CloudHealth by VMware – Reporting & Policies

Well, this blog post has been 3 months in the works – in fact a draft has been sitting in WordPress since September when I collaborated with Kim Bottu on his article about Integrating CloudHealth and vROps, the plan was for me to write a companion blog which show-cased the same capabilities in CloudHealth that he mentioned in his vROps blog.

2020 has been a profoundly difficult and odd year for everyone, and I found myself not wanting to do anything after a busy day of zoom meetings and home schooling. The motivation to write a blog just wasn’t there, and after a busy day all I just wanted to do was chill and relax in the evenings.
There’s been a fine-line in everyone’s work-life balance this year, and everyone needs to find that little bit of time each day to just shut off and unwind (usually when the kids are in bed)!

Anyways, the Christmas holidays and having time off work has given me the opportunity to sit back down and finish the blog (plus Kim was saying I should publish it in order to help my vExpert application for 2021… hahahahha… lol…. – btw, you have till the 9th January 2021 to submit!)

What is CloudHealth?

I guess the best place to start this blog is to give a quick overview of what CloudHealth actually is, so here’s the elevator pitch I always give….

“The more organisations invest in public cloud, the more important it is to have a cloud management strategy for their success, and this is where CloudHealth can assist.
CloudHealth is a multi-cloud management platform designed to provide full visibility into your cloud environment – helping you to identify opportunities for cost savings and usage optimisation. We help you to easily analyse and control cloud costs, security, performance and governance all from one single platform.
We give you insight into your data centre, hybrid and public cloud spend – aligning costs and usage to users, lines of business or even projects and business initiatives.We help make cloud management simple.”

Sooooo, what does that actually mean I hear you ask!?!

In a nutshell, CloudHealth takes your cloud billing and usage data, process and presents it in reports that help you visualise your costs and usage. In addition, one of their USPs is the ability to create perspectives to help you categorise and filter your data.

Currently CloudHealth supports Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Oracle Cloud Infrastructure (OCI) and on-premise VMware environments. They also have a beta-program for VMware Cloud on AWS support.

CloudHealth is the clear leader in multi-cloud management, they’re the largest player in the market with 10,000+ customers and 230+ partners globally, managing over $11+bn in annual cloud spend.
CloudHealth has continued to be named a Leader in The Forrester Wave: Cloud Cost Management and Optimization Report.

What is a Perspective and How are They Used in Reports?

The most common way to describe a CloudHealth Perspective is that they are “lenses” through which you want to view your infrastructure. Each role within an organisation measures and evaluates the business from different viewpoints or ‘Perspectives’.
You can create Perspectives to view and group cloud assets together in order to align them with business objectives.
They provide a framework for categorising all the assets within your cloud infrastructure. For example, you could create a Perspective to group assets into Environment, Application, Department, Function, Project, or even Cost Centre.
You can build Perspectives dynamically using cloud tags or statically using the search capabilities.

For Example, the default view of a Cost History Report within CloudHealth is to show 13 months of cost data categorised by Service type (this is an example of an AWS report):

We can then take that default view and change the categorisation to a Perspective built to show Owners (this could help identify those users who spend all the company’s money on cloud!):

Or we can even change the view to categorise by a Perspective built to show Environment (IT Operation Managers are constantly looking for ways to show how much different Infrastructure Environments cost the business):

Finally, we can combine a number of Perspectives together to drill down further into our costs. In this example we’re filtering to look at just the Production Environment Perspective group, and categorising by the Owner Perspective (so helping to identify who spends the most in Production!):

Chart Types for a report can also be changed from Bar to Line – in this example we’re looking at the Cost History Report categorised by the Perspective ‘Line of Business’:

Another great Chart Type to use is the Pie Chart – as this is only 2 dimensional you will need to filter to a specific time period (eg. November 2020) and change the X-axis away from time interval (in this example I’ve used the ‘Line of Business’ Perspective):

Using CloudHealth to Generate Alerts.

Now the basics of Reporting and Perspectives are out of the way…. Let’s take a look at replicating within CloudHealth what Kim configured in vROps.

In Kim’s blog, he looked at how vROps can be configured to generate alerts based on Month to Date Cloud Spend for certain assets.
We’ll take look at how the Policy Engine works in CloudHealth to generate Alerts, and the actions that can be taken by a Policy.

Policies at its most basic is a set of rules that allow you to govern various aspects of your cloud infrastructure, such as cost, availability, security, performance, and usage.
The Policy Engine in CloudHealth is pretty powerful, it’s not just used to track cloud spend, for example:

  • you can track the launch of new resources
  • you can identify and terminate unused or underutilized assets
  • you can track unexpected cost spikes
  • you can track changes across the cloud infrastructure
  • you can identify resources that have been created out of compliance with specific rules (ie region location, OS type, etc)

At the core of each policy is a rule, which monitors for one or more conditions and, optionally, responds with an action. Actions could be to send an email to notify that a policy has been triggered, or to power off an EC2 instance or VM.

Creating a Policy to alert on Month to Date (MTD) Cloud Spend

One of the most common policies created by CloudHealth customers is a policy to identify increasing cloud costs over a set time period. When overall costs in your cloud environment increase suddenly, it could be an indicator of a larger problem – for example, a compromised cloud account where attackers have spun up a large number of EC2 instances and VMs.

You can create a policy that alerts someone via email whenever the Total Cost of your cloud bill increases by more than a certain percentage:

Or even by a fixed amount:

You even have the granularity to set the conditions to focus on a single Account (in this example ‘Test account name’):

Whilst these examples have a time interval of 1 day, this can be changed to 1 week or 1 month to suit your requirements.

Most Policies allow you to filter the rule condition to focus on a specific account (eg. Test Account name), a specific service/asset type (eg. EC2 Compute), a specific Region, or even by a Perspective you’ve created (eg. Environment = Production):

Alternatively, you can create a policy for a specific resource type you may want to focus on, in the following example we’re just looking at EC2 Instances and want to be alerted if the total costs increased by 10% over 1 month, we could then take a number of different actions – email, delete EC2 instance, stop EC2 instance, etc:

CloudHealth vs vRealize Operations

Having used both CloudHealth and vROps, I would say it’s far easier to create reports, policies and alerts within CloudHealth compared to vROps – but I might be a little biased here… =)

The Cost and Usage reports are far better in CloudHealth – the added feature of being able to use filters, categorisations and Perspectives to change the viewpoint of the report visualisation is something that stands us apart from other tools! Not to mention that changing the visualisation occurs instantly, there’s no need to wait for processing to occur to rebuild the graphical data.
Within CloudHealth you also have far greater granularity to customise the policy conditions by using the filter capabilities.

One thing I constantly get asked is whether CloudHealth and vRealize overlap each other and perform the same functions.
They’re actually complementary management solutions as they are two different products providing information for different use cases within an organisation!

vRealize offers operational efficiency and automation and CloudHealth brings collaboration, governance, and optimization. 

  • vRealize focuses on driving efficient operations (i.e., provisioning, troubleshooting, capacity planning, automation) in the private and hybrid clouds. Providing Consistent infrastructure and operations, from the data center to the cloud.
  • CloudHealth focuses on driving improved business outcomes (i.e., governance, optimization, visibility, chargeback) in the public and hybrid clouds. Breaking down public cloud silos and streamline cost, compliance and analytics operations.

It’s also worth noting that the starting point for the journey to multi-cloud can originate in the enterprise data centre or from the public cloud. Whether an enterprise is looking to expand its data centre to public or vice versa.

In the data centre, infrastructure/operation teams require tools for configuration, provisioning, automation, capacity planning and governance for all their data centre assets (ie Day 2 operations). It’s also very Capex-intensive and costs are somewhat stable and predictable. This is the perfect scenario for vRealize.

In the public and multi-cloud world, developers and lines-of-business users provision resources directly themselves. It’s very Opex-intensive and resource usage can be dynamic and unpredictable. The management disciplines needed for cloud-centric, de-centralized IT include ways to govern usage, optimise costs and deal with cloud security threats and vulnerabilities. This is where CloudHealth comes into the fore.

For example, vRealize can be used to help perform capacity planning assessments and ‘What If’ scenario modelling. CloudHealth can be used to model the cost of migrations from private to public cloud.

Anyways, I’ve realised that this has been a super long post so I’m going to end here. I hope it’s been useful reading…. I’m also hoping that I’ll get the chance to blog more often on CloudHealth and its features in the coming year! =)

For now, I hope you all have a Happy New Year! Let’s pray that 2021 will bring back some normality to the world!

VMware on Microsoft Azure….. interesting!

Earlier this week, Microsoft let slip that they were working with Premier VMware partners on a tech preview to deploy a full VMware stack on Azure bare-metal hardware, co-located with other Azure services.

Initially billed as a ‘stepping-stone’ to full Azure Cloud, Microsoft have made known that “sometimes there are specific VMware workloads that can be more challenging to migrate to the cloud” – and so customers may need the option to run these workloads on a VMware stack in Azure (for the time being). What I can’t quite work out yet is what these “workloads” would be… after all, nearly every workload I’ve ever deployed on VMware can be easily re-deployed on Hyper-V!

Microsoft have mentioned that this new VMware stack on Azure will GA in 2018. What they haven’t mentioned is who they’re working with, who will own and support the service and how it would be licensed…. for a start, it’s very interesting that it’s not being developed alongside VMware, and VMware have come out to say they’re not aware of any of their partners collaborating alongside VMware engineering to deliver this service – in fact VMware have stated it’s being developed independent of VMware and is “neither certified nor supported by VMware…. VMware does not recommend and will not support customers running on the Azure announced partner offering.” – which kind of makes you wonder what happens if a customer encounters problems with this Azure service?!? I highly doubt there will be any enterprise customers taking up this un-supported Azure service!!

I’m not sure why Microsoft have stated that “running your VMware stack in the cloud doesn’t address your hybrid requirements”… surely the fact that having a common framework on-prem and off-prem (ie VMware Cloud Foundation) is that “true consistency across your cloud and on-prem environment” that Microsoft say is missing….?!? Whilst it maybe true that Azure can provide a complete hybrid cloud package, let’s face it their Azure Stack offering is pretty limited – only a select few hardware vendors, no ability for customers to use their own hardware and lack of ability to expand/upgrade – plus I’m not aware of many customers jumping on board the Azure Stack on-prem platform! Also, when it comes to networking, Microsoft’s offering lacks the features of what NSX offers to VMware customers!

Should VMware start getting worried about this new announcement…..? On the contrary, they seem to have embraced the idea and even have the audacity to spin this announcement as Microsoft “recognizing the leadership position of VMware’s offering…. as a superior and necessary solution for customers over Hyper-V…..!!” TBH, they’ve never really seen much damage done to their vSphere install base when Microsoft started releasing tools to help people migrate off VMware, so I doubt this new announcement will trouble their new VMware Cloud on AWS offering.

It’s interesting that it was announce alongside the new Azure Migrate service which helps you discover and plan the migration of your on-prem VMware workloads and then execute the migration with Azure Site Recovery (ASR).

In my opinion, it’s all just a bit of hot air coming from Microsoft to try and take some of the plaudits before next weeks AWS re:Invent conference!

 

However, I do hope that Microsoft swallow some pride and reach out to VMware and start a combined engineering/development effort as that will go a long way to what every man and his dog wants to see – VMware Cloud on Azure! Only when Azure comes on board will VMware be able to say they are now a “broker of cloud” as only then will customers be given the option to migrate workloads seamlessly between the 2 biggest players in the public cloud market! (TBH given the relationship VMware has with GCP, I can see VMware Cloud on GCP happening first before Azure – although hardly anyone uses GCP!)

I mean, VMware and Microsoft already partner to offer VMware Horizon Cloud on Azure, surely they can put their differences aside and produce the one thing everyone is asking for!

…. watch this space….. (in eager anticipation!)

VMworld 2017 Europe Wrap Up….

So this blog post has been a bit late coming, mainly due to me coming back from Barcelona with a heavy chest infection and cold… and when you’re sick, you tend to procrastinate alot… =)
Looks like all the excessive late nights, early morning starts, long days, freezing cold breakout rooms (was anyone else cold??) and lack of sleep really took it’s toll on me…. not to mention having to entertain all the customers MTI took out to VMworld this year! Such a hard life I live…. =)

We had a mad 1st day as Monday 11th Sept was Catalonia day and a huge demonstration was planned with demonstrators forming a large X along Carrer de Arago and Passeig de Gracia! The big problem was our hotel was smack bang in the middle of the intersection of the X…. nightmare getting to the hotel, our taxi dropped us off 2km away as there was a huge cordon around the demonstration! What an experience!

It’s a bit strange to be in Barcelona in September when it’s still warm outside… we had some really lovely sunny days…. but to be honest I think the weather was lost on most VMworld attendees as we were all too busy running around the conference centre trying to squeeze in lunch, trips to the solution exchange and all our breakout sessions!

As usual, the layout of the conference centre was annoying…. breakout sessions in hall 8 are miles away from where the solution exchange and VMVillage/Hangspace/HOLs are! I was clocking over 15000 steps a day just walking back and forth between hall 6, 7 and 8! This year they moved Registration over to hall 6 rather than have it by hall 8… totally confusing every VMworld Europe Alumni! =)

I wonder why they don’t use Hall 5 for breakout sessions? I guess maybe it’s because Hall 8 is the only hall that can be split into several rooms??

One thing I did like was the “Expert Bar” where attendees were able to have roundtable sessions with some VMware experts… it was very well laid out, much better than previous years!

This year was the 10th VMworld being held in Europe and we were told during the 1st day general session by Pat Gelsinger that it was the biggest VMworld yet – over 11,000 people attending. This may explain why the conference was laid out as it was…. the solution exchange definitely looked a lot bigger!

Before I go into my wrap up, I have to give a shout out to the new VMTN community programs and especially to Katie Bradley (VMTN Community Manager) and Elsa Mayer, (VMware Blog Program Manager)…. they were kind enough to pass me my VMware vSphere vExpert goodie bag and also explain about the new BlogBeats Program and help me register my blog on the VMTN community! I actually think this is a great initiative for the VMware community, it will also help drive traffic to bloggers who might be a bit on the lazy side (ie…. me!)…. keep up the good work ladies!! =)

It was also nice (if a bit awkward at times) to be recognised as a blogger by a number of attendees as well as vendors within the Solution Exchange… first time that’s happened to me since I started blogging! It’s a shame I was unable to make it to the vExpert party, unfortunately I had too much happening on Tuesday, what with my company sponsoring the Trend Micro Party… Hopefully next year – although maybe there should be more vExpert gatherings organised for UK/London!

20170911_132724.jpg

The Wrap Up

I’m not really going to say much about the General Sessions, mainly because as per usual it was a repeat of the US ones but with a little European twist to it (see my 2 previous blogs on the US General Sessions)…. Pat did mention the dreadful “GDPR” word and that companies can’t just rely on technology to make them GDPR compliant!
GDPR is one beast of a legal mandate…. nearly every customer I’ve spoken to has heard of GDPR but don’t know what it means! I’m not going to pretend I know everything about GDPR… to be honest I typically just refer people to my colleague – Andy Tang – who’s a GDPR Practitioner! =)
Anyways, VMware Radius has a decent article that talks about GDPR and Addressing Data Security Gaps with VMware…. go have a read!

The whole VR demo looked really cool…. imagine being able to manage your VMware datacentre via VR… picking up workloads and throwing them into different hosts or even into the cloud!! Anyways, it looks like Pat was having fun – and to think the hackathon guys built it in a matter of days… impressive!
It’s amazing what some of the community gets up to… like writing API calls to integrate Amazon’s Alexa with vCenter – William Lam and Cody De Arkland have some great blog articles and demos available (Cody even did a recent vBrownBag podcast on it)!

There was a few new announcements though… An improved Cloud Provider Program was announced to help VMware Cloud Provider partners expand their service offerings, enable simplistic workload migration, more efficient operations and improved automation. Of the 3 announcements, VMware HCX looked the most promising…. in summary:

  1. VMware HCX (more about that in a moment)
  2. New VMware Cloud Provider Platform – allowing partners to rapidly deploy and scale up their cloud infrastructure. It’s a complete stack of VMware’s cloud infrastructure products, including certified reference designs. All built around vSphere, vCloud Director and NSX.
  3. VMware Cloud Verified Partner – this is a new ‘trustmark’ which shows that a cloud provider partner has made a significant investment in VMware cloud infrastructure and offers their own ‘value-add’ services that differentiates them from the rest of the crowd. TBH, at the moment only the really big Cloud players have been given this seal of approval from VMware – CenturyLink, Fujitsu, IBM Cloud, OVH and Rackspace. It will be interesting to see whether smaller cloud providers will gain this new trustmark.

VMware HCX looks like a promising piece of tech…. An integrated solution that helps customers to migrate workloads to the cloud – allowing seamless portability of applications and data between different versions of ESXi, whether on premise or between Clouds (as long as they run VMware)!
Customers have been telling VMware that it’s not just about building the infrastructure, but more importantly how  they can gain increased application mobility across multiple clouds. Businesses frequently struggle with the complexity of migrating old workloads, such as old versions of ESXi, to modern environments, be they internal or cloud-based – and this the problem that HCX is going to help solve. It’s like Cross-vCenter vMotion on Steroids, using the network overlay (NSX) to help connect on-premise, old environments to modern environments or to cloud!

At the moment only IBM Cloud and OVH have access to HCX, but I’m sure VMware will end up rolling it out to the rest of their VMware cloud partners!

TBH, I’m still waiting for the announcement of some super-duper CMP solution from VMware that will let me migrate my workloads between AWS, Azure, GCP or my on-prem datacentre… seamlessly…. now that would truly be “Cross-Cloud”…. I guess we’re still a few years away from such a cloud-agnostic solution!

 

The only other announcement was a new version of the vRealize Suite – vRealize Suite 2017. The new version of VMware’s CMP offers a more comprehensive platform to manage hybrid clouds… nothing excitingly new, just some minor updates to speed up deployment and lifecycle management of workloads. vRA gets support for Admiral – VMware’s Container management platform.

 

I’m not going to breakdown all the sessions I attended, as previous years I got a slight slap on the wrist for posting up photos of slides which had “confidential” marked all over them… oops…. Plus so many key sessions are now available for playback on the VMworld website or via the Content Catalog: https://www.vmworld.com/en/europe/video/vmworld-on-demand.html
There’s even a load of videos on the VMworld TV youtube channel:
https://www.youtube.com/user/VMworldTV

 

The other obvious highlight from VMworld was winning the Mobile App Game and getting the opportunity to go backstage to meet and greet the Kaiser Chiefs… =)

It’s funny, but all the people who went back stage due to either winning the VMUG competition or the VMware Inclusion draw were all from the UK… How ironic!

TBH, I’m not a big Kaiser Chiefs fan…. but my colleague Andy was, so I brought him along as my plus one…. surprisingly they’re quite down-to-earth guys!

2.png

I do have to admit that this year’s VMworld party was one of the better ones I’ve been to (on par with 2015s party band – Fearless)… it was far busier and people actually stayed around and watched the performance… and many enjoyed it too!!

20170913_204234.jpg20170913_211544.jpg

 

So to conclude…. it was another great VMworld…. the customers we took out all enjoyed themselves and learnt loads, and whilst the geek inside of me was hoping for more announcements I was satisfied with what I got out of the conference.

There’s a clear message coming out of VMware now, Hybrid Cloud is mainstream… it’s now possible to migrate workloads easily between clouds… containers are how the next generation of applications will be deployed (Cloud Native Apps/PKS)… It seems that the vision VMware started 2 years ago of “Any Device, Any Application, Any Cloud” is finally coming into fruition (albeit limited to just VMware or AWS Cloud at the moment).

Roll on VMworld 2018… with Europe back in Fira Grand Via Barcelona, but this time on the 5th-8th November 2018 (I’m told the date was moved due to a change in VMware’s financial year end). VMworld 2018 US will again be in Las Vegas on the 26th-30th August 2018.

VMworld 2017 US General Session Day 1

If like me, you’re stuck in a sweltering London enjoying the bank holiday and watching the Game of Thrones season 7 finale, you may have forgotten that over in Vegas the city is just getting over the big fight of Mayweather vs McGregor and is now inundated with people looking to attend VMworld 2017 US.

It’s great that VMware live stream their keynotes, as it gives everyone an opportunity to hear first hand what VMworld will be about this year and also what is being announced!

And it’s of no surprise that VMware have continued to strengthen their vision on “Any Device, Any Application, Any Cloud” with the keynote by Pat Gelsinger. Whilst heterogeneous is a great thing that leads to the consumerisation of IT, it plays havoc with IT admins who’s key focus is to contain and secure a company’s data – and it’s worth noting how much emphasis is being placed on security within VMware – NSX is intrinsic to every solution that was mentioned during the keynote!

Vision

The first thing that was covered was how the digital transformation is affecting end users – the goal for any company is to ensure that their employees are well connected, yet the challenge is a complex one when you realise how many different technologies an end user has access to – smartphones, tablets, laptops – even smartwatches and cars now! So how do you deliver an unified workspace securely across multiple technologies?

Simple – Workspace ONE – piecing it all together to give companies a “consumer simple but enterprise secure” solution. Delivered in 3 areas:

  1. Apps and Identity – applications with a consistent feel across multiple devices. Secured by a common identity framework with a simple Single Sign-on experience.
  2. Management and Security – IT in control, delivering consistent management & security. Drastically improving  tasks that were previously costly, time consuming, and resource intensive, whilst still in control of data by combining identity and device management to enforce Data Security and Endpoint Compliance.
  3. Desktop and Mobile – Device Management and Compliance provided by AirWatch Unified Endpoint Management, protecting sensitive data as well as conditional access to how that data can be consumed by end-users.

workspaceone

Next Pat went on to explain that virtualisation has led to end-users deploying a private cloud within their own data centres, yet making such a transition is not an easy step – deployment isn’t straight forward, lifecycle management and day 2 operations isn’t always easy, and trying to secure different technologies of a private cloud is painful!

VMware’s goal is to “make Private Cloud Easy and that’s where Cloud Foundation comes along – a fully integrated SDDC stack that ‘just works’…. simple… agile… secure! version 2.2 was announced and is now GA.

Pat was then joined by Andy Jassy, CEO of AWS, to announce the General Availability of VMware Cloud on AWS. Announced as a tech preview at last years VMworld, it should be noted that it’s currently only available today in the US West Coast region Availability Zone, it will then be rolled out across the East Coast AZ before rolling out to the rest of the AWS global AZs by the end of 2018. So I guess we’re going to expect it in the UK late 2017/early 2018!

VMware Cloud on AWS allows you to seamlessly take a workload running on vSphere in your data centre and migrate it to AWS Public Cloud running a VMware stack – using the same tools (vCenter Server) to manage both your private and your public cloud workloads from a single pane of glass! A consistent feel no matter where your workload resides. What Andy Jassy said was correct – in the past customers hated the fact that if they wanted to consume public cloud, there was no easy way of migrating workloads across without some form of translation occurring. It was also painful and costly to manage as you couldn’t use a single tool to manage both private and public cloud.

VMware’s Cloud Strategy is as follows:

cloud

The first 7 VMware Cloud Services were announced as available for consumption.

VMware Cloud Services

NSX Cloud is an interesting service that addresses networking and security operational challenges inherent with using multiple public clouds. Unfortunately at launch it’s only available on AWS to protect EC2 workloads (ie native AWS workloads – not vSphere workloads which is what VMware Cloud on AWS gives). It differs from on-premise NSX as it is delivered as a service and managed by VMware.

As I previously said, NSX is a key foundation to every solution at VMware currently:

nsx

Security is hugely important… and Pat breaks it down into 3 components:

  1. the need to build it into the infrastructure
  2. the need to integrate with the current security vendor ecosystem
  3. the need to ensure good cyber hygiene and ensure security policies are in place. The 5 pillars of Cyber Hygiene are:
    • Least Privilege
    • Micro-segmentation
    • Encryption
    • Multi-factor authentication
    • Patching

Two years ago, VMware first began talking about the concept of the “Goldilocks Zone” where the hypervisor sits at the ideal location in the network to improve security. During the keynote VMware announced a new product named AppDefense which looks to be the fruition of Project Goldilocks.

AppDefense allows a virtual machine to learn its manifest and understand what is a good and secure process, it’s then able to determine whether the runtime behaviour of a VM or application deviates from its intended state. Finally it’s able to trigger an automated/orchestrated response to remediate or quarantine any detected anomalies.

appdefense

 

Strange that searching the VMworld Europe Content Catalog for AppDefense doesn’t bring up any sessions…. which is a shame as I was hoping to schedule a session after hearing the keynote and reading about it.

Roll on Day 2….