the-definitive-guide-to-enterprise-cloud-governance-by-rightscale

®

The Definitive Guide to

ENTERPRISE CLOUD GOVERNANCE: A Frictionless Approach

The Definitive Guide to Enterprise Cloud Governance: A Frictionless Approach © 2015 RightScale, Inc. All rights reserved. RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks of their respective owners.

2

A Need for Speed: The Current State of Cloud Governance

With the rise of public cloud, developers and application teams embraced the opportunity to access

infrastructure resources in minutes instead of the weeks-long to months-long wait at most large enterprises.

However, traditional IT governance was bypassed in this rush to greater agility. In fact, cloud use often

starts with no governance at all as business units directly procure cloud resources to satisfy urgent

business requirements.

Although the shorter provisioning times for public cloud brings clear benefits for the organization,

the lack of visibility and governance over these resources can come back to haunt IT teams. We’ve all

heard the horror stories — teams leaving cloud servers running resulting in unexpected eye-popping

cloud bills, no backups in place, unknown security vulnerabilities, a lack of audit trails, and the list

goes on. Most enterprise IT teams have been through the experience of being on the front line when

something goes wrong.

The time has now arrived for IT teams to take a proactive role by brokering cloud services on behalf of

their organizations. These initiatives need to deliver on instant access to both public and private cloud

infrastructure. While governance needs to be an integral part of the cloud broker role, IT cannot afford

to revert to outdated processes that create significant delays and hamstring business agility.

A New Approach: Frictionless Cloud Governance In a world where public clouds are easily and instantly accessible, enterprise IT teams need to embrace a

new approach: frictionless governance that embeds and automates necessary controls. With frictionless

governance, you can drive delays to zero by offering developers and business units cloud resources as

quickly as teams can obtain them directly from cloud providers. In fact, frictionless governance combined

with automation can make it even easier and faster for enterprise users to get fully configured stacks or

applications in public or private clouds. This is an achievable goal that can enable IT teams to accelerate

agility beyond that offered by going directly to public clouds.


3

“...smart CIOs use automated tools to provide cloud service catalogs to internal consumers and broker those services automagically. At the same time, CIOs can use these tools to control which services departments can use, and how they can use them.”

David Linthicum

“Cloud Blurs the Line Between

Cloud Brokers and CIOs”

TechTarget SearchCloudComputing,

June 2015

Guardrails vs. Approvals To deliver on frictionless cloud governance, you need to avoid

traditional approval processes that require a cloud user to create a

request that is then forwarded to a manager and others for approval.

Instead, you can eliminate manual intervention in the vast majority of

cases by embedding automated policies into your provisioning and

management processes.

For example, many companies offer public or private cloud resources

to their development teams. Instead of sending emails to managers to

approve requests, developers should be free to provision within budgets

or quotas set for a person, application, or team. As long as the quotas

aren’t exceeded, provisioning continues with no interruption. Similarly,

you should offer a cloud provisioning portal that narrows down or

automatically selects the allowable instance types or clouds based

on use case or performance requirements.

Automate to Accelerate When brokering cloud services, it’s important that you don’t

materially slow down the self-service access to infrastructure that

your internal users have come to expect from using public clouds.

Rather, you can actually accelerate the complete end-to-end process

of getting a stack or application running in the cloud. For example,

a developer who provisions infrastructure in a public cloud will then

need to set up and configure the components of the environment.

These steps, which may be largely manual, will consume additional

time before the developer can be productive. When you broker cloud

services to your developers, you can automate deployment and

configuration of common stacks and apps. This approach allows you

to implement frictionless governance (ensuring that the right patches,

versions, and configurations are used) while also increasing agility by

eliminating manual work and delays for that developer.


4

Eight Reasons for Building a Multi-Cloud Strategy

Operate anywhere

Leverage existing investments

Optimize costs

Access unique capabilities

Create resilient architectures

Maintain vendor leverage

Future-proof your cloud strategy

Support existing cloud usage

According to the RightScale 2015 State of the Cloud Survey, enterprises are increasingly

planning to use a portfolio of clouds, with 82 percent reporting a multi-cloud strategy as

compared to 74 percent in 2014. This year’s survey reveals that 55 percent of enterprises are

planning for hybrid clouds, 13 percent expect to use multiple public clouds, and 14 percent

are planning for multiple private clouds.

Source: RightScale 2015 State of the Cloud Report

Multi-Cloud Governance: A Single Pane of Glass for All Your Clouds The vast majority of enterprises today are planning for a multi-cloud strategy that will encompass a portfolio

of public and private cloud options. There are a wide range of business requirements that drive the need for

a heterogeneous set of cloud resource pools — including geography, cost, features, and existing investments.

For example, an enterprise may have teams using AWS and Azure and other teams using vSphere to meet

the needs of different applications and business goals. To deliver frictionless governance in this multi-cloud

world, IT teams need to gain visibility into all of the clouds they use, implement an overarching approach for

secure access, apply a consistent set of policies for governance of cloud use, and ensure complete audit trails

for cloud activities.

With a multi-cloud approach, IT teams want the flexibility to guide the deployment and operations of

different applications based on the best venue of operation. For example, a development team in India

can be approved for access to instance sizes appropriate for development in a nearby AWS region with

default schedules that automatically shut down instances at night.

1

2

3

4

5

6

7

8


5

Requirements for Frictionless Cloud Governance Frictionless governance does not mean no governance. It means a faster path to resources using

smart governance methodology. There are several key requirements that should be included when

implementing frictionless governance:

Discovery and inventory of all clouds, cloud accounts, instances, and cloud applications.

Tagging, labeling, and grouping of instances across clouds to map instance IDs to

meaningful application and asset names.

Searching to find cloud assets based on metadata.

CMDB integration for cloud assets.

Operating system images that are security hardened and comply with corporate standards.

Catalog of templates to configure commonly used servers and applications in order to

accelerate provisioning, meet security standards, and implement backup and disaster recovery.

Automated policies that control what clouds and instance sizes are allowed for particular

applications or use cases.

Version control for cloud assets.

Operational dashboard to provide your operations team visibility into all cloud instances

and applications.

Automation to standardize common operational tasks.

Monitoring, alerts, and self-healing for cloud instances and applications.

Automated scripting for patches and version updates.

Tracking of detailed usage and costs across all clouds, cloud accounts, instances, and applications.

Cost analytics and reporting by a variety of factors including, cloud, region, data center, instance

type, application, department, user, or any other tag.

Forecasting and budgeting to predict costs and define quotas for applications, departments,

teams, users, or other factors.

Spend optimization by selecting best cloud options and reducing waste.

Aggregated view of all clouds and accounts.

Unified identity and access management across clouds and cloud accounts. Integration with

existing SSO, LDAP, or Directory solutions.

Cloud key management and storage.

Audit trails for cloud activities and changes.

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20


6

The Five Areas of Frictionless Cloud Governance Leading IT teams are now positioning themselves to support the business need for agility by brokering

cloud services for the enterprise. By becoming cloud services brokers, they can add a critical layer of

visibility and governance to cloud usage while delivering access to any cloud or pool of infrastructure

resources. To be successful in this new strategic role, IT teams will need to consider five areas for

frictionless governance controls: inventory, provisioning, operations, financial, and security. This white

paper will detail the considerations and requirements for each of these five areas.


7

“Given the increasing number and quality of cloud offerings, we CIOs had better be the ones driving this cultural shift — otherwise, we are on the path to obsolescence.”

Niel Nickolaisen

“With Cloud Strategies

Abundant, CIOs Must Exercise

Command, Control”

SearchCIO, TechTarget

Inventory: You Can’t Manage What You Can’t SeeTo adequately govern the use of cloud, you need a single pane of glass

across all of the clouds you use. You’ll need visibility into all of your

public and private clouds, as well as virtualized environments that you

are leveraging as a cloud-like resource. Companies are also extending

their single pane of glass to include bare metal servers.

As an IT organization, you may currently have only a partial view

into your public cloud usage since many business units set up cloud

accounts without going through the central IT team. This lack of visibility

makes it difficult to govern cloud use and introduces both security and

business risks. Many enterprises also have a disjointed view of private

cloud and on-premises usage, with no way to aggregate across

disparate clouds and technologies.

It’s important that you can discover your infrastructure resources across

clouds, data centers, and geographies; organize and tag resources in

meaningful ways; search your resources to find ones that have particular

characteristics; and integrate the information into your existing CMDB.

Discovery To gauge the full extent of cloud usage and ensure appropriate levels

of governance, you’ll need a centralized way to get a complete view

of all your cloud accounts and workloads, with the ability to discover

new workloads as they are deployed.

Discovering metadata about your cloud workloads is also critical.

You’ll want access to information about the cloud, region, data center,

instance type, security groups, IP address, and networking options for

each workload. This information can be used later to filter and search

for resources with particular characteristics.

RightScale provides a centralized place to register cloud

accounts or virtualized environments. Once cloud accounts are

registered, RightScale discovers all of your running workloads and

a wide set of metadata for each, giving you get a complete view of

all instances and VMs.


8

Tagging Once you have a view into all your enterprise cloud workloads, you need to organize individual instances or

VMs into logical groups (application or deployment) and tag workloads with useful information, such as the

purpose (dev, test, staging, or production) or the team responsible. Tags that span all your clouds can help

you to better understand how cloud resources are being used and to assess operational health.

RightScale enables you to set up a consistent set of tags for a wide range of resources (accounts,

instances, volumes, images, and more) across clouds and virtualized environments. You can search,

filter, or report based on tags.

Search The ability to search and filter on tags or other metadata enables you to report on your cloud usage

and also plan for maintenance. For example, you will need to filter or organize reports by application

name or business unit. When a new vulnerability comes out that impacts a particular operating system,

you need to find all resources running the impacted operating system, whether they reside in public

clouds, private clouds, or your virtualized data center.

By leveraging the power of tagging in RightScale, you can easily find instances across all your

cloud resource pools. For example, when you need to upgrade or patch a component, you can easily

find all the servers that need to be updated and then execute a script. This is a real lifesaver when

you need to quickly upgrade or patch hundreds of servers.

Integrate to CMDB The next step to gain visibility into your cloud infrastructure and usage is to automate the integration

into your centralized configuration management database (CMDB). You’ll want to track cloud resources

and include these assets in your enterprise CMDB to provide global visibility and auditing.

Automated integration should register the new assets in a central CMDB and continue to keep the CMDB

up to date as dynamic infrastructure changes occur (auto-scaling, de-provisioning, enhancements, version

changes, etc).

RightScale provides a certified integration with ServiceNow CMDB and provides open APIs

for integration with other CMDB systems.


9

Provisioning: Guardrails, Not Speed BumpsOne of the most fundamental expectations of cloud is automated self-service access. Developers, and the

business units they support, value quick access to infrastructure that helps them experiment, iterate, and

test their ideas. Public cloud has provided them with “instant on” infrastructure that keeps costs low and

bypasses lengthy justification and approval processes. In order to entice developers to use sanctioned and

governed cloud services, your enterprise IT teams need to match this expectation by providing self-service

access to all of your cloud resources in minutes — not hours, days, or weeks.

Although some enterprises have implemented self-service portals to request IT infrastructure or VMs,

many of these solutions are simply ticketing systems that trigger semi-automated approval processes

and eventually manual effort from multiple systems administrators across compute, network, storage,

and platform teams. Adding cloud services to these lengthy processes is unlikely to satisfy developers

and business owners. Instead, you need to embed frictionless governance into the self-service flow

without slowing down the pace of business.

A multi-cloud self-service portal is a great vehicle to embed frictionless governance. IT can offer

standard images that meet corporate guidelines and a catalog of templates for automated provisioning —

all under version control. Your self-service flow should embed cloud policies that guide users to appropriate

use of cloud.

Standard Images Every workload provisioned in the cloud should be based on a set of corporate standard operating

system images that are appropriate for that particular cloud. Although base images are available from

each cloud provider, enterprise IT teams will typically want to customize these base images to meet

their corporate specifications.

RightScale provides standard multi-cloud images for popular operating systems and enables you to

customize a library of your own images.

Template CatalogYour self-service portal should include a catalog of technology components and stacks that are

commonly used in your organization. For example, you can provide pre-configured templates that

automate deployment of basic instances, company-standard databases, your common development

environments, or frequently used applications. Your templates ensure that each component meets your

corporate standards for versions, configurations, security settings, and patch levels. With a template

catalog, developers can go beyond basic infrastructure and easily provision higher-level services as

starting points for their applications, reducing the time to configure their environments and enabling

them to focus on building applications. Templates can also implement high-availability architectures

and automate backup and disaster recovery procedures. Your templates should be available across your

entire portfolio of clouds.

RightScale Cloud Application Template (CAT) files are standard templates for deploying components

or applications across clouds.


10

Cloud Policies Guardrails that control the use of cloud should be embedded as

policies in your self-service flow. These policies should define the

allowed clouds, regions, or instance types. For example, you might

limit developers to using particular clouds or exclude larger instance

sizes for development environments. Policies can also control costs

by preventing deployments if cost quotas are exceeded or by defining

runtime schedules that automatically shut down workloads when

they aren’t needed.

RightScale enables you to define cloud policies as part of a Cloud

Application Template (CAT) file. IT teams can provide guardrails by

specifying which clouds, regions, and instance types are available to

end users for each catalog item.

Version Control All of your cloud assets, such as images or templates, should be

placed under version control so that changes can be tracked.

You should pull the latest versions of cloud assets when provisioning

and track what versions are being used so that you can identify

when systems need to be upgraded. You should be able to leverage

common code repositories and source code control systems.

RightScale allows you to store your library of cloud application

templates in any source control system and publish the latest version

to the self-service catalog. RightScale also provides version control

for RightScale ServerTemplatesTM to enable you to track how each

server is configured.

Case Study Technicolor runs hundreds of thousands of CPU cores globally, and the process of managing all that used to be too often based on spreadsheets and paper documents, siloed in business units, without the global visibility and agility the company desired. Today, through its Constellation Cloud Management Platform that integrates RightScale and ServiceNow, Technicolor can launch render farms with thousands of cores — or continuous integration environments for its dozens of websites — using automated workflows that can allocate resources on any of its approved private or public cloud environments.


11

Operational Governance: Stay In Control Governance doesn’t end when a workload is launched. IT needs to maintain visibility and control over

running workloads. Developers need to continue to manage their environments throughout the development

process. Operations needs to ensure the availability and performance of production applications and to

apply appropriate patches or updates. Frictionless governance should be applied throughout the lifecycle

of an application.

Operational governance starts with an operational dashboard that provides a comprehensive view of

workloads across clouds. Ops teams also need multi-cloud tools to run scripts and automate operations,

a single pane of glass for monitoring and alerting on workload health, and easy ways to ensure

patching and updating of cloud systems.

Operational Dashboard

Operations teams operating in a multi-cloud world need to have a complete view of all their cloud-based

workloads — whether in public clouds, private clouds, or virtualized environments. They’ll need a way to see

what workloads are running where, how cloud resources are used, and any critical alerts that need attention.

RightScale provides a customizable dashboard with an overview of compute, network, and storage

use across clouds. The dashboard also highlights critical events or alerts.

Automated Operations Just as automation is critical to ensure repeatable provisioning that meets corporate standards, automation

should be used to ensure that standard operations are performed in a consistent and governed manner.

For example, developers may need standard scripts to snapshot and restore a database or update code

during the development process. Operations teams will need scripts to automate backups or perform routine

maintenance tasks. By automating these common processes, you can ensure that these operations are

performed correctly and consistently to avoid errors that compromise availability or security.

RightScale allows you to you define operational scripts in the language of your choice that automate

common operations. You can offer push-button actions to developers or other cloud users to enable them

to self-manage their cloud deployments through the RightScale Self-Service portal.


12

Monitoring and Alerting Ensuring the operational health of cloud workloads is a critical

component of IT management and governance. Operations teams

need to monitor system health, detect and debug issues, and quickly

take action. To reduce manual work and avoid downtime, they can

define thresholds for monitoring metrics and trigger automated

self-healing actions, such as scaling the number of servers up or down

or restarting services that are failing. Ops teams can also monitor CPU

and memory utilization to find unused servers that should be shut

down or to detect under-utilized servers that could be downsized to

reduce costs. Together these capabilities help enterprises to ensure

that systems stay up and running and meet SLAs.

RightScale provides monitoring, alerting, and escalations to keep

systems up and running. Operations teams can access a variety of

monitoring metrics, specify alerts, and define automated escalations,

such as auto-scaling or automated restarts.

Patching and Updating Like traditional on-premises servers, cloud servers need to be

continually updated with the latest security patches as well as new

versions. Organizations need to update both operating system

images as well as other infrastructure components. While patching

is especially critical for production systems, development systems

also need to stay up to date with the latest versions to ensure

compatibility. There are some special concerns in the cloud, since

cloud servers may be short-lived as they are spun up and shut down

during a development cycle. With enterprises increasingly moving

to an infrastructure-as-code approach for configuring servers,

operations teams need to also ensure that the base configuration

templates or images are updated so that new servers inherit the

latest patches and versions.

Using the RightScale RightLinkTM agent, operations teams

can then automatically run scripts to automate patching of a

set of affected servers.

To ensure that newly launched servers are configured properly

and get appropriate patches, RightScale ServerTemplates

provide an infrastructure-as-code approach and enable

operations teams to choose from a variety of configuration

management or scripting options — Chef, Puppet, Salt, Ansible,

PowerShell, Bash, or RightScripts. ServerTemplates are under

version control.

Infrastructure-as-code

An approach to IT operations

that uses code and scripts

to define and automate the

configuration of servers.

Unlike older ad hoc methods

to configure infrastructure, the

infrastructure-as-code approach

allows IT teams to accelerate

speed to market, improve

reliability, and ensure security.

Case Study“As an operations team, our goal is to provide the engineers with the best possible tools so that they can launch and manage their own services. We don’t want to get woken up at 5 A.M. because a PR event on the East Coast causes a surge of traffic to our site and we suddenly need more capacity. Ideally the services should scale up on their own … but even if they can’t, the engineers responsible for a service should be able to scale up and down quickly and on demand.”

RightScale customer Matt Wise,

a senior systems architect

at Nextdoor


13

Financial Governance: Watch Your Wallet As business units embrace the value that cloud delivers, usage and costs can easily spiral if not carefully

managed and continuously optimized. Users can often overprovision capacity or forget to de-provision

temporary resources. The variable cost model of cloud computing introduces significant opportunities

for savings, but also requires new approaches to minimize waste and optimize your spend.

A cloud cost analytics solution provides visibility into past, present, and future cloud usage and provides

the critical information needed to manage spend. You’ll need a solution that provides for multi-cloud cost tracking across all your public and private clouds, management oversight with showback and chargeback

analytics and reporting, budgeting and alerting when quotas are exceeded, and optimizing spend by

comparing cloud prices or purchase options and identifying waste.

Multi-Cloud Cost Tracking Effective financial governance of cloud requires a view of costs across all of your cloud resource pools —

including public clouds, private clouds, and even virtualized environments. With a single pane of glass,

you’ll be able to understand total cloud costs as well as costs for individual providers.

Getting detailed cloud pricing and usage data, down to hourly usage and individual instances, is critical.

For public clouds, you’ll want tools that can leverage billing data but also analyze detailed usage metrics

along with price data to allow you to further delve into your cost drivers. You’ll also need to consider

pricing adjustments to public cloud list prices to cover internal overhead or negotiated discounts.

For private clouds or other on-premises environments, you’ll need similar detailed usage metrics along

with the ability to define your own price books based on the internal costs of acquiring, deploying,

maintaining, and running infrastructure.

RightScale tracks your usage and costs across major public cloud providers as well as private clouds

and virtualized environments. RightScale maintains a database of more than 15,000 public cloud prices

and also supports price adjustments (up or down) and customized prices books for private clouds and

on-premises environments.


14

Analytics and Reporting Unlike traditional on-premises infrastructure where financial analysis and approvals occurs in advance of

a large purchase, cloud computing (particularly public cloud) offers a “pay-as-you-go” cost model that

requires a “continuous governance” approach to financial controls. As a result, you need to provide both

your finance team and your internal cloud consumers with ways to easily see and analyze their costs through

an online portal as well as automated, scheduled reports for showback or chargeback of costs. The ability

to slice and dice costs by cloud, region, application, instance type, user, or any other tag will enable you to

allocate costs appropriately. Your technical teams will also need to drill down to individual instances and

servers to take action on insights. Lastly, you’ll need the ability to integrate cloud costs into your other

financial systems.

RightScale provides a cloud cost portal with access controls so that all of your cloud stakeholders

can access and analyze data on cloud costs. You can slice and dice cloud costs on a wide range of factors

(cloud, region, data center, application, instance type, or user) and drill down to understand trends,

investigate anomalies, and uncover opportunities for savings. RightScale delivers automated reports

to your stakeholders via email and provides CSV files that can be used to integrate with other systems.

Forecasting, Budgeting, and Alerting The ability to pay as you go for cloud consumption offers opportunities for significant savings by

automatically scaling infrastructure in real time based on actual workload demand as opposed to traditional

approaches that require you to forecast peak demand in advance and provision on-premises hardware to

meet the peak. However, while these approaches can increase utilization and reduce costs, combining

these dynamic provisioning approaches with the complexity of cloud pricing can make it difficult to forecast

what those cloud costs will be. To forecast costs for existing applications, you’ll need to take historical

usage and cost data and apply expected growth rates (or declines) as well as seasonality changes.

For new applications, you’ll need to specify the hardware necessary to meet expected loads.

Using both historical cloud usage and future forecasts, you can set budget levels by departments, projects,

and individuals. Budgets should be integrated into your self-service portal such that provisioning requests

are matched against budget levels and manager approval is required only if a request is out of scope,

thus eliminating developer frustration for standard requests within specified project limits and parameters.

There are two approaches to quota enforcement, and you may want to use these in combination depending

on the workload. For production or other critical workloads, you should implement an alerting approach.

You can alert users and managers if their spend has already exceeded their monthly budget or if it’s

projected to exceed the budget based on the current run rate. For development and testing deployments,

you may also choose to prevent deployment of new workloads through the self-service portal if the budget

or quota is already exceeded.

RightScale provides robust tools to forecast cloud spend for existing or prospective applications.

You can set budgets at any level you choose (by cloud, application, project, team, and more) and get

alerts if those budgets are exceeded or are projected to be exceeded.


15

Spend Optimization Financial governance will enable you to reduce your cloud spend by selecting the right cloud in your

portfolio, selecting the right purchase options, and minimizing waste. Many enterprises are implementing

a multi-cloud portfolio using several public cloud options combined with private clouds or on-premises

virtualized resources. By forecasting costs on different clouds or regions (public and private), you can

compare different options and choose the best price based on your requirements. In some cases, you might

want to choose an on-premises environment first if there is available capacity, since that represents an

opportunity to maximize a sunk cost.

Selecting the right purchase options — such as AWS reserved instances (RIs) — is an ongoing challenge.

You will need to analyze usage to determine how much you can save with RIs and then ensure that you fully

use the reserved instances. Often companies have unused RIs because the instances they launch are not in

the appropriate region or of the correct instance type. You’ll want reports that show under-utilized RIs so

that you can adjust your provisioning to leverage them and maximize your savings.

Reducing waste is one of the easiest ways to make large reductions in your cloud bills. There are three main

ways to reduce waste: ensure that instances are shut down when they are no longer used, shut instances

down during “off hours” such as nights and weekends, and rightsizing your instance sizes to the needs of

the workload. Any workloads that are going to be used for a fixed time period (development, test, training,

demo, or events) should have an automated schedule to shut them down when the project is done. You

can also schedule them to run only during the needed hours, such as during work hours for development

workloads. To ensure that you rightsize your cloud instances, you can include policies in your self-service

portal to guide users toward appropriate instance sizes and then monitor running workloads to detect

under-utilized workloads and make appropriate adjustments.

RightScale enables you to forecast costs in different clouds and with different purchase options in

order to make the best decisions. RightScale also reports on utilization of AWS reserved instances that

have been purchased to ensure that they are being used. For temporary workloads, such as development

instances, RightScale can automate the process of shutting down workloads at project end or for

overnights/weekends according to user-specified schedules.


16

Security and Compliance: Controlling a Multi-Cloud World While individual cloud providers each offer capabilities for identity and access management, key

management, and audit trails, users are often left to their own devices for getting a complete picture

and consistent approach across multiple clouds. As IT organizations broker multiple cloud services

for their users, they need a central point of control for cloud access.

Enterprises need to ensure that they have a complete view of cloud usage by aggregating cloud accounts, providing multi-cloud identity and access management that federates identity from

existing systems, implementing robust key management practices, and having complete audit trails across clouds.

Account Aggregation As enterprises increase their cloud adoption, management of many accounts across multiple clouds can

become a significant challenge. Although some individual cloud providers offer simple ways to associate

cloud accounts with a master billing account, enterprises need to gain a comprehensive view of all their

accounts across all clouds (regardless of who created them) while delegating authority for particular

accounts to different organizations, business units, teams, or users. By providing a central way to aggregate

cloud accounts, IT teams can ensure consistent governance and compliance with corporate standards.

RightScale allows you to aggregate all of your accounts across all of your cloud into a single hierarchy.

By registering existing or new cloud accounts with RightScale, you’ll have the ability to see all of the cloud

accounts in use across your organization. In addition, you can control which users can access each account.

Identity and Access Management While individual cloud providers offer identity and access management (IAM) for a particular cloud,

enterprise IT needs a centralized solution to manage identity and control access across all of its cloud

providers. You can leverage your existing identity system to manage credentials so that users across your

organization can access cloud services and use single sign-on (SSO). You will then need to use a centralized

approach to specify roles and permissions that are relevant for your cloud accounts.

RightScale supports federated identity management through SAML, providing access to multiple

cloud accounts. Enterprise users can then use single-sign-on (SSO) to access any cloud account to which

they have the appropriate access. RightScale provides for consistent multi-cloud role-based access control

(RBAC) across clouds and also provides for temporary users.


17

SSH Key Management The challenges of managing SSH keys for logging into servers can be exacerbated with the dynamic

provisioning of resources across multiple clouds. Improperly stored SSH keys can create a security risk for

the organization. Enterprises have several options to solve this problem: Cloud management solutions can

provide centralized multi-cloud key management capabilities, some cloud providers offer key management

services, and third-party and on-premises options exist.

RightScale provides a centralized key management capability that works across clouds and enables

easy log in for users who are authenticated with the RightScale platform. Users can choose to use

third-party key management services as well.

Audit Trails Audit trails are critical to both debugging operational issues as well as ensuring compliance with policies and

regulations. Individual cloud providers may provide for cloud-specific audit trails, but a centralized audit trail

across clouds provides for consistency and a single point of control. Audit trails should include provisioning

actions and lifecycle operations, operational scripts, changes in network and security settings, and other

management actions.

RightScale provides a multi-cloud audit trail that tracks changes made to cloud resources and security

settings. RightScale also provides the current settings of all security groups.

Conclusion and Next Steps We’ve covered the five areas that must be considered in order to realize a frictionless governance

cloud model: inventory, provisioning, operations, financial, and security. To ensure that the requirements

for each area are met, IT teams will need a platform to centralize policies and embed governance

throughout the cloud provisioning and management process. This platform should serve to balance

the demands for agility from internal cloud users with the implementation of governance and security

controls, effectively ensuring frictionless governance that provides guardrails, not speed bumps, in the

path to using cloud.

IT teams are increasingly acting as cloud services brokers to deliver self-service access to a curated

catalog of commonly used components, stacks, and applications for developers and other cloud users

to request, provision, and manage these services across public cloud, private cloud, and virtualized

environments. As cloud services brokers who must define and implement access controls, IT teams

are in a strategic position to embed frictionless governance into their self-service portals and

brokering processes.


18

RightScale provides a cloud broker and management platform that can provide the foundation for

your multi-cloud strategy and help drive innovation, growth, and efficiency. RightScale incorporates

frictionless governance, enabling IT teams to deliver cloud resources as quickly as developers can obtain

them directly from cloud providers. Combined with automation, RightScale can make it even easier and faster for enterprise users to get fully configured stacks or applications in public or private clouds via an

easy-to-use interface without sacrificing the necessary visibility, governance, and control.

RightScale Consulting is your partner on your journey to cloud. Our team of experts can help you use

the RightScale platform to create a frictionless cloud governance model that satisfies your company’s

compliance and financial needs. For the latest information on cloud computing best practices,

check out www.rightscale.com/learn.

About RightScale

RightScale® enables leading enterprises to accelerate delivery of cloud-based applications that

engage customers and drive top-line revenue while reducing risk of outages and optimizing costs.

RightScale Cloud Portfolio Management provides a single pane of glass to manage, govern, and

optimize applications in public, private, and hybrid clouds. With RightScale, IT organizations can

deliver instant self-service access to a portfolio of public, private, and hybrid cloud services across

business units and development teams. RightScale provides enterprise-grade governance so that

IT teams can control user access; standardize technologies and processes; ensure security and

compliance; and enforce budgets. In addition, RightScale Consulting provides deep cloud expertise

to help companies develop cloud strategies, deliver cloud projects, and optimize cloud usage.

Since 2007, more than 50,000 users at leading organizations across a variety of industries have

launched millions of servers and advanced their cloud infrastructure through RightScale.

Contact us and find out how RightScale Self-Service can enable your IT team to become a cloud services broker and start your path to frictionless governance.

+1.888.989.1856 (toll free) +1.805.500.4164

or email us [email protected]

http://www.rightscale.com/learn

http://www.rightscale.com/contact

mailto:sales%40rightscale.com?subject=The%20Definitive%20Guide%20to%20Cloud%20Governance

the-definitive-guide-to-enterprise-cloud-governance-by-rightscale

Documents