# HashSphere FAQs

Common questions about HashSphere Managed Service. This covers scope, operations, and shared ownership.

Go deeper here:

* [Introduction to HashSpheres](https://docs.hashsphere.com/hashsphere-explained/introduction-to-hashspheres)
* [Architecture Overview](https://docs.hashsphere.com/managed-service/architecture-overview)
* [Support Overview](https://docs.hashsphere.com/support/support-overview)

### Service basics

<details>

<summary><strong>What is HashSphere Managed Service?</strong></summary>

HashSphere Managed Service is a fully-managed, enterprise-grade private ledger offering operated by the HashSphere engineering team on AWS or GCP. It allows organizations to run a permissioned network aligned with Hedera technology without needing to manage nodes, upgrades, or infrastructure operations themselves.

HashSphere Managed Service provides:

* Managed network operations with defined SLAs
* Proactive monitoring and maintenance
* Backup and recovery
* Structured support and escalation policies
* Clear operational boundaries between HashSphere and the customer

</details>

<details>

<summary><strong>Who is HashSphere Managed Service designed for?</strong></summary>

HashSphere Managed Service is designed for organizations that need:

* Production-grade reliability and uptime guarantees
* Predictable operations rather than ad-hoc support
* Enterprise-grade security and compliance alignment

This includes regulated industries, financial services, payments, supply chain, and enterprise application teams, to name a few.

</details>

<details>

<summary><strong>What does “fully managed” mean?</strong></summary>

Fully managed means:

* HashSphere engineers deploy, operate, monitor, and maintain the HashSphere network
* The HashSphere team handles node health, upgrades, backups, and incident response
* Customers do not require blockchain infrastructure expertise

Customers can instead focus on building applications and integrations, not running nodes.

</details>

<details>

<summary><strong>What cloud providers are supported?</strong></summary>

HashSphere runs on AWS or GCP. Deployments are single-region and span multiple Availability Zones by default.

</details>

### Operations

<details>

<summary><strong>What uptime and reliability guarantees are provided?</strong></summary>

HashSphere Managed Service includes the following:

* Published uptime SLAs (≥ 99.9%).
* Defined maintenance windows.
* Clear definitions of what services are included in uptime calculations.

Planned maintenance is communicated in advance and accounted for as part of the SLA agreements.

</details>

<details>

<summary><strong>How are incidents handled?</strong></summary>

Incidents are managed through our support portal, with tickets serving as the primary source of truth. HashSphere Managed Service employs a tiered support and escalation model:

* **Ticket Submission:** Customers submit tickets via Zendesk.
* **Guaranteed Response Times:** Response times are guaranteed based on the customer’s support contract.
* **Clear Escalation Paths:** Incidents can be escalated to Solution Architects, engineers, or product teams as needed.
* **Structured Communication:** We ensure systematic communication throughout the incident lifecycle.

Start here:

* [Support Overview](https://docs.hashsphere.com/support/support-overview)
* [Raising Support Tickets](https://docs.hashsphere.com/support/raising-support-tickets)

</details>

<details>

<summary><strong>What monitoring and visibility do customers get?</strong></summary>

Every network includes the [HashSphere Console](https://docs.hashsphere.com/operations/hashsphere-console). It integrates with your SSO provider.

You can view node health, endpoint availability, and network status. This helps you validate issues before opening a ticket.

</details>

<details>

<summary><strong>How does backup and recovery work?</strong></summary>

HashSphere provides automated backups and restore capabilities. Backup scope and recovery objectives depend on your service contract.

See [Network Backup and Restore](https://docs.hashsphere.com/operations/network-backup-and-restore).

</details>

### Security & access

<details>

<summary><strong>What is the shared responsibility model?</strong></summary>

HashSphere operates the managed platform. This includes nodes, upgrades, monitoring, backups, and platform incidents.

Customers operate the customer environment and application. This includes app deployment, access policies, and signing keys.

Use [Architecture Overview](https://docs.hashsphere.com/managed-service/architecture-overview) for boundary details.

</details>

<details>

<summary><strong>Who owns keys, certificates, and infrastructure?</strong></summary>

Ownership depends on how the key is used. HashSphere runs the infrastructure. Customers own transaction signing keys.

<table><thead><tr><th width="196.251953125">Item</th><th width="343.2294921875">Examples</th><th>Owned and operated by</th></tr></thead><tbody><tr><td><strong>Consensus node keys</strong></td><td>Node identity keys, gossip/TLS material</td><td><strong>Hashgraph</strong></td></tr><tr><td><strong>Mirror / RPC / explorer service certificates</strong></td><td>Ingress TLS certs, internal mTLS certs</td><td><strong>Hashgraph</strong></td></tr><tr><td><strong>Infrastructure access credentials</strong></td><td>Cloud account/project, Kubernetes control plane, CI for platform components</td><td><strong>Hashgraph</strong></td></tr><tr><td><strong>Platform/admin secrets</strong></td><td>Monitoring credentials, service-to-service secrets, platform admin accounts</td><td><strong>Hashgraph</strong></td></tr><tr><td><strong>Customer ledger account keys (transaction signing)</strong></td><td>Operator keys used by apps, treasury keys for customer-issued tokens, contract admin keys</td><td><strong>Customer</strong></td></tr><tr><td><strong>Customer auth/identity configuration</strong></td><td>SSO/IdP config, user access policies in the customer environment</td><td><strong>Customer</strong></td></tr></tbody></table>

HashSphere can bootstrap initial accounts during onboarding. Customer-owned keys are transferred using secure mechanisms.

</details>

### Integrations & development

<details>

<summary><strong>Can customers integrate wallets, custody providers, or partners?</strong></summary>

Yes. HashSphere supports integrations with wallets, custody, and third-party tooling.

Customers provision partner access. HashSphere provides required network identifiers and endpoints.

</details>

<details>

<summary><strong>Can customers deploy applications automatically?</strong></summary>

Yes. Use standard enterprise CI/CD for customer applications.

HashSphere provides stable environment details for automation. Your team owns pipelines and releases.

See [HashSphere Application Deployment](https://docs.hashsphere.com/development/application-deployment).

</details>

### Data & privacy

<details>

<summary><strong>Is customer data private?</strong></summary>

HashSphere is permissioned. Access is restricted to approved participants.

Connectivity is typically private. Examples include AWS PrivateLink and GCP Private Service Connect.

Data is encrypted in transit and at rest. Your application still controls what you publish on-ledger.

HashSphere APIs do not enforce your app auth model by default. Use a customer-managed proxy or gateway for fine-grained control.

Advanced privacy features may ship in future releases. Treat them as roadmap until contracted.

</details>