Legal Notice: This document is property of EPAM and may not be disclosed, distributed or reproduced without the prior

written permission of EPAM®.

EPAM Cloud Infrastructure

Orchestrator ver.2.5.154

What’s New

August 2019

CIWN-S150-154

Version 1.0

EPAM Cloud Orchestrator 2.5.154 - What’s New

EPAM SYSTEMS 2

CONTENT

1 Overview ................................................................................................................................................ 3

2 Infrastructure Updates ........................................................................................................................... 4

2.1 Image Library Updates ................................................................................................................... 4

2.2 New Hardware Utilization Facilities ............................................................................................... 5

3 Security Updates ................................................................................................................................... 6

3.1 Qualys Security Scan ..................................................................................................................... 6

3.2 Introducing Secure Endpoints ........................................................................................................ 8

3.3 IAM Users Security Improved ...................................................................................................... 10

3.4 Security Policy Updated ............................................................................................................... 11

4 Cost Optimization ................................................................................................................................ 12

4.1 AWS QuickSight: Detailed Costs Monitoring ............................................................................... 12

4.2 Google Costs: Native View with BigQuery ................................................................................... 13

4.3 All AWS Inastances Purchase Options Available ........................................................................ 14

5 Reporting Updates ............................................................................................................................... 16

6 Maestro CLI Changes .......................................................................................................................... 17

7 Documentation and Knowledge Sharing ............................................................................................. 18

7.1 AWS Webinars by AWS Team .................................................................................................... 18

7.2 Hybrid Cloud Document Reviewed and Rebuilt ........................................................................... 19

7.3 Other Documentation Updates .................................................................................................... 19

Table of Figures........................................................................................................................................... 20

Version history ............................................................................................................................................. 21

EPAM Cloud Orchestrator 2.5.154 - What’s New

EPAM SYSTEMS 3

1 OVERVIEW

EPAM Cloud Orchestration v.2.5.154 was released on August 17, 2019.

The focus of the new release is on introducing new security standards and costs optimization tools.

Infrastructure, reporting, and Maestro CLI were also updated.

Security updates cover a wide range of changes. The new security scan tool, Qualys, is introduced for

constant monitoring over virtual infrastructures in all supported clouds. The company-wide gradual switch

to Symantec Secure Access Cloud (Luminate) resulted into highlighting three endpoints for EPAM

Cloud, each under specific access rules.

We also updated regions access rules for IAM users, making them comply with project settings in

Orchestrator.

EPAM Cloud Security policy was also reviewed and updated to meet the latest security requirements

and needs of the enterprise and our users.

As was mentioned above, Cost Optimization is another significant point in the new release. The major

new feature is introducing AWS QuickSight service which enables effective and detailed monitoring of

account costs. For AWS, we also introduced the possibility to run Spot instances from Cloud UI, thus

completing the toolset for ordering EC2 instances in any of the available purchase options.

The other native tool for costs tracking is Google BigQuery which can now be activated for your project

and enables viewing billing details “as is”.

Another update relates to EPAM Cloud notifications. We introduce a new sender email for billing-related

reports, which enable better filtering and visibility for financial information.

The functionality changes, of course, are reflected in Maestro CLI, where necessary, and in EPAM Cloud

documentation. Refer to the EPAM Cloud website for detailed information on the improvements and

features introduced in Orchestrator version 2.5.154.

EPAM Cloud Orchestrator 2.5.154 - What’s New

EPAM SYSTEMS 4

2 INFRASTRUCTURE UPDATES

The new EPAM Orchestrator traditionally goes with updates in infrastructure.

This time, the set includes the new options in the image library, as well as the extended possibility to register

and track project hardware devices.

2.1 IMAGE LIBRARY UPDATES

With current release we have widened the list of images available in the library and added four new ones.

• Oracle Linux 8 (OracleLinux8_64-bit)

We provide our users with opportunity to work with the first RHEL 8 based distributive - Oracle

Linux 8.

To understand new features and enhancements of this operating system you can use it for testing

and new deploy of applications.

More details about new features of Oracle Linux 8 you can find following this link.

• Debian 10 (Debian10_64-bit)

Second new operating system available in the image library with this release is Debian 10. It will

be supported for the next 5 years.

More details about new features of Debian 10 you can find following this link.

• CentOS 7 64-bit with 4.4 kernel (CentOS7-lt_64-bit)

A CentOS image with long-term supported kernel.

• CentOS 7 64-bit with improved security (CentOS7-se_64-bit)

The latest version of CentOS 7 with EPAM applied security recommendations.

Please also note that EPAM Cloud Orchestrator also provides the latest version of CoreOS Container

Linux operating system which is automatically updated. CoreOS automates software updates to ensure

better security and reliability of machines and containers running in large-scale clusters. More about

choosing right update strategy and default behavior of Container Linux you can find by the link.

The table below gives the full list of the default images and their availability in AWS, Azure, Google Cloud

and private OpenStack regions.

OS Name AWS Azure GCP Private region

Windows

Microsoft Windows Server 2012 R2 Base +

Microsoft Windows Server 2016 Base +

Microsoft Windows 2019 Datacenter edition with Containers

+

Microsoft Windows 2019 Datacenter edition +

Windows Server 2012 R2 Datacenter Edition + +

EPAM Cloud Orchestrator 2.5.154 - What’s New

EPAM SYSTEMS 5

OS Name AWS Azure GCP Private region

Windows Server 2016 Datacenter Edition + +

Windows Server 2019 Core Datacenter Edition + +

Windows Server 2019 Datacenter Edition + +

Windows Server 2012 R2 Standard Edition +

Windows Server 2016 Standard +

Windows Server 2019 Core Standard +

Windows Server 2019 Standard +

Windows 10 64-bit +

Linux

CentOS 6 64-bit + + +

CentOS 7 64-bit with 4.4 kernel (New) +

CentOS 7 64-bit recommended by EPAM security (New)

+

CentOS 7 64-bit + + + +

CoreOS Container Linux 64-bit + + + +

Debian GNU/Linux 8 64-bit +

Debian GNU/Linux 9 64-bit + + + +

Debian GNU/Linux 10 64-bit (New) + +

Oracle Linux 6 64-bit + +

Oracle Linux 7 64-bit + +

Oracle Linux 8 64-bit (New) +

Amazon Linux 2 LTS + +

Linux Ubuntu 16.04 64-bit + + + +

Linux Ubuntu 18.04 64-bit + + + +

2.2 NEW HARDWARE UTILIZATION FACILITIES

With EPAM Cloud Orchestrator v.2.5.154 we introduce the possibility to place, register and bill various

types of hardware devices in EPAM Datacenters. It must be a rack mounted equipment with mounting kit

(not only servers). Such devices will be registered in the new dedicated region – EPAM-HW2.

To find out more about the option and to clarify the possibility of hosting your hardware in a specific DC,

please submit a general support request and provide the details:

• The hardware specification (type and model of the device, list of modules installed in it).

• Space in the rack to be taken by this device (in units).

• Expected power consumption.

EPAM Cloud Orchestrator 2.5.154 - What’s New

EPAM SYSTEMS 6

3 SECURITY UPDATES

EPAM Cloud follows the industry standard shared responsibility model, with additional layer covered by

EPAM Cloud Orchestrator.

The general concept is given on the picture below:

Cloud Platform Provider

COMPUTE DATABASE STORAGE NETWORKING

REGIONS

AVAILABILITY ZONES

EDGE LOCATIONS

EPAM Orchestratorperimeter

OPERATING SYSTEM, NETWORK & FIREWALL CONFIGURATION

IDENTITY AND ACCESS MANAGEMENT

EPAM Cloud users

CUSTOMER DATA

PLATFORM, APPLICATIONS, PERMISSIONS CUSTOMOZATION

NETWORK TRAFFIC ENCRYPTION, SERVER-SIDE ENCRYPTION & DATA INTEGRITY

Figure 1 - Shared responsibility map

Security was one of the main focuses for this release, and we are glad to introduce a set of new tools and

improvements which put security monitoring and user access to the new level.

3.1 QUALYS SECURITY SCAN

Constant monitoring over Cloud resources is one of the key ways to detect vulnerabilities and react properly

before the threat results into real issues and loss for the business.

Previously, within the scope of implementation of security best practices, recommended by EPAM Support

Team, we started gradual degradation of Nessus Security Scanner usage. The next step is coming with

this release: the introduction of Qualys Security Scanner.

Qualys security scanner provides regular checks (each 4 hours) of instances in both private and public

regions, irrespective of the provider.

The scanner is hosted on a server, while each VM gets a client installed in 7 days after creation. In case

the Qualys agent was not installed, or needed earlier than 7 days after VM creation, you can install the

agent in terms of self-service, according to the instructions provided by the Security team.

To get the results of Qualys scan, go to the Management page, select the VM and unfold the Security by

Qualys section, which includes the following:

EPAM Cloud Orchestrator 2.5.154 - What’s New

EPAM SYSTEMS 7

1

3

2

Figure 2 - Security scan by Qualys

1. The general summary of the latest scan.

2. Scan Now button, which initiates scanning details update, if any.

If you use Maestro CLI, you can use or2-security-scheck (or2sc) command to get the same result.

When the operation is initiated, Orchestrator collects the latest check results from Qualys server,

and sends a letter with the details to you.

The information in the VM details on Cloud UI is also updated respectively.

3. Risk Factor section which identifies the detected risk level on the VM. By clicking the link, you can

download the detailed Qualys report.

EPAM Cloud Orchestrator 2.5.154 - What’s New

EPAM SYSTEMS 8

3.2 INTRODUCING SECURE ENDPOINTS

EPAM is improving its Security Posture with a Zero Trust Access Solution called Symantec Secure Access

Cloud (Luminate).

Luminate provides point-to-point connectivity at the application level, cloaking all resources from the end-

user devices and the internet. Luminate’s activity policies prevents unauthorized access to the corporate

resources through implementing continuous and contextual authorization to enterprise applications that

ensure secure access.

Using the Luminate allows the company to:

• cloak corporate resources from the end users and the internet

• ensure only point-to-point application-level access

• provide secure, restricted access to 3rd party users & BYOD access

• continuously enforce contextual authorization based on user and device context

• implement a least-privileged access model, conforming ZTX (Zero Trust Extended) and CARTA

(Continuous Adaptive Risk and Trust Assessment) models

You can find more details about Luminate following the link.

The first step of implementing the enhancements in security policy is an integration of all EPAM internal

services that provide web access to SDP data protection perimeter with Luminate.

In compliance with this approach EPAM Cloud divided application link into three endpoints taking into

consideration the tools purposes and user needs:

• cloud.epam.com – main EPAM Cloud website endpoint. Available for all external and internal

EPAM users. Contains publicly available information related to EPAM Cloud.

Figure 3 - Cloud website

• console.cloud.epam.com - Cloud management endpoint (Cloud UI) under Symantec SDP protection.

Available for EPAM users after authorization on cloud.epam.com.

EPAM Cloud Orchestrator 2.5.154 - What’s New

EPAM SYSTEMS 9

The first login to a Luminate-protected application needs you to enter your corporate

credentials. After that, authorization to any protected application is performed

automatically.

Figure 4 - Cloud UI

• api.cloud.epam.com - Programmatic access endpoint. Used for API and CLI access to the Cloud. Can be

accessed only from EPAM network.

Figure 5 - Cloud API

More information about EPAM implementation of the Symantec Secure Access Cloud (Luminate) Software

Defined Perimeter (SDP) architecture and answers for the frequently asked questions you can find by the

link.

EPAM Cloud Orchestrator 2.5.154 - What’s New

EPAM SYSTEMS 10

3.3 IAM USERS SECURITY IMPROVED

Permissions and access integrity is an important brick in the security wall, guarding virtual infrastructures.

This question becomes especially important when it comes to securing projects that host their resources in

a hybrid cloud environment.

Thus, starting from September 1, the IAM users access to public cloud regions is aligned with the

project activation status.

Initially, any project activated in AWS, Azure, or Google has access to specific regions within these clouds.

Users typically need to specify in which exact regions their project should be activated, and the project team

can access only these regions via EPAM Orchestrator.

Same with role-based access to native consoles of public cloud providers: when logging in using the

Console wizard on Cloud Dashboard, you not only get permissions level depending on your project role

but can also see only the regions active for your project in the specific cloud.

This rule is now also applied to existing and new IAM users, who had the possibility to manage resources

in the regions, not enabled for their projects in EPAM Cloud.

If you have resources or services in public cloud regions that are not activated in EPAM Cloud, the

access to these regions and resources in them will be locked on September 1 (still, the existing

resources or services will not be affected).

To omit or fix this situation, please make sure that your project is activated in all regions you actually work

with.

This can be done in the following steps:

1. Compare the regions for which your project is billed to the regions in which it is activated

in Cloud.

To do it, go to the Reporting page and compare the regions mentioned in the project report to the

regions displayed in the project tree:

+

+

-

Figure 6 - Comparing used and activated regions

2. If the report includes the regions that are not displayed in the Project Tree, activate the project in

the missing regions in EPAM Orchestrator.

The members of the Advanced Management Group (Project Manager, Project Coordinator,

Delivery Manager, or Account Manager) can do it in terms of self-service by using the Activate

Region option of the Manage Cloud wizard on the Dashboard, as described in this instruction.

EPAM Cloud Orchestrator 2.5.154 - What’s New

EPAM SYSTEMS 11

In case you do not belong to the Advanced Management Group, you can submit a support request

for project activation in the necessary regions. The request will need approval from the Project

Manager or Coordinator.

We recommend performing the review in the nearest time, to make sure that the access changes that will

be introduced on September 1, will not affect your projects performance.

3.4 SECURITY POLICY UPDATED

Applying new tools and approaches needs not only documenting but also the review of

the existing agreements and regulations.

Considering the latest changes in EPAM Cloud security, we reviewed and updated one

of the main regulatory documents of the service – EPAM Cloud Security Policy.

The main changes introduced to the document are:

Section Changes

3.1 Main Points Shared responsibility model is described

3.2.1 General Points General information on Luminate and two endpoints for Cloud website

added

3.2.2 Permissions Delegating account configuration for Project Managers and Project

Coordinators is described

3.2.3 Access to VMs Updated the information on Linux user names and SSH keys usage

3.2.6 Providing Access to

External Users

Specified that external users have no access to native management

consoles of public cloud providers by default

3.6 Using External Cloud

Providers

Updated the information about Nessus scanner usage

Added information about Qualys scanner usage

3.7.1 Security Checks Updated the information about Nessus security checks

Added information about Qualys scanner security checks

3.8 Cloud Emails and

Notifications

Added information about Advanced Management Group emails

delegation possibilities

Do not hesitate to review the document and see the details for all changes!

EPAM Cloud Orchestrator 2.5.154 - What’s New

EPAM SYSTEMS 12

4 COST OPTIMIZATION

The other important directions EPAM Orchestrator evolved in this release is cost optimization.

Now, EPAM Cloud users can access raw billing data for AWS and Google Cloud Platform, and purchasing

AWS instances under different options is now available via Orchestrator.

4.1 AWS QUICKSIGHT: DETAILED COSTS MONITORING

The massive transformation of AWS billing processing started with the previous EPAM orchestrator update,

when we followed the recommended best practices and integrated the new Cost and Usage Reports and

started processing them with AWS Athena.

Introducing Athena, in its turn, allowed us to implement another important integration.

Thus, we are glad to announce that AWS QuickSight service is now available for account managers who

are responsible for one or multiple accounts in AWS.

The service allows deep-dive access to billing data of your accounts. EPAM Cloud Support team has

prepared a standard dashboard that will allow you to quickly find answers to the most important and

frequently arising questions.

Figure 7 – Reserved Instances Rate on QuickSight

The service is activated by request to the Cloud Support Team, and does not imply any additional costs for

your accounts.

To make the solution work even more effectively, in September, AWS Enterprise support team will deliver

a webinar, focused on the QuickSight service usage and capabilities. Keep track of the announcements!

EPAM Cloud Orchestrator 2.5.154 - What’s New

EPAM SYSTEMS 13

4.2 GOOGLE COSTS: NATIVE VIEW WITH BIGQUERY

EPAM Orchestrator v.2.5.154 provides users, having their projects in Google Cloud, with the possibility to

monitor and analyze their billing information directly from Google.

Billing information can be gathered and stored in the BigQuery service. Upon sending a request via the

SQL queries, you can obtain and analyze necessary data using your own tools and approaches. But unlike

standard EPAM Cloud Reporting feature that produces already processed and standardized detailed

reporting, BigQuery allows access to raw data in the Google native format and you can use this info

according to your needs.

Collecting a project’s GCP billing info in Google BigQuery is enabled by a Support Request to EPAM Cloud

team.

After the request is processed, the users with AdminAccess role can access the collected data on the

Google Cloud Platform console, by logging in with the Console button on the Cloud Dashboard.

Figure 8 - Viewing BigQuery data

Billing information is collected in tables. Each table displays billing information for a month, starting with the

month when the BigQuery service was activated.

The BigQuery service is paid and billed according to standard Google Policy. To find out about

BigQuery pricing go to Google Cloud Provider website.

More details on how to use BigQuery you can find in the native Google Documentation.

EPAM Cloud Orchestrator 2.5.154 - What’s New

EPAM SYSTEMS 14

4.3 ALL AWS INASTANCES PURCHASE OPTIONS AVAI

EPAM Cloud Orchestrator 2.5.154 - What’s New

EPAM SYSTEMS 15

• Spot Instances can provide up to a 90% discount compared to On-Demand purchasing option. Spot

Instances can be used for different stateless, fault-tolerant, or flexible applications.

To run spot instances via the Run wizard on the Cloud Dashboard, select an AWS region on the first

step, and Request spot instance on the second:

Figure 11 - Running Spot instances

After that, specify spot details, review the selection and approve instance creation.

Once you use Maestro CLI, just add the –spot flag to or2run instance call. You can also specify the

–max-price parameter to select the maximum price for your instance:

or2run –p project –r AWS-Region –s shape –i image –c count --spot

--max-price price

• Reserved Instances provide a significant discount (up to 75%) compared to On-Demand pricing and

enables a capacity reservation when used in a specific Availability Zone. You have the flexibility to

change families, OS types, and tenancies while benefitting from Reserved Instance pricing when you

use Convertible Reserved Instances.

Any member of the project can submit correspondent request at EPAM Service

Desk and provide the details but the approve from Account Manager’s side is

mandatory.

More details about AWS Reserved Instance types, prices and operation you

can find on the the AWS Reserved reference page.

The project can buy AWS Reserved Instances only if the following conditions are met:

• The project’s infrastructure cost is billed to the external client.

• The reservation period is not larger than 1 year.

• The Reserved Instances are 100% prepaid.

• The latest generation of the instance type family is used.

In case the specified Reserved Instances pre-payment rules are violated, the project can get additional

billing items during the whole reservation period. These items can include the costs related to the

Reserved Instances and 15% processing fee.

In case Reserved Instance monthly utilization is too low to ensure the planned savings, the Cloud

support team is eligible to share the benefits of the underused Reserved instances across EPAM AWS

Organization tree. All the costs related to the underutilized Reserved Instance will still be assigned to

the project that owns the Reserved Instance.

EPAM Cloud Orchestrator 2.5.154 - What’s New

EPAM SYSTEMS 16

In case a project is closed before the reservation of its Reserved Instance is over, all the unpaid monthly

Reserved Instance costs are summed and added to project bill before the closure.

5 REPORTING UPDATES

Reporting is a very important part of EPAM Orchestrator, as it allows you to be proactively informed on the

most important events in the infrastructure and billing updates.

A special place in the reporting system is taken by reports related to billing. Any information related to

project costs is vital, as it influences project budget planning, and allows project manages to keep abreast

of project expenses, having a clear understanding of whether the project plays well into the project scope

and making strategic decisions based on this information.

With this release, we start to send billing-related notifications from the new email address:

Auto_Cloud_Orchestrator_Billing@epam.com instead of Auto_Cloud_Orchestrator@epam.com.

In this way we ensure that such important notifications will be transparently tracked and easily found in your

email system. Due to this improvement you can set up alerts and filtering to effectively detect the important

system notifications in order to easily highlight them among other letters sent by EPAM Orchestrator.

The following notifications are included in this mailout:

Report name Description

Quota Alert notifies when the project quota exceeds.

Quota Update notifies about the project quota update.

Daily Threshold Exceeded

Alert

notifies when daily expenses in any region exceed the limit of 300

USD.

Report for project contains the finalized Cloud chargeback for user’s project.

Reports for account projects

– (Summary Report for

Account Managers)

sent at the end of each billing month and contains the finalized Cloud

chargeback for all projects in the user’s account.

Summary report contains the information on billing costs and resource usage within a

month.

Project Sponsor Summary provides the billing statistics for billable and non-billable projects at

which the recipients are assigned as Project Sponsor.

Unit Report

(Business Unit Report for

Head of Global Operations)

shows the most expensive (by infrastructure cost) projects in user’s

portfolio within a month.

Monthly Analytic

Optimization report

sent at the end of each billing month and provides analytics as well

as recommendations for project costs optimization.

Please be kindly reminded that in one of our previous releases we introduced the Email Delegation feature.

With the help of delegation functionality you can select your trusted contacts who should receive an

important project-related notifications on their email addresses.

EPAM Cloud Orchestrator 2.5.154 - What’s New

EPAM SYSTEMS 17

6 MAESTRO CLI CHANGES

The changes in EPAM Cloud functionality are traditionally reflected in updates in Maestro CLI.

The following commands were updated in the new release:

• or2-security-check (or2sc) command can now be used to initiate Qualys security scan. To select

between Nessus or Qualys security scanners, use respective --nessus or --qualys flags.

• or2-run-instances (or2run) command now allows to run AWS Spot Instances without specifying

the –max-price parameter. If the parameter is not specified, the on-demand instance price is used

as the default value.

You can find the detailed information on Maestro CLI usage and commands references in Maestro CLI

User Guide.

Please also note that starting with this release Maestro CLI can be launched with Git Bash shell (MinGW).

EPAM Cloud Orchestrator 2.5.154 - What’s New

EPAM SYSTEMS 18

7 DOCUMENTATION AND KNOWLEDGE SHARING

The current production update is accompanied by a wide range of documentation and knowledge base

updates.

This includes two large webinars delivered by AWS team within the enterprise support scope, as well as

reviewed Hybrid Cloud guide and other documentation improvements

7.1 AWS WEBINARS BY AWS TEAM

Back in May, EPAM Cloud Consulting team has widely assisted in organizing

a series of two face-to-face lectures in cooperation with Amazon Team in

Minsk. The lectures were delivered in Russian by our special guest, Roman

Boiko, a Solution Architect from the AWS team.

These lectures sparked interest among Product Owners, Project Managers,

Engineers, Developers, DevOps as they deepen knowledge in containers and serverless architecture for

deploying microservices as well as DevOps best practices in AWS.

We are glad to announce that in August Roman Boiko will deliver two lectures in English and EPAMers all

over the world can join the event.

You could register and join the events:

• Containers against Serverless. What is better, and when?

Microservices are a great way to segment your application into well-defined, self-contained units

of functionality. In this talk, we will discuss two common architectures for deploying microservices:

containers and serverless. We will compare the architectures and share best practices on how to

choose the approach that best suits you.

When: August 15, 2019, 14:00-15:30 UTC

Details

• DevOps AWS Approaches. How we use them to develop our services

Learn how Amazon enables its developers to rapidly release and iterate software while maintaining

industry-leading standards on security, reliability, and performance. In this talk, we will discuss the

culture of two-pizza teams and how to maintain a DevOps culture in a large enterprise

When: August 22, 2019, 14:00-15:30 UTC

Details

Once these lectures are conducted, we will make a record of the trainings. They will be available on EPAM

Cloud video portal, so you can study the lectures at your pace.

EPAM Cloud Orchestrator 2.5.154 - What’s New

EPAM SYSTEMS 19

7.2 HYBRID CLOUD DOCUMENT REVIEWED AND REBUILT

Hybridization in EPAM Cloud is constantly developing. With each release, we introduce new features

deepening the integration with supported public cloud providers. We tend to make integration with public

cloud providers as unified as possible and carry out unification of tools used by EPAM Cloud users.

All updates and new features are naturally reflected in our documentation. Having faced with so many

updates, we came to the conclusion that existing Hybrid Cloud Guide had to be reviewed, restructured and

updated according to the latest changes.

The new version is focused on the unified way of managing virtual infrastructures in a hybrid environment.

Still, as we work with different cloud providers, we highlighted the specifics of integration with each of them,

if this or that point differs from the standard approaches.

The main changes introduced to the new version of the Hybrid Cloud Guide are:

• A general public cloud usage roadmap replaced provider-specific roadmaps that we used before.

• Cloud coverage and aliases descriptions were reviewed and improved.

• Cloud infrastructure management process instructions were focused on using Cloud UI (with hints

on Maestro CLI usage where applicable).

• The instructions and access rules for using native tools of public cloud providers were reviewed

and updated.

• The security section was reviewed, unified and brought into accordance with the latest changes in

EPAM Cloud Security Policy.

This is the first release of the updated Hybrid Cloud Guide. We will continue reviewing and updating it t

according to upcoming changes. Meanwhile, if you have any comments or suggestions related to the

document, please feel free to address them to EPAM Cloud Consulting team.

7.3 OTHER DOCUMENTATION UPDATES

All changes and updates to the EPAM Orchestrator functionality are reflected in the documentation and

other EPAM Cloud resources. With the release of EPAM Orchestrator 2.5.154, the following documentation

updates were made:

• EPAM Cloud Security Policy was reviewed and updated to meet the latest improvements in

EPAM Cloud and corporate security approaches.

• EPAM Cloud Orchestrator: Hybrid Cloud Guide was reviewed and restructured to reflect latest

advances in unification and Cloud UI tools improvements.

• EPAM Cloud Orchestrator: Quick Reference Card was updated upon changes in the Maestro CLI

• EPAM Cloud Orchestrator: Maestro CLI User Guide was updated upon changes in the Maestro

CLI

• EPAM Cloud Orchestrator: Account Management Guide – information about reporting and raw

billing data compilation from AWS and Google added.

EPAM Cloud Orchestrator 2.5.154 - What’s New

EPAM SYSTEMS 20

TABLE OF FIGURES

Figure 1 - Shared responsibility map ............................................................................................................ 6

Figure 2 - Security scan by Qualys ............................................................................................................... 7

Figure 3 - Cloud website ............................................................................................................................... 8

Figure 4 - Cloud UI ........................................................................................................................................ 9

Figure 5 - Cloud API ...................................................................................................................................... 9

Figure 6 - Comparing used and activated regions ...................................................................................... 10

Figure 7 - Top 10 AWS Accounts on QuickSight ........................................................................................ 12

Figure 8 - Requesting BigQuery data .......................................................................................................... 13

Figure 9 - AWS instance specifics by purchase option ............................................................................... 14

Figure 10 - Running On-Demand instances ................................................................................................ 14

Figure 11 - Running Spot instances ............................................................................................................ 15

EPAM Cloud Orchestrator 2.5.154 - What’s New

EPAM SYSTEMS 21

VERSION HISTORY

Version Date Summary

1.0 August 17, 2019 First published