Enterprise cloud management is a top priority. As the shift towards multi-cloud environments continues, so has the need to consider the potential challenges. Whether you already use the public cloud, or are considering making the switch, you probably want to know what the risks are. Here are three you should be thinking about.
1. Multi-Cloud Environments
As the ParkMyCloud platform supports AWS, Azure, and Google, we’ve noticed that multi-cloud strategies are becoming increasingly common among enterprises. There are a number of reasons why it would be beneficial to utilize more than one cloud provider. We have discussed risk mitigation as a common reason, along with price protection and workload optimization. As multi-cloud strategies become more popular, the advantages are clear. However, every strategy comes with its challenges, and it’s important for CIOs to be aware of the associated risks.
Without the use of cloud management tools, multi-cloud management is complex and sometimes difficult to navigate. Different cloud providers have different price models, product features, APIs, and terminology. Compliance requirements are also a factor that must be considered when dealing with multiple providers. Meeting and maintaining requirements for one cloud provider is complicated enough, let alone multiple. And don’t forget you need a single pane to view your multi-cloud infrastructure.
2. Cost Control
Cost control is a first priority among cloud computing trends. Enterprise Management Associates (EMA) conducted a research study and identified key reasons why there is a need for cloud cost control, among them were inefficient use of cloud resources, unpredictable billing, and contractual obligation or technological dependency.
Managing your cloud environment and controlling costs requires a great deal of time and strategy, taking away from the initiatives your enterprise really needs to be focusing on. The good news is that we offer a solution to cost control that will save 65% or more on your monthly cloud bills – just by simply parking your idle cloud resources. ParkMyCloud was one of the top three vendors recommended by EMA as a Rapid ROI Utility. If you’re interested in seeing why, we offer a 14-day free trial.
3. Security & Governance
In discussing a multi-cloud strategy and its challenges, the bigger picture also includes security and governance. As we have mentioned, a multi-cloud environment is complex, complicated, and requires native or 3rd party tools to maintain vigilance. Aside from legal compliance based on the industry your company is in, the cloud also comes with standard security issues and of course the possibility of cloud breaches. In this vein, as we talk to customers they often worry about too many users being granted console access to create and terminate cloud resources which can lead to waste. A key here is limiting user access based on roles or Role-based Access Controls (RBAC). At ParkMyCloud we recognize that visibility and control is important in today’s complex cloud world. That’s why in designing our platform, we provide the sysadmin the ability to delegate access based on a user’s role and the ability to authenticate leveraging SSO using SAML integration . This approach brings security benefits without losing the appeal of a multi-cloud strategy.
Enterprise cloud management is an inevitable priority as the shift towards a multi-cloud environment continues. Multiple cloud services add complexity to the challenges of IT and cloud management. Cost control is time consuming and needs to be automated and monitored constantly. Security and governance is a must and it’s necessary to ensure that users and resources are optimally governed. As the need for cloud management continues to grow, cloud automation tools like ParkMyCloud provide a means to effectively manage cloud resources, minimize challenges, and save you money.
The AWS IoT button is a simple wi-fi device with endless possibilities. If you’re an Amazon Prime member, you’re probably familiar with the hardware that inspired the IoT button – the Amazon Dash button. The wi-fi connected Dash Button can be used to reorder your favorite Amazon products automatically, making impulse buys with the click of a button. The Dash Button makes ordering fast and easy, products are readily accessible, and you’ll never run out of toilet paper again. The AWS IoT button can do that and so much more. A lot more.
Beyond the singular function of making Amazon Prime purchases, the IoT button can be used to control just about anything that uses the internet. Based on the Amazon Dash Button hardware, the IoT button is programmable, easy to configure, and can be integrated with virtually any internet-connected device. It was designed for developers to help them get acquainted with Amazon Web Services like AWS IoT, AWS Lambda, Amazon DynamoDB, and more, without the need to write device-specific code.
How to Use the AWS IoT button
- Configure the button to connect to your wi-fi network
- Provision the button with an AWS IoT certificate and private key
- From there, the button connects to AWS IoT and publishes a message on a topic when clicked
- Use the rules engine to set up a rule – configure single-click, double-click, or long-press events to be routed to any AWS service
- Configure the button to send notifications through Amazon SNS, store clicks in an Amazon DynamoDB table, or code custom logic in an AWS Lambda function
- Configure the function to connect to third-party services or AWS IoT-powered devices
What You Can Do with It
The AWS IoT button can be made to set a variety of actions. With incredible potential for what you can do, it’s hard knowing to know where to begin. Rest assured, Amazon has a few suggestions:
- Count or track items
- Call or alert someone
- Start or stop something
- Order devices
- Remotely control home appliances
With this in mind, here are some ways that creative developers are using the AWS IoT button:
The AWS IoT button opens the door for developers to create an unlimited number of functions. You can use it to do just about anything on the internet – including parking your instances.
So here’s our challenge: create a function to park your instances (or perhaps, to snooze your parking schedules) using the AWS IoT button in configuration with ParkMyCloud. If you do, tell us about it and we’ll send you some ParkMyCloud swag.
Microsoft has made it easy for companies to get started using Microsoft Azure VMs for development and beyond. However, as an organization’s usage grows past a few servers, it becomes necessary to manage both costs and users and can become complex quickly. ParkMyCloud simplifies cloud management of Microsoft Azure VMs by giving you options to create teams of users, groups of instances, and schedule resources easily.
Consider the case of a large Australian financial institution that uses Microsoft Azure as its sole cloud provider. In this case, they currently they have 125 VMs, costing them over $100k on their monthly cloud bill with Microsoft. Their compute spend is about 95% of their total Azure bill.
Using one Azure account for the entire organization, they chose to split it into multiple divisions, such as DEV, UAT, Prod, and DR. These divisions are then split further into multiple applications that run within each division. In order for them to use ParkMyCloud to best optimize their cloud costs, they created teams of users (one per division). They gave each team permissions in order to allow shutdown and startup of individual applications/VMs. A few select admin users have the ability to control all VMs, regardless of where the applications are placed.
The organization also required specific startup/shutdown ordering for their servers. How would ParkMyCloud handle this need? This looks like a perfect use case for logical groups in ParkMyCloud.
For detailed instructions on how to manage logical groups with ParkMyCloud, see our user guide.
Putting this into context, let’s say that you have a DB and a web server grouped together. You want the DB to start first and stop last, therefore you would need to set the DB to have a start delay of 0 and a stop delay of 5. For the web server, you would set a start delay of 5 and stop delay of 0.
Of course, you could also manage logical groups of Microsoft Azure VMs with tags, scripts, and Azure automation. However, we know firsthand that the alternative solution involves complexities and requires constant upkeep – and who wants that?
ParkMyCloud offers the advantage of not only to cutting your cloud costs, but also making cloud management simpler, easier, and more effective. To experience all great the benefits of our platform, start a free trial today!
Besides cost control, one of the biggest concerns from IT administrators is utilizing AWS security best practices to keep their infrastructure safe. While there are some great tools that specialize in cloud and information security, there are some security benefits of ParkMyCloud that are not often considered when hardening a cloud infrastructure.
1. Keep Instances Off When Not In Use
Scheduling your instances to be turned off on nights and weekends when you aren’t using them saves you a ton of money on your cloud bill, but also provides security and protection. Leaving servers and databases on 24/7 is just asking for someone to try to break in and connect to servers within your infrastructure, especially during off-hours when you don’t have as many IT staff keeping an eye on things. By aggressively scheduling your resources to be off as much as possible, you minimize the opportunity for outside attacks on those servers.
2. User Governance
Your users are trustworthy and need to access lots of servers to do their job, but why give them more access than necessary? Limiting what servers, databases, and auto scaling groups everyone can see to only what they need keeps accidents from happening and limits mistakes. ParkMyCloud lets you separate users into teams, with designated Team Leads to manage the individual Team Members and limits their control to just start / stop.
3. Single Sign On
In addition to governing user access to resources, ParkMyCloud integrates with all major SSO providers for SAML authentication for your users. This includes Okta, Ping Identity, OneLogin, Centrify, Azure AD, ADFS, and Google Apps. By using one of these providers, you can keep identity management centralized and offer multi-factor authentication through those SAML connections.
4. Audit Logs and Notifications
Every user action in ParkMyCloud is tracked in an Audit Log that is available to super admins. These audit logs can also be downloaded as a CSV if you want to import them into something like Splunk or Logstash for log management. Audit logs can help you see when schedules are snoozed or changed, policies are updated, or teams are created or changed.
In addition, those audit log entries can be sent as notifications to Slack channels, email addresses, or through webhooks to other tools. This lets you keep an eye on either specific teams or the entire organization within ParkMyCloud.
5. Minimal Connection Permissions
ParkMyCloud connects to AWS through an IAM Role (preferred) or an IAM User. The AWS policy that is required uses the bare minimum of necessary actions, which boils down to Describe, Start, and Stop for each resource type (EC2, ASG, and RDS). This means you don’t have to worry about ParkMyCloud doing something to your AWS account that you don’t intend. For Azure connections, ParkMyCloud requires a similarly-limited Limited Access Role, and the connection to Google Cloud requires a limited Service Account.
6. Restrict Scheduling Based on Names or Tags
The ParkMyCloud policy engine is a powerful way to automate your resource scheduling and team management, but it can also be used to prevent schedules from being applied to certain systems. For instance, if you have a prod database that you want to keep up 24/7, you can use a policy to never let any user apply a schedule (even if they wanted to). These policies can be applied based on tags, naming conventions, AWS regions, or account names.
7. Full Cloud Visibility
One great benefit of ParkMyCloud is the ability to see across all of your cloud providers (AWS, Microsoft Azure, and Google Cloud), cloud accounts, and regions within a cloud. This viewability not only provides management benefits, but helps with security by keeping all resources in one list. This prevents rogue instances from running in regions you don’t normally look at, and can help you identify resources that don’t need to be running or even stopped.
As you continue to strive to follow AWS security best practices, consider adding ParkMyCloud to your security toolkit. While you’re saving money for your team, you can also get these 7 benefits to help secure your infrastructure and sleep better at night. Start a free trial of ParkMyCloud today to start reaping the benefits!
Thanks to the ability to shut down instances with a start/stop scheduler, users of Amazon’s database service can finally save time and reduce RDS costs. Until June 2017, the only way to accomplish this feat was by copying and deleting instances, running the risk of losing transaction logs and automatic backups. While Amazon’s development of the start/stop scheduler is useful and provides a level of cost savings, it also comes with issues of its own.
For one, the start/stop scheduler is not foolproof. The process for stopping and starting non-production RDS instances is manual, relying on the user to create and consistently manage the schedule. Having to manually switch off when instances are not in use, and then restart when access is needed again, is a helpful advantage but also leaves room for human error. Complicating things further, RDS instances that have been shut down will automatically be restarted after seven days, again relying on the user to switch those instances back off if they’re not needed at the time.
Why Scripting is not the Best Answer
One way of minimizing potential for error is by automating the stop/start schedule yourself with writing your own scripts. While that could work, you would need to consider the number of non-production instances deployed on AWS RDS, and plan for a schedule that would allow developers to have access when needed, which could very well be at varying times throughout the day. All factors considered, the process of writing and maintaining scheduling scripts is one that takes extra time and costs money as well. Ultimately, setting up and maintaining your own schedule could increase your cloud spend more than it reduces RDS costs.
When you start thinking about the cost of paying developers, the amount of scripts that would have to be written, and the ongoing maintenance required, buying into an automated scheduling process is a no-brainer.
How ParkMyCloud Reduces RDS Costs
ParkMyCloud saves you time and money by automating the scheduling process of stopping and starting AWS RDS instances (in addition to Microsoft Azure VMs and Google Cloud Compute instances, but that’s another post). At the same time, you get total visibility and full autonomy over your account.
The process is simple. With you as the account manager, ParkMyCloud conducts a discovery of all the company accounts, and determines which instances are most suitable for parking. From there, you have the option of implementing company-wide schedules for non-production instances, or giving each development team the ability to create schedules of their own.
ParkMyCloud takes saving on RDS costs to a whole new level with parking schedules. Different schedules can be applied to different instances, or they can be parked permanently and put on “snooze” when access is needed. Amazon’s seven-day automatic restart of switched off instances is a non-issue with our platform, and snoozed instances can be re-parked when access is no longer needed, so there’s no more relying on the user to do it manually.
For the most part, we find that companies will want to park their non-production instances outside the normal working hours of Monday to Friday, let’s say from 8:00am to 8:00pm. By parking your instances outside of those days and hours, ParkMyCloud can reduce your cloud spend by 65% – even more if you implement a parking schedule and use the snooze option.
Because you have total visibility over the account, you can reduce RDS costs even further by having a bird’s eye view of your company’s cloud use. You’ll be able to tell which of your instances are underused, terminate them, and possibly benefit further from selecting a cheaper plan (really soon). You’ll be able to see all RDS instances across all regions and AWS accounts in one simple view. You can also view the parking schedules for each instance and see how much each schedule is saving, potentially reducing costs even further. The viewability of your account and access to information provides a great resource for budgeting and planning.
The AWS start/stop scheduler is useful, but has to be done manually. Writing your own scripts sounds helpful, but it’s actually time consuming, and not fully cost-effective. ParkMyCloud automates the process while still putting you in control, reducing RDS costs and saving you time and money.
See the benefits of ParkMyCloud for yourself by taking advantage of our two-week free trial. Test our cloud cost control platform in your own environment, without any need for a credit card or signed contract, and see why our simple, cost-effective tool is the key to reducing RDS costs. We offer a variety of competitive pricing plans to choose from, or a limited-function version that you can continue to use for free after the trial ends.
To start your free trial today, sign up here.
A couple of weeks ago in Part 1 of this blog topic we discussed the need for cloud optimization tools to help enterprises with the problem of cloud cost control. Amazon Web Services (AWS) even goes as far as suggesting the following simple steps to control their costs (which can also be applied to Microsoft Azure and Google Cloud Platform, but of course with slightly different terminology):
- Right-size your services to meet capacity needs at the lowest cost;
- Save money when you reserve;
- Use the spot market;
- Monitor and track service usage;
- Use Cost Explorer to optimize savings; and
- Turn off idle instances (we added this one).
A variety of third-party tools and services have popped up in the market over the past few years to help with cloud cost optimization – why? Because upwards of $23B was spent on public cloud infrastructure in 2016, and spending continues to grow at a rate of 40% per year. Furthermore, depending on who you talk to, roughly 25% of public cloud spend is wasted or not optimized — that’s a huge market! If left unchecked, this waste problem is supposed to triple to over $20B by 2020 – enter the vultures (full disclosure, we are also a vulture, but the nice kind). Most of these tools are lumped under the Cloud Management category, which includes subcategories like Cost Visibility and Governance, Cost Optimization, and Cost Control vendors – we are a cost control vendor to be sure.
Why do you, an enterprise, care? Because there are very unique and subtle differences between the tools that fit into these categories, so your use case should dictate where you go for what – and that’s what I am trying to help you with. So, why am I a credible source to write about this (and not just because ParkMyCloud is the best thing since sliced bread)?
Well, yesterday we had a demo with a FinTech company in California that was interested in Cost Control, or thought they were. It turns out that what they were actually interested in was Cost Visibility and Reporting; the folks we talked to were in Engineering Finance, so their concerns were primarily with billing metrics, business unit chargeback for cloud usage, RI management, and dials and widgets to view all stuff AWS and GCP billing related. Instead of trying to force a square peg into a round hole, we passed them on to a company in this space who’s better suited to solve their immediate needs. In response, the Finance folks are going to put us in touch with the FinTech Cloud Ops folks who care about automating their cloud cost control as part of their DevOps processes.
This type of situation happens more often than not. We have a lot of enterprise customers using ParkMyCloud along with CloudHealth, CloudChekr, Cloudability, and Cloudyn because in general, they provide Cost Visibility and Governance, and we provide actionable, automated Cost Control.
As this is our blog, and my view from the street – we have 200+ customers now using ParkMyCloud, and we demo to 5-10 enterprises per week. Based on a couple of generic customer uses cases where we have strong familiarity, here’s what you need to know to stay ahead of the game:
- Cost Visibility and Governance: CloudHealth, CloudChekr, Cloudability and Cloudyn (now owned by Microsoft)
- Reserved Instance (RI) management – all of the above
- Spot Instance management – SpotInst
- Monitor and Track Usage: CloudHealth, CloudChekr, Cloudability and Cloudyn
- Turn off (park) Idle Resources – ParkMyCloud, Skeddly, Gorilla Stack, BotMetric
- Automate Cost Control as part of your DevOps Process: ParkMyCloud
- Govern User Access to Cloud Console for Start/Stop: ParkMyCloud
- Integrate with Single Sign-On (SSO) for Federated User Access: ParkMyCloud
To summarize, cloud cost control is important, and there are many cloud optimization tools available to assist with visibility, governance, management, and control of your single or multi-cloud environments. However, there are very few tools which allow you to set up automated actions leveraging your existing enterprise tools like Ping, Okta, Atlassian, Jenkins, and Slack. Make sure you are not only focusing on cost visibility and recommendations, but also on action-oriented platforms to really get the best bang for your buck.