White Paper Author: Aaron Klein Founder-COO CloudCheckr

Similar documents
Change Management Best Practices

Scalability in Log Management

Integrated business intelligence solutions for your organization

ECM AS A CLOUD PLATFORM:

DATABASE SECURITY MECHANISMS AND IMPLEMENTATIONS

The Trellis Dynamic Infrastructure Optimization Platform for Data Center Infrastructure Management (DCIM)

Today s Document Management System

Better Together with Microsoft Dynamics CRM

WHITEPAPER. Why Dependency Mapping is Critical for the Modern Data Center

The Trellis Dynamic Infrastructure Optimization Platform for Data Center Infrastructure Management (DCIM)

IBM Rational ClearCase, Version 8.0

Cisco and Red Hat: Application Centric Infrastructure Integration with OpenStack

White Paper. Today s Document Management System: Go Paperless; Go to the Cloud; Go Mobile; Foster Collaboration

Enabling Database-as-a-Service (DBaaS) within Enterprises or Cloud Offerings

White Paper The Dynamic Nature of Virtualization Security

FISMA NIST (Rev 4) Audit and Accountability: Shared Public Cloud Infrastructure Standards

NICE BACK OFFICE SOLUTIONS. Improve the Efficiency and Effectiveness of Your Back Office Operations. Insight from Interactions

BITDEFENDER SECURITY FOR AMAZON WEB SERVICES

An Evaluation Framework for Selecting an Enterprise Cloud Provider

HIGH-SPEED BRIDGE TO CLOUD STORAGE

AWS Storage: Minimizing Costs While Retaining Functionality

Chapter3: Understanding Cloud Computing

A Step-by-Step Guide to Defining Your Cloud Services Catalog

Amazon Web Services Primer. William Strickland COP 6938 Fall 2012 University of Central Florida

Logz.io See the logz that matter

ITIL Asset and Configuration. Management in the Cloud

White Paper. An Overview of the Kalido Data Governance Director Operationalizing Data Governance Programs Through Data Policy Management

Contact Center Security: Moving to the Cloud

Kaseya 2. User Guide. Version 7.0. English

BEA AquaLogic Integrator Agile integration for the Enterprise Build, Connect, Re-use

Technology Enablement

About Injazat Data Systems

INTRODUCTION TO CASSANDRA

LANDesk Service Desk Certified in All 15 ITIL. v3 Suitability Requirements. LANDesk demonstrates capabilities for all PinkVERIFY 3.

Minder. simplifying IT. All-in-one solution to monitor Network, Server, Application & Log Data

Proving Control of the Infrastructure

Streamlining Your AP Processes with Electronic Document Management

Contact Center Security: Moving to the True Cloud

GTAC Website Online Learning Courses Teacher User Guide

Teradata Marketing Operations. Reduce Costs and Increase Marketing Efficiency

Drupal in the Cloud. Scaling with Drupal and Amazon Web Services. Northern Virginia Drupal Meetup

Software defined networking. Your path to an agile hybrid cloud network

RightScale mycloud with Eucalyptus

Enabling Storage Services in Virtualized Cloud Environments

Achieve Economic Synergies by Managing Your Human Capital In The Cloud

HP Server Automation Standard

The Total Cost of (Non) Ownership of a NoSQL Database Cloud Service

Economic Benefits of Cisco CloudVerse

Lumension Endpoint Management and Security Suite (LEMSS): Patch and Remediation

data sheet Ruckus Smart Access Management Service MOVING SMART WI-FI INTO THE CLOUD FEATURES AND BENEFITS

White Paper. Security Model. Sage ACT! maximizes flexibility and provides options for securing data. Table of Contents

Vulnerability. Management

10 Practical Tips for Cloud Optimization

Optimize Brand Asset Management with Enterprise Content Management

TBR. IBM Cloud Services Balancing compute options: How IBM Smart Business Cloud can be a catalyst for IT transformation

Developing Microsoft SharePoint Server 2013 Advanced Solutions MOC 20489

The SAS Transformation Project Deploying SAS Customer Intelligence for a Single View of the Customer

Detect & Investigate Threats. OVERVIEW

AWS Security & Compliance

Oracle Data Integrator 12c: Integration and Administration

Billing for OpenStack Cloud Services

Oracle Data Integrator 11g: Integration and Administration

CRM Buyers Guide CRM Buyers Guide

QualysGuard Tips and Techniques Policy Compliance: File Integrity Monitoring

A Guide to Success for Managed Service Providers

I D C T E C H N O L O G Y S P O T L I G H T. S e r ve r S e c u rity: N o t W h a t It U s e d t o Be!

Implementing Software- Defined Security with CloudPassage Halo

UTILIZING CLOUDCHECKR FOR SECURITY

Effective Release Management for HPOM Monitoring

data sheet Ruckus Smart Access Management Service moving smart wi-fi into the cloud

WHITE PAPER: Egenera Cloud Suite

20 Reasons to Choose CA Unified Infrastructure Management

TOP 7 THINGS Every Executive Should Know About Cloud Computing EXECUTIVE BRIEF

Ironfan Your Foundation for Flexible Big Data Infrastructure

Case study : Manufacturing ERP. Copyright SOD Technologies Pvt Ltd

Getting Started with Multitenancy SAP BI 4.1

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Challenges in Deploying Public Clouds

Parasoft and Skytap Deliver 24/7 Access to Complete Test Environments

Building Blocks of the Private Cloud

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

Transcription:

AWS Tagging: Why, What, and Implementation White Paper Author: Aaron Klein Founder-COO CloudCheckr

AWS Tagging: Why, What, and Implementation Introduction The true power of Amazon Web Services resides in its ability to simultaneously lower users costs and improve users agility through self-provisioning and scalability. However, both these capabilities also contain obstacles, such as reducing the control IT departments have on asset, security, and compliance functions, and difficulties in identifying resources. This paper will show you how tagging provides visibility into AWS, restoring control. With proper resource tagging, you can track and manage assets, security, and compliance. Moreover, you can identify resource usage, as well as measure, assign, and allocate costs. I. Why Tag Resources Amazon Web Services ability to simultaneously lower users costs and improve users agility was groundbreaking. Traditionally, these two goals required a compromise, but AWS bridges this divide and delivers both without sacrificing either. AWS enables this through two critical capabilities: self-provisioning and scalability. Self-provisioning is the means by which users requisition resources. While traditional IT required weeks and months for a user to obtain resource access, AWS provides users the opportunity to requisition those same resources within minutes. Users can obtain access without involving the IT department. This significantly reduces application testing and development time. Scalability allows users to reduce costs. When using a data center or co-locating, users need to provision resources for peak capacity plus a margin of error. This is because resources cannot be added quickly and users risk not meeting demand. With AWS, this is not an issue, since AWS allows user to provision only what is needed at any given time, and encourages users to scale resources up and down based upon need. AWS only charges based upon what is being used so using scaling to effectively provision will result in dramatic cost savings. However, both these capabilities also contain obstacles. As powerful as self-provisioning is, it also impedes the asset management, security, and compliance control functions that were provided by the traditional IT department. As great as scalability is, without identifying resources, their usage, and their associated applications, users cannot hope to scale effectively. Finally, AWS presents one new challenge relative to traditional IT: the pay as you go model. Rather than being able to assign a budget number to a business unit, users receive monthly bills based upon actual usage. AWS delivers these bills on an account basis and users are responsible to properly apportion the usage within their own organization. Tagging is the means to restore visibility within AWS, allowing asset management, security, and compliance tracking. Resource usage can be identified and scaled effectively, allowing costs to be measured, minimized, and allocated.

II. Strategies for Effective Implementation When considering which resources are appropriate for tagging, the answer is easy: all possible resources. There is no cost associated with tagging, and it does not impede performance. Thus, there is no downside associated with tagging. Users need to be aware of the following basic tagging rules: Maximum number of tags per resource 10 Maximum key length 127 Unicode characters Maximum value length 255 Unicode characters Tag keys and values are case sensitive Do not use the aws: prefix in your tag names or values because it is reserved for AWS use. You can't edit or delete tag names or values with this prefix. Tags with this prefix do not count against your tags per resource limit It is also important to remember that tags function as if they are key value pairs. Use the Key portion of the tag as the how of what you want report. The Value portion is the what. For example, if you are trying to tag a server to determine whether it is in Test or Production, your Key could be Environment and your value could be Production. Figure 1, taken from the AWS documentation, illustrates this concept. Figure 1: Sample Key-Value Pair

Below are some guidelines to optimize tag implementation: 1. Consider what data is important to the organization. Users typically want to tag resources with multiple Keys AWS allows 10. A starting list for Keys could be Business Unit, Department, Application/Product Name, Version, Cost Center, Environment, and Owner. This list should be tailored to and reflective of each organization s needs. 2. After determining the appropriate minimum Keys for the organization, require that users employ the minimum Keys. Users can certainly employ additional tags, but accurate resource, control, and cost reporting will depend upon universal usage of the organization s mandatory tags. 3. Remain consistent in your tagging conventions. Create a set schema with a welldefined nomenclature. Ensure that users are aware of the assigned Keys and also set values. For example, make it clear that Env is the Key for Environment and that Prod is the standard value for Production. Remind users that Tags are case sensitive. 4. Automate tagging as much as possible. For users launching resources programmatically, this may be easier to incorporate. However, tagging is equally essential for users who launch resources manually and the greater the automation, the more likely manual users will adhere to the organizational tagging policy. process to deploy AWS resources. Whether you tag programmatically or manually, identify which tag keys are the most important and apply those tags across your infrastructure consistently. 5. Periodically evaluate your infrastructure. Even the best designed tagging schema will fail if users do not consistently employ it. Organizations need to remain vigilant in tag monitoring and enforcement. III. Using CloudCheckr to Leverage Tagging CloudCheckr provides sophisticated reporting across cost, usage, compliance, and security based on AWS tagging. Cost Reporting: CloudCheckr s cost reporting allows users to create detailed cost reports tied to individual and groups of both Keys and Values. Budget alerts can be created to ensure that users remain within budget allocations. Cadenced reporting to users, managers, and finance can be automated through pre-set filters. Sophisticated cost tracking and allocation within and across an organization s AWS accounts can be automated by using CloudCheckr. Usage: CloudCheckr enables users to group resources through tags. Users can employ over 150 prepackaged reports or create their own to track utilization metrics. Alerts and reports can be created to identify areas of over and under provisioned resources. By grouping the resources according the organization s tagging schema, the user can immediately identify whether their infrastructure requires adjustment. This enables user to both improve performance and reduce costs.

Compliance and Security: CloudCheckr performs automated scans of its customer s infrastructure. The results are compared against nearly 300 compliance and security checks. Tagging enables users to receive customized reports highlighting exceptions and changes to their infrastructure. CloudCheckr also allows user to also create CloudTrail alerts based upon resource tagging. This enables organizations to confidently allow self-provisioning while retaining visibility into their security and compliance requirements. IV. Additional Resources http://docs.aws.amazon.com/awsec2/latest/userguide/using_tags.html http://media.amazonwebservices.com/aws_operational_checklists.pdf

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information