Managing Perspectives

Manage Perspective Groups

The section discusses different ways of managing perspective groups.

Delete Groups

To delete an empty group, use Clean Empty Groups.

You can delete a perspective group only if it is not an individual dynamic group. When you delete a group, VMware Tanzu CloudHealth notifies you of any subscriptions or cost reallocation rules that are tied to that group.

The classification rule that gathered the assets in the deleted group is no longer evaluated.

Merge or Unmerge Groups

You can merge multiple individual groups that have the same intended collection of assets. For example, if you have a perspective called Owner that gathers assets into groups named after individual asset owners in your organization, the classification rule gathers assets based on the unique values of the owner tag. To merge two groups, select both groups and click the link icon. In this example, due to inconsistent tagging practices, assets belonging to Vikram are tagged as owner = Vikram sometimes and as owner = vikram at other times. The classification rule creates two groups -Vikram and vikram - to gather these assets. You can merge these two groups so that assets that meet the condition of either rule are gathered in the same group. In this way, changes, additions and deletions to assets within this group will accurately reflect assets tagged with either owner = Vikram or owner = vikram. To unmerge groups, click the unlink icon next to the merged group. Unmerging groups removes all previously linked groups from the merged group.

Note: Groups cannot be unmerged if the resulting subgroups would have identical names. To unmerge these groups, delete the entire dynamic group block.

Clean Empty Groups

Over time, as your cloud infrastructure changes, the individual groups that make up a dynamic group can end up with no assets. Dynamic groups may end up with no assets, because Tanzu CloudHealth could not find any assets that match the classifcation rule for the dynamic group. This can happen when a tag value used for classifying assets is no longer being used.

To delete all empty groups within a dynamic group, click the broom icon.

Modify Classification Rules That Determine Group Membership

You cannot edit classification rules of individual groups in a dynamic group because a dynamic group is governed by a single rule that builds all groups within it.

Tanzu CloudHealth builds perspectives based on classification rules that separate your assets into groups. These rules can be based on any asset data available in your environment, such as Amazon tags or Chef environment. Here’s a semantic example of one such rule:

In the typical workflow, you define classification rules through the Search or Categorize approach and these rules create groups. After defining a group, you can change the underlying rule to fine-tune the assets that are gathered into that group.

Select a perspective and click the Groups tab. Then select a specific group from the list.
Click the Edit icon for the Filter to set the parameters.

After you set the parameters of the group:

The platform places the perspective containing the group you edited into a not yet updated mode.
In all reports, the status of the perspective is set to pending.
After the perspective is updated, the not yet updated status is cleared and the pending status is removed from all reports.

Update Perspectives

How Asset Inventory is Updated

When you configure a cloud provider account in the Tanzu CloudHealth Platform, you need to provide the platform read-only access to query your cloud provider for changes in asset inventory.

Changes in your asset inventory are monitored through API queries to the cloud provider that collect inventory metadata on assets and their tags. Depending on the asset, these queries are queued at different frequencies such as 15 min, 1 h, 4 h, and 24 h. However, these frequencies are not the intervals at which the Tanzu CloudHealth platform refreshes with changes in your cloud asset inventory. Factors such as network latency, the number of queued items to be processed, the number of services that you utilize, and service-level rate limits determine how quickly the query responses are returned to the Tanzu CloudHealth Platform.

Cloud assets that you terminated or deleted from your cloud provider are removed from the Tanzu CloudHealth Platform 12 months from the date of termination or deletion.

Effect of Asset Inventory Changes on Perspective Refreshes

As Tanzu CloudHealth discovers new assets in your cloud infrastructure and changes to existing assets, these changes are reflected in the Perspectives you configured in the Tanzu CloudHealth Platform.

It can take up to 3 h from when new assets are discovered for them to be included in your Perspectives. During the phase of discovery, you will not be able to use Group Filters to find new assets in Perspective Groups.

Tanzu CloudHealth reports are not affected as much by changes in infrastructure. This is because Tanzu CloudHealth reports reflect a lag of 12-24 h from changes in your infrastructure. Any changes you make today, should reflect in Tanzu CloudHealth reports in 12-24 h.

How Tanzu CloudHealth Reports and Perspectives are Synchronized

The Tanzu CloudHealth Platform regularly synchronizes reports with changes you make to your Perspectives.

Here are a few changes that the Tanzu CloudHealth Platform monitors for and synchronizes between Perspectives and reports.

Edits to Groups and Filters using the Perspective Editor.
Inclusion or exclusion of specific Perspectives from InterActive Reports.
Deletion of Perspectives.

When a Perspective is modified, the status indicator next to the name of the Perspective cycles through the following states:

Perspective Modified: A modification to the Perspective was detected but is not reflected in Tanzu CloudHealth reports. The Platform will watch this Perspective for additional changes and process all changes together.
Perspective Rebuilding: No additional changes to the Perspective were detected within 15 min. The Platform will start synchronizing reports to reflect the changes.
Perspective Synchronized: All reports have been synchronized to reflect the changes you made to the Perspective. It can take around 2 h from the time that you made a Perspective change for the green tick mark to appear next to Reports are integrated.

In addition, individual reports in the platform have a dropdown at the bottom of the page that indicates the synchronization status of various Perspectives with that report.

AWS Service Support in Tanzu CloudHealth

How Tanzu CloudHealth Allocates AWS Service Costs

The Tanzu CloudHealth Platform classifies AWS service costs for reporting, Perspective-based grouping, and analytics in one of the following ways:

Direct Costs

Line items for these costs in the AWS Detailed Billing Report or Cost and Usage Report must contain a resource ID in order for them to be mapped to a specific asset. Tanzu CloudHealth can attribute these costs to a specific asset and can therefore directly allocate them to a Perspective Group. Tanzu CloudHealth supports these assets in one of these ways:

Allow basic cost allocation and asset reporting
Directly allocate costs for this asset to Perspective Groups if tags in the bill match tags used for Perspective Groups
Directly allocate cost for this asset to Perspective Groups using custom tags or through the Perspective Group editor.

Indirect Costs

Line items for these costs in the AWS Detailed Billing Report or Cost and Usage Report may or may not contain a resource ID. If Tanzu CloudHealth does not provide basic cost allocation and asset reporting for this asset and the line item does not contain tags matching those used in any Perspective Group, then the Tanzu CloudHealth platform cannot directly attribute these costs to a Perspective Group. However, you can indirectly attribute these costs to a specific Perspective Group using Cost Reallocation Rules.

Levels of Support for AWS Services

Level: Indirect Cost Management

Organize line item costs in your AWS bill into common service categories. Differentiate between types of costs, for example, determine how S3 costs are split between storage, API calls, and data transfer.

The Indirect Cost Management level supports all services and assets not supported at the Basic Cost Allocation or Asset Reporting levels.

Prerequisites None.

Service Support

Cost classification: The service cost is classified as an Indirect Cost with a cost breakdown by the items that make up the service.
Cost reallocation: Build rules to reallocate the Indirect Cost to a Perspective Group based on the distribution of a Direct Cost or by a specific ratio.
Cost reporting: Basic interactive cost reports, namely, Cost History Report and Current Cost Report. Drill down into cost reports to view corresponding line items in the bill.

Level: Basic Cost Allocation

Organize line item costs in your AWS bill into common service categories. Cost from line items with tags present in the bill that match tags used in Perspective Groups will directly be allocated to the Perspective Group. Costs from line items with no matching tags can still be directly allocated to Perspective Groups by either using custom tags or assigning those costs directly in the Perspective Group editor.

For more information, see AWS documentation on Using Cost Allocation Tags.

Services Supported at This Level

Alexa for Business - Devices
Alexa for Business - Users
Amplify
API Gateway - Stages
Appstream - Fleet
Appstream - ImageBuilder
Appstream - Users
Athena - Workgroups
Certificate Manager - Certificate Authorities
Certificate Manager - Certificates
Chime - Accounts
Chime Dial In - Conferences
Cloud Directory - Directories
CloudHSM - HSM
Cloud Map - Services
CloudSearch - Domain
CodeBuild - Projects
Cognito - User Pools
Data Exchange - Data Sets
Data Pipeline - Pipelines
DataSync
Direct Connect - Connections
Direct Connect - Gateways
Direct Connect - Virtual Interfaces
Directory Service - Directory
DocumentDB - Clusters
DocumentDB - Instances
DocumentDB - Snapshots
DynamoDB Accelerator - Clusters
Dynamo DB - Backups
EC2 - Capacity Reservations
EC2 Container Registry (ECR) - Repositories
ECR - Repository
EKS - Clusters
Elemental MediaConnect - Flows
Elemental MediaConnect - Outputs
Elemental MediaConnect - Sources
Elemental MediaConvert - Jobs
Elemental MediaConvert - Job Templates
Elemental MediaLive - Channels
Elemental MediaLive - Inputs
Elemental MediaStore - Containers
Firewall Manager
FSx - Backups
FSx - File Systems
GameLift - Fleets
Glacier - Vaults
Global Accelerator
Glue - Crawler
Glue - Development Endpoint
Glue - Job
Greengrass - Devices
IoT Analytics - Channels
IoT Analytics - Datasets
IoT Analytics - Datastores
IoT Analytics - Pipelines
IoT Device Defender - Devices
Kendra - Data Sources
Kendra - Index
Kinesis - Video Streams
Kinesis Analytics - Applications
Lex - Bots
Machine Learning - BatchPrediction
Machine Learning - DataSource
Machine Learning - Evaluation
Machine Learning - MLModel
Managed Blockchain - Members
Managed Blockchain - Nodes
Managed Streaming for Kafka - Clusters
MQ - Brokers
Neptune - Clusters
Neptune - Instances
OpsWorks - Servers
Pinpoint - Apps
QuickSight
RDS - Aurora Clusters
RDS - Aurora Cluster Snapshots
RDS - Clusters
RDS - Cluster Snapshots
Route 53 - Health check
Route 53 - Traffic Policy
Secrets Manager - Secrets
Security Hub - Hubs
SFTP Servers - Transfers
Shield - Protections
Shield - Subscriptions
Simple Email Service - Dedicated IPs
Snowball - Jobs
SQS - Queues
Step Functions
Storage Gateway - File Shares
Storage Gateway - Tapes
Storage Gateway - Volume Gateways
Sumerian - Binaries
Virtual Private Cloud - VPC Endpoints
Virtual Private Cloud - VPN Connections
Web Application Firewall - Rules
Web Application Firewall - WebACL

Prerequisites

You are using a service that is supported at this level.
You have enabled cost-allocation tags in the Detailed Billing Report (DBR) and Cost and Usage Report (CUR).

To support the derivation of asset and tag data from the CUR, you must configure the AWS Account to include Cost Allocation Tags in the CUR artifacts. Tanzu CloudHealth recommends adding each tag key that you are using for perspective grouping as a Cost Allocation Tag. To know how you can tag services in your bill, see Configure Cost Allocation Tags.

Service Support

Cost classification: The service cost is classified as a Direct Cost. The service cost appears in the Cost History report as a direct charge.
Perspectives: Cost from line items with tags present in the bill that match tags used in Perspective Groups are directly allocated to the Perspective Group. Costs from line items with no matching tags can still be directly allocated to Perspective Groups by either using custom tags or assigning those costs directly in the Perspective Group editor.
Cost reporting: Drill down into asset line items from your bill.
Asset reports are not available.
These assets can be used in aggregate cost policies to monitor changes in the cost of service items or overall service costs but can not be used in any other kind of policy.
Cost reallocation: Build rules to reallocate the Direct Cost from one Perspective Group to another.

Impact of This Level

Why did cost allocation for an asset in Tanzu CloudHealth reports change when support for it moved from Indirect Cost Management to Basic Cost Allocation? When the approach of allocating costs by the bill was rolled out, the Tanzu CloudHealth Platform recalculated historical costs (for the past 13 months) for all AWS services that were previously marked as Indirect Costs in reports. Because the new allocation is based on tags, any tag-based Perspectives that you had built in the Tanzu CloudHealth Platform now carry costs for more AWS services. Consequently, the allocation of costs likely looks different in your Tanzu CloudHealth reports.

How to leverage assets supported for the Basic Cost Allocation level in the Tanzu CloudHealth Platform?

Best practice: Do not create a Perspective grouping rule for Amazon Taggable Assets.
Ensure your bill contains tags that match the Perspective Groups to which you want your assets directly allocated. For line items without tags that match tags for a given Perspective Group, set custom tags to directly allocate them into Perspective Groups or move these assets directly into a Group in the Perspective Group editor.
Add them to Perspectives and allocate them to Perspective Groups based on tags.
They are classified as Amazon Taggable Asset in the Perspective Editor.
They appear in the Cost History report and Current Cost report as a direct charge.
Drill down into asset line item information from reports.

What happens when assets are deleted and recreated with the same resource ID? In the Tanzu CloudHealth Platform, assets are unique by the resource ID attributed to them in the Detailed Billing Report or the Cost and Usage Report. When an asset is deleted and then later recreated with the same resource ID, Tanzu CloudHealth will consider the recreated asset to be the same as the original asset.

What happens when the tag on an asset changes? The latest key-value pair of a tag trumps all previous key-value pairs of the same tag. When a tag changes, Tanzu CloudHealth changes the asset allocation to whichever Perspective Group is associated with the new tag value. Let’s consider a more complex example. Consider that the Tanzu CloudHealth Platform reads the bill in September 2016 and captures a tag X for a service item. Then, Tanzu CloudHealth reads an older bill from, say, January 2016 (because AWS placed a new bill due to adjustments) and finds an older tag Y for the same service item. Now, the service item is tagged with tag Y until Tanzu CloudHealth reads the bill again in 12-24 hours, at which point tag X trumps tag Y once again.

Level: Basic Cost and Asset Reporting

Costs are directly associated with assets collected and processed from the AWS API and reported in an Asset Report. You can assign assets into Perspective Groups via all meaningful attributes of the assets.

Services Supported at This Level:

EC2 - Application Load Balancers
EC2 - Auto Scaling Groups
EC2 - Dedicated Hosts
EC2 - Elastic File Systems
EC2 - Elastic IPs
EC2 - Images
EC2 - Instances
EC2 - Load Balancers
EC2 - Network Load Balancers
EC2 - Reservation Listings
EC2 - Reservation Mods
EC2 - Reservations
EC2 - Security Groups
EC2 - Security Rules
EC2 - Snapshots
EC2 - Spot Requests
EC2 - Volumes
S3 - Buckets
CloudFront - Distributions
Kinesis - Data Streams
Key Management Service - Customer Master Keys
RDS- Instances
RDS - Reservations
RDS - Security Groups
RDS - Snapshots
RDS - Subnet Groups
DynamoDB - Tables
VPC - NAT Gateways
VPC - Subnets
VPC - VPCs
Lambda - Functions
RedShift - Clusters
RedShift - Reserved Nodes
RedShift - Snapshots
SageMaker - Endpoints
SageMaker - Notebook Instances
SageMaker - Training Jobs
CloudWatch - Alarms
Cloud Formation - Resources
Cloud Formation - Stacks
IAM - Credential Reports
IAM - Groups
IAM - Password Policies
IAM - Policies
IAM - Roles
IAM - Server Certificates
IAM - Users
ElastiCache - Clusters
ElastiCache - Reserved Nodes
EMR - Clusters
EMR- Instance Groups
EMR - Instances
WorkSpaces
Database Migration Service - Replication Instances
Config- Evaluation Results
Config - Rules
Config - Settings
Route 53 - Hosted Zones
CloudTrail - Trails
Elasticsearch - Domains
Elasticsearch - Instances
Elasticsearch - Reserved Instances
Elasticsearch - Volumes
Savings Plan

Prerequisites:

You are using a service that is supported at this level.

Service Support: All support covered by previous level, plus:

Cost classification: The service cost is classified as a Direct Cost.
Perspectives: Assign services to Perspectives using meaningful user-defined cost-allocation tags and other attributes
Asset reporting: Asset inventory is collected. Tag information (if supported) are included in the Asset inventory Report.
Event reporting: CloudTrail events for the service are recorded and used to assign “Created By” and “Deleted By” identities.
Policies: Build tag compliance policies for services that support tags
Activity feed is updated when changes occur in the service.
Cost reporting: If a service incurs data transfer costs, those costs are collectd.