Managing Perspectives

Manage Perspective Groups

The section discusses different ways of managing perspective groups.

Delete Groups

To delete an empty group, use Clean Empty Groups.

You can delete a perspective group only if it is not an individual dynamic group. When you delete a group, VMware Tanzu CloudHealth notifies you of any subscriptions or cost reallocation rules that are tied to that group.

The classification rule that gathered the assets in the deleted group is no longer evaluated.

Merge or Unmerge Groups

You can merge multiple individual groups that have the same intended collection of assets. For example, if you have a perspective called Owner that gathers assets into groups named after individual asset owners in your organization, the classification rule gathers assets based on the unique values of the owner tag. To merge two groups, select both groups and click the link icon. In this example, due to inconsistent tagging practices, assets belonging to Vikram are tagged as owner = Vikram sometimes and as owner = vikram at other times. The classification rule creates two groups -Vikram and vikram - to gather these assets. You can merge these two groups so that assets that meet the condition of either rule are gathered in the same group. In this way, changes, additions and deletions to assets within this group will accurately reflect assets tagged with either owner = Vikram or owner = vikram. To unmerge groups, click the unlink icon next to the merged group. Unmerging groups removes all previously linked groups from the merged group.

Note: Groups cannot be unmerged if the resulting subgroups would have identical names. To unmerge these groups, delete the entire dynamic group block.

Clean Empty Groups

Over time, as your cloud infrastructure changes, the individual groups that make up a dynamic group can end up with no assets. Dynamic groups may end up with no assets, because Tanzu CloudHealth could not find any assets that match the classifcation rule for the dynamic group. This can happen when a tag value used for classifying assets is no longer being used.

To delete all empty groups within a dynamic group, click the broom icon.

Modify Classification Rules That Determine Group Membership

You cannot edit classification rules of individual groups in a dynamic group because a dynamic group is governed by a single rule that builds all groups within it.

Tanzu CloudHealth builds perspectives based on classification rules that separate your assets into groups. These rules can be based on any asset data available in your environment, such as Amazon tags or Chef environment. Here’s a semantic example of one such rule:

In the typical workflow, you define classification rules through the Search or Categorize approach and these rules create groups. After defining a group, you can change the underlying rule to fine-tune the assets that are gathered into that group.

  1. Select a perspective and click the Groups tab. Then select a specific group from the list.
  2. Click the Edit icon for the Filter to set the parameters.

After you set the parameters of the group:

  • The platform places the perspective containing the group you edited into a not yet updated mode.
  • In all reports, the status of the perspective is set to pending.
  • After the perspective is updated, the not yet updated status is cleared and the pending status is removed from all reports.

Update Perspectives

How Asset Inventory is Updated

When you configure a cloud provider account in the Tanzu CloudHealth Platform, you need to provide the platform read-only access to query your cloud provider for changes in asset inventory.

Changes in your asset inventory are monitored through API queries to the cloud provider that collect inventory metadata on assets and their tags. Depending on the asset, these queries are queued at different frequencies such as 15 min, 1 h, 4 h, and 24 h. However, these frequencies are not the intervals at which the Tanzu CloudHealth platform refreshes with changes in your cloud asset inventory. Factors such as network latency, the number of queued items to be processed, the number of services that you utilize, and service-level rate limits determine how quickly the query responses are returned to the Tanzu CloudHealth Platform.

Cloud assets that you terminated or deleted from your cloud provider are removed from the Tanzu CloudHealth Platform 12 months from the date of termination or deletion.

Effect of Asset Inventory Changes on Perspective Refreshes

As Tanzu CloudHealth discovers new assets in your cloud infrastructure and changes to existing assets, these changes are reflected in the Perspectives you configured in the Tanzu CloudHealth Platform.

It can take up to 3 h from when new assets are discovered for them to be included in your Perspectives. During the phase of discovery, you will not be able to use Group Filters to find new assets in Perspective Groups.

Tanzu CloudHealth reports are not affected as much by changes in infrastructure. This is because Tanzu CloudHealth reports reflect a lag of 12-24 h from changes in your infrastructure. Any changes you make today, should reflect in Tanzu CloudHealth reports in 12-24 h.

How Tanzu CloudHealth Reports and Perspectives are Synchronized

The Tanzu CloudHealth Platform regularly synchronizes reports with changes you make to your Perspectives.

Here are a few changes that the Tanzu CloudHealth Platform monitors for and synchronizes between Perspectives and reports.

  • Edits to Groups and Filters using the Perspective Editor.
  • Inclusion or exclusion of specific Perspectives from InterActive Reports.
  • Deletion of Perspectives.

When a Perspective is modified, the status indicator next to the name of the Perspective cycles through the following states:

  • Perspective Modified: A modification to the Perspective was detected but is not reflected in Tanzu CloudHealth reports. The Platform will watch this Perspective for additional changes and process all changes together.
  • Perspective Rebuilding: No additional changes to the Perspective were detected within 15 min. The Platform will start synchronizing reports to reflect the changes.
  • Perspective Synchronized: All reports have been synchronized to reflect the changes you made to the Perspective. It can take around 2 h from the time that you made a Perspective change for the green tick mark to appear next to Reports are integrated.

In addition, individual reports in the platform have a dropdown at the bottom of the page that indicates the synchronization status of various Perspectives with that report.

AWS Service Support in Tanzu CloudHealth

How Tanzu CloudHealth Allocates AWS Service Costs

The Tanzu CloudHealth Platform classifies AWS service costs for reporting, Perspective-based grouping, and analytics in one of the following ways:

Direct Costs

Line items for these costs in the AWS Detailed Billing Report or Cost and Usage Report must contain a resource ID in order for them to be mapped to a specific asset. Tanzu CloudHealth can attribute these costs to a specific asset and can therefore directly allocate them to a Perspective Group. Tanzu CloudHealth supports these assets in one of these ways:

  • Allow basic cost allocation and asset reporting
  • Directly allocate costs for this asset to Perspective Groups if tags in the bill match tags used for Perspective Groups
  • Directly allocate cost for this asset to Perspective Groups using custom tags or through the Perspective Group editor.

Indirect Costs

Line items for these costs in the AWS Detailed Billing Report or Cost and Usage Report may or may not contain a resource ID. If Tanzu CloudHealth does not provide basic cost allocation and asset reporting for this asset and the line item does not contain tags matching those used in any Perspective Group, then the Tanzu CloudHealth platform cannot directly attribute these costs to a Perspective Group. However, you can indirectly attribute these costs to a specific Perspective Group using Cost Reallocation Rules.

Levels of Support for AWS Services

Level: Indirect Cost Management

Organize line item costs in your AWS bill into common service categories. Differentiate between types of costs, for example, determine how S3 costs are split between storage, API calls, and data transfer.

The Indirect Cost Management level supports all services and assets not supported at the Basic Cost Allocation or Asset Reporting levels.

Prerequisites None.

Service Support

  • Cost classification: The service cost is classified as an Indirect Cost with a cost breakdown by the items that make up the service.
  • Cost reallocation: Build rules to reallocate the Indirect Cost to a Perspective Group based on the distribution of a Direct Cost or by a specific ratio.
  • Cost reporting: Basic interactive cost reports, namely, Cost History Report and Current Cost Report. Drill down into cost reports to view corresponding line items in the bill.

Level: Basic Cost Allocation

Organize line item costs in your AWS bill into common service categories. Cost from line items with tags present in the bill that match tags used in Perspective Groups will directly be allocated to the Perspective Group. Costs from line items with no matching tags can still be directly allocated to Perspective Groups by either using custom tags or assigning those costs directly in the Perspective Group editor.

For more information, see AWS documentation on Using Cost Allocation Tags.

Services Supported at This Level

  • Alexa for Business - Devices
  • Alexa for Business - Users
  • Amplify
  • API Gateway - Stages
  • Appstream - Fleet
  • Appstream - ImageBuilder
  • Appstream - Users
  • Athena - Workgroups
  • Certificate Manager - Certificate Authorities
  • Certificate Manager - Certificates
  • Chime - Accounts
  • Chime Dial In - Conferences
  • Cloud Directory - Directories
  • CloudHSM - HSM
  • Cloud Map - Services
  • CloudSearch - Domain
  • CodeBuild - Projects
  • Cognito - User Pools
  • Data Exchange - Data Sets
  • Data Pipeline - Pipelines
  • DataSync
  • Direct Connect - Connections
  • Direct Connect - Gateways
  • Direct Connect - Virtual Interfaces
  • Directory Service - Directory
  • DocumentDB - Clusters
  • DocumentDB - Instances
  • DocumentDB - Snapshots
  • DynamoDB Accelerator - Clusters
  • Dynamo DB - Backups
  • EC2 - Capacity Reservations
  • EC2 Container Registry (ECR) - Repositories
  • ECR - Repository
  • EKS - Clusters
  • Elemental MediaConnect - Flows
  • Elemental MediaConnect - Outputs
  • Elemental MediaConnect - Sources
  • Elemental MediaConvert - Jobs
  • Elemental MediaConvert - Job Templates
  • Elemental MediaLive - Channels
  • Elemental MediaLive - Inputs
  • Elemental MediaStore - Containers
  • Firewall Manager
  • FSx - Backups
  • FSx - File Systems
  • GameLift - Fleets
  • Glacier - Vaults
  • Global Accelerator
  • Glue - Crawler
  • Glue - Development Endpoint
  • Glue - Job
  • Greengrass - Devices
  • IoT Analytics - Channels
  • IoT Analytics - Datasets
  • IoT Analytics - Datastores
  • IoT Analytics - Pipelines
  • IoT Device Defender - Devices
  • Kendra - Data Sources
  • Kendra - Index
  • Kinesis - Video Streams
  • Kinesis Analytics - Applications
  • Lex - Bots
  • Machine Learning - BatchPrediction
  • Machine Learning - DataSource
  • Machine Learning - Evaluation
  • Machine Learning - MLModel
  • Managed Blockchain - Members
  • Managed Blockchain - Nodes
  • Managed Streaming for Kafka - Clusters
  • MQ - Brokers
  • Neptune - Clusters
  • Neptune - Instances
  • OpsWorks - Servers
  • Pinpoint - Apps
  • QuickSight
  • RDS - Aurora Clusters
  • RDS - Aurora Cluster Snapshots
  • RDS - Clusters
  • RDS - Cluster Snapshots
  • Route 53 - Health check
  • Route 53 - Traffic Policy
  • Secrets Manager - Secrets
  • Security Hub - Hubs
  • SFTP Servers - Transfers
  • Shield - Protections
  • Shield - Subscriptions
  • Simple Email Service - Dedicated IPs
  • Snowball - Jobs
  • SQS - Queues
  • Step Functions
  • Storage Gateway - File Shares
  • Storage Gateway - Tapes
  • Storage Gateway - Volume Gateways
  • Sumerian - Binaries
  • Virtual Private Cloud - VPC Endpoints
  • Virtual Private Cloud - VPN Connections
  • Web Application Firewall - Rules
  • Web Application Firewall - WebACL

Prerequisites

  • You are using a service that is supported at this level.
  • You have enabled cost-allocation tags in the Detailed Billing Report (DBR) and Cost and Usage Report (CUR).

To support the derivation of asset and tag data from the CUR, you must configure the AWS Account to include Cost Allocation Tags in the CUR artifacts. Tanzu CloudHealth recommends adding each tag key that you are using for perspective grouping as a Cost Allocation Tag. To know how you can tag services in your bill, see Configure Cost Allocation Tags.

Service Support

  • Cost classification: The service cost is classified as a Direct Cost. The service cost appears in the Cost History report as a direct charge.
  • Perspectives: Cost from line items with tags present in the bill that match tags used in Perspective Groups are directly allocated to the Perspective Group. Costs from line items with no matching tags can still be directly allocated to Perspective Groups by either using custom tags or assigning those costs directly in the Perspective Group editor.
  • Cost reporting: Drill down into asset line items from your bill.
  • Asset reports are not available.
  • These assets can be used in aggregate cost policies to monitor changes in the cost of service items or overall service costs but can not be used in any other kind of policy.
  • Cost reallocation: Build rules to reallocate the Direct Cost from one Perspective Group to another.

Impact of This Level

Why did cost allocation for an asset in Tanzu CloudHealth reports change when support for it moved from Indirect Cost Management to Basic Cost Allocation? When the approach of allocating costs by the bill was rolled out, the Tanzu CloudHealth Platform recalculated historical costs (for the past 13 months) for all AWS services that were previously marked as Indirect Costs in reports. Because the new allocation is based on tags, any tag-based Perspectives that you had built in the Tanzu CloudHealth Platform now carry costs for more AWS services. Consequently, the allocation of costs likely looks different in your Tanzu CloudHealth reports.

How to leverage assets supported for the Basic Cost Allocation level in the Tanzu CloudHealth Platform?

  • Best practice: Do not create a Perspective grouping rule for Amazon Taggable Assets.
  • Ensure your bill contains tags that match the Perspective Groups to which you want your assets directly allocated. For line items without tags that match tags for a given Perspective Group, set custom tags to directly allocate them into Perspective Groups or move these assets directly into a Group in the Perspective Group editor.
  • Add them to Perspectives and allocate them to Perspective Groups based on tags.
  • They are classified as Amazon Taggable Asset in the Perspective Editor.
  • They appear in the Cost History report and Current Cost report as a direct charge.
  • Drill down into asset line item information from reports.

What happens when assets are deleted and recreated with the same resource ID? In the Tanzu CloudHealth Platform, assets are unique by the resource ID attributed to them in the Detailed Billing Report or the Cost and Usage Report. When an asset is deleted and then later recreated with the same resource ID, Tanzu CloudHealth will consider the recreated asset to be the same as the original asset.

What happens when the tag on an asset changes? The latest key-value pair of a tag trumps all previous key-value pairs of the same tag. When a tag changes, Tanzu CloudHealth changes the asset allocation to whichever Perspective Group is associated with the new tag value. Let’s consider a more complex example. Consider that the Tanzu CloudHealth Platform reads the bill in September 2016 and captures a tag X for a service item. Then, Tanzu CloudHealth reads an older bill from, say, January 2016 (because AWS placed a new bill due to adjustments) and finds an older tag Y for the same service item. Now, the service item is tagged with tag Y until Tanzu CloudHealth reads the bill again in 12-24 hours, at which point tag X trumps tag Y once again.

Level: Basic Cost and Asset Reporting

Costs are directly associated with assets collected and processed from the AWS API and reported in an Asset Report. You can assign assets into Perspective Groups via all meaningful attributes of the assets.

Services Supported at This Level:

  • EC2 - Application Load Balancers
  • EC2 - Auto Scaling Groups
  • EC2 - Dedicated Hosts
  • EC2 - Elastic File Systems
  • EC2 - Elastic IPs
  • EC2 - Images
  • EC2 - Instances
  • EC2 - Load Balancers
  • EC2 - Network Load Balancers
  • EC2 - Reservation Listings
  • EC2 - Reservation Mods
  • EC2 - Reservations
  • EC2 - Security Groups
  • EC2 - Security Rules
  • EC2 - Snapshots
  • EC2 - Spot Requests
  • EC2 - Volumes
  • S3 - Buckets
  • CloudFront - Distributions
  • Kinesis - Data Streams
  • Key Management Service - Customer Master Keys
  • RDS- Instances
  • RDS - Reservations
  • RDS - Security Groups
  • RDS - Snapshots
  • RDS - Subnet Groups
  • DynamoDB - Tables
  • VPC - NAT Gateways
  • VPC - Subnets
  • VPC - VPCs
  • Lambda - Functions
  • RedShift - Clusters
  • RedShift - Reserved Nodes
  • RedShift - Snapshots
  • SageMaker - Endpoints
  • SageMaker - Notebook Instances
  • SageMaker - Training Jobs
  • CloudWatch - Alarms
  • Cloud Formation - Resources
  • Cloud Formation - Stacks
  • IAM - Credential Reports
  • IAM - Groups
  • IAM - Password Policies
  • IAM - Policies
  • IAM - Roles
  • IAM - Server Certificates
  • IAM - Users
  • ElastiCache - Clusters
  • ElastiCache - Reserved Nodes
  • EMR - Clusters
  • EMR- Instance Groups
  • EMR - Instances
  • WorkSpaces
  • Database Migration Service - Replication Instances
  • Config- Evaluation Results
  • Config - Rules
  • Config - Settings
  • Route 53 - Hosted Zones
  • CloudTrail - Trails
  • Elasticsearch - Domains
  • Elasticsearch - Instances
  • Elasticsearch - Reserved Instances
  • Elasticsearch - Volumes
  • Savings Plan

Prerequisites:

  • You are using a service that is supported at this level.

Service Support: All support covered by previous level, plus:

  • Cost classification: The service cost is classified as a Direct Cost.
  • Perspectives: Assign services to Perspectives using meaningful user-defined cost-allocation tags and other attributes
  • Asset reporting: Asset inventory is collected. Tag information (if supported) are included in the Asset inventory Report.
  • Event reporting: CloudTrail events for the service are recorded and used to assign “Created By” and “Deleted By” identities.
  • Policies: Build tag compliance policies for services that support tags
  • Activity feed is updated when changes occur in the service.
  • Cost reporting: If a service incurs data transfer costs, those costs are collectd.
check-circle-line exclamation-circle-line close-line
Scroll to top icon