Module Appendix

• Customer must specify the authentication method they wish to use for logging into Harness and validate the login to the platform with the specified login method

• • SAML
  • LDAP
  • OAuth

• Base RBAC functionality for users is implemented and validated with the users and user groups mapped to Roles

• • SCIM
  • Just in time provisioning

• Customer must specify the organizational structure which needs to be mapped with the Account/Organization/Project structure of Harness

• Integrate with customer’s secret manager platform and validate the retrieval of these secrets in a sample pipeline
• AWS KMS and AWS secret manager
• GCP KMS and GCP secret manager
• Hashicorp vault secret manager
• Azure key vault secret manager
• Custom secret manager

• Integrate with customers SMTP configuration
• Customer has a delegate which can send email notifications

• Customers must specify the services they wish to target for Onboarding and agree upon the scope of the services they wish to target for onboarding.

• Each Pipeline must deploy successfully to a respective target
• Working pipelines can deploy to any environment (non-prod or prod - does not need to be Prod)
• Service must be deployed to an environment

• Shell script configuration
• Service and environment onboarding

• Approval gate configuration
• ServiceNow and Jira integration
• Bi-Directional Git Sync / Git Experience to backup configurations and setup
• Deployment Step Configuration
• Cloud Providers
• Infrastructures are configured
• Services and Environments are configured
• OOTB Dashboards setup

Users have delegates that can perform deployment tasks

• Delegate INIT SCRIPT are configured
• Delegate Upgrade process is defined
• Immutable and Custom Delegate Image - Process in place to maintain and update
• Network Connectivity to resources
• High Availability of Delegates
• Prod vs Non Prod Access for Delegates

Users will be able to govern their Deployments via Policies as Code.

• Level 1
  • Not Applicable
• Level 2
  • Max 6 Policies
• Level 3
  • Max 8 Policies

Users will have various templates configured in their account to prepare to scale adoption of Harness to other teams

• Level 1
  • Max 4 Templates
• Level 2
  • Max 12 Templates
• Level 3
  • Max 20 Templates

Integrated health data sources with Harness CV, including the development of the relevant data queries

• Level 1
  • 1 CV Step, 1 Monitored Service with 1 Query
• Level 2
  • 3 CV Steps, 3 Monitored Services with 3 Queries
• Level 3
  • 5 CV Steps, 5 Monitored Services with 5 Queries

Upgrading or extending of existing pipeline architecture

Additional team onboarding to existing pipelines

Building net new pipelines where appropriate

Customer creates Pipelines to help onboard the services with Harness support

Customers configure approvals for the respective pipeline deployments as needed

Users will have configured JIRA, ServiceNow or a Harness Approval

Adopt more advanced features like overrides, variable expression usage and manifest

Users are deploying their services to production with Harness

Customer has an onboarding automation tool to help users scale to the next set of services; the time required to add and configure new services decreases for the customer

Build Custom Dashboards for use with CD Data

• Level 1
  • Up to 2 Custom Dashboards
• Level 2
  • Up to 4 Custom Dashboards
• Level 3
  • Up to 6 Custom Dashboards

Base RBAC for CD Teams is implemented

Customers can deploy with Deployment Templates for non-standard Harness Deployments

• Level 1
  • Not Applicable
• Level 2
  • Applicable
• Level 3
  • Applicable

The Customer gets an Account Setup, Integration Setup, Pipeline Design that is reusable and can handle the new services and teams they onboard. This is to ensure the short onboarding time and the reduction in new configuration

User’s have delegates that can perform deployment tasks

• Delegate INIT Script are configured
• Delegate Upgrade process is defined
• Immutable and Custom Delegate Image - Process in place to maintain and update
• Network Connectivity to resources
• High Availability of Delegates
• Prod vs Non Prod Access for Delegates

• Integration Setup
  • Out of the Box Integrations
• Satellite Install
  • Configure the satellite
  • Run the satellite container
  • Managing the satellite
• Collaborator Setup

• Hierarchy setup
  • Asset and People based
  • Centralized Profiles setup

• Out-of-box:
  • DORA
  • Trellis
  • Agile
  • Dev Productivity
  • Business Alignment

Instructor led admin training on:

• Integration setup
• Keeping collaborator identities up-to-date
• Creating and modifying collections
• Creating new Profiles and Workspaces
• Modifying Thresholds
• Customization of Dashboards
• Widget Walkthrough

• Set goals/ timelines needed for the migration
• Infrastructure, network access, connectors is setup to run CI builds

• Tutorials and Pre-Implementation Orientation

• Setup infrastructure for self-hosted scenarios
• Codebase connector to clone codebase in CI pipeline

• Get the first 1st pipeline running in Harness with all the optimization to make builds faster

• Migrate. Optimize pipeline#2 and identity patterns that can be generalized through templates

• Create policies and dashboards so the customer can roll out CI pipelines and measure the ROI

• Create templates based on common patterns identified so customer can rollout CI pipelines

• Do functional, performance, security testing to ensure that this effort meets the business goals
• No shadow mode for the pipeline migrated to Harness CI
• Developer Satisfaction
• Case study for the benefits realized

• Migration goals/ internal rollout plan (people, process, culture, direction)
• Infrastructure, network access, connectors is setup to run CI builds

• Tutorials and Orientation Pre-Implementation
• Migration

• Setup infrastructure for self-hosted scenarios
• Codebase connector to clone codebase in CI pipeline

• Get the first 1st pipeline running in Harness with all the optimization to make builds faster

• Migrate. Optimize pipeline#2 and identity patterns that can be generalized through templates

• Create policies and dashboards so the customer can roll out CI pipelines and measure the ROI

• Create templates based on common patterns identified so customer can rollout CI pipelines

• Onboard 20-30% of engineering teams/ developers
• Run Harness & existing CI system in Shadow mode

• Business Outcomes results realized based on the SKU and initial rollout scope
• Technical acceptance for functional, performance, security goals
• CSAT Completion
• Developer Satisfaction
• Case study for the benefits realized

• Migrate all pipelines (optimize or deprecate)
• Harness CI becomes the primary system
• Existing CI system deprecated/ any infrastructure used is deprecated

• Do functional, performance, security testing to ensure that this effort meets the business goals
• No shadow mode for the pipeline migrated to Harness CI
• Developer Satisfaction
• Case study for the benefits realized

• Setup RBAC for organization and projects to control who is creating, editing, deleting, and toggling feature flags
• Help install SDKs for each application team
• Create initial targets and target groups
• Setup simple boolean feature flags for controlling the release off a feature (on/off)

• Setup pipeline for feature flag approval automation with Jira or ServiceNow

• Kill Switches
• Progressive Delivery
• Incident Management

• Setup target management associated with use cases implemented

• Setup pipeline automation for use cases implemented
• Setup OPA policy for naming conventions
• Setup OPA policy for automated ticket creation, approval, and ticket close out

• Setup Git integrations with repo and train on how to confirm stale flags and removal with automation in the feature flag module

• Configure reporting dashboard for Developer persona
• Configure reporting dashboard for Manager persona

• Setup and configure Proxy v2 for customer, test and validate configuration

Note: This may include multiple Proxies depending on network and customer requirements.

• Pre-sales to Post-sales Transition / POV involvement
• Project Kick off
• SCIM/SSO Implementation
• RBAC Implementation
• Create billing connector
• Cluster Costs (Delegate and 2 connectors) Implementation

• Custom Perspective Implementation
• Custom Dashboard Implementation
• Cost Categories Implementation
• Anomaly Overview
• Budget Implementation

• Recommendations Overview
• AutoStopping Setup
• AutoStopping Schedule Implementation
• AutoStopping Traffic Implementation
• Asset Governance Setup
• Asset Governance Rule Enforcement
• Commitment Orchestrator Setup
• Commitment Orchestrator Review Recommendations

• Custom Perspective Implementation
• Custom Dashboard Implementation
• Cost Categories Implementation
• Anomaly Overview
• Budget Implementation

• Recommendations Overview
• AutoStopping Setup
• AutoStopping Schedule Implementation 
• AutoStopping Traffic Implementation 
• Asset Governance Setup
• Asset Governance Rule Enforcement 
• Commitment Orchestrator Setup
• Commitment Orchestrator Review Recommendations
• Automated purchasing and management of RIs and SPs through Commitment Orchestrator

• Up to: 3 OSS or 1 OSS security scanners and 1 commercial security scanners have been integrated into an automation pipeline, including a basic scan governance policy
• For up to 15% of licensed users

• Up to: 5 OSS or 1 OSS security scanners and 3 commercial security scanners have been integrated into an automation pipeline, including a basic scan governance policy
• For up to 15% of licensed users

• Up to: 7 OSS or 1 OSS security scanners and 5 commercial security scanners have been integrated into an automation pipeline, including a basic scan governance policy
• For up to 15% of licensed users

• Prepare Security Scan Hosting Platform
• Prepare any Self-signed Certificate Dependencies
• Deploy Delegate to manage Security Scans
• Create Scanning Infrastructure Connector

• Create STO Pipeline Template
• Configure Pipeline Variables
• Configure Pipeline Notifications
• Configure Flow Control (if applicable)
• Configure Policy Sets (if applicable)
• Configure Advanced Pipeline Options (if applicable)
• Configure Harness Approval Stage Template (if applicable)
• Create STO Stage Template
• Create Code Repository Connector (if applicable)
• Create Artifact Repository Connector

•   Configure Codebase
•   Configure Infrastructure Tab
•   Configure Stage Variables
•   Configure Execution Tab
•   Configure Security Tests Step
•   Run initial tests and configure baselines
•   Target name and variant acceptance review
•   Setup automation for vulnerability baselines

• Configure Dashboard

• Configure Governance Policy

•   Enable AIDA Recommendations
•   Develop vulnerability exemption management workflow

• Jira Integration
• Slack Integration

• STO integrated with developer Pull Request pipelines resulting in vulnerabilities being fixed by devs prior to main merge using up to an additional 3 OSS or 1 OSS/1 Commercial scanners
• For up to 75% of contracted users

• STO integrated with developer Pull Request pipelines resulting in vulnerabilities being fixed by devs prior to main merge using up to an additional 5 OSS or 1 OSS/3 Commercial scanners
• For up to 75% of contracted users

• STO integrated with developer Pull Request pipelines resulting in vulnerabilities being fixed by devs prior to main merge using up to an additional 7 OSS or 1 OSS/5 Commercial scanners
• For up to 75% of contracted users

• Prepare Security Scan Hosting Platform

• Prepare any Self-signed Certificate Dependencies
• Deploy Delegate to manage Security Scans
• Create Scanning Infrastructure Connector

• Create STO Pipeline Template
• Configure Pipeline Variables
• Configure Pipeline Notifications
• Configure Flow Control (if applicable)

•  Configure Policy Sets (if applicable)
•  Configure Advanced Pipeline Options (if applicable)
•  Configure Harness Approval Stage Template (if applicable)
•  Create STO Stage Template
•  Create Code Repository Connector (if applicable)
•  Create Artifact Repository Connector
•  Configure Codebase
•  Configure Infrastructure Tab
•  Configure Stage Variables
•  Configure Execution Tab
•  Configure Security Tests Step
•  Run initial tests and configure baselines
•  Target name and variant acceptance review
•  Setup automation for vulnerability baselines

• Configure Governance Policy
• Enable AIDA Recommendations
• Develop vulnerability exemption management workflow

• Jira Integration
• Slack Integration

• Up to 100 SBOM's for built artifacts or repositories including different versions across pipelines with 3 OPA policy for enforcement

• Up to 250 SBOM's for built artifacts or repositories including different versions across pipelines with 5 OPA policies for enforcement

• Up to 500 SBOM's for built artifacts or repositories including different versions across pipelines with 10 OPA policies for enforcement

• Pipeline Creation with git connectors
• Setting up codebase and building artifact in CI
• Setup Deployment Stage and Configuration

• Include SBOM Orchestration Step in Build Stage
• Configure Attestation with Public & Private Key
• Download SBOM and Verify Attestation in Artifact Registry

• Create SBOM OPA policies to block components 
• Enforce governance in Deploy stage using SBOM Enforcement Step

• View components used in building artifacts
• Understand licenses used along with supplier details

• Up to 100 SBOM's for built artifacts or repositories including different versions across pipelines with 3 OPA policy for enforcement with SLSA Level 2 provenance validation for built artifacts to ensure integrity and trust on Harness Hosted Builds

• Up to 250 SBOM's for built artifacts or repositories including different versions across pipelines with 5 OPA policies for enforcement with SLSA Level 2 provenance validation for built artifacts to ensure integrity and trust on Harness Hosted Builds

• Up to 500 SBOM's for built artifacts or repositories including different versions across pipelines with 10 OPA policies for enforcement with SLSA Level 2 provenance validation for built artifacts to ensure integrity and trust on Harness Hosted Builds

• Pipeline Creation with git connectors
• Setting up codebase and building artifact in build stage
• Setup deployment stage and configuration

• Include SBOM Orchestration Step in Build Stage
• Configure Attestation with Public & Private Key
• Download SBOM and Verify Attestation in Artifact Registry

• Create SBOM OPA policies to block components
• Enforce governance in Deploy stage using SBOM Enforcement Step 

• View components used in building artifacts
• View licenses used along with supplier details

• Enforce SLSA Verification Step in Deployment
• Setup OPA policies needed to ensure artifact integrity
• Validate provenance by checking build system attributes such as users, branch etc

• Create remediation trackers to block components containing zero day vulnerabilities
• Assign tickets to developers and track remediation status in deployed environments

• Up to 3 OOTB Catalog Plugins
• Onboarding for up to 35 Catalog Components
• Up to 2 Self-Service Workflows
• Up to 6 Catalog Readiness Scorecard Checks
• Up to 2 Custom Data Ingestions with corresponding Maturity Scorecard Checks

• Up to 5 OOTB Catalog Plugins
• Up to 75 components onboarded into Software Catalog
• Up to 5 Self-Service Workflows
• Up to 12 Catalog Readiness Scorecard Checks
• Up to 5 Custom Data Ingestion Integration with corresponding Maturity Scorecard Checks

• Platform Fundamentals
  • RBAC Persona Configuration
  • SSO Integration
  • Secret Management Integration
  • Setup of Initial Account Structure
• Integrate developer systems with Harness Platform
• Create Systems and Domains to represent hierarchy

• Integrate and configuration Catalog Plugins
• Define dependencies and relationships between components
• Onboard software components into Software Catalogs
• Create Scorecard for Catalog Readiness
• Complete training for Administrators & End Users

• Create self-service Workflows to support development organization
• Integrate with CI / CD platforms to automate the scale of pipelines
• Integrate with IaC frameworks to automate the scale of environments and application dependencies
• Integrate with Change Management / Issue Tracking software to automate any governance and compliance requirements

• Up to 10 Workspaces
  • Across 1-2 Projects
• Up to 1 OPA Policy
• Up to 2 Basic Pipelines
• Cost Estimation Setup

• Up to 50 Workspaces
  • Across 3-5 Projects
• Up to 2 OPA Policies
• Up to 5 Basic Pipelines
• Cost Estimation Setup

• Up to 100 Workspaces
  • Across 8-10 Projects
• Up to 3 OPA Policies
• Up to 10 Basic Pipelines
• Cost Estimation Setup

All infrastructure dependencies have been integrated into the provisioning pipeline(s)

Consolidated state and configuration management within Harness

Best practices for provisioning Infrastructure via Harness IaCM Pipelines

Pipelines integrated with Change Management processes

Establish delegate architecture and build for scale

• Up to 40 Workspaces
  • Across 10 Projects
• Up to 5 OPA Policy
• Up to 10 Advanced Pipelines

• Up to 80 Workspaces
  • Across 20 Projects
• Up to 10 OPA Policies
• Up to 20 Advanced Pipelines

• Up to 150 Workspaces
  • Across 30 Projects
• Up to 15 OPA Policies
• Up to 30 Advanced Pipelines

Establish a cultural center of excellence for organization-wide Infrastructure-as-Code practices and reusable solutions

Advanced infrastructure provisioning pipelines, including plugin integrations

Drift Detection Schedule enabled and set

Pipelines integrated with Change Management processes

• Up to 4 basic chaos experiments
  • For one k8s application
• Up to 4 basic chaos experiments
  • For one Linux/Windows application
• Up to 1 resilience probe integration

• Up to 8 basic chaos experiments
  • For one k8s application
• Up to 8 basic chaos experiments
  • For one Linux/Windows application
• Up to 8 resilience probe integrations

• Up to 16 basic chaos experiments
  • For one k8s application
• Up to 12 basic chaos experiments
  • For one Linux/Windows application
• Up to 12 resilience probe integrations

All Chaos Experiment dependencies have been integrated

Experiment development integrated with change management process

Custom Chaos Hub setup

Chaos Experiments integrated into CD pipelines

Basic Chaos Dashboards configured and ready

• Up to 12 chaos experiments
  • Across 1-2 Apps
• Up to 10 resilience probe templates
  • Across 1-2 Apps
• Up to 2 hours of Chaos Experiment Developer Training

• Up to 50 chaos experiments
  • Across 1-2 Apps
• Up to 30 resilience probe templates
  • Across 1-2 Apps
• Up to 6 hours of Chaos Experiment Developer Training
  • Including CD and APM integrations

• Up to 100 chaos experiments
  • Across 1-2 Apps
• Up to 50 resilience probe templates
  • Across 1-2 Apps
• Up to 8 hours of Chaos Experiment Developer Training
  • Including CD and APM and LT integrations

Initial Installation

• Connected mode
• Nginx
• Internal Database
• Self signed certificate

• Customer must specify the infrastructure where they wish to install the Harness Self Managed Platform
• Managed k8s some text
  • EKS (AWS)
  • GKE (GCP)
  • AKS (Azure) 
• Self managed k8s

• Customer must specify and provide the artifact repo they want to use with Air Gapped mode

• Customer must specify and bring their own Istio for the installation

• Customer must bring their own external databases for MongoDB, PostgresQL, Redis, TimescaleDB

• Customer must have Velero buckets for backup and restore
• Suggest disaster recovery strategy and support the architecture