epam cloud infrastructure orchestrator ver.2.1 · 2017-03-02 · 4.1 splunk as a service ......

Legal Notice: This document contains privileged and/or confidential information and may not be disclosed, distributed or

reproduced without the prior written permission of EPAM®.

EPAM Cloud Infrastructure

Orchestrator ver.2.1.77

What’s New

September 2016

CI2WN-S73-77

Version 1.0

EPAM Cloud Orchestrator 2.1.77 - What’s New

EPAM SYSTEMS 2

CONTENT

1 Overview ................................................................................................................................................ 4

2 New Region: India, Welcome On Board! ............................................................................................... 5

3 Infrastructure Updates ........................................................................................................................... 6

3.1 SSD Introduction in Minsk .............................................................................................................. 6

3.2 Migration to OpenStack ................................................................................................................. 6

3.3 EPAM-RU1 Decommissioning, EPAM-RU2/US2 Introduction ...................................................... 7

4 Platform Services Update ...................................................................................................................... 8

4.1 Splunk as a Service ....................................................................................................................... 8

4.2 Magento as a Service .................................................................................................................. 10

4.3 ATG as a Service ......................................................................................................................... 11

4.4 AEM PaaS Mode ......................................................................................................................... 12

4.5 Sitecore Large Mode .................................................................................................................... 13

4.6 Jenkins as a Service Upgrade ..................................................................................................... 14

4.7 Gerrit as a Service Update ........................................................................................................... 15

4.8 ACS Unification ............................................................................................................................ 15

5 Cloud UI Improvements ....................................................................................................................... 16

5.1 Cost Estimator Update ................................................................................................................. 16

5.2 Cloud Monitoring: More Project Details ....................................................................................... 17

5.3 Access to EPAM Services ........................................................................................................... 18

6 Command Line Interface Improvements ............................................................................................. 19

7 Reporting Updates ............................................................................................................................... 20

8 Security Updates ................................................................................................................................. 21

8.1 IAM Users Control for Project Coordinators ................................................................................ 21

8.2 Managed Policies Resolution....................................................................................................... 22

9 Support and Knowledge Sharing ......................................................................................................... 23

9.1 Service Catalog Update ............................................................................................................... 23

9.2 Effective Cloud Computing Trainings .......................................................................................... 24

9.3 EPAM Cloud Badges: Be a Hero! ................................................................................................ 24

9.4 Documentation Updates .............................................................................................................. 26


EPAM SYSTEMS 3

Table of Figures........................................................................................................................................... 27

Version history ............................................................................................................................................. 28


EPAM SYSTEMS 4

1 OVERVIEW

EPAM Orchestration Framework version 2.1.77 was released on September 03, 2016. This version comes

with two new platform services and important security enhancements. What is especially important, with

the release of Orchestrator 2.1.77, we introduce a new OpenStack-based virtual region, EPAM-IND1,

intended to be used by our colleagues in Hyderabad, India.

The brief overview of the main changes introduced in EPAM Orchestrator 2.1.77 is given in the list below:

New region, EPAM-IN1, introduced

Splunk as a Service is implemented

Magento as a Service is implemented

ATG as a Service is implemented

Existing platform services are improved

IAM user control by native Orchestrator tools is implemented

AWS security is improved

Cloud UI is improved with new features

Cloud reporting improved

Maestro CLI is updated

We are always trying to be in close contact with our users and to make their Cloud experience as easy

and efficient as possible. For that purpose, we have conducted a training series, Effective Cloud

Computing, and due to a positive feedback and high demand, we are planning a re-run of this training

plus an English version of the same.

In cooperation with EPAM Heroes team we have created several new badges to give to the colleagues

participating in EPAM Cloud training. Other badges are intended to express our appreciation to those who

contributed to the Orchestrator development.

The Orchestrator changes and enhancements are reflected in the EPAM Cloud documentation and online

resources. Please refer to the EPAM Cloud website for detailed descriptions of the new services and

features introduced in Orchestrator version 2.1.77.

https://heroes.epam.com/

https://cloud.epam.com/site/

http://cloud.epam.com/site/learn/documentation


EPAM SYSTEMS 5

2 NEW REGION: INDIA, WELCOME ON BOARD!

Last year EPAM Systems acquired Alliance Global Services, thus

expanding its presence in Asia. EPAM community welcomed the

new colleagues in Hyderabad office in 2015, and now EPAM

Cloud has extended its coverage to India as well, so that the

Hyderabad team can enjoy the Cloud features and advantages in

their work.

In Orchestrator release 2.1.77, EPAM Cloud introduces a new

region, EPAM-IN1. The new region is based in the OpenStack

technology and has the following specifics:

Storage volumes are billed by provisioned, not by used, space

Checkpoints are disabled

Graceful shutdown (or2stop) functionality is not available

The commands from other groups (as listed in Maestro CLI Reference Guide) are mostly available,

but some are disabled.

View instance pool scope is not available

Network specifics

Please note that the current OpenStack networking model in EPAM-IN1 region implies the following:

All instances in project have IPs from internal net (172.16.242.230/21).

All instances have an assigned floating IP from EPAM network (10.x.).

All instances have hostname like ECSX000XXXXX.epam.com, which can be resolved as an IP

from EPAM network (for example, 10.6.129.34).

If you try to resolve native hostname from instance in OpenStack you will get external IP, which

does not belong to any network interface of instance.

This can cause issues when you try to bind some process to hostname instead of Instance IP.

Usage of virtual resources in EPAM-IN1 region is billed with coefficient 1.

We welcome colleagues from Hyderabad in the EPAM Cloud community and are sure that they will benefit

from the possibilities offered by hosting resources in Cloud.

The Cloud Consulting Team is there to help with the general Cloud questions. We also encourage new

Cloud users to study the comprehensive EPAM Cloud documentation which can be found on the EPAM

Cloud website containing a wealth of useful information.

In addition, to make Cloud introduction in India more effective and easy, EPAM Cloud Consulting team

prepared a series of Cloud trainings for our Indian colleagues. The first training, an overview lecture for

project management is scheduled for the end of September. After that, an additional training for technical

professionals will be delivered.

mailto:[email protected]

https://cloud.epam.com/site/learn/documentation



EPAM SYSTEMS 6

3 INFRASTRUCTURE UPDATES

EPAM Cloud service development is not only new features and improvements, but also infrastructure

changes aimed to make our service benefit from all the latest innovations and technologies.

Thus, in addition to new regions activation and functional updates, we started big infrastructure restructuring

processes, and we are already gradually implementing them. Some changes are already seen to our users,

while the others are just preparing to be presented.

3.1 SSD INTRODUCTION IN MINSK

Virtual instances performance is one of the key factors influencing the

decision to use Cloud. SSD has become a natural part of modern computing

world, and we are glad to announce, that now SSD-based VMs are available

in EPAM Cloud.

The necessary hardware preparations were made, and we moved random

40% of Cloud VMs hosted in EPAM-BY1, to SSD. Our users whose VMs were affected by this migration,

could already mention the improvements in VMs performance.

Please note that the change did not influence the price of the migrated VMs.

You can order an SSD-based VM by submitting a support request. Please note that currently the SSD

capacity is limited, so, please, request the SSD VMs in case there is unquestionable need for that.

Within the nearest year, EPAM-BY1 will be totally moved to SSD.

3.2 MIGRATION TO OPENSTACK

EPAM Cloud is embarking on an extensive multi-stage process of migrating all

its infrastructure from HP CSA to OpenStack technology. The main reasons for

this decision are the infrastructure costs which are expected to be lower in

OpenStack as well as better and quicker system response.

The selected version of OpenStack to migrate to is Mitaka 9.0.1.

The new EPAM-IN1 region is fully OpenStack-based and has become the first

stage of Cloud migration. Other regions will follow in sequence.

We will keep our users informed about the status of the migration process and of the next steps to be taken

within the scope of migration.

The migration to OpenStack will be completed by the end of summer 2017.

https://support.epam.com/esp/ess.do?ctx=docEngine&file=svcDisplay&query=name=%22EPAMCloudIssuesUncategorized%22


EPAM SYSTEMS 7

3.3 EPAM-RU1 DECOMMISSIONING, EPAM-RU2/US2 INTRODUCTION

With the aim of providing better, more reliable and

consistent services to our users, EPAM Cloud pays a

lot of attention to the hardware used to serve virtual

infrastructure.

As Russian region is developing, and more and more

users are willing to host their virtual resources here, it

was decided to improve the region’s data centers in

order to meet all the needs and expectations.

The change naturally includes the update of the

hardware.

Thus, we took the decision to decommission the data center in Saratov and to move the Cloud

infrastructures to other EPAM Cloud regions (EPAM-BY1, EPAM-HU1, etc.) The migration took three

weeks of August, and over 300 VMs of more than 100 projects were moved.

As soon as all the preparations are complete, the EPAM-RU1 region will be completely decommissioned.

Instead, we will introduce EPAM-RU2 region, with the main DC in St. Petersburg. The new region will be

based on OpenStack and have SSD and a large capacity of compute resources, so that you will enjoy

Cloud services, enhanced by the modern high-capacity equipment, which is expected to provide better and

quicker cloud service.

In the nearest future, we will also introduce the OpenStack-based EPAM-US2 region that is designed

especially for those users who need large shapes for their project. Shapes up to 6XL (8CPU, 46GB RAM)

will be available. Keep track of the additional announcements!


EPAM SYSTEMS 8

4 PLATFORM SERVICES UPDATE

On any day, EPAM Systems is working on dozens of projects developing various customer products. In

many cases, the nature and purpose of the product determines the development platform to be used for it.

EPAM Cloud is committed to creating convenient and efficient environments for development teams by

offering cloud platform services running on virtual machines. The Cloud Team always closely follows the

trends in the development community and whenever there is a considerable demand for a new service or

an enhancement of an existing one, the Cloud developers try to make it into a Cloud service, which can be

easily deployed and is immediately available.

In this release, the scope of EPAM Cloud services has been expanded by adding several new platform

services. Also, some of the existing services have been upgraded and enhanced to ensure better

performance.

If you have ideas or suggestions on enhancing the EPAM Cloud Services range, please contact the

Consulting Team. All suggestions are analyzed and if the service implementation is feasible and technically

possible, you will see it in one of the nearest releases.

4.1 SPLUNK AS A SERVICE

Splunk Enterprise is a big data management platform allowing

to receive, analyze and process large volumes of data. Splunk

Enterprise collects data from various sources and turns it into

Operational Intelligence. Data gathered by Splunk can be

searched, indexed, visualized, monitored and organized as

reports.

For more information on Splunk products and usage, visit the

official Splunk website.

EPAM Cloud now offers Splunk as a Service based on Splunk Enterprise 6.3.1. You can request the service

in the basic configuration, and, if necessary, apply additional proxy settings.

Splunk as a Service is started as all other platform services – by means of the or2-manage-service

(or2ms) command. To activate the service, send the command with the -a/--activate parameter and

indicate splunk in the -s/--serviceName parameter:

or2ms -p project -r region -a activate –s splunk

When the service is activated, it starts a MEDIUM-shaped Ubuntu14.04_64-bit virtual machine.

If necessary, you can also create a Splunk proxy server to manage data traffic from various endpoints.

Having a Splunk proxy server, you can specify the endpoints from which traffic is to be managed and set

the quota to limit the traffic from a particular endpoint.

To activate a Splunk proxy server, run the or2-manage-service command with -s splunk-proxy -a

activate parameters:

or2ms -p project -r region -a activate –s splunk-proxy


https://www.splunk.com/


EPAM SYSTEMS 9

Once a Splunk proxy server is up and running, you can add and manage endpoints to limit its traffic. For

this purpose, a special command, or2-splunk-proxy (or2sp), is used:

or2sp -p project -r region -a create –n endpoint_name –i splunk_instance –x

proxy_instance –t port –q quota

This command specifies the endpoint action to be performed (describe, create or delete), the IDs of the

Splunk service instance and the Splunk proxy instance, the endpoint name and the data traffic quota in Mb

set for the endpoint (for the ‘create’ action). The cumulative daily quota of all endpoints should not exceed

500 Mb.

Several Splunk instances and proxy servers can be started for a project and region combination.

The or2-describe-services (or2dser) command displays the URL for accessing the Splunk Enterprise UI,

the login and password, as well as other service details, including Spunk proxy info:

Figure 1 - Splunk service credentials

Using the provided login and password, you can access the Splunk UI:

Figure 2 - Splunk UI

Splunk as a Service starts a virtual machine with a trial version of Splunk Enterprise installed. This version

allows using Splunk free of charge up to the limit of 500 Mb of data per day for 60 days. After 60 days, the

trial license can be converted into a perpetual free license with the same conditions.

You can change the license from trial to free using Splunk Web.


EPAM SYSTEMS 10

4.2 MAGENTO AS A SERVICE

With the implementation of Magento as a Service, EPAM Cloud

adds another platform for developing e-commerce solutions.

Magento is an open-source e-commerce platform allowing to

quickly build unique shopping websites both for the B2B and B2C

industries. Now Magento is available for EPAM developers as a Cloud service based on Magento 2.0.

For more details on Magento platform, visit the official Magento website.

Magento as a Service is activated through Maestro CLI by means of the or2-manage-service (or2ms)

command with the -a/--activate flag and the -s/--service parameter with magento value:

or2ms –p project_id -r region -a –s magento

When the service is activated, it starts a Magento server on a virtual machine with the following

configuration:

Image: CentOS7

Shape: MEDIUM

Only one Magento service can be activated per project in a particular region. To deactivate the service, use

the same command (or2ms) with the -d/--deactivate flag.

After Magento activation, it appears in the list of all services available for the selected project and region

displayed in the response to the or2-describe-services (or2dser) command. The command response

shows the URL via which the Magento UI can be accessed, as well as the login and password.

Figure 3 - Magento UI

https://magento.com/


EPAM SYSTEMS 11

4.3 ATG AS A SERVICE

Oracle ATG Web Commerce has become yet another e-

commerce platform supported by EPAM Cloud. It is widely used

for creating and administering commerce websites and

managing their content.

With ATG Web Commerce, you receive unique flexibility of a

multi-channel tool and the advantages of a personalization

engine.

For more details, visit the official Oracle ATG Web Commerce website.

In the current implementation EPAM Cloud supports ATG 11.2 version.

ATG as a Service is activated through Maestro CLI by means of the or2-manage-service (or2ms)

command with the -a/--activate flag and the -s/--service parameter with atg-small value:

or2ms –p project_id -r region -a –s atg-small

When the service is activated, it starts two virtual machines each serving its dedicated purpose:

1. ATG server also containing an Endeca full-text search engine together with Experience Manager,

a JBoss application server (JBoss 6.1), Java 1.7

2. Oracle database server

ATG as a Service is one more Cloud Service supporting integration with Jenkins. To ensure correct

performance, start a separate Jenkins Service and configure it to work with the two above-mentioned

instances.

3.

VM 2: OracleDB

VM 3: Jenkins

VM 1: ATG

Figure 4 - ATG as a Service architecture

http://www.oracle.com/us/products/applications/atg/web-commerce/index.html

https://cloud.epam.com/site/competency_center/e=p=c_services/jenkins_as_a_service_(=j=a=s)


EPAM SYSTEMS 12

All virtual machines have the following default configuration:

Image: CentOS6

Shape: MEDIUM

ATG as a Service is still under development. With the current implementation, you can obtain a ready-to-

use DEV/CI environment for ATG development. To achieve full functionality, you need to configure Jenkins

to get the working environment. In the next releases the Jenkins components will be finalized, after which

the fully functional ATG environment will be available after the service activation.

When activated, ATG as a Service provides the user with access to the ATG server and Oracle DB server

by connecting directly to the virtual machines started for the respective service.

To access the Jenkins Master, follow the instructions in the Jenkins Service description.

4.4 AEM PAAS MODE

In addition to AEM as a Service, EPAM Cloud, in cooperation with the Content Management Competency

Center, has implemented integration with AEM PaaS Mode.

In this implementation only AEM 6.2 version is supported.

In AEM Paas Mode you also create a cluster of author and publish instances, however, the technology of

its creation is different. Each instance, both author and publish, is created with its own dispatcher.

To start an AEM cluster, run the or2-manage-service (or2ms) command with the -a/--activate flag and

the -s/--service parameter containing the aem-author-paas value. Also specify the name of the AEM

cluster to be created and the AEM version (always 6.2):

or2ms –p project_id -r region -a –s aem-author-paas –c cluster –v 6.2 --

customize

This command starts a virtual machine which will become an AEM publish instance. You can continue

building the AEM cluster by adding more author or publish instances. To add a publish instance, use the

same or2ms command with the -a/--activate flag and the -s/--service parameter containing the aem-

publish-paas value. Specify the same cluster name and the same AEM version (6.2):

or2ms –p project_id -r region -a –s aem-publish-paas –c cluster –v 6.2 --

customize

Each VM created as part of the AEM PaaS Mode will have the following configuration:

Image: CentOS6_64-bit

Shape: MEDIUM (the default shape, however, a different shape can be selected if necessary)

When the AEM PaaS Mode has been activated, you can retrieve its details with the or2-describe-services

command:

https://cloud.epam.com/site/competency_center/e=p=c_services/jenkins_as_a_service_(=j=a=s)


EPAM SYSTEMS 13

Figure 5 - AEM PaaS Mode description (shown in two lines for better visibility)

Using the WebUI URL provided in the response to the or2-describe-services command, you can access

the AEM UI. Use the admin/admin credentials to login:

Figure 6 - AEM Author Login Page

4.5 SITECORE LARGE MODE

In a previous release EPAM Cloud introduced Sitecore as a Service, a content management platform to be

deployed on a Windows Server 2012 R2 virtual machine. When the service was activated, it started one

VM containing all components required for proper Sitecore functioning – Sitedore server, MS SQL database

management system and MongoDB database.

In this release, we present Sitecore Large – a configuration involving several VMs each dedicated to a

particular function. When the service is activated, it creates a cluster of interconnected VMs.

The maximum configuration includes the following VMs:

1. Sitecore Server + MongoDB

2. MS SQL

3. Jenkins Master

4. Jenkins Slave

5. Load Balancer

To activate Sitecore Large, use the or2-manage-service (or2ms) command. The value of the -s/--service

parameter depends on the role of virtual machine started by the command:


EPAM SYSTEMS 14

or2ms –p project_id -r region -a –s sitecore-dev-paas –c cluster –v 8.1

This command starts two VMs – a Sitecore server also containing MongoDB and a VM with MS SQL

installed. This is the minimum configuration for Sitecore service to function properly.

or2ms –p project_id -r region -a –s sitecore-ci-paas –c cluster –v 8.1

This command creates two VMs – Jenkins Master and Jenkins Slave to provide CI/CD.

or2ms –p project_id -r region -a –s sitecore-lb-paas –c cluster –v 8.1

This command starts a VM serving as the Load Balancer. This VM may be required for clusters involving

several VMs.

Four VMs started under the Sitecore Large service (all except the VM hosting the Load Balancer) have the

following configuration:

Image: W2012R2Std

Shape: MEDIUM

The virtual machine serving as the Load Balancer has the following configuration:

Image: Ubuntu14.04_64-bit

Shape: SMALL

Access to each of the services started under the Sitecore Large service is performed via the URL

provided in the response to the or2dser command:

Figure 7 - Sitecore WebUI URLs

4.6 JENKINS AS A SERVICE UPGRADE

In version 2.1.77, EPAM Orchestrator comes with an upgraded version of Jenkins as a Service – now

Jenkins version 2.0 is supported. With this upgrade, Jenkins supports delivery pipelines, and its overall

usability has been improved.

Previous versions of Jenkins are continued to be supported, however, the existing Jenkins instances are

not upgraded automatically. If you need to use Jenkins version 2.0, you need to terminate your current

Jenkins service and activate a new one.

The following plugins are installed together with the upgrade:


EPAM SYSTEMS 15

{'name' => 'logstash', 'version' => '1.2.0'},

{'name' => 'credentials', 'version' => '2.1.4'},

{'name' => 'mailer', 'version' => '1.7' },

{'name' => 'matrix-auth', 'version' => '1.4' },

{'name' => 'jobConfigHistory', 'version' => '2.15' }

4.7 GERRIT AS A SERVICE UPDATE

Gerrit as a Service implemented in one of the previous releases now comes with minor changes and

improvements aimed at enhancing the security and usability. Additionally, the database has been changed

from MySQL to PostgreSQL which improves the service performance.

We continue to support the previous Gerrit implementation with the MySQL database, however, the existing

Gerrit instances will not be automatically modified. If you need to use the PostgreSQL database in your

Gerrit service, you need to terminate the existing Gerrit instance and activate a new one.

4.8 ACS UNIFICATION

Orchestrator release 2.1.77 comes with an important update of the Chef-based autoconfiguration service.

Previously, all Chef cookbooks created in EPAM Orchestrator referred to the attributes stored in

Orchestrator overriding the existing values with new ones. As the result, cookbooks could not be used

outside Orchestrator, for example, in AWS cloud infrastructures independent from EPAM Orchestrator, as

there was no way to reference the initial attributes.

The new improvement includes metadata_epc cookbook which serves as an intermediary resource

providing attributes. This way, Chef cookbooks can be used outside Orchestrator, as they are now able to

retrieve the attributes from metadata_epc.

To use the metadata_epc cookbook, you need to define the attribute discovery method yourself.


EPAM SYSTEMS 16

5 CLOUD UI IMPROVEMENTS

EPAM Cloud has a powerful UI, which allows to effectively monitor and manage virtual infrastructures in

several clicks.

We’re constantly improving the interface to make it more complete and effective for our users.

With the current update, we are glad to introduce two changes:

New financial KPIs were added to Cloud Monitoring to simplify costs control and review

EPAM Cloud Cost estimator updated

You can find more details on each of these points below.

5.1 COST ESTIMATOR UPDATE

EPAM Cloud Cost Estimator is a UI tool that allows to evaluate the approximate price of your virtual

resources. This tool is specifically convenient and necessary when you only plan to start hosting your

resources in Cloud, or change the configuration of your infrastructure.

With the current update, we updated the estimation processes, and moved them from UI side to server

side, thus minimizing the possibility of mistakes, and allowing to make the calculations more precise.

We also improved the layout of the tool by hiding all the reference information under the Help section. In

case you need a tip on the Cost Estimator usage, click the “Show Help” link to view the details and the

information on the available options.

Figure 8 - Cost Estimator

Please remember that Cost Estimator provides an approximate price. The real cost of your infrastructure

will depend on the actual resources usage.


EPAM SYSTEMS 17

5.2 CLOUD MONITORING: MORE PROJECT DETAILS

Cloud Monitoring page is designed to provide full and comprehensive information about virtual

infrastructure belonging to each project.

We are constantly developing the Monitoring tool in order to make it meet all your needs and expectations.

The feature allows you to find the performance statistics of each VM, the statistics on servers and services

usage.

There are also metrics showing the different services costs details.

With EPAM Orchestrator v.2.177 we introduce two updates to the Key Performance Indicators (KPIs)

available on the Monitoring page.

VM Lifetime and Optimization metrics are now available not only on Project, but also on Region

level. These metrics provide the information on the lifetime of project resources, and their utilization

rate, respectively. Such information is highly convenient for project resources usage optimization,

as it allows to review and rearrange infrastructure in order to decrease load and minimize project

costs.

Monthly Financial KPI is added to both Project and Region levels. It complements the daily

financial KPI that existed before, and provides the project’s total cost for the current month.

Clicking the graph and going to the Deep Dive view, where you can find billing trends – a graph

covering 6 or 12 latest months.

Figure 9 - Financial KPIs update

We would like to thank Vitali Liubchanka for submitting the idea for these improvements.

https://orchestration-qa.epam.com/maestro2/ui/monitoring



EPAM SYSTEMS 18

5.3 ACCESS TO EPAM SERVICES

EPAM Cloud is not a stand-alone service. It is closely related to other services and applications provided

within EPAM for internal usage.

With the current update, we introduce the EPAM Applications menu button that enables quick navigation

between different services that compose EPAM eco-system. You can find the button in the top right corner

of the Cloud Web Management Console.

When being logged in to any other EPAM application, you can also quickly navigate to EPAM Cloud by

finding in the “Deliver” section.

Figure 10 - EPAM Apps menu


EPAM SYSTEMS 19

6 COMMAND LINE INTERFACE IMPROVEMENTS

Although Cloud UI is rapidly developing, Maestro Command Line remains an important tool that provides

the most complete access to Cloud functionality.

That’s why we keep on improving it, not only adding the commands that support the new features and

services, but also updating the existing ones, to make CLI usage more convenient and effective.

With EPAM Orchestrator v.2.1.77 we would like to mention the following updates to Maestro CLI:

or2-help command now has the --project parameter, so you can check the list of the commands

available for you on a specific project

or2-create-and-attach-volume command is prohibited for instances in transitional state

or2-describe-instance-properties command now provides the full list of properties assigned to

the instance

or2-update command now supports the --verify parameter to check the availability of the operation

In addition, a number of CLI-related issues were fixed.


EPAM SYSTEMS 20

7 REPORTING UPDATES

Reporting is a significant part of communication between EPAM Orchestrator and

users. This is a powerful tool which informs you on all the important cloud-related

events, including infrastructure changes, bills, services usage, security issues, and

others.

The information provided in the reports is important for project management, admins, and other project

members, and allows to keep track of all the changes and react timely on any issue.

However, to deliver all the information timely and effectively, it is important to make the reports highly

informative and deliver them to correct people.

That’s why we constantly work on reporting improvements and updates.

EPAM Orchestration v.2.1.77 goes with a huge number of changes in reports, which includes information

clarifications, layout updates, delivery lists reviews.

In total, 35 reports and notifications were updated. Several reports were removed or merged with other

reports.

We believe that the changes will make EPAM Cloud reporting more convenient and user-friendly.

Please remember, that EPAM Orchestrator supports a Subscription Management tool that allows to

customize the set of reports delivered to the project team, or to a specific user. For more details, please

see Account Management Guide (Section 10 –Subscriptions) and Quick Start Guide (Section 6 – User

Subscription management).

https://cloud.epam.com/site/management/account_activity/csug_05_account_management.pdf

https://cloud.epam.com/site/learn/quick_start/csug_01_quick_start.pdf


EPAM SYSTEMS 21

8 SECURITY UPDATES

EPAM Cloud regards security as one of its highest-priority areas and is constantly improving its security

measures and tools. EPAM Orchestrator v. 2.1.77 comes with the following security enhancements:

Enhanced IAM Users management for advanced users

Support for security groups and new AWS SDK

Please see the sections below for more details on these security improvements.

8.1 IAM USERS CONTROL FOR PROJECT COORDINATORS

The integration of EPAM Cloud with AWS includes a wide range of EPAM

Orchestrator tools that can be used to manipulate AWS-based infrastructures

without need to address native AWS tools.

However, there are still situations, when the users need to get constant access to

AWS Management Console. In this case, they submit a request to the Cloud Support

team, and are provided with an IAM User account. The account provides access to

all AWS features, except security groups and IAM management.

Such a high level of independency is convenient for users and saves time and effort for them. However, for

project management and project team in general, it is essential to have tools that would allow to monitor

and control IAM accounts usage on their projects.

That’s why, with the current release, we introduce a new CLI command, or2-aws-iam (or2iam) which is

designed to provide all the necessary information about IAM user accounts on the specified project. It also

allows the Advanced Management group (Project Managers/Coordinators, Account Managers, and

Delivery Managers) delete the specified IAM User account or reassign it to another project member without

need to address the support team.

The default action for the command is describe. Below, you can find an example of a standard command

call:

or2iam –p <project> -a describe

The command response includes the following information:

IAM User name

User creation date

IAM User group names

MFA devices serial numbers

Last password usage date

The users belonging to the Advanced Management group can use the --action delete option to delete an

IAM user.

For security reasons, it is strongly recommended to delete the IAM user accounts belonging to project

members who left the project and the accounts that haven’t been in use for over one month.


EPAM SYSTEMS 22

Advanced Management group can also use the --action setOwner option to change the owner of auto

user accounts.

8.2 MANAGED POLICIES RESOLUTION

To enable the possibility to set up a specific set of permissions to a person, resource, group, or role, AWS

supports various policies. A policy is a document where the allowed permissions are specified.

With IAM, the policies are applied for users, groups, and roles. There are two types of policies:

Inline policies – the policies that are embedded to single groups, roles, or users. You can create

and manage them according to your needs.

Managed policies – the policies that can be attached to multiple groups, roles, or users.

For more details on this topic, please see Managed Policies and Inline Policies page on AWS web-site.

With the current version of EPAM Orchestration, we introduce the support for the new AWS SDK version,

1.11.24. This keeps the integration with Amazon on the up-to-date level and creates the possibility to

support features that were not enabled by the previous SDK versions.

One of such features it the possibility to control the users to whom managed policies are assigned. From

now on, it is possible to block or reassign such user with Orchestrator tools, which allows to enforce the

automated and manual control over IAM accounts, thus significantly increasing the security level.

http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html


EPAM SYSTEMS 23

9 SUPPORT AND KNOWLEDGE SHARING

9.1 SERVICE CATALOG UPDATE

EPAM Cloud is a self-service providing users with the full stack of necessary tools and related

documentation, which allows users to perform virtual infrastructure management by themselves.

However, there are operations and cases when the additional assistance from EPAM Cloud Support teams

is needed.

These are not only service performance issues, but also requests for basic infrastructure settings, resources

migration, network setup, and others. Every month Cloud Support teams receive, reply, and resolve dozens

of requests.

Submitting a correct request is an important factor of its quick and effective processing. Thus, recently, we

carefully investigated the requests that our users submit, analyzed them, and co-operated with the EPAM

Support Portal in order to update the existing service catalog and simplify Cloud requests submitting.

So, currently, a new, more convenient categories tree is available. In addition, search by key words was

enabled, and we added a set of existing solutions, which give step-by-step solutions for the most frequent

requests.

Figure 11 - EPAM Cloud on Support portal


EPAM SYSTEMS 24

9.2 EFFECTIVE CLOUD COMPUTING TRAININGS

At the beginning of summer, EPAM Cloud Consulting team announced the

Effective Cloud Computing training, aimed to make the assignees acquainted

with basic EPAM Cloud concepts, tools, and services, and to provide them

with the skills, necessary for basic Cloud infrastructure management.

The first session was established for Russian-speaking audience, and turned

out to be quite popular. Within the first week after the training announcement,

we got about 200 requests for subscription. Thus, we took the decision to

deliver the training in two sessions, and the first one successfully took place

July.

As the general summary of the first session, we are glad to share the following points:

72 people attended the course.

Most attendees subscribed for the course in order to improve their knowledge. Still, there are those

who are absolutely new to the subject

Attendees are absolutely satisfied with the course. There were no complains.

All the attendees who successfully passed the course, got the brand-new “Cloud Certified” badge.

One of the topics of the training was integration with AWS, which included information not only on AWS

usage via EPAM Orchestrator, but also on self-education and certification possibilities, provided by

Amazon. We are glad to announce, that after the training delivery, 44 AWS certificates were granted to

EPAMers for the successful completion of AWS Business and/or Technical professional course.

The successful certification is accompanied by “AWS Certified” badge that is granted to anyone who

provides the certificate to Cloud Consulting team.

After the first session completion, we carefully examined the feedbacks and the transcripts of Q&A sessions

and updated the training materials with the answers to the most essential and frequently asked questions.

The next round of the trainings is scheduled to start on September, 7, and will be delivered to the

subscribers whom we could not include to the first session due to groups size limits.

We are very glad to see your interest and enthusiasm in learning more about EPAM Cloud! We do our best

to share our knowledge and best practices, so that you could use our service most effectively and with the

most possible profit for you.

We are also planning the English version of the training. Keep track of the announcements!

9.3 EPAM CLOUD BADGES: BE A HERO!

EPAM Cloud Team always values the interest and enthusiasm towards Cloud Services and welcomes

users willing to learn more about Cloud. EPAM Cloud Support Team offers different trainings to share the

Cloud knowledge and expertise with its users.

On the other hand, our community is greatly helping us in improving the service by sharing their ideas and

cooperating in the development. Dozens of wonderful ideas, shared by our users, were implemented as

new features and improvements in EPAM Cloud, and others are still to go.

https://kb.epam.com/display/EPMCITFAQ/Effective+Cloud+Computing

https://kb.epam.com/display/ECCCC/Partnership+with+AWS



EPAM SYSTEMS 25

We always highly appreciate this input, and want to thank all our contributors and trainings attendees for

their enthusiasm and interest in EPAM Cloud. Thus, we addressed EPAM Heroes team for assistance, and

in August, five new badges were introduced to help us mark the achievements and contribution of our users.

Thus, currently, there are six badges you can get by participating in Cloud educational and development

activities:

Badge Badge Name Description Granted by

Cloud Certified Granted for passing Cloud basic education programs

EPAM Cloud, EPAM University

Cloud Certified: Advanced

Granted for passing Cloud advanced education programs


Cloud Certified: Expert

Granted for passing Cloud expert education programs


Cloud Contributor

Granted for sharing own solutions with Cloud team so that these solutions are implemented in EPAM Cloud Service

EPAM Cloud

Cloud DevOps Granted for having high skills in Cloud automation and solutions

EPAM Cloud

AWS Certification

Granted for completing each of the following courses and obtaining the certificate:

AWS Business Professional

AWS Technical Professional

AWS TCO and Cloud Economics

EPAM Cloud

Please take part in the available education programs and in making EPAM Cloud better, and be assured

that your achievements and contributions will always be rewarded!

https://heroes.epam.com/


EPAM SYSTEMS 26

9.4 DOCUMENTATION UPDATES

All changes and updates to the EPAM Orchestrator functionality are reflected in the documentation and

other EPAM Cloud resources. With the release of EPAM Orchestrator 2.1.77, the following documents were

updated:

Maestro CLI User Guide – new commands and parameters related to newly-introduced platform

services have been added

EPAM Cloud Services Guide – description of new and enhanced platform services has been added

Hybrid Cloud Guide – information on the new IAM user-related command has been added

Minor changes and updates to other documents and the EPAM Cloud website content reflecting

changes in the Orchestrator functionality have been made

https://cloud.epam.com/site/develop/maestro_c=l=i/csug_02_maestro_cli_user_guide.pdf

https://cloud.epam.com/site/competency_center/e=p=c_services/csug_03_services.pdf

https://cloud.epam.com/site/develop/hybrid_cloud/csug_04_hybrid_cloud.pdf



EPAM SYSTEMS 27

TABLE OF FIGURES

Figure 1 - Splunk service credentials ............................................................................................................ 9

Figure 2 - Splunk UI ...................................................................................................................................... 9

Figure 3 - Magento UI ................................................................................................................................. 10

Figure 4 - ATG as a Service architecture .................................................................................................... 11

Figure 5 - AEM PaaS Mode description (shown in two lines for better visibility) ........................................ 13

Figure 6 - AEM Author Login Page ............................................................................................................. 13

Figure 7 - Sitecore WebUI URLs ................................................................................................................. 14

Figure 8 - Cost Estimator ............................................................................................................................ 16

Figure 10 - Financial KPIs update ............................................................................................................... 17

Figure 11 - EPAM Apps menu ..................................................................................................................... 18

Figure 12 - EPAM Cloud on Support portal ................................................................................................. 23


EPAM SYSTEMS 28

VERSION HISTORY

Version Date Summary

1.0 September 3, 2016 First published

epam cloud infrastructure orchestrator ver.2.1 · 2017-03-02 · 4.1 splunk as a service ......

Documents