customer Responsibility

Customers hold the responsibility for the security and operation of their on-premises IT environment and the deployment and configuration of Deadline. This includes the provisioning of hardware (including host operating system updates and security patches), the configuration of the network and firewall, the management of identity and user access controls, and back up of key systems. When deploying Deadline, customers can use the Deadline security documentation to configure Deadline based on their requirements.