Docs
Managed NiFi Service Design
Hosted and managed NiFi service boundary, package scope, and shared responsibility.
- Source
- design/managed-nifi-service.md
- Status
- public-safe curated extract
Managed NiFi Service Design
Managed NiFi is a runtime service for customers who want Apache NiFi available without owning the platform operations. It is separate from Flow Vector tooling, although the two offerings work well together.
Service Boundary
| Offer | Buyer intent | Primary value |
|---|---|---|
| Flow Vector for NiFi | Build, inspect, validate, and review NiFi flows. | Engine-aware guardrails, schema and mapping review, migration evidence, and design guidance. |
| NiFi migration review | Understand an existing NiFi estate before changing or replacing it. | Business logic extraction, risk inventory, and replatforming evidence. |
| Managed NiFi | Run NiFi without building and operating the platform internally. | Dedicated hosting, monitoring, patching, backup, support, and operating discipline. |
Included In The First Package
- Dedicated customer NiFi environment.
- Provisioning and baseline configuration.
- Ingress pattern, TLS, and access gateway integration.
- Secrets integration with a managed secret store.
- Runtime monitoring, health checks, and alert triage.
- Backup, restore procedure, and recovery exercises.
- Planned patching and version upgrade process.
- Operational runbooks and status reporting.
Base Package Does Not Include
- Ownership of customer business logic.
- Approval of production flow changes on behalf of the customer.
- Unlimited custom connectors or environments.
- Customer-specific 24/7 support before the operating model is proven.
- A shared multi-tenant flow builder.
Shared Responsibility
| Area | Flowvec owns | Customer owns |
|---|---|---|
| Runtime | Provisioning, hardening, monitoring, patching, backups, restore, and incident triage. | Business criticality, planned change windows, production acceptance, and stakeholder approval. |
| Flow design | Optional guardrails, validation, review, and evidence if purchased. | Business rules, data contracts, flow ownership, and release decisions. |
| Connectivity | Ingress patterns, certificates, private endpoint configuration, and connectivity runbooks. | Firewall approvals, credentials, partner constraints, and network exceptions. |
| Support | Platform support process, status updates, and root-cause notes for Flowvec-owned components. | Business impact decisions and third-party system coordination. |
First Decision
The initial managed service should use dedicated single-tenant deployments. That keeps the commercial boundary clear, reduces blast radius, and makes the public website promise easier to defend.