Third Party Optimization Tools v. AWS Native Tools
Each cloud service provider has a set of native management tools that address issues that cloud practitioners report are the most common challenges they face on the cloud (especially as they begin to scale). On AWS for example, cost control and security/compliance management are the two major issues that come up when operating at scale.
It is common to hear about cloud projects going over budget, often due to lack of experience in sizing for the cloud or lack of awareness of options for cost optimization. According to a Gartner report, 80% of organizations will overshoot their cloud infrastructure as a service (IaaS) budgets, due to a lack of cloud cost sensibilities.
Moving to the cloud also means moving a different security model. The cloud is made of a large number of independent services with very granular security controls over each. To make it all work together in a secure way, you have to manage configurations carefully and set up roles and permissions on each side of the service.
Security is different in the cloud!
As a simple example, consider an application running on an EC2 instance that needs to access an object in S3. To ensure you are operating on the principle of least privilege, you need to :
- Create a policy that gives the developer permission to launch EC2 instances and pass IAM roles to the instance
- Create a EC2 role that the instance will assume at launch to get access to the specific S3 bucket
- Optionally (and ideally), create a S3 bucket policy that restricts access to the bucket from only the role created above
- Monitor all 3 primitives (1x EC2 Policy, 1x EC2 Role, 1x Bucket Policy) to ensure compliance with security policy
Compare that to how you operated in the on-premises world, where you controlled not just the servers, but also each individual path from server to storage and the perimeter around both. There simply was not these many primitives to manage.
None of these is difficult to set up. In most cases, all you have to do is a quick internet search and all the roles and policies you need are readily available to copy and paste into your IAM console!
But, factor in a DevOps environment operating at scale, where you implicitly have many points of control. Soon, you’re drowning in primitives and have lost the ability to look at the forest (compliance) because you’re so focused on the trees (primitives).
Using Native AWS Tools
For Cost Management, AWS provides the following native services:
- Cost Explorer (free) enables customers to view the last 13 months of spending and statistically forecast the next three months. Based on usage patterns, cost explorer recommends on-demand instances or reserved instances (RIs), including instance sizes
- Trusted Advisor (charged as a percentage of total AWS spend) makes recommendations to reduce cost, including identifying target EC2 instances to convert to RIs, underutilized EC2 resources such as instances, load balancers, EBS volumes and Elastic IP addresses
For security management, AWS Trusted Advisor plays a double role. It also provides recommendations security by analyzing the environment and comparing against best practices. A core set of best practices are available for free, but the full feature set is chargeable as a percentage of total AWS spend.
So why use third party tools ?
While we agree that AWS has done a great job with these tools, we felt there was need for more that what these tools offer.
As an AWS user, this is a question that you’ll be asking yourself too: why give up the comfort of the native tools and move to a third party platform? We’d like to share our thought process hope that can help you answer the question.
We started by taking a look at our product – HyperCloud. And what we heard from the larger user community that there was a need for:
- A platform designed for multi-cloud, from the start
- Cloud planning capabilities, not just cloud management
- Cloud arbitrage, deeper pricing analysis
- Manage risk posture, not security best practices
Multi-Cloud From the Start
Users may be starting with Hybrid, but they tell us that they need to be prepared for multi-cloud from the start. This one was easy for us, because we were able to leverage the multi-platform capability of our HyperCloud. Built with public cloud primitives in mind, and designed for multi-platform support, adding multiple public clouds is easy. Users learn the workflow once and then repeat with any cloud completely eliminating the need to learn cloud provider specific technologies. Application blueprints work out-of-the-box on any cloud or with minimal change. Scaling security and policies is just as easy: users define them once and use on any supported cloud.
Cloud Planning, Not Just Cloud Management
A cloud service provider’s own offerings start adding value once users are in the cloud, or, close to that point. We repeatedly heard that there is a need for greater support in the cloud planning stage. We have talked about cloud planning extensively in series of previous blogs, that help users plan their infrastructure and application migrations with accurate cost data that come from 400+ million data-points. Our latest release HyperCloud 6.0, adds support for disaster recovery planning and the Azure CSP Program to support even more cloud planning scenarios.
Cloud Arbitrage: Deeper Pricing Analysis
Each cloud is a large enough ecosystem to create plenty of arbitrage opportunities such as alternative architectures, service types, service classes, regions and so on. Bring in a multi-cloud environment and it is easy to get into analysis paralysis mode when comparing options.
HyperCloud Analytics solves this by using data-driven decision making. With HyperCloud Analytics, we regularly benchmark over 400 million pricing combinations of instances and services across different clouds. This data is collated against inventory, performance, and utilization data collected from either your existing IT systems or your detailed AWS bill. We do deep pricing analysis for AWS EC2, and our new relase adds support for AWS Lambda to offer even more breadth and depth in our pricing analysis.
Manage Risk Posture, Not Security Best Practices
The use of cloud comes with a tradeoff: give up control over the whole stack in return for much greater agility. Users tell us that with all the new security primitives to manage (roles, permissions, identities, policies and their per-service variations), it is easy to lose the forest for the trees.
What is needed is a more holistic view of risk, instead of just managing to best practices and monitoring of security primitives (roles, identities, permissions, policies etc.). Compliance Analysis and Remediation is one of the new features of HyperCloud 6.0.
We Enable You to Cloud, Smarter
Here is a quick summary table that compares our capabilities to the native capabilities of AWS
|Use Case||AWS Support||HyperCloud Analytics Support|
|Per-Service Breakdown of Bill||Cost Explorer||Yes|
|Detailed Cost and Usage by Instance||No||Yes|
|Recommend alternate instances||No||Yes|
|Recommend alternate clouds||No||Yes|
|Recommend Reserved Instances||Trusted Advisor||Yes|
|Show wasted RIs||No||Yes|
|Show savings from RIs||No||Yes|
|Lambda – Cost Optimization||No||Yes|
|Lambda – Wasted Invocations||No||Yes|
We believe our platform is beneficially different from any other in the market as it simplifies cloud adoption using automation, orchestration and predictive analytics. Join us in our journey by visiting us on the AWS Marketplace.