GitLab has an opportunity to smooth the administration of self-managed GitLab, by providing an official service for common tasks. This would be similar to what [Jetpack](https://jetpack.com) does for Wordpress, [MongoDB Management Service](https://www.mongodb.com/blog/post/introducing-mongodb-management-service) for MongoDB, or think of it like iCloud for an iPhone user. ## Architecture blueprint https://docs.gitlab.com/ee/architecture/blueprints/cloud_connector/ ## Direction page https://about.gitlab.com/direction/cloud-connector/ ## Team Top-level Epic See the parent epic for ongoing work https://gitlab.com/groups/gitlab-org/-/epics/12585 ## Potential services ### Offers Use paid features temporarily or permanently in exchange for who (is using it), how (they are using it), and what (ways we have to get in touch). ### AI AI / Duo ### Enablement * Backup (easily backup to GitLab.com) * Automated Backup / Restore, with included storage: https://gitlab.com/gitlab-org/gitlab-ce/issues/59714 * Geo (we run your Geo instance to fail over to) * Managed updates of GitLab - https://gitlab.com/gitlab-org/gitlab/-/issues/15993 * Object storage of data (goes along with backup/restore) * GitLab cloud instance of Prometheus & Grafana: https://gitlab.com/gitlab-org/gitlab-ce/issues/51491 * Turn-key monitoring of HA instances. Each Prometheus server on each node would write its data upstream to GitLab hosted Prometheus cloud. * Sync commit calendar between GitLab.com and self-managed instance * Possibly help with Federated GitLab https://gitlab.com/gitlab-org/gitlab/-/issues/6468 * As an initial iteration - Federated Search between Self-Managed and GitLab.com * Mail send/receive/spam filtering (no need to set up email) * Advanced Global Search without setup (no need to install Elastic Search) ### Manage * Migrate to GitLab.com * Sync repos with GitLab.com * Jira Cloud integration - https://gitlab.com/gitlab-org/gitlab/-/issues/321401 also see https://www.youtube.com/watch?v=R9QVlw2YPlQ * Anti-spam - gitlab-com/gl-security/engineering-and-research/automation-team/automation#187 ### Plan * Push notifications when GitLab is behind a firewall ### Verify * Purchase dedicated cloud runners (without needing to set up / manage your own) * Leverage a GitLab.com provided Runner: https://gitlab.com/groups/gitlab-org/-/epics/3795, https://gitlab.com/gitlab-org/gitlab-ce/issues/55208 * Runners as a Service (no need to maintain your own fleet) * Autoscaling Runners ### Release * GitLab Pages (no need to set this up) * Review Apps as a Service - https://www.youtube.com/watch?v=31Q7qADDkfY - https://gitlab.com/gitlab-org/gitlab/-/issues/325759 * Auto DevOps as a service ### Configure * Provided or shared clusters * Autoscaling Clusters * Jupyter notebooks (no need to install this yourself) ### Package * Packages (use the GitLab.com container registry seamlessly) ### Monitor * Incident management platform * APM (OpsTrace) which currently requires a .com account ### Secure * Update secure data files: * SAST * DAST * Container scanning * Dependency scanning ### Fulfillment * Realtime license count (cloud provisioning) and subscription changes * Existing SaaS features (Version check, Usage Ping, Seat Link) will also be included. ## Overview GitLab Plus is a set of SaaS offerings that augment self-managed GitLab. These services will be marketed separately, we name them for internal reasons for now. The status of this epic is that it is an early proposal. By having self-managed installations use GitLab SaaS offerings we increase: * Value (more likely to be enabled than setting something up yourself) * Admin experience (SaaS services easier to set up) * Reliability (experts running it) * Security (SaaS service is always up to date) * User Experience (we get data on how the product is being used) * Go to market efficiency (we know who is using the product and can contact them) #### Delivery options We could tackle this by extending our multi-tenant service GitLab.com, or potentially through a cloud provider peering like AWS PrivateLink. #### Configured at the Group level We are strongly considering launching this integration at the group-level, so more users can benefit from these features. To address the use case of an instance-wide integration, we are working to add an implicit top-level group as part of our Workspaces project: https://gitlab.com/groups/gitlab-org/-/epics/4419. Integration at the group level, combined with the Workspaces feature, will enable both "instance-level" and group-level integration seamlessly and without duplication of effort. #### CE vs EE We're considering launching these products within CE. This gives us a few benefits. In CE the wider community can contribute and become aware of the offerings (and potentially use them). We also have an opportunity to register and identify CE users, which is a significant majority of our self-managed deployments. #### Potential alternative names * Connect/Bridge are the how, the technical step of connecting to a SaaS service, and doesn't communicate the customer value. Cloud services * Management service like the one from MongoDB now called MongoDB Cloud Manager https://www.mongodb.com/mongodb-manager * Cloud-assisted GitLab Features was the original epic title At first, we could tie in these features to our CLI, for example `gitlab-ctl`. Later, this could work in conjunction with the Web Admin portal (https://gitlab.com/groups/gitlab-org/-/epics/174), which includes features like an easier interface for configuration and automatic updates. The ability to provide a service around these additional features would further reduce the effort needed to run your own GitLab instance, and make it more enjoyable. They could also be leveraged by CE users. 1. Start with backup/restore. This should be fairly simple, with low maintenance overhead. We could simply build a service which provisions buckets on our cloud vendor of choice, and then hand them over to the GitLab installation. (You could login with gitlab-ctl, then it would just hook up your bucket.) 2. Consider offering a small amount of storage for free, provi ded they login and authenticate their email address, and enable usage ping.