epam cloud infrastructure orchestrator ver.2.1 · 2017-03-02 · 4.1 splunk as a service ......
TRANSCRIPT
Legal Notice: This document contains privileged and/or confidential information and may not be disclosed, distributed or
reproduced without the prior written permission of EPAM®.
EPAM Cloud Infrastructure
Orchestrator ver.2.1.77
What’s New
September 2016
CI2WN-S73-77
Version 1.0
EPAM Cloud Orchestrator 2.1.77 - What’s New
EPAM SYSTEMS 2
CONTENT
1 Overview ................................................................................................................................................ 4
2 New Region: India, Welcome On Board! ............................................................................................... 5
3 Infrastructure Updates ........................................................................................................................... 6
3.1 SSD Introduction in Minsk .............................................................................................................. 6
3.2 Migration to OpenStack ................................................................................................................. 6
3.3 EPAM-RU1 Decommissioning, EPAM-RU2/US2 Introduction ...................................................... 7
4 Platform Services Update ...................................................................................................................... 8
4.1 Splunk as a Service ....................................................................................................................... 8
4.2 Magento as a Service .................................................................................................................. 10
4.3 ATG as a Service ......................................................................................................................... 11
4.4 AEM PaaS Mode ......................................................................................................................... 12
4.5 Sitecore Large Mode .................................................................................................................... 13
4.6 Jenkins as a Service Upgrade ..................................................................................................... 14
4.7 Gerrit as a Service Update ........................................................................................................... 15
4.8 ACS Unification ............................................................................................................................ 15
5 Cloud UI Improvements ....................................................................................................................... 16
5.1 Cost Estimator Update ................................................................................................................. 16
5.2 Cloud Monitoring: More Project Details ....................................................................................... 17
5.3 Access to EPAM Services ........................................................................................................... 18
6 Command Line Interface Improvements ............................................................................................. 19
7 Reporting Updates ............................................................................................................................... 20
8 Security Updates ................................................................................................................................. 21
8.1 IAM Users Control for Project Coordinators ................................................................................ 21
8.2 Managed Policies Resolution....................................................................................................... 22
9 Support and Knowledge Sharing ......................................................................................................... 23
9.1 Service Catalog Update ............................................................................................................... 23
9.2 Effective Cloud Computing Trainings .......................................................................................... 24
9.3 EPAM Cloud Badges: Be a Hero! ................................................................................................ 24
9.4 Documentation Updates .............................................................................................................. 26
EPAM Cloud Orchestrator 2.1.77 - What’s New
EPAM SYSTEMS 3
Table of Figures........................................................................................................................................... 27
Version history ............................................................................................................................................. 28
EPAM Cloud Orchestrator 2.1.77 - What’s New
EPAM SYSTEMS 4
1 OVERVIEW
EPAM Orchestration Framework version 2.1.77 was released on September 03, 2016. This version comes
with two new platform services and important security enhancements. What is especially important, with
the release of Orchestrator 2.1.77, we introduce a new OpenStack-based virtual region, EPAM-IND1,
intended to be used by our colleagues in Hyderabad, India.
The brief overview of the main changes introduced in EPAM Orchestrator 2.1.77 is given in the list below:
New region, EPAM-IN1, introduced
Splunk as a Service is implemented
Magento as a Service is implemented
ATG as a Service is implemented
Existing platform services are improved
IAM user control by native Orchestrator tools is implemented
AWS security is improved
Cloud UI is improved with new features
Cloud reporting improved
Maestro CLI is updated
We are always trying to be in close contact with our users and to make their Cloud experience as easy
and efficient as possible. For that purpose, we have conducted a training series, Effective Cloud
Computing, and due to a positive feedback and high demand, we are planning a re-run of this training
plus an English version of the same.
In cooperation with EPAM Heroes team we have created several new badges to give to the colleagues
participating in EPAM Cloud training. Other badges are intended to express our appreciation to those who
contributed to the Orchestrator development.
The Orchestrator changes and enhancements are reflected in the EPAM Cloud documentation and online
resources. Please refer to the EPAM Cloud website for detailed descriptions of the new services and
features introduced in Orchestrator version 2.1.77.
EPAM Cloud Orchestrator 2.1.77 - What’s New
EPAM SYSTEMS 5
2 NEW REGION: INDIA, WELCOME ON BOARD!
Last year EPAM Systems acquired Alliance Global Services, thus
expanding its presence in Asia. EPAM community welcomed the
new colleagues in Hyderabad office in 2015, and now EPAM
Cloud has extended its coverage to India as well, so that the
Hyderabad team can enjoy the Cloud features and advantages in
their work.
In Orchestrator release 2.1.77, EPAM Cloud introduces a new
region, EPAM-IN1. The new region is based in the OpenStack
technology and has the following specifics:
Storage volumes are billed by provisioned, not by used, space
Checkpoints are disabled
Graceful shutdown (or2stop) functionality is not available
The commands from other groups (as listed in Maestro CLI Reference Guide) are mostly available,
but some are disabled.
View instance pool scope is not available
Network specifics
Please note that the current OpenStack networking model in EPAM-IN1 region implies the following:
All instances in project have IPs from internal net (172.16.242.230/21).
All instances have an assigned floating IP from EPAM network (10.x.).
All instances have hostname like ECSX000XXXXX.epam.com, which can be resolved as an IP
from EPAM network (for example, 10.6.129.34).
If you try to resolve native hostname from instance in OpenStack you will get external IP, which
does not belong to any network interface of instance.
This can cause issues when you try to bind some process to hostname instead of Instance IP.
Usage of virtual resources in EPAM-IN1 region is billed with coefficient 1.
We welcome colleagues from Hyderabad in the EPAM Cloud community and are sure that they will benefit
from the possibilities offered by hosting resources in Cloud.
The Cloud Consulting Team is there to help with the general Cloud questions. We also encourage new
Cloud users to study the comprehensive EPAM Cloud documentation which can be found on the EPAM
Cloud website containing a wealth of useful information.
In addition, to make Cloud introduction in India more effective and easy, EPAM Cloud Consulting team
prepared a series of Cloud trainings for our Indian colleagues. The first training, an overview lecture for
project management is scheduled for the end of September. After that, an additional training for technical
professionals will be delivered.
EPAM Cloud Orchestrator 2.1.77 - What’s New
EPAM SYSTEMS 6
3 INFRASTRUCTURE UPDATES
EPAM Cloud service development is not only new features and improvements, but also infrastructure
changes aimed to make our service benefit from all the latest innovations and technologies.
Thus, in addition to new regions activation and functional updates, we started big infrastructure restructuring
processes, and we are already gradually implementing them. Some changes are already seen to our users,
while the others are just preparing to be presented.
3.1 SSD INTRODUCTION IN MINSK
Virtual instances performance is one of the key factors influencing the
decision to use Cloud. SSD has become a natural part of modern computing
world, and we are glad to announce, that now SSD-based VMs are available
in EPAM Cloud.
The necessary hardware preparations were made, and we moved random
40% of Cloud VMs hosted in EPAM-BY1, to SSD. Our users whose VMs were affected by this migration,
could already mention the improvements in VMs performance.
Please note that the change did not influence the price of the migrated VMs.
You can order an SSD-based VM by submitting a support request. Please note that currently the SSD
capacity is limited, so, please, request the SSD VMs in case there is unquestionable need for that.
Within the nearest year, EPAM-BY1 will be totally moved to SSD.
3.2 MIGRATION TO OPENSTACK
EPAM Cloud is embarking on an extensive multi-stage process of migrating all
its infrastructure from HP CSA to OpenStack technology. The main reasons for
this decision are the infrastructure costs which are expected to be lower in
OpenStack as well as better and quicker system response.
The selected version of OpenStack to migrate to is Mitaka 9.0.1.
The new EPAM-IN1 region is fully OpenStack-based and has become the first
stage of Cloud migration. Other regions will follow in sequence.
We will keep our users informed about the status of the migration process and of the next steps to be taken
within the scope of migration.
The migration to OpenStack will be completed by the end of summer 2017.
EPAM Cloud Orchestrator 2.1.77 - What’s New
EPAM SYSTEMS 7
3.3 EPAM-RU1 DECOMMISSIONING, EPAM-RU2/US2 INTRODUCTION
With the aim of providing better, more reliable and
consistent services to our users, EPAM Cloud pays a
lot of attention to the hardware used to serve virtual
infrastructure.
As Russian region is developing, and more and more
users are willing to host their virtual resources here, it
was decided to improve the region’s data centers in
order to meet all the needs and expectations.
The change naturally includes the update of the
hardware.
Thus, we took the decision to decommission the data center in Saratov and to move the Cloud
infrastructures to other EPAM Cloud regions (EPAM-BY1, EPAM-HU1, etc.) The migration took three
weeks of August, and over 300 VMs of more than 100 projects were moved.
As soon as all the preparations are complete, the EPAM-RU1 region will be completely decommissioned.
Instead, we will introduce EPAM-RU2 region, with the main DC in St. Petersburg. The new region will be
based on OpenStack and have SSD and a large capacity of compute resources, so that you will enjoy
Cloud services, enhanced by the modern high-capacity equipment, which is expected to provide better and
quicker cloud service.
In the nearest future, we will also introduce the OpenStack-based EPAM-US2 region that is designed
especially for those users who need large shapes for their project. Shapes up to 6XL (8CPU, 46GB RAM)
will be available. Keep track of the additional announcements!
EPAM Cloud Orchestrator 2.1.77 - What’s New
EPAM SYSTEMS 8
4 PLATFORM SERVICES UPDATE
On any day, EPAM Systems is working on dozens of projects developing various customer products. In
many cases, the nature and purpose of the product determines the development platform to be used for it.
EPAM Cloud is committed to creating convenient and efficient environments for development teams by
offering cloud platform services running on virtual machines. The Cloud Team always closely follows the
trends in the development community and whenever there is a considerable demand for a new service or
an enhancement of an existing one, the Cloud developers try to make it into a Cloud service, which can be
easily deployed and is immediately available.
In this release, the scope of EPAM Cloud services has been expanded by adding several new platform
services. Also, some of the existing services have been upgraded and enhanced to ensure better
performance.
If you have ideas or suggestions on enhancing the EPAM Cloud Services range, please contact the
Consulting Team. All suggestions are analyzed and if the service implementation is feasible and technically
possible, you will see it in one of the nearest releases.
4.1 SPLUNK AS A SERVICE
Splunk Enterprise is a big data management platform allowing
to receive, analyze and process large volumes of data. Splunk
Enterprise collects data from various sources and turns it into
Operational Intelligence. Data gathered by Splunk can be
searched, indexed, visualized, monitored and organized as
reports.
For more information on Splunk products and usage, visit the
official Splunk website.
EPAM Cloud now offers Splunk as a Service based on Splunk Enterprise 6.3.1. You can request the service
in the basic configuration, and, if necessary, apply additional proxy settings.
Splunk as a Service is started as all other platform services – by means of the or2-manage-service
(or2ms) command. To activate the service, send the command with the -a/--activate parameter and
indicate splunk in the -s/--serviceName parameter:
or2ms -p project -r region -a activate –s splunk
When the service is activated, it starts a MEDIUM-shaped Ubuntu14.04_64-bit virtual machine.
If necessary, you can also create a Splunk proxy server to manage data traffic from various endpoints.
Having a Splunk proxy server, you can specify the endpoints from which traffic is to be managed and set
the quota to limit the traffic from a particular endpoint.
To activate a Splunk proxy server, run the or2-manage-service command with -s splunk-proxy -a
activate parameters:
or2ms -p project -r region -a activate –s splunk-proxy
EPAM Cloud Orchestrator 2.1.77 - What’s New
EPAM SYSTEMS 9
Once a Splunk proxy server is up and running, you can add and manage endpoints to limit its traffic. For
this purpose, a special command, or2-splunk-proxy (or2sp), is used:
or2sp -p project -r region -a create –n endpoint_name –i splunk_instance –x
proxy_instance –t port –q quota
This command specifies the endpoint action to be performed (describe, create or delete), the IDs of the
Splunk service instance and the Splunk proxy instance, the endpoint name and the data traffic quota in Mb
set for the endpoint (for the ‘create’ action). The cumulative daily quota of all endpoints should not exceed
500 Mb.
Several Splunk instances and proxy servers can be started for a project and region combination.
The or2-describe-services (or2dser) command displays the URL for accessing the Splunk Enterprise UI,
the login and password, as well as other service details, including Spunk proxy info:
Figure 1 - Splunk service credentials
Using the provided login and password, you can access the Splunk UI:
Figure 2 - Splunk UI
Splunk as a Service starts a virtual machine with a trial version of Splunk Enterprise installed. This version
allows using Splunk free of charge up to the limit of 500 Mb of data per day for 60 days. After 60 days, the
trial license can be converted into a perpetual free license with the same conditions.
You can change the license from trial to free using Splunk Web.
EPAM Cloud Orchestrator 2.1.77 - What’s New
EPAM SYSTEMS 10
4.2 MAGENTO AS A SERVICE
With the implementation of Magento as a Service, EPAM Cloud
adds another platform for developing e-commerce solutions.
Magento is an open-source e-commerce platform allowing to
quickly build unique shopping websites both for the B2B and B2C
industries. Now Magento is available for EPAM developers as a Cloud service based on Magento 2.0.
For more details on Magento platform, visit the official Magento website.
Magento as a Service is activated through Maestro CLI by means of the or2-manage-service (or2ms)
command with the -a/--activate flag and the -s/--service parameter with magento value:
or2ms –p project_id -r region -a –s magento
When the service is activated, it starts a Magento server on a virtual machine with the following
configuration:
Image: CentOS7
Shape: MEDIUM
Only one Magento service can be activated per project in a particular region. To deactivate the service, use
the same command (or2ms) with the -d/--deactivate flag.
After Magento activation, it appears in the list of all services available for the selected project and region
displayed in the response to the or2-describe-services (or2dser) command. The command response
shows the URL via which the Magento UI can be accessed, as well as the login and password.
Figure 3 - Magento UI
EPAM Cloud Orchestrator 2.1.77 - What’s New
EPAM SYSTEMS 11
4.3 ATG AS A SERVICE
Oracle ATG Web Commerce has become yet another e-
commerce platform supported by EPAM Cloud. It is widely used
for creating and administering commerce websites and
managing their content.
With ATG Web Commerce, you receive unique flexibility of a
multi-channel tool and the advantages of a personalization
engine.
For more details, visit the official Oracle ATG Web Commerce website.
In the current implementation EPAM Cloud supports ATG 11.2 version.
ATG as a Service is activated through Maestro CLI by means of the or2-manage-service (or2ms)
command with the -a/--activate flag and the -s/--service parameter with atg-small value:
or2ms –p project_id -r region -a –s atg-small
When the service is activated, it starts two virtual machines each serving its dedicated purpose:
1. ATG server also containing an Endeca full-text search engine together with Experience Manager,
a JBoss application server (JBoss 6.1), Java 1.7
2. Oracle database server
ATG as a Service is one more Cloud Service supporting integration with Jenkins. To ensure correct
performance, start a separate Jenkins Service and configure it to work with the two above-mentioned
instances.
3.
VM 2: OracleDB
VM 3: Jenkins
VM 1: ATG
Figure 4 - ATG as a Service architecture
EPAM Cloud Orchestrator 2.1.77 - What’s New
EPAM SYSTEMS 12
All virtual machines have the following default configuration:
Image: CentOS6
Shape: MEDIUM
ATG as a Service is still under development. With the current implementation, you can obtain a ready-to-
use DEV/CI environment for ATG development. To achieve full functionality, you need to configure Jenkins
to get the working environment. In the next releases the Jenkins components will be finalized, after which
the fully functional ATG environment will be available after the service activation.
When activated, ATG as a Service provides the user with access to the ATG server and Oracle DB server
by connecting directly to the virtual machines started for the respective service.
To access the Jenkins Master, follow the instructions in the Jenkins Service description.
4.4 AEM PAAS MODE
In addition to AEM as a Service, EPAM Cloud, in cooperation with the Content Management Competency
Center, has implemented integration with AEM PaaS Mode.
In this implementation only AEM 6.2 version is supported.
In AEM Paas Mode you also create a cluster of author and publish instances, however, the technology of
its creation is different. Each instance, both author and publish, is created with its own dispatcher.
To start an AEM cluster, run the or2-manage-service (or2ms) command with the -a/--activate flag and
the -s/--service parameter containing the aem-author-paas value. Also specify the name of the AEM
cluster to be created and the AEM version (always 6.2):
or2ms –p project_id -r region -a –s aem-author-paas –c cluster –v 6.2 --
customize
This command starts a virtual machine which will become an AEM publish instance. You can continue
building the AEM cluster by adding more author or publish instances. To add a publish instance, use the
same or2ms command with the -a/--activate flag and the -s/--service parameter containing the aem-
publish-paas value. Specify the same cluster name and the same AEM version (6.2):
or2ms –p project_id -r region -a –s aem-publish-paas –c cluster –v 6.2 --
customize
Each VM created as part of the AEM PaaS Mode will have the following configuration:
Image: CentOS6_64-bit
Shape: MEDIUM (the default shape, however, a different shape can be selected if necessary)
When the AEM PaaS Mode has been activated, you can retrieve its details with the or2-describe-services
command:
EPAM Cloud Orchestrator 2.1.77 - What’s New
EPAM SYSTEMS 13
Figure 5 - AEM PaaS Mode description (shown in two lines for better visibility)
Using the WebUI URL provided in the response to the or2-describe-services command, you can access
the AEM UI. Use the admin/admin credentials to login:
Figure 6 - AEM Author Login Page
4.5 SITECORE LARGE MODE
In a previous release EPAM Cloud introduced Sitecore as a Service, a content management platform to be
deployed on a Windows Server 2012 R2 virtual machine. When the service was activated, it started one
VM containing all components required for proper Sitecore functioning – Sitedore server, MS SQL database
management system and MongoDB database.
In this release, we present Sitecore Large – a configuration involving several VMs each dedicated to a
particular function. When the service is activated, it creates a cluster of interconnected VMs.
The maximum configuration includes the following VMs:
1. Sitecore Server + MongoDB
2. MS SQL
3. Jenkins Master
4. Jenkins Slave
5. Load Balancer
To activate Sitecore Large, use the or2-manage-service (or2ms) command. The value of the -s/--service
parameter depends on the role of virtual machine started by the command:
EPAM Cloud Orchestrator 2.1.77 - What’s New
EPAM SYSTEMS 14
or2ms –p project_id -r region -a –s sitecore-dev-paas –c cluster –v 8.1
This command starts two VMs – a Sitecore server also containing MongoDB and a VM with MS SQL
installed. This is the minimum configuration for Sitecore service to function properly.
or2ms –p project_id -r region -a –s sitecore-ci-paas –c cluster –v 8.1
This command creates two VMs – Jenkins Master and Jenkins Slave to provide CI/CD.
or2ms –p project_id -r region -a –s sitecore-lb-paas –c cluster –v 8.1
This command starts a VM serving as the Load Balancer. This VM may be required for clusters involving
several VMs.
Four VMs started under the Sitecore Large service (all except the VM hosting the Load Balancer) have the
following configuration:
Image: W2012R2Std
Shape: MEDIUM
The virtual machine serving as the Load Balancer has the following configuration:
Image: Ubuntu14.04_64-bit
Shape: SMALL
Access to each of the services started under the Sitecore Large service is performed via the URL
provided in the response to the or2dser command:
Figure 7 - Sitecore WebUI URLs
4.6 JENKINS AS A SERVICE UPGRADE
In version 2.1.77, EPAM Orchestrator comes with an upgraded version of Jenkins as a Service – now
Jenkins version 2.0 is supported. With this upgrade, Jenkins supports delivery pipelines, and its overall
usability has been improved.
Previous versions of Jenkins are continued to be supported, however, the existing Jenkins instances are
not upgraded automatically. If you need to use Jenkins version 2.0, you need to terminate your current
Jenkins service and activate a new one.
The following plugins are installed together with the upgrade:
EPAM Cloud Orchestrator 2.1.77 - What’s New
EPAM SYSTEMS 15
{'name' => 'logstash', 'version' => '1.2.0'},
{'name' => 'credentials', 'version' => '2.1.4'},
{'name' => 'mailer', 'version' => '1.7' },
{'name' => 'matrix-auth', 'version' => '1.4' },
{'name' => 'jobConfigHistory', 'version' => '2.15' }
4.7 GERRIT AS A SERVICE UPDATE
Gerrit as a Service implemented in one of the previous releases now comes with minor changes and
improvements aimed at enhancing the security and usability. Additionally, the database has been changed
from MySQL to PostgreSQL which improves the service performance.
We continue to support the previous Gerrit implementation with the MySQL database, however, the existing
Gerrit instances will not be automatically modified. If you need to use the PostgreSQL database in your
Gerrit service, you need to terminate the existing Gerrit instance and activate a new one.
4.8 ACS UNIFICATION
Orchestrator release 2.1.77 comes with an important update of the Chef-based autoconfiguration service.
Previously, all Chef cookbooks created in EPAM Orchestrator referred to the attributes stored in
Orchestrator overriding the existing values with new ones. As the result, cookbooks could not be used
outside Orchestrator, for example, in AWS cloud infrastructures independent from EPAM Orchestrator, as
there was no way to reference the initial attributes.
The new improvement includes metadata_epc cookbook which serves as an intermediary resource
providing attributes. This way, Chef cookbooks can be used outside Orchestrator, as they are now able to
retrieve the attributes from metadata_epc.
To use the metadata_epc cookbook, you need to define the attribute discovery method yourself.
EPAM Cloud Orchestrator 2.1.77 - What’s New
EPAM SYSTEMS 16
5 CLOUD UI IMPROVEMENTS
EPAM Cloud has a powerful UI, which allows to effectively monitor and manage virtual infrastructures in
several clicks.
We’re constantly improving the interface to make it more complete and effective for our users.
With the current update, we are glad to introduce two changes:
New financial KPIs were added to Cloud Monitoring to simplify costs control and review
EPAM Cloud Cost estimator updated
You can find more details on each of these points below.
5.1 COST ESTIMATOR UPDATE
EPAM Cloud Cost Estimator is a UI tool that allows to evaluate the approximate price of your virtual
resources. This tool is specifically convenient and necessary when you only plan to start hosting your
resources in Cloud, or change the configuration of your infrastructure.
With the current update, we updated the estimation processes, and moved them from UI side to server
side, thus minimizing the possibility of mistakes, and allowing to make the calculations more precise.
We also improved the layout of the tool by hiding all the reference information under the Help section. In
case you need a tip on the Cost Estimator usage, click the “Show Help” link to view the details and the
information on the available options.
Figure 8 - Cost Estimator
Please remember that Cost Estimator provides an approximate price. The real cost of your infrastructure
will depend on the actual resources usage.
EPAM Cloud Orchestrator 2.1.77 - What’s New
EPAM SYSTEMS 17
5.2 CLOUD MONITORING: MORE PROJECT DETAILS
Cloud Monitoring page is designed to provide full and comprehensive information about virtual
infrastructure belonging to each project.
We are constantly developing the Monitoring tool in order to make it meet all your needs and expectations.
The feature allows you to find the performance statistics of each VM, the statistics on servers and services
usage.
There are also metrics showing the different services costs details.
With EPAM Orchestrator v.2.177 we introduce two updates to the Key Performance Indicators (KPIs)
available on the Monitoring page.
VM Lifetime and Optimization metrics are now available not only on Project, but also on Region
level. These metrics provide the information on the lifetime of project resources, and their utilization
rate, respectively. Such information is highly convenient for project resources usage optimization,
as it allows to review and rearrange infrastructure in order to decrease load and minimize project
costs.
Monthly Financial KPI is added to both Project and Region levels. It complements the daily
financial KPI that existed before, and provides the project’s total cost for the current month.
Clicking the graph and going to the Deep Dive view, where you can find billing trends – a graph
covering 6 or 12 latest months.
Figure 9 - Financial KPIs update
We would like to thank Vitali Liubchanka for submitting the idea for these improvements.
EPAM Cloud Orchestrator 2.1.77 - What’s New
EPAM SYSTEMS 18
5.3 ACCESS TO EPAM SERVICES
EPAM Cloud is not a stand-alone service. It is closely related to other services and applications provided
within EPAM for internal usage.
With the current update, we introduce the EPAM Applications menu button that enables quick navigation
between different services that compose EPAM eco-system. You can find the button in the top right corner
of the Cloud Web Management Console.
When being logged in to any other EPAM application, you can also quickly navigate to EPAM Cloud by
finding in the “Deliver” section.
Figure 10 - EPAM Apps menu
EPAM Cloud Orchestrator 2.1.77 - What’s New
EPAM SYSTEMS 19
6 COMMAND LINE INTERFACE IMPROVEMENTS
Although Cloud UI is rapidly developing, Maestro Command Line remains an important tool that provides
the most complete access to Cloud functionality.
That’s why we keep on improving it, not only adding the commands that support the new features and
services, but also updating the existing ones, to make CLI usage more convenient and effective.
With EPAM Orchestrator v.2.1.77 we would like to mention the following updates to Maestro CLI:
or2-help command now has the --project parameter, so you can check the list of the commands
available for you on a specific project
or2-create-and-attach-volume command is prohibited for instances in transitional state
or2-describe-instance-properties command now provides the full list of properties assigned to
the instance
or2-update command now supports the --verify parameter to check the availability of the operation
In addition, a number of CLI-related issues were fixed.
EPAM Cloud Orchestrator 2.1.77 - What’s New
EPAM SYSTEMS 20
7 REPORTING UPDATES
Reporting is a significant part of communication between EPAM Orchestrator and
users. This is a powerful tool which informs you on all the important cloud-related
events, including infrastructure changes, bills, services usage, security issues, and
others.
The information provided in the reports is important for project management, admins, and other project
members, and allows to keep track of all the changes and react timely on any issue.
However, to deliver all the information timely and effectively, it is important to make the reports highly
informative and deliver them to correct people.
That’s why we constantly work on reporting improvements and updates.
EPAM Orchestration v.2.1.77 goes with a huge number of changes in reports, which includes information
clarifications, layout updates, delivery lists reviews.
In total, 35 reports and notifications were updated. Several reports were removed or merged with other
reports.
We believe that the changes will make EPAM Cloud reporting more convenient and user-friendly.
Please remember, that EPAM Orchestrator supports a Subscription Management tool that allows to
customize the set of reports delivered to the project team, or to a specific user. For more details, please
see Account Management Guide (Section 10 –Subscriptions) and Quick Start Guide (Section 6 – User
Subscription management).
EPAM Cloud Orchestrator 2.1.77 - What’s New
EPAM SYSTEMS 21
8 SECURITY UPDATES
EPAM Cloud regards security as one of its highest-priority areas and is constantly improving its security
measures and tools. EPAM Orchestrator v. 2.1.77 comes with the following security enhancements:
Enhanced IAM Users management for advanced users
Support for security groups and new AWS SDK
Please see the sections below for more details on these security improvements.
8.1 IAM USERS CONTROL FOR PROJECT COORDINATORS
The integration of EPAM Cloud with AWS includes a wide range of EPAM
Orchestrator tools that can be used to manipulate AWS-based infrastructures
without need to address native AWS tools.
However, there are still situations, when the users need to get constant access to
AWS Management Console. In this case, they submit a request to the Cloud Support
team, and are provided with an IAM User account. The account provides access to
all AWS features, except security groups and IAM management.
Such a high level of independency is convenient for users and saves time and effort for them. However, for
project management and project team in general, it is essential to have tools that would allow to monitor
and control IAM accounts usage on their projects.
That’s why, with the current release, we introduce a new CLI command, or2-aws-iam (or2iam) which is
designed to provide all the necessary information about IAM user accounts on the specified project. It also
allows the Advanced Management group (Project Managers/Coordinators, Account Managers, and
Delivery Managers) delete the specified IAM User account or reassign it to another project member without
need to address the support team.
The default action for the command is describe. Below, you can find an example of a standard command
call:
or2iam –p <project> -a describe
The command response includes the following information:
IAM User name
User creation date
IAM User group names
MFA devices serial numbers
Last password usage date
The users belonging to the Advanced Management group can use the --action delete option to delete an
IAM user.
For security reasons, it is strongly recommended to delete the IAM user accounts belonging to project
members who left the project and the accounts that haven’t been in use for over one month.
EPAM Cloud Orchestrator 2.1.77 - What’s New
EPAM SYSTEMS 22
Advanced Management group can also use the --action setOwner option to change the owner of auto
user accounts.
8.2 MANAGED POLICIES RESOLUTION
To enable the possibility to set up a specific set of permissions to a person, resource, group, or role, AWS
supports various policies. A policy is a document where the allowed permissions are specified.
With IAM, the policies are applied for users, groups, and roles. There are two types of policies:
Inline policies – the policies that are embedded to single groups, roles, or users. You can create
and manage them according to your needs.
Managed policies – the policies that can be attached to multiple groups, roles, or users.
For more details on this topic, please see Managed Policies and Inline Policies page on AWS web-site.
With the current version of EPAM Orchestration, we introduce the support for the new AWS SDK version,
1.11.24. This keeps the integration with Amazon on the up-to-date level and creates the possibility to
support features that were not enabled by the previous SDK versions.
One of such features it the possibility to control the users to whom managed policies are assigned. From
now on, it is possible to block or reassign such user with Orchestrator tools, which allows to enforce the
automated and manual control over IAM accounts, thus significantly increasing the security level.
EPAM Cloud Orchestrator 2.1.77 - What’s New
EPAM SYSTEMS 23
9 SUPPORT AND KNOWLEDGE SHARING
9.1 SERVICE CATALOG UPDATE
EPAM Cloud is a self-service providing users with the full stack of necessary tools and related
documentation, which allows users to perform virtual infrastructure management by themselves.
However, there are operations and cases when the additional assistance from EPAM Cloud Support teams
is needed.
These are not only service performance issues, but also requests for basic infrastructure settings, resources
migration, network setup, and others. Every month Cloud Support teams receive, reply, and resolve dozens
of requests.
Submitting a correct request is an important factor of its quick and effective processing. Thus, recently, we
carefully investigated the requests that our users submit, analyzed them, and co-operated with the EPAM
Support Portal in order to update the existing service catalog and simplify Cloud requests submitting.
So, currently, a new, more convenient categories tree is available. In addition, search by key words was
enabled, and we added a set of existing solutions, which give step-by-step solutions for the most frequent
requests.
Figure 11 - EPAM Cloud on Support portal
EPAM Cloud Orchestrator 2.1.77 - What’s New
EPAM SYSTEMS 24
9.2 EFFECTIVE CLOUD COMPUTING TRAININGS
At the beginning of summer, EPAM Cloud Consulting team announced the
Effective Cloud Computing training, aimed to make the assignees acquainted
with basic EPAM Cloud concepts, tools, and services, and to provide them
with the skills, necessary for basic Cloud infrastructure management.
The first session was established for Russian-speaking audience, and turned
out to be quite popular. Within the first week after the training announcement,
we got about 200 requests for subscription. Thus, we took the decision to
deliver the training in two sessions, and the first one successfully took place
July.
As the general summary of the first session, we are glad to share the following points:
72 people attended the course.
Most attendees subscribed for the course in order to improve their knowledge. Still, there are those
who are absolutely new to the subject
Attendees are absolutely satisfied with the course. There were no complains.
All the attendees who successfully passed the course, got the brand-new “Cloud Certified” badge.
One of the topics of the training was integration with AWS, which included information not only on AWS
usage via EPAM Orchestrator, but also on self-education and certification possibilities, provided by
Amazon. We are glad to announce, that after the training delivery, 44 AWS certificates were granted to
EPAMers for the successful completion of AWS Business and/or Technical professional course.
The successful certification is accompanied by “AWS Certified” badge that is granted to anyone who
provides the certificate to Cloud Consulting team.
After the first session completion, we carefully examined the feedbacks and the transcripts of Q&A sessions
and updated the training materials with the answers to the most essential and frequently asked questions.
The next round of the trainings is scheduled to start on September, 7, and will be delivered to the
subscribers whom we could not include to the first session due to groups size limits.
We are very glad to see your interest and enthusiasm in learning more about EPAM Cloud! We do our best
to share our knowledge and best practices, so that you could use our service most effectively and with the
most possible profit for you.
We are also planning the English version of the training. Keep track of the announcements!
9.3 EPAM CLOUD BADGES: BE A HERO!
EPAM Cloud Team always values the interest and enthusiasm towards Cloud Services and welcomes
users willing to learn more about Cloud. EPAM Cloud Support Team offers different trainings to share the
Cloud knowledge and expertise with its users.
On the other hand, our community is greatly helping us in improving the service by sharing their ideas and
cooperating in the development. Dozens of wonderful ideas, shared by our users, were implemented as
new features and improvements in EPAM Cloud, and others are still to go.
EPAM Cloud Orchestrator 2.1.77 - What’s New
EPAM SYSTEMS 25
We always highly appreciate this input, and want to thank all our contributors and trainings attendees for
their enthusiasm and interest in EPAM Cloud. Thus, we addressed EPAM Heroes team for assistance, and
in August, five new badges were introduced to help us mark the achievements and contribution of our users.
Thus, currently, there are six badges you can get by participating in Cloud educational and development
activities:
Badge Badge Name Description Granted by
Cloud Certified Granted for passing Cloud basic education programs
EPAM Cloud, EPAM University
Cloud Certified: Advanced
Granted for passing Cloud advanced education programs
EPAM Cloud, EPAM University
Cloud Certified: Expert
Granted for passing Cloud expert education programs
EPAM Cloud, EPAM University
Cloud Contributor
Granted for sharing own solutions with Cloud team so that these solutions are implemented in EPAM Cloud Service
EPAM Cloud
Cloud DevOps Granted for having high skills in Cloud automation and solutions
EPAM Cloud
AWS Certification
Granted for completing each of the following courses and obtaining the certificate:
AWS Business Professional
AWS Technical Professional
AWS TCO and Cloud Economics
EPAM Cloud
Please take part in the available education programs and in making EPAM Cloud better, and be assured
that your achievements and contributions will always be rewarded!
EPAM Cloud Orchestrator 2.1.77 - What’s New
EPAM SYSTEMS 26
9.4 DOCUMENTATION UPDATES
All changes and updates to the EPAM Orchestrator functionality are reflected in the documentation and
other EPAM Cloud resources. With the release of EPAM Orchestrator 2.1.77, the following documents were
updated:
Maestro CLI User Guide – new commands and parameters related to newly-introduced platform
services have been added
EPAM Cloud Services Guide – description of new and enhanced platform services has been added
Hybrid Cloud Guide – information on the new IAM user-related command has been added
Minor changes and updates to other documents and the EPAM Cloud website content reflecting
changes in the Orchestrator functionality have been made
EPAM Cloud Orchestrator 2.1.77 - What’s New
EPAM SYSTEMS 27
TABLE OF FIGURES
Figure 1 - Splunk service credentials ............................................................................................................ 9
Figure 2 - Splunk UI ...................................................................................................................................... 9
Figure 3 - Magento UI ................................................................................................................................. 10
Figure 4 - ATG as a Service architecture .................................................................................................... 11
Figure 5 - AEM PaaS Mode description (shown in two lines for better visibility) ........................................ 13
Figure 6 - AEM Author Login Page ............................................................................................................. 13
Figure 7 - Sitecore WebUI URLs ................................................................................................................. 14
Figure 8 - Cost Estimator ............................................................................................................................ 16
Figure 10 - Financial KPIs update ............................................................................................................... 17
Figure 11 - EPAM Apps menu ..................................................................................................................... 18
Figure 12 - EPAM Cloud on Support portal ................................................................................................. 23