Transparently enforce cloud governance across your varied public cloud environments. The policy based automation of vCommander® provides the proper level of control through orchestration, while still enabling engineering teams the freedom to consume public cloud resources as they need. These R&D teams can even continue to leverage the cloud native APIs of their choice today, thus preserving overall corporate agility. And for your production IT workloads running in the cloud, vCommander's combined orchestration and cost optimization capabilities can mitigate risk and fully optimize your spend.
Visibility and Control of Your Public Cloud Workloads
In many IT/DevOps organizations, public cloud consumption started in one or more pockets of engineering teams. Eventually these application workloads need to be properly managed just like the private cloud assets of the past. They require inventory management, patching, backup, DR, and sprawl prevention to name just a few.
vCommander will give you day one visibility to both your private and public cloud assets, providing that single pane-of-glass required to properly manage your hybrid cloud infrastructure. And if you’re looking for cost visibility and optimization, vCommander also provides extensive Cost Management capabilities in the areas of rightsizing, power scheduling, and Reserved Instance management.
AWS Tag Enforcement
Public cloud enforcement best practices are to ensure your AWS instances have appropriate tags. This guarantees your instances have been assigned the meta data important for your organization. With vCommander’s AWS tagging synchronization coupled with vCommander’s Compliance Policy, you can certify that all your AWS instances follow these best practices. These tags help drive power scheduling recommendations, such that dev/test workloads are highlighted as those that should be powered off in non prime-time. You can also make policy enforcement as strict or lenient as you like, by either just reporting on those instances not following your corporate AWS tagging rules, or by being more restrictive and ensuring they are always powered off or even running custom workflows that can perform any task you’d like upon detection of an offending instance.
Instance Type Control
If you’re using vCommander for self-service provisioning automation, you can control the instance types your developers can use. This keeps the number of instance types used by your organization down to a manageable minimum, allowing you to gain economies of scale and more fully take advantage of Reserved Instance purchases. The instance types can be configured per service catalog blueprint:
This capability provides you extensive flexibility across your various service offerings, while still enforcing instance type consistency and governance.
Many public cloud application workloads are deployed by engineering teams for short-term use, but then languish and continue to run in some cases indefinitely because there is no lifecycle monitoring or enforcement. With vCommander you can fully automate a lifecycle decommissioning process, and easily target only those areas of public cloud consumption that are specific to R&D (such as accounts, regions, or VPCs). And you can do all of this with vCommander by allowing engineering groups to continue to spin up instances exactly as they do today, thereby not impeding engineering velocity.
Change Request Orchestration
vCommander’s orchestration engine provides an easy mechanism to automate changes for both production and engineering instances. In production you can have strict controls around who must approve changes, and you can schedule these changes to occur in pre-defined maintenance windows. For engineering workloads you can alternatively have more lenient controls. You may want automatically perform any requests to downsize an instance, however you can still enforce approvals for instance upsizing or when these requests exceed any pre-defined resource or cost quota.
Automated Governance Policy Enforcement
vCommander’s self-service catalogue and provisioning automation gives system administrators the flexibility to offer and/or enforce governance policies at provisioning time through workflows. Security image scans can be executed before powering on a new VM. The master images contained in the service catalogue that are used as templates for the organization can be updated with the latest security patches. New production VMs can be registered and scheduled for the appropriate backup services when they are provisioned. Similarly, via integrations with third party services such as Zerto ZVR, mission critical VMs can be DR protected automatically; designated for the appropriate Zerto VPG protection group, delivering the appropriate SLA for the workload category.