the-definitive-guide-to-enterprise-cloud-governance-by-rightscale
TRANSCRIPT
![Page 1: the-definitive-guide-to-enterprise-cloud-governance-by-rightscale](https://reader037.vdocument.in/reader037/viewer/2022092623/5876320f1a28ab68098b4f49/html5/thumbnails/1.jpg)
®
The Definitive Guide to
ENTERPRISE CLOUD GOVERNANCE: A Frictionless Approach
![Page 2: the-definitive-guide-to-enterprise-cloud-governance-by-rightscale](https://reader037.vdocument.in/reader037/viewer/2022092623/5876320f1a28ab68098b4f49/html5/thumbnails/2.jpg)
The Definitive Guide to Enterprise Cloud Governance: A Frictionless Approach © 2015 RightScale, Inc. All rights reserved. RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks of their respective owners.
2
A Need for Speed: The Current State of Cloud Governance
With the rise of public cloud, developers and application teams embraced the opportunity to access
infrastructure resources in minutes instead of the weeks-long to months-long wait at most large enterprises.
However, traditional IT governance was bypassed in this rush to greater agility. In fact, cloud use often
starts with no governance at all as business units directly procure cloud resources to satisfy urgent
business requirements.
Although the shorter provisioning times for public cloud brings clear benefits for the organization,
the lack of visibility and governance over these resources can come back to haunt IT teams. We’ve all
heard the horror stories — teams leaving cloud servers running resulting in unexpected eye-popping
cloud bills, no backups in place, unknown security vulnerabilities, a lack of audit trails, and the list
goes on. Most enterprise IT teams have been through the experience of being on the front line when
something goes wrong.
The time has now arrived for IT teams to take a proactive role by brokering cloud services on behalf of
their organizations. These initiatives need to deliver on instant access to both public and private cloud
infrastructure. While governance needs to be an integral part of the cloud broker role, IT cannot afford
to revert to outdated processes that create significant delays and hamstring business agility.
A New Approach: Frictionless Cloud Governance In a world where public clouds are easily and instantly accessible, enterprise IT teams need to embrace a
new approach: frictionless governance that embeds and automates necessary controls. With frictionless
governance, you can drive delays to zero by offering developers and business units cloud resources as
quickly as teams can obtain them directly from cloud providers. In fact, frictionless governance combined
with automation can make it even easier and faster for enterprise users to get fully configured stacks or
applications in public or private clouds. This is an achievable goal that can enable IT teams to accelerate
agility beyond that offered by going directly to public clouds.
![Page 3: the-definitive-guide-to-enterprise-cloud-governance-by-rightscale](https://reader037.vdocument.in/reader037/viewer/2022092623/5876320f1a28ab68098b4f49/html5/thumbnails/3.jpg)
The Definitive Guide to Enterprise Cloud Governance: A Frictionless Approach © 2015 RightScale, Inc. All rights reserved. RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks of their respective owners.
3
“...smart CIOs use automated tools to provide cloud service catalogs to internal consumers and broker those services automagically. At the same time, CIOs can use these tools to control which services departments can use, and how they can use them.”
David Linthicum
“Cloud Blurs the Line Between
Cloud Brokers and CIOs”
TechTarget SearchCloudComputing,
June 2015
Guardrails vs. Approvals To deliver on frictionless cloud governance, you need to avoid
traditional approval processes that require a cloud user to create a
request that is then forwarded to a manager and others for approval.
Instead, you can eliminate manual intervention in the vast majority of
cases by embedding automated policies into your provisioning and
management processes.
For example, many companies offer public or private cloud resources
to their development teams. Instead of sending emails to managers to
approve requests, developers should be free to provision within budgets
or quotas set for a person, application, or team. As long as the quotas
aren’t exceeded, provisioning continues with no interruption. Similarly,
you should offer a cloud provisioning portal that narrows down or
automatically selects the allowable instance types or clouds based
on use case or performance requirements.
Automate to Accelerate When brokering cloud services, it’s important that you don’t
materially slow down the self-service access to infrastructure that
your internal users have come to expect from using public clouds.
Rather, you can actually accelerate the complete end-to-end process
of getting a stack or application running in the cloud. For example,
a developer who provisions infrastructure in a public cloud will then
need to set up and configure the components of the environment.
These steps, which may be largely manual, will consume additional
time before the developer can be productive. When you broker cloud
services to your developers, you can automate deployment and
configuration of common stacks and apps. This approach allows you
to implement frictionless governance (ensuring that the right patches,
versions, and configurations are used) while also increasing agility by
eliminating manual work and delays for that developer.
![Page 4: the-definitive-guide-to-enterprise-cloud-governance-by-rightscale](https://reader037.vdocument.in/reader037/viewer/2022092623/5876320f1a28ab68098b4f49/html5/thumbnails/4.jpg)
The Definitive Guide to Enterprise Cloud Governance: A Frictionless Approach © 2015 RightScale, Inc. All rights reserved. RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks of their respective owners.
4
Eight Reasons for Building a Multi-Cloud Strategy
Operate anywhere
Leverage existing investments
Optimize costs
Access unique capabilities
Create resilient architectures
Maintain vendor leverage
Future-proof your cloud strategy
Support existing cloud usage
According to the RightScale 2015 State of the Cloud Survey, enterprises are increasingly
planning to use a portfolio of clouds, with 82 percent reporting a multi-cloud strategy as
compared to 74 percent in 2014. This year’s survey reveals that 55 percent of enterprises are
planning for hybrid clouds, 13 percent expect to use multiple public clouds, and 14 percent
are planning for multiple private clouds.
Source: RightScale 2015 State of the Cloud Report
Multi-Cloud Governance: A Single Pane of Glass for All Your Clouds The vast majority of enterprises today are planning for a multi-cloud strategy that will encompass a portfolio
of public and private cloud options. There are a wide range of business requirements that drive the need for
a heterogeneous set of cloud resource pools — including geography, cost, features, and existing investments.
For example, an enterprise may have teams using AWS and Azure and other teams using vSphere to meet
the needs of different applications and business goals. To deliver frictionless governance in this multi-cloud
world, IT teams need to gain visibility into all of the clouds they use, implement an overarching approach for
secure access, apply a consistent set of policies for governance of cloud use, and ensure complete audit trails
for cloud activities.
With a multi-cloud approach, IT teams want the flexibility to guide the deployment and operations of
different applications based on the best venue of operation. For example, a development team in India
can be approved for access to instance sizes appropriate for development in a nearby AWS region with
default schedules that automatically shut down instances at night.
1
2
3
4
5
6
7
8
![Page 5: the-definitive-guide-to-enterprise-cloud-governance-by-rightscale](https://reader037.vdocument.in/reader037/viewer/2022092623/5876320f1a28ab68098b4f49/html5/thumbnails/5.jpg)
The Definitive Guide to Enterprise Cloud Governance: A Frictionless Approach © 2015 RightScale, Inc. All rights reserved. RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks of their respective owners.
5
Requirements for Frictionless Cloud Governance Frictionless governance does not mean no governance. It means a faster path to resources using
smart governance methodology. There are several key requirements that should be included when
implementing frictionless governance:
Discovery and inventory of all clouds, cloud accounts, instances, and cloud applications.
Tagging, labeling, and grouping of instances across clouds to map instance IDs to
meaningful application and asset names.
Searching to find cloud assets based on metadata.
CMDB integration for cloud assets.
Operating system images that are security hardened and comply with corporate standards.
Catalog of templates to configure commonly used servers and applications in order to
accelerate provisioning, meet security standards, and implement backup and disaster recovery.
Automated policies that control what clouds and instance sizes are allowed for particular
applications or use cases.
Version control for cloud assets.
Operational dashboard to provide your operations team visibility into all cloud instances
and applications.
Automation to standardize common operational tasks.
Monitoring, alerts, and self-healing for cloud instances and applications.
Automated scripting for patches and version updates.
Tracking of detailed usage and costs across all clouds, cloud accounts, instances, and applications.
Cost analytics and reporting by a variety of factors including, cloud, region, data center, instance
type, application, department, user, or any other tag.
Forecasting and budgeting to predict costs and define quotas for applications, departments,
teams, users, or other factors.
Spend optimization by selecting best cloud options and reducing waste.
Aggregated view of all clouds and accounts.
Unified identity and access management across clouds and cloud accounts. Integration with
existing SSO, LDAP, or Directory solutions.
Cloud key management and storage.
Audit trails for cloud activities and changes.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
![Page 6: the-definitive-guide-to-enterprise-cloud-governance-by-rightscale](https://reader037.vdocument.in/reader037/viewer/2022092623/5876320f1a28ab68098b4f49/html5/thumbnails/6.jpg)
The Definitive Guide to Enterprise Cloud Governance: A Frictionless Approach © 2015 RightScale, Inc. All rights reserved. RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks of their respective owners.
6
The Five Areas of Frictionless Cloud Governance Leading IT teams are now positioning themselves to support the business need for agility by brokering
cloud services for the enterprise. By becoming cloud services brokers, they can add a critical layer of
visibility and governance to cloud usage while delivering access to any cloud or pool of infrastructure
resources. To be successful in this new strategic role, IT teams will need to consider five areas for
frictionless governance controls: inventory, provisioning, operations, financial, and security. This white
paper will detail the considerations and requirements for each of these five areas.
![Page 7: the-definitive-guide-to-enterprise-cloud-governance-by-rightscale](https://reader037.vdocument.in/reader037/viewer/2022092623/5876320f1a28ab68098b4f49/html5/thumbnails/7.jpg)
The Definitive Guide to Enterprise Cloud Governance: A Frictionless Approach © 2015 RightScale, Inc. All rights reserved. RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks of their respective owners.
7
“Given the increasing number and quality of cloud offerings, we CIOs had better be the ones driving this cultural shift — otherwise, we are on the path to obsolescence.”
Niel Nickolaisen
“With Cloud Strategies
Abundant, CIOs Must Exercise
Command, Control”
SearchCIO, TechTarget
Inventory: You Can’t Manage What You Can’t SeeTo adequately govern the use of cloud, you need a single pane of glass
across all of the clouds you use. You’ll need visibility into all of your
public and private clouds, as well as virtualized environments that you
are leveraging as a cloud-like resource. Companies are also extending
their single pane of glass to include bare metal servers.
As an IT organization, you may currently have only a partial view
into your public cloud usage since many business units set up cloud
accounts without going through the central IT team. This lack of visibility
makes it difficult to govern cloud use and introduces both security and
business risks. Many enterprises also have a disjointed view of private
cloud and on-premises usage, with no way to aggregate across
disparate clouds and technologies.
It’s important that you can discover your infrastructure resources across
clouds, data centers, and geographies; organize and tag resources in
meaningful ways; search your resources to find ones that have particular
characteristics; and integrate the information into your existing CMDB.
Discovery To gauge the full extent of cloud usage and ensure appropriate levels
of governance, you’ll need a centralized way to get a complete view
of all your cloud accounts and workloads, with the ability to discover
new workloads as they are deployed.
Discovering metadata about your cloud workloads is also critical.
You’ll want access to information about the cloud, region, data center,
instance type, security groups, IP address, and networking options for
each workload. This information can be used later to filter and search
for resources with particular characteristics.
RightScale provides a centralized place to register cloud
accounts or virtualized environments. Once cloud accounts are
registered, RightScale discovers all of your running workloads and
a wide set of metadata for each, giving you get a complete view of
all instances and VMs.
![Page 8: the-definitive-guide-to-enterprise-cloud-governance-by-rightscale](https://reader037.vdocument.in/reader037/viewer/2022092623/5876320f1a28ab68098b4f49/html5/thumbnails/8.jpg)
The Definitive Guide to Enterprise Cloud Governance: A Frictionless Approach © 2015 RightScale, Inc. All rights reserved. RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks of their respective owners.
8
Tagging Once you have a view into all your enterprise cloud workloads, you need to organize individual instances or
VMs into logical groups (application or deployment) and tag workloads with useful information, such as the
purpose (dev, test, staging, or production) or the team responsible. Tags that span all your clouds can help
you to better understand how cloud resources are being used and to assess operational health.
RightScale enables you to set up a consistent set of tags for a wide range of resources (accounts,
instances, volumes, images, and more) across clouds and virtualized environments. You can search,
filter, or report based on tags.
Search The ability to search and filter on tags or other metadata enables you to report on your cloud usage
and also plan for maintenance. For example, you will need to filter or organize reports by application
name or business unit. When a new vulnerability comes out that impacts a particular operating system,
you need to find all resources running the impacted operating system, whether they reside in public
clouds, private clouds, or your virtualized data center.
By leveraging the power of tagging in RightScale, you can easily find instances across all your
cloud resource pools. For example, when you need to upgrade or patch a component, you can easily
find all the servers that need to be updated and then execute a script. This is a real lifesaver when
you need to quickly upgrade or patch hundreds of servers.
Integrate to CMDB The next step to gain visibility into your cloud infrastructure and usage is to automate the integration
into your centralized configuration management database (CMDB). You’ll want to track cloud resources
and include these assets in your enterprise CMDB to provide global visibility and auditing.
Automated integration should register the new assets in a central CMDB and continue to keep the CMDB
up to date as dynamic infrastructure changes occur (auto-scaling, de-provisioning, enhancements, version
changes, etc).
RightScale provides a certified integration with ServiceNow CMDB and provides open APIs
for integration with other CMDB systems.
![Page 9: the-definitive-guide-to-enterprise-cloud-governance-by-rightscale](https://reader037.vdocument.in/reader037/viewer/2022092623/5876320f1a28ab68098b4f49/html5/thumbnails/9.jpg)
The Definitive Guide to Enterprise Cloud Governance: A Frictionless Approach © 2015 RightScale, Inc. All rights reserved. RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks of their respective owners.
9
Provisioning: Guardrails, Not Speed BumpsOne of the most fundamental expectations of cloud is automated self-service access. Developers, and the
business units they support, value quick access to infrastructure that helps them experiment, iterate, and
test their ideas. Public cloud has provided them with “instant on” infrastructure that keeps costs low and
bypasses lengthy justification and approval processes. In order to entice developers to use sanctioned and
governed cloud services, your enterprise IT teams need to match this expectation by providing self-service
access to all of your cloud resources in minutes — not hours, days, or weeks.
Although some enterprises have implemented self-service portals to request IT infrastructure or VMs,
many of these solutions are simply ticketing systems that trigger semi-automated approval processes
and eventually manual effort from multiple systems administrators across compute, network, storage,
and platform teams. Adding cloud services to these lengthy processes is unlikely to satisfy developers
and business owners. Instead, you need to embed frictionless governance into the self-service flow
without slowing down the pace of business.
A multi-cloud self-service portal is a great vehicle to embed frictionless governance. IT can offer
standard images that meet corporate guidelines and a catalog of templates for automated provisioning —
all under version control. Your self-service flow should embed cloud policies that guide users to appropriate
use of cloud.
Standard Images Every workload provisioned in the cloud should be based on a set of corporate standard operating
system images that are appropriate for that particular cloud. Although base images are available from
each cloud provider, enterprise IT teams will typically want to customize these base images to meet
their corporate specifications.
RightScale provides standard multi-cloud images for popular operating systems and enables you to
customize a library of your own images.
Template CatalogYour self-service portal should include a catalog of technology components and stacks that are
commonly used in your organization. For example, you can provide pre-configured templates that
automate deployment of basic instances, company-standard databases, your common development
environments, or frequently used applications. Your templates ensure that each component meets your
corporate standards for versions, configurations, security settings, and patch levels. With a template
catalog, developers can go beyond basic infrastructure and easily provision higher-level services as
starting points for their applications, reducing the time to configure their environments and enabling
them to focus on building applications. Templates can also implement high-availability architectures
and automate backup and disaster recovery procedures. Your templates should be available across your
entire portfolio of clouds.
RightScale Cloud Application Template (CAT) files are standard templates for deploying components
or applications across clouds.
![Page 10: the-definitive-guide-to-enterprise-cloud-governance-by-rightscale](https://reader037.vdocument.in/reader037/viewer/2022092623/5876320f1a28ab68098b4f49/html5/thumbnails/10.jpg)
The Definitive Guide to Enterprise Cloud Governance: A Frictionless Approach © 2015 RightScale, Inc. All rights reserved. RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks of their respective owners.
10
Cloud Policies Guardrails that control the use of cloud should be embedded as
policies in your self-service flow. These policies should define the
allowed clouds, regions, or instance types. For example, you might
limit developers to using particular clouds or exclude larger instance
sizes for development environments. Policies can also control costs
by preventing deployments if cost quotas are exceeded or by defining
runtime schedules that automatically shut down workloads when
they aren’t needed.
RightScale enables you to define cloud policies as part of a Cloud
Application Template (CAT) file. IT teams can provide guardrails by
specifying which clouds, regions, and instance types are available to
end users for each catalog item.
Version Control All of your cloud assets, such as images or templates, should be
placed under version control so that changes can be tracked.
You should pull the latest versions of cloud assets when provisioning
and track what versions are being used so that you can identify
when systems need to be upgraded. You should be able to leverage
common code repositories and source code control systems.
RightScale allows you to store your library of cloud application
templates in any source control system and publish the latest version
to the self-service catalog. RightScale also provides version control
for RightScale ServerTemplatesTM to enable you to track how each
server is configured.
Case Study Technicolor runs hundreds of thousands of CPU cores globally, and the process of managing all that used to be too often based on spreadsheets and paper documents, siloed in business units, without the global visibility and agility the company desired. Today, through its Constellation Cloud Management Platform that integrates RightScale and ServiceNow, Technicolor can launch render farms with thousands of cores — or continuous integration environments for its dozens of websites — using automated workflows that can allocate resources on any of its approved private or public cloud environments.
![Page 11: the-definitive-guide-to-enterprise-cloud-governance-by-rightscale](https://reader037.vdocument.in/reader037/viewer/2022092623/5876320f1a28ab68098b4f49/html5/thumbnails/11.jpg)
The Definitive Guide to Enterprise Cloud Governance: A Frictionless Approach © 2015 RightScale, Inc. All rights reserved. RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks of their respective owners.
11
Operational Governance: Stay In Control Governance doesn’t end when a workload is launched. IT needs to maintain visibility and control over
running workloads. Developers need to continue to manage their environments throughout the development
process. Operations needs to ensure the availability and performance of production applications and to
apply appropriate patches or updates. Frictionless governance should be applied throughout the lifecycle
of an application.
Operational governance starts with an operational dashboard that provides a comprehensive view of
workloads across clouds. Ops teams also need multi-cloud tools to run scripts and automate operations,
a single pane of glass for monitoring and alerting on workload health, and easy ways to ensure
patching and updating of cloud systems.
Operational Dashboard
Operations teams operating in a multi-cloud world need to have a complete view of all their cloud-based
workloads — whether in public clouds, private clouds, or virtualized environments. They’ll need a way to see
what workloads are running where, how cloud resources are used, and any critical alerts that need attention.
RightScale provides a customizable dashboard with an overview of compute, network, and storage
use across clouds. The dashboard also highlights critical events or alerts.
Automated Operations Just as automation is critical to ensure repeatable provisioning that meets corporate standards, automation
should be used to ensure that standard operations are performed in a consistent and governed manner.
For example, developers may need standard scripts to snapshot and restore a database or update code
during the development process. Operations teams will need scripts to automate backups or perform routine
maintenance tasks. By automating these common processes, you can ensure that these operations are
performed correctly and consistently to avoid errors that compromise availability or security.
RightScale allows you to you define operational scripts in the language of your choice that automate
common operations. You can offer push-button actions to developers or other cloud users to enable them
to self-manage their cloud deployments through the RightScale Self-Service portal.
![Page 12: the-definitive-guide-to-enterprise-cloud-governance-by-rightscale](https://reader037.vdocument.in/reader037/viewer/2022092623/5876320f1a28ab68098b4f49/html5/thumbnails/12.jpg)
The Definitive Guide to Enterprise Cloud Governance: A Frictionless Approach © 2015 RightScale, Inc. All rights reserved. RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks of their respective owners.
12
Monitoring and Alerting Ensuring the operational health of cloud workloads is a critical
component of IT management and governance. Operations teams
need to monitor system health, detect and debug issues, and quickly
take action. To reduce manual work and avoid downtime, they can
define thresholds for monitoring metrics and trigger automated
self-healing actions, such as scaling the number of servers up or down
or restarting services that are failing. Ops teams can also monitor CPU
and memory utilization to find unused servers that should be shut
down or to detect under-utilized servers that could be downsized to
reduce costs. Together these capabilities help enterprises to ensure
that systems stay up and running and meet SLAs.
RightScale provides monitoring, alerting, and escalations to keep
systems up and running. Operations teams can access a variety of
monitoring metrics, specify alerts, and define automated escalations,
such as auto-scaling or automated restarts.
Patching and Updating Like traditional on-premises servers, cloud servers need to be
continually updated with the latest security patches as well as new
versions. Organizations need to update both operating system
images as well as other infrastructure components. While patching
is especially critical for production systems, development systems
also need to stay up to date with the latest versions to ensure
compatibility. There are some special concerns in the cloud, since
cloud servers may be short-lived as they are spun up and shut down
during a development cycle. With enterprises increasingly moving
to an infrastructure-as-code approach for configuring servers,
operations teams need to also ensure that the base configuration
templates or images are updated so that new servers inherit the
latest patches and versions.
Using the RightScale RightLinkTM agent, operations teams
can then automatically run scripts to automate patching of a
set of affected servers.
To ensure that newly launched servers are configured properly
and get appropriate patches, RightScale ServerTemplates
provide an infrastructure-as-code approach and enable
operations teams to choose from a variety of configuration
management or scripting options — Chef, Puppet, Salt, Ansible,
PowerShell, Bash, or RightScripts. ServerTemplates are under
version control.
Infrastructure-as-code
An approach to IT operations
that uses code and scripts
to define and automate the
configuration of servers.
Unlike older ad hoc methods
to configure infrastructure, the
infrastructure-as-code approach
allows IT teams to accelerate
speed to market, improve
reliability, and ensure security.
Case Study“As an operations team, our goal is to provide the engineers with the best possible tools so that they can launch and manage their own services. We don’t want to get woken up at 5 A.M. because a PR event on the East Coast causes a surge of traffic to our site and we suddenly need more capacity. Ideally the services should scale up on their own … but even if they can’t, the engineers responsible for a service should be able to scale up and down quickly and on demand.”
RightScale customer Matt Wise,
a senior systems architect
at Nextdoor
![Page 13: the-definitive-guide-to-enterprise-cloud-governance-by-rightscale](https://reader037.vdocument.in/reader037/viewer/2022092623/5876320f1a28ab68098b4f49/html5/thumbnails/13.jpg)
The Definitive Guide to Enterprise Cloud Governance: A Frictionless Approach © 2015 RightScale, Inc. All rights reserved. RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks of their respective owners.
13
Financial Governance: Watch Your Wallet As business units embrace the value that cloud delivers, usage and costs can easily spiral if not carefully
managed and continuously optimized. Users can often overprovision capacity or forget to de-provision
temporary resources. The variable cost model of cloud computing introduces significant opportunities
for savings, but also requires new approaches to minimize waste and optimize your spend.
A cloud cost analytics solution provides visibility into past, present, and future cloud usage and provides
the critical information needed to manage spend. You’ll need a solution that provides for multi-cloud cost tracking across all your public and private clouds, management oversight with showback and chargeback
analytics and reporting, budgeting and alerting when quotas are exceeded, and optimizing spend by
comparing cloud prices or purchase options and identifying waste.
Multi-Cloud Cost Tracking Effective financial governance of cloud requires a view of costs across all of your cloud resource pools —
including public clouds, private clouds, and even virtualized environments. With a single pane of glass,
you’ll be able to understand total cloud costs as well as costs for individual providers.
Getting detailed cloud pricing and usage data, down to hourly usage and individual instances, is critical.
For public clouds, you’ll want tools that can leverage billing data but also analyze detailed usage metrics
along with price data to allow you to further delve into your cost drivers. You’ll also need to consider
pricing adjustments to public cloud list prices to cover internal overhead or negotiated discounts.
For private clouds or other on-premises environments, you’ll need similar detailed usage metrics along
with the ability to define your own price books based on the internal costs of acquiring, deploying,
maintaining, and running infrastructure.
RightScale tracks your usage and costs across major public cloud providers as well as private clouds
and virtualized environments. RightScale maintains a database of more than 15,000 public cloud prices
and also supports price adjustments (up or down) and customized prices books for private clouds and
on-premises environments.
![Page 14: the-definitive-guide-to-enterprise-cloud-governance-by-rightscale](https://reader037.vdocument.in/reader037/viewer/2022092623/5876320f1a28ab68098b4f49/html5/thumbnails/14.jpg)
The Definitive Guide to Enterprise Cloud Governance: A Frictionless Approach © 2015 RightScale, Inc. All rights reserved. RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks of their respective owners.
14
Analytics and Reporting Unlike traditional on-premises infrastructure where financial analysis and approvals occurs in advance of
a large purchase, cloud computing (particularly public cloud) offers a “pay-as-you-go” cost model that
requires a “continuous governance” approach to financial controls. As a result, you need to provide both
your finance team and your internal cloud consumers with ways to easily see and analyze their costs through
an online portal as well as automated, scheduled reports for showback or chargeback of costs. The ability
to slice and dice costs by cloud, region, application, instance type, user, or any other tag will enable you to
allocate costs appropriately. Your technical teams will also need to drill down to individual instances and
servers to take action on insights. Lastly, you’ll need the ability to integrate cloud costs into your other
financial systems.
RightScale provides a cloud cost portal with access controls so that all of your cloud stakeholders
can access and analyze data on cloud costs. You can slice and dice cloud costs on a wide range of factors
(cloud, region, data center, application, instance type, or user) and drill down to understand trends,
investigate anomalies, and uncover opportunities for savings. RightScale delivers automated reports
to your stakeholders via email and provides CSV files that can be used to integrate with other systems.
Forecasting, Budgeting, and Alerting The ability to pay as you go for cloud consumption offers opportunities for significant savings by
automatically scaling infrastructure in real time based on actual workload demand as opposed to traditional
approaches that require you to forecast peak demand in advance and provision on-premises hardware to
meet the peak. However, while these approaches can increase utilization and reduce costs, combining
these dynamic provisioning approaches with the complexity of cloud pricing can make it difficult to forecast
what those cloud costs will be. To forecast costs for existing applications, you’ll need to take historical
usage and cost data and apply expected growth rates (or declines) as well as seasonality changes.
For new applications, you’ll need to specify the hardware necessary to meet expected loads.
Using both historical cloud usage and future forecasts, you can set budget levels by departments, projects,
and individuals. Budgets should be integrated into your self-service portal such that provisioning requests
are matched against budget levels and manager approval is required only if a request is out of scope,
thus eliminating developer frustration for standard requests within specified project limits and parameters.
There are two approaches to quota enforcement, and you may want to use these in combination depending
on the workload. For production or other critical workloads, you should implement an alerting approach.
You can alert users and managers if their spend has already exceeded their monthly budget or if it’s
projected to exceed the budget based on the current run rate. For development and testing deployments,
you may also choose to prevent deployment of new workloads through the self-service portal if the budget
or quota is already exceeded.
RightScale provides robust tools to forecast cloud spend for existing or prospective applications.
You can set budgets at any level you choose (by cloud, application, project, team, and more) and get
alerts if those budgets are exceeded or are projected to be exceeded.
![Page 15: the-definitive-guide-to-enterprise-cloud-governance-by-rightscale](https://reader037.vdocument.in/reader037/viewer/2022092623/5876320f1a28ab68098b4f49/html5/thumbnails/15.jpg)
The Definitive Guide to Enterprise Cloud Governance: A Frictionless Approach © 2015 RightScale, Inc. All rights reserved. RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks of their respective owners.
15
Spend Optimization Financial governance will enable you to reduce your cloud spend by selecting the right cloud in your
portfolio, selecting the right purchase options, and minimizing waste. Many enterprises are implementing
a multi-cloud portfolio using several public cloud options combined with private clouds or on-premises
virtualized resources. By forecasting costs on different clouds or regions (public and private), you can
compare different options and choose the best price based on your requirements. In some cases, you might
want to choose an on-premises environment first if there is available capacity, since that represents an
opportunity to maximize a sunk cost.
Selecting the right purchase options — such as AWS reserved instances (RIs) — is an ongoing challenge.
You will need to analyze usage to determine how much you can save with RIs and then ensure that you fully
use the reserved instances. Often companies have unused RIs because the instances they launch are not in
the appropriate region or of the correct instance type. You’ll want reports that show under-utilized RIs so
that you can adjust your provisioning to leverage them and maximize your savings.
Reducing waste is one of the easiest ways to make large reductions in your cloud bills. There are three main
ways to reduce waste: ensure that instances are shut down when they are no longer used, shut instances
down during “off hours” such as nights and weekends, and rightsizing your instance sizes to the needs of
the workload. Any workloads that are going to be used for a fixed time period (development, test, training,
demo, or events) should have an automated schedule to shut them down when the project is done. You
can also schedule them to run only during the needed hours, such as during work hours for development
workloads. To ensure that you rightsize your cloud instances, you can include policies in your self-service
portal to guide users toward appropriate instance sizes and then monitor running workloads to detect
under-utilized workloads and make appropriate adjustments.
RightScale enables you to forecast costs in different clouds and with different purchase options in
order to make the best decisions. RightScale also reports on utilization of AWS reserved instances that
have been purchased to ensure that they are being used. For temporary workloads, such as development
instances, RightScale can automate the process of shutting down workloads at project end or for
overnights/weekends according to user-specified schedules.
![Page 16: the-definitive-guide-to-enterprise-cloud-governance-by-rightscale](https://reader037.vdocument.in/reader037/viewer/2022092623/5876320f1a28ab68098b4f49/html5/thumbnails/16.jpg)
The Definitive Guide to Enterprise Cloud Governance: A Frictionless Approach © 2015 RightScale, Inc. All rights reserved. RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks of their respective owners.
16
Security and Compliance: Controlling a Multi-Cloud World While individual cloud providers each offer capabilities for identity and access management, key
management, and audit trails, users are often left to their own devices for getting a complete picture
and consistent approach across multiple clouds. As IT organizations broker multiple cloud services
for their users, they need a central point of control for cloud access.
Enterprises need to ensure that they have a complete view of cloud usage by aggregating cloud accounts, providing multi-cloud identity and access management that federates identity from
existing systems, implementing robust key management practices, and having complete audit trails across clouds.
Account Aggregation As enterprises increase their cloud adoption, management of many accounts across multiple clouds can
become a significant challenge. Although some individual cloud providers offer simple ways to associate
cloud accounts with a master billing account, enterprises need to gain a comprehensive view of all their
accounts across all clouds (regardless of who created them) while delegating authority for particular
accounts to different organizations, business units, teams, or users. By providing a central way to aggregate
cloud accounts, IT teams can ensure consistent governance and compliance with corporate standards.
RightScale allows you to aggregate all of your accounts across all of your cloud into a single hierarchy.
By registering existing or new cloud accounts with RightScale, you’ll have the ability to see all of the cloud
accounts in use across your organization. In addition, you can control which users can access each account.
Identity and Access Management While individual cloud providers offer identity and access management (IAM) for a particular cloud,
enterprise IT needs a centralized solution to manage identity and control access across all of its cloud
providers. You can leverage your existing identity system to manage credentials so that users across your
organization can access cloud services and use single sign-on (SSO). You will then need to use a centralized
approach to specify roles and permissions that are relevant for your cloud accounts.
RightScale supports federated identity management through SAML, providing access to multiple
cloud accounts. Enterprise users can then use single-sign-on (SSO) to access any cloud account to which
they have the appropriate access. RightScale provides for consistent multi-cloud role-based access control
(RBAC) across clouds and also provides for temporary users.
![Page 17: the-definitive-guide-to-enterprise-cloud-governance-by-rightscale](https://reader037.vdocument.in/reader037/viewer/2022092623/5876320f1a28ab68098b4f49/html5/thumbnails/17.jpg)
The Definitive Guide to Enterprise Cloud Governance: A Frictionless Approach © 2015 RightScale, Inc. All rights reserved. RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks of their respective owners.
17
SSH Key Management The challenges of managing SSH keys for logging into servers can be exacerbated with the dynamic
provisioning of resources across multiple clouds. Improperly stored SSH keys can create a security risk for
the organization. Enterprises have several options to solve this problem: Cloud management solutions can
provide centralized multi-cloud key management capabilities, some cloud providers offer key management
services, and third-party and on-premises options exist.
RightScale provides a centralized key management capability that works across clouds and enables
easy log in for users who are authenticated with the RightScale platform. Users can choose to use
third-party key management services as well.
Audit Trails Audit trails are critical to both debugging operational issues as well as ensuring compliance with policies and
regulations. Individual cloud providers may provide for cloud-specific audit trails, but a centralized audit trail
across clouds provides for consistency and a single point of control. Audit trails should include provisioning
actions and lifecycle operations, operational scripts, changes in network and security settings, and other
management actions.
RightScale provides a multi-cloud audit trail that tracks changes made to cloud resources and security
settings. RightScale also provides the current settings of all security groups.
Conclusion and Next Steps We’ve covered the five areas that must be considered in order to realize a frictionless governance
cloud model: inventory, provisioning, operations, financial, and security. To ensure that the requirements
for each area are met, IT teams will need a platform to centralize policies and embed governance
throughout the cloud provisioning and management process. This platform should serve to balance
the demands for agility from internal cloud users with the implementation of governance and security
controls, effectively ensuring frictionless governance that provides guardrails, not speed bumps, in the
path to using cloud.
IT teams are increasingly acting as cloud services brokers to deliver self-service access to a curated
catalog of commonly used components, stacks, and applications for developers and other cloud users
to request, provision, and manage these services across public cloud, private cloud, and virtualized
environments. As cloud services brokers who must define and implement access controls, IT teams
are in a strategic position to embed frictionless governance into their self-service portals and
brokering processes.
![Page 18: the-definitive-guide-to-enterprise-cloud-governance-by-rightscale](https://reader037.vdocument.in/reader037/viewer/2022092623/5876320f1a28ab68098b4f49/html5/thumbnails/18.jpg)
The Definitive Guide to Enterprise Cloud Governance: A Frictionless Approach © 2015 RightScale, Inc. All rights reserved. RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks of their respective owners.
18
RightScale provides a cloud broker and management platform that can provide the foundation for
your multi-cloud strategy and help drive innovation, growth, and efficiency. RightScale incorporates
frictionless governance, enabling IT teams to deliver cloud resources as quickly as developers can obtain
them directly from cloud providers. Combined with automation, RightScale can make it even easier and faster for enterprise users to get fully configured stacks or applications in public or private clouds via an
easy-to-use interface without sacrificing the necessary visibility, governance, and control.
RightScale Consulting is your partner on your journey to cloud. Our team of experts can help you use
the RightScale platform to create a frictionless cloud governance model that satisfies your company’s
compliance and financial needs. For the latest information on cloud computing best practices,
check out www.rightscale.com/learn.
About RightScale
RightScale® enables leading enterprises to accelerate delivery of cloud-based applications that
engage customers and drive top-line revenue while reducing risk of outages and optimizing costs.
RightScale Cloud Portfolio Management provides a single pane of glass to manage, govern, and
optimize applications in public, private, and hybrid clouds. With RightScale, IT organizations can
deliver instant self-service access to a portfolio of public, private, and hybrid cloud services across
business units and development teams. RightScale provides enterprise-grade governance so that
IT teams can control user access; standardize technologies and processes; ensure security and
compliance; and enforce budgets. In addition, RightScale Consulting provides deep cloud expertise
to help companies develop cloud strategies, deliver cloud projects, and optimize cloud usage.
Since 2007, more than 50,000 users at leading organizations across a variety of industries have
launched millions of servers and advanced their cloud infrastructure through RightScale.
Contact us and find out how RightScale Self-Service can enable your IT team to become a cloud services broker and start your path to frictionless governance.
+1.888.989.1856 (toll free) +1.805.500.4164
or email us [email protected]