As organizations use cloud computing, there is a wide variety of services, assets, and resources on which stakeholders across the organization will want to analyze, measure, and report:
Having multiple ways to organize infrastructure enables multiple stakeholders to manage and make effective use of their cloud infrastructure.
Tanzu CloudHealth Perspectives are “lenses” through which you want to view your infrastructure. They provide a framework for categorizing all the assets within your infrastructure. Sample perspectives might include Environment, Application, Department, Function, Project, or Cost Center.
Consider an example of a COO who wants to evaluate her business by these environments: development, staging, testing, and production. In order to perform this evaluation, she would need to classify all assets in their cloud infrastructure into categories, where each category corresponds to one type of environment. In this case, her lens into her infrastructure would look like this.
Lens: Environment
Categories:
In the Tanzu CloudHealth platform, each lens corresponds to a Perspective and each category within a lens corresponds to a Perspective Group. Groups help you organize your infrastructure into specific business views for analysis, management, evaluation, monitoring, and measurement.
While this list is not meant to be comprehensive, it illustrates Perspectives that you should consider creating for your infrastructure in the Tanzu CloudHealth platform.
Perspectives help you gather and organize assets into groups that have the most meaning and significance for your organization. You can use perspectives to analyze trends by business group instead of looking at all groups’ data simultaneously.
Without setting up Perspectives for your infrastructure, gathering useful information from the Tanzu CloudHealth platform becomes an extremely laborious and error-prone process.
When you enable your cloud provider accounts in the Tanzu CloudHealth platform, all information across your accounts, teams, projects, and locations is aggregated in a single place. However, analyzing trends and considering infrastructure optimizations requires you to look at all that information by business group. Each group’s requirements, costs, and usage tend to be very different. Tanzu CloudHealth Perspectives give you a simplified way of sorting all your assets into groups that have the most meaning and significance for your organization.
You can leverage Perspectives as a framework for evaluating, analyzing, and reporting on trends that are unique to each business group in your organization. You can leverage Perspectives in these sections of the platform.
Tanzu CloudHealth InterActive Reports are one of the most common areas of the platform where you can leverage Perspectives. Reports in the Tanzu CloudHealth platform present data aggregated hourly, daily, weekly, or monthly. With all reports, however, you are trying to determine about how cost, usage, performance, security, or metrics are trending within a particular group in your organization. Perspectives give you the ability to dive deeper from the aggregated view into specific business or functional area to create unique intersections for analyzing trends and arriving at root causes.
Consider that your cloud infrastructure is viewed through two Perspectives: Function and Environment. These are the Groups within each Perspective.
In the Cost History report, which aggregates data across accounts, groups, teams, and departments, you can use Perspectives to answer this question:
What is the monthly cost of my web servers in production
Consider that one of the Perspectives into your cloud infrastructure is Owner, whose Groups correspond to the names of individuals in your organization.
In the Cost History Report, you can use Perspectives to answer this question:
What is Devin’s monthly cloud spend in production
Use Perspectives to filter tabular data like that presented in the Metrics reports and Asset Reports. Using combinations of Perspectives and Groups, you can identify performance and other metrics of assets that belong to specific business areas, functions, owners, and so on.
Consider that your cloud infrastructure is viewed through two Perspectives: Function and Environment. These are the Groups within each Perspective.
Function: webserver, memcache, database, elasticsearch Environment: development, staging, testing, production
In the Metrics > EC2 Instance report, which aggregates data across accounts, groups, teams, and departments, you can use Perspectives to answer this question:
Tanzu CloudHealth Policies give you a simple and effective way to eliminate noise and focus on key indicators that will help you maintain centralized governance across your environment. When building a policy, specify a Perspective and one or more Groups in which you want to localize the policy. Tanzu CloudHealth considers only those Perspectives and Groups when evaluating the policy rule and any actions you specify.
Not all instances are in use 24x7x365, especially those outside of production. You can create a policy to periodically shut down these instances in specific environments to reduce cost.
The Recommendations section of the Tanzu CloudHealth platform helps you optimize across cost, usage, performance, and security. The types of optimization you see in this section will depend on your cloud provider.
This section helps you optimize Reserved Instance purchases (AWS), rightsize instances (AWS), and rightsize virtual machines (Azure). In all cases, you can use Perspectives to isolate the part of the infrastructure that you want to optimize. The recommendations you receive are specific to the Perspective Group you want to analyze.
Consider that your cloud infrastructure is viewed through two Perspectives: Function and Environment. These are the Groups within each Perspective.
If you create a quote for Reserved Instance purchase using the EC2 RI Optimizer, Tanzu CloudHealth considers all on-demand and reserved EC2 usage across your infrastructure when building the quote recommendations. However, organizations typically plan RI purchases for specific departments, teams, or projects at a time. You can use Perspectives to constrain this scope that the Optimizer only considers EC2 usage in a particular Perspective Group when building the recommendation quote.
Organizations tend to look at costs through different perspectives depending on the stakeholder who receives a cost report. The Finance department might want a monthly breakdown of costs by product line or shared environment. The Operations department might need a cost breakdown by project or team, and the Engineering might want a cost breakdown by application role.
The Cost Reallocations section of the Tanzu CloudHealth platform allows you to select a cost source and redistribute it among one or more cost destinations. The source and destination are determined by Perspectives and Perspective Groups within them.
Understand how Tanzu CloudHealth classifies your cloud resources as assets
An asset is any resource that you provision in the cloud. Assets include both infrastructure (e.g., EC2 Instances, EBS Volumes, and S3 buckets) and features or frameworks supporting this infrastructure (e.g., IAM users, IAM Policy, and CloudFormation templates). Effectively, anything that you can provision and deprovision in the cloud can be considered an asset.
Note: To avoid throttling issues resulting in collection failure, SLA for IAM assets - IAM users, IAM roles, IAM groups, IAM server certificates, IAM password policy, and credential reports has been increased to 4 hours.
Like physical assets, cloud assets too have a lifecycle: they are provisioned, undergo changes over time, and are eventually deprovisioned when they are no longer required. Tanzu CloudHealth tracks and manages your assets throughout their entire lifecycle. You can allocate assets to different perspectives to simplify their management.
Assets can be classified by type and activity.
Description | ||
---|---|---|
Type | Financial | Assets that have an associated cost. Your cloud provider charges you for using these assets, for example, EC2 Instances or EBS Volumes. |
Nonfinancial | Assets that have no associated cost. For example, Security Groups and CloudFormation templates. | |
Activity | Active | Assets that are currently in use within your infrastructure and are available through your cloud provider’s console. |
Historical | Assets that are no longer in use in your infrastructure but have been archived by Tanzu CloudHealth for historical reporting. |
Tanzu CloudHealth stores historical asset information for 13 months. As a result, assets that were deprovisioned in the last 13 months will appear in Tanzu CloudHealth asset reports. To determine if an asset is active, include the State column in Tanzu CloudHealth asset reports.
How to use tagging as a way to organize your cloud infrastructure
Having multiple ways to organize your infrastructure is pivotal to enabling stakeholders with different needs to manage and make effective use of their portion of your cloud infrastructure. The challenge, however, is in determining how to define, structure, and allocate cloud resources in a way that simplifies their organization. Tagging your assets is a simple way to enable asset organization. Tanzu CloudHealth Custom tags help in:
A tag is a key-value pair that you assign to your asset, which makes them easy to implement. Cloud providers do not automatically assign tags to resources you provision. Instead, tagging is a deliberate step that an administrator or the individual provisioning the resource must undertake. Therefore, having a tag governance strategy that spans all your accounts and cloud providers is an essential framework for people in your organization that are assigned to tag management. Without a strategy in place, variations in tag structure can result from tag misspellings and assumed naming and capitalization conventions.
There are two approaches to tagging assets before you build the Perspectives and Groups into which they are gathered. You can leverage both approaches in the Tanzu CloudHealth platform.
AWS, Azure, Google Cloud, and Oracle Cloud allow you to attach tags to any assets or resources you provision through them. Each provider has some limitations on which assets are taggable. In addition, there might be limitations on what tags you can use (to account for provider-specific reserved words). Here are some examples that redirect to documentation by cloud providers on asset tagging.
Tags you attach to assets in the Tanzu CloudHealth platform are not propagated to the cloud provider but are instead localized to the Tanzu CloudHealth platform alone.
The tagging capability provided by AWS, Azure, Google Cloud, or Oracle Cloud might be limited in terms of what assets are taggable. Moreover, there tend to be restrictions on what types of tags you can specify. For example, click here to learn about tagging restrictions in AWS.
Tanzu CloudHealth Custom tags help you overcome these limitations and tag more resources than your cloud provider permits. In addition, you can leverage both Tanzu CloudHealth tags and cloud-provider tags when building Perspectives, which gives you greater flexibility in organizing your cloud infrastructure.
This example shows how you can manage Tanzu CloudHealth Custom tags for multiple assets through the perspective editor.
- You can delete an existing tag on the selected resources by clicking Delete and filtering down to the list of tags to delete.
- If you deleted a tag inadvertently or want to restore a deleted tag, click Revert and enter the tag to revert.
Understand approaches to gathering assets before you build the Perspectives and Groups into which they are gathered
There are two approaches to gathering assets before you build the Perspectives and Groups into which they are gathered. You can leverage both approaches for building Perspectives in the Tanzu CloudHealth platform.
Tanzu CloudHealth builds Perspectives based on classification rules that partition your assets into Groups. These rules can be based on any asset data available in your environment, such as Amazon tags, Chef environment, or Names. Here’s a semantic example of one such rule.
Gather all assets that have the "ENV" tag and allocate them to the "Environment" Perspective. Then for each value of the ENV tag, create Groups inside the Environment Perspective.
You can allocate assets to only one Group within a Perspective; therefore, assets within each Group are mutually exclusive. However, an asset that is already allocated to a Perspective Group can be allocated to a different Group in another Perspective. For example, the same asset can be allocated to both these groups.
When you define a classification rule in the Tanzu CloudHealth platform, the following actions occur:
Once you define classification rules, as you provision and deprovision cloud infrastructure, Tanzu CloudHealth automatically allocates assets to the right Group within your Perspectives. For example, if you define a rule by which you can identify webservers in a Perspective called Applications, when you launch a new server in your infrastructure, Tanzu CloudHealth automatically adds the server to the correct webserver group within the Applications Perspective.
Build Perspective Groups and allocate assets to these Groups
A Perspective is one lens into your cloud infrastructure. It contains one or more Perspective Groups.
This example shows how to build Perspective Groups and allocate assets to these Groups. Major decision points are highlighted accompanied by guidance on how to pick one approach over another.
Name your perspective and add a description. Then click Create Perspective and Start Building. The perspective editor appears with a list of assets that are not allocated to any Perspective Group. Initially, you start with 100% of assets unallocated. This means that nothing within your cloud infrastructure — financial, non-financial, historical, and active assets — has been assigned to a Group.
As you begin to create Groups, the number and percentage of Assets Not Allocated decreases and the Assets Allocated percentage increases.
Notice that the list of assets is filtered by Financial Assets, namely, those assets that have direct financial impact. For more details see What Are Assets? It is often valuable to review only those assets that have a direct financial impact. If you expand the scope to All Assets, the number and percentage of Assets Not Allocated remains the same, but the list of assets by type is considerably expanded.
Optional: Create Placeholder Groups as containers that you can later use to gather cloud assets.
There are three ways in which you can use Tanzu CloudHealth to query your cloud infrastructure for assets that match a pattern.
Best practice: Start with the Categorize approach first, and then use Search. Avoid Simple Search, if possible, because it returns a large number of false positives.
With the Taggable Assets asset type, assets are allocated to the group only using tags. All asset types gather associated assets except for any asset type marked Taggable Assets, such as:
For example, you have a security group associated with an EC2 instance, with the tag security
. The security group is not allocated using AWS Taggable Assets Only unless you specify that you want to allocate the group using the tag security
.
With this approach, you can select a field for categorization and query for assets that have the selected field as an attribute. Tanzu CloudHealth groups the query results by the unique values that the field can have.
From Choose a Field to Categorize By dropdown, select a field you want to use for categorization. The dropdown allows you to choose an asset tag or other data associated with the selected Asset Type. For an asset tag, the drop down also provides additional asset information next to each tag in the following format. For example, if you select tag@cht_owner 39% (12 categories)
tag, then
Segment | Description |
---|---|
tag@cht_owner | Name of the asset tag for categorization |
39% | The percentage of all assets of all types that Tanzu CloudHealth will allocate into one of the proposed Groups produced by this categorization. |
This percentage includes both current and historical assets. | |
12 categories | The number of unique categories for this field. Tanzu CloudHealth proposes a Group for each unique category. |
While this approach requires several steps to gather assets of interest, it enables you to select specific criteria for discovering asset groups using fields when asset tags are unavailable.
This approach returns assets that contain the term that you use for searching. The term can be part of the asset name, attribute name, or attribute value. Because this approach can potentially return a large number of false positives, further refinement of the results is necessary.
1.In the perspective editor, click Simple Search to expand the section. 2. Enter the term that you want to search by. Then click Search. Assets that contain the search term appear in the results.
Understand the different type of perspective groups that you can create in Tanzu CloudHealth platform:
Dynamic Groups are created from a single or multiple categorization rule. Assets are automatically allocated to or removed from a Perspective group without your intervention. They provide you a way to create a Group for every unique value of the categorization field and keep it up-to-date without any ongoing intervention.
For example, consider that you are using a tag key environment
that currently has one of three values: production
, staging
, and qa
. When you create a dynamic group based on the categorization rule that creates groups based on the unique values of the environment
tag, Tanzu CloudHealth creates three Perspective Groups: production
, staging
, and qa
. A month from today, if you start tagging assets with environment = development
, the same categorization rule automatically creates a new development
group. Based on the Asset Type you chose to categorize with, all the assets tagged with that value get allocated to the new group.
Prod
, prod
, and Production
, it will create three separate groups, although they all refer to the same environment.Production
and prod
using categorization, but they all represent the same environment, you can merge them in the Tanzu CloudHealth platform. Later, if you want, you can unmerge them into separate groups too. However, merging and unmerging groups is possible only with dynamic groups. For more information, see Manage Perspective Groups.prod
, staging
, dev
, and another group block has an AWS volume category rule on environment creating groups prod
, staging
, test
. If these two dynamic group blocks are merged, the resulting groups would be: prod
, staging
, dev
, test
. The groups prod and staging would represent merged dynamic groups.Static Groups are also created from a single categorization rule or through Search, and can be expanded if discovered assets match the existing rule. The assets matching the rule will be automatically added to the appropriate Perspective groups. However, in case of changes in the tags on assets, you need to manually add updated groups to the Perspective that are built using static groups.
For Static Groups, a Perspective will not create a new group for the given categorization rule. For example, You created a Perspective group using the categorize by Owner
tag. Using the Add all option, you created a different group for each owner. When a user owner:Vikram
adds a new asset and tags it with his name, the Perspective will be automatically updated and includes his new asset in the group labeled Vikram
. However, if a new employee named Alyssa joins and she tags her resources Owner:Alyssa,
the Perspective will not create a new group for her because there are no groups categorized on Alyssa.
The Placeholder Groups are blank groups you manually create to reallocate indirect or direct costs. Click Group on the right side to Add Placeholder Group. For more information, see Cost Reallocation.
There are four ways of adding gathered assets to Perspective Groups. Irrespective of the approach you use, a progress bar in the upper right corner indicates the percentage and number of assets — both current and historical — that have been allocated to Perspective Groups. The list of Groups created appears below the progress bar.
This option allows you to create groups one at a time from a set of query results. Click the plus +
icon, provide a group name, and click Add Group.
The newly created group will be added to the list of Groups.
This option allows you to gather a set of results to an existing group. When you add assets to an existing group, the classification rule used to collect those assets is also added to the group to enable ongoing asset management.
Click Add all to create multiple static groups at the same time. This option allows you to add each result set into a separate group. When a new asset is discovered that meets one of the existing rules, it will be automatically added to the appropriate group.
This option allows you to create multiple Dynamic Groups at the same time to your Perspective. Groups created by this method can expand and contract as you add or remove attribute values for your assets.
Click Add All as Dynamic Rule, provide a Name to the group, select a color to represent groups and click Add Dynamic Group.
After gathering your assets into Groups, review the assets in each Group. This step helps you ensure that your assets are allocated to the correct Groups and that, as a result, cost, usage, performance, and metrics are attributed to the rightful business group. Reviewing the assets for a proposed Group is particularly important when you are gathering assets based on AWS tags, which are prone to mistagging.
Checking assets in each Group can be prohibitively time-consuming if your organization has a very large ecosystem of cloud assets. In that case, develop a spot-checking strategy that can help you ensure proper allocation.
Best Practice: The recommended best practice is to review larger items first to ensure accuracy and then look at other types of assets based on your specific needs. For example, EC2 instances (for AWS).