EPAM Cloud Infrastructure Orchestrator ver.2.5 · EPAM Cloud Orchestration v.2.5.154 was released...
Transcript of EPAM Cloud Infrastructure Orchestrator ver.2.5 · EPAM Cloud Orchestration v.2.5.154 was released...
Legal Notice: This document is property of EPAM and may not be disclosed, distributed or reproduced without the prior
written permission of EPAM®.
EPAM Cloud Infrastructure
Orchestrator ver.2.5.154
What’s New
August 2019
CIWN-S150-154
Version 1.0
EPAM Cloud Orchestrator 2.5.154 - What’s New
EPAM SYSTEMS 2
CONTENT
1 Overview ................................................................................................................................................ 3
2 Infrastructure Updates ........................................................................................................................... 4
2.1 Image Library Updates ................................................................................................................... 4
2.2 New Hardware Utilization Facilities ............................................................................................... 5
3 Security Updates ................................................................................................................................... 6
3.1 Qualys Security Scan ..................................................................................................................... 6
3.2 Introducing Secure Endpoints ........................................................................................................ 8
3.3 IAM Users Security Improved ...................................................................................................... 10
3.4 Security Policy Updated ............................................................................................................... 11
4 Cost Optimization ................................................................................................................................ 12
4.1 AWS QuickSight: Detailed Costs Monitoring ............................................................................... 12
4.2 Google Costs: Native View with BigQuery ................................................................................... 13
4.3 All AWS Inastances Purchase Options Available ........................................................................ 14
5 Reporting Updates ............................................................................................................................... 16
6 Maestro CLI Changes .......................................................................................................................... 17
7 Documentation and Knowledge Sharing ............................................................................................. 18
7.1 AWS Webinars by AWS Team .................................................................................................... 18
7.2 Hybrid Cloud Document Reviewed and Rebuilt ........................................................................... 19
7.3 Other Documentation Updates .................................................................................................... 19
Table of Figures........................................................................................................................................... 20
Version history ............................................................................................................................................. 21
EPAM Cloud Orchestrator 2.5.154 - What’s New
EPAM SYSTEMS 3
1 OVERVIEW
EPAM Cloud Orchestration v.2.5.154 was released on August 17, 2019.
The focus of the new release is on introducing new security standards and costs optimization tools.
Infrastructure, reporting, and Maestro CLI were also updated.
Security updates cover a wide range of changes. The new security scan tool, Qualys, is introduced for
constant monitoring over virtual infrastructures in all supported clouds. The company-wide gradual switch
to Symantec Secure Access Cloud (Luminate) resulted into highlighting three endpoints for EPAM
Cloud, each under specific access rules.
We also updated regions access rules for IAM users, making them comply with project settings in
Orchestrator.
EPAM Cloud Security policy was also reviewed and updated to meet the latest security requirements
and needs of the enterprise and our users.
As was mentioned above, Cost Optimization is another significant point in the new release. The major
new feature is introducing AWS QuickSight service which enables effective and detailed monitoring of
account costs. For AWS, we also introduced the possibility to run Spot instances from Cloud UI, thus
completing the toolset for ordering EC2 instances in any of the available purchase options.
The other native tool for costs tracking is Google BigQuery which can now be activated for your project
and enables viewing billing details “as is”.
Another update relates to EPAM Cloud notifications. We introduce a new sender email for billing-related
reports, which enable better filtering and visibility for financial information.
The functionality changes, of course, are reflected in Maestro CLI, where necessary, and in EPAM Cloud
documentation. Refer to the EPAM Cloud website for detailed information on the improvements and
features introduced in Orchestrator version 2.5.154.
EPAM Cloud Orchestrator 2.5.154 - What’s New
EPAM SYSTEMS 4
2 INFRASTRUCTURE UPDATES
The new EPAM Orchestrator traditionally goes with updates in infrastructure.
This time, the set includes the new options in the image library, as well as the extended possibility to register
and track project hardware devices.
2.1 IMAGE LIBRARY UPDATES
With current release we have widened the list of images available in the library and added four new ones.
• Oracle Linux 8 (OracleLinux8_64-bit)
We provide our users with opportunity to work with the first RHEL 8 based distributive - Oracle
Linux 8.
To understand new features and enhancements of this operating system you can use it for testing
and new deploy of applications.
More details about new features of Oracle Linux 8 you can find following this link.
• Debian 10 (Debian10_64-bit)
Second new operating system available in the image library with this release is Debian 10. It will
be supported for the next 5 years.
More details about new features of Debian 10 you can find following this link.
• CentOS 7 64-bit with 4.4 kernel (CentOS7-lt_64-bit)
A CentOS image with long-term supported kernel.
• CentOS 7 64-bit with improved security (CentOS7-se_64-bit)
The latest version of CentOS 7 with EPAM applied security recommendations.
Please also note that EPAM Cloud Orchestrator also provides the latest version of CoreOS Container
Linux operating system which is automatically updated. CoreOS automates software updates to ensure
better security and reliability of machines and containers running in large-scale clusters. More about
choosing right update strategy and default behavior of Container Linux you can find by the link.
The table below gives the full list of the default images and their availability in AWS, Azure, Google Cloud
and private OpenStack regions.
OS Name AWS Azure GCP Private region
Windows
Microsoft Windows Server 2012 R2 Base +
Microsoft Windows Server 2016 Base +
Microsoft Windows 2019 Datacenter edition with Containers
+
Microsoft Windows 2019 Datacenter edition +
Windows Server 2012 R2 Datacenter Edition + +
EPAM Cloud Orchestrator 2.5.154 - What’s New
EPAM SYSTEMS 5
OS Name AWS Azure GCP Private region
Windows Server 2016 Datacenter Edition + +
Windows Server 2019 Core Datacenter Edition + +
Windows Server 2019 Datacenter Edition + +
Windows Server 2012 R2 Standard Edition +
Windows Server 2016 Standard +
Windows Server 2019 Core Standard +
Windows Server 2019 Standard +
Windows 10 64-bit +
Linux
CentOS 6 64-bit + + +
CentOS 7 64-bit with 4.4 kernel (New) +
CentOS 7 64-bit recommended by EPAM security (New)
+
CentOS 7 64-bit + + + +
CoreOS Container Linux 64-bit + + + +
Debian GNU/Linux 8 64-bit +
Debian GNU/Linux 9 64-bit + + + +
Debian GNU/Linux 10 64-bit (New) + +
Oracle Linux 6 64-bit + +
Oracle Linux 7 64-bit + +
Oracle Linux 8 64-bit (New) +
Amazon Linux 2 LTS + +
Linux Ubuntu 16.04 64-bit + + + +
Linux Ubuntu 18.04 64-bit + + + +
2.2 NEW HARDWARE UTILIZATION FACILITIES
With EPAM Cloud Orchestrator v.2.5.154 we introduce the possibility to place, register and bill various
types of hardware devices in EPAM Datacenters. It must be a rack mounted equipment with mounting kit
(not only servers). Such devices will be registered in the new dedicated region – EPAM-HW2.
To find out more about the option and to clarify the possibility of hosting your hardware in a specific DC,
please submit a general support request and provide the details:
• The hardware specification (type and model of the device, list of modules installed in it).
• Space in the rack to be taken by this device (in units).
• Expected power consumption.
EPAM Cloud Orchestrator 2.5.154 - What’s New
EPAM SYSTEMS 6
3 SECURITY UPDATES
EPAM Cloud follows the industry standard shared responsibility model, with additional layer covered by
EPAM Cloud Orchestrator.
The general concept is given on the picture below:
Cloud Platform Provider
COMPUTE DATABASE STORAGE NETWORKING
REGIONS
AVAILABILITY ZONES
EDGE LOCATIONS
EPAM Orchestratorperimeter
OPERATING SYSTEM, NETWORK & FIREWALL CONFIGURATION
IDENTITY AND ACCESS MANAGEMENT
EPAM Cloud users
CUSTOMER DATA
PLATFORM, APPLICATIONS, PERMISSIONS CUSTOMOZATION
NETWORK TRAFFIC ENCRYPTION, SERVER-SIDE ENCRYPTION & DATA INTEGRITY
Figure 1 - Shared responsibility map
Security was one of the main focuses for this release, and we are glad to introduce a set of new tools and
improvements which put security monitoring and user access to the new level.
3.1 QUALYS SECURITY SCAN
Constant monitoring over Cloud resources is one of the key ways to detect vulnerabilities and react properly
before the threat results into real issues and loss for the business.
Previously, within the scope of implementation of security best practices, recommended by EPAM Support
Team, we started gradual degradation of Nessus Security Scanner usage. The next step is coming with
this release: the introduction of Qualys Security Scanner.
Qualys security scanner provides regular checks (each 4 hours) of instances in both private and public
regions, irrespective of the provider.
The scanner is hosted on a server, while each VM gets a client installed in 7 days after creation. In case
the Qualys agent was not installed, or needed earlier than 7 days after VM creation, you can install the
agent in terms of self-service, according to the instructions provided by the Security team.
To get the results of Qualys scan, go to the Management page, select the VM and unfold the Security by
Qualys section, which includes the following:
EPAM Cloud Orchestrator 2.5.154 - What’s New
EPAM SYSTEMS 7
1
3
2
Figure 2 - Security scan by Qualys
1. The general summary of the latest scan.
2. Scan Now button, which initiates scanning details update, if any.
If you use Maestro CLI, you can use or2-security-scheck (or2sc) command to get the same result.
When the operation is initiated, Orchestrator collects the latest check results from Qualys server,
and sends a letter with the details to you.
The information in the VM details on Cloud UI is also updated respectively.
3. Risk Factor section which identifies the detected risk level on the VM. By clicking the link, you can
download the detailed Qualys report.
EPAM Cloud Orchestrator 2.5.154 - What’s New
EPAM SYSTEMS 8
3.2 INTRODUCING SECURE ENDPOINTS
EPAM is improving its Security Posture with a Zero Trust Access Solution called Symantec Secure Access
Cloud (Luminate).
Luminate provides point-to-point connectivity at the application level, cloaking all resources from the end-
user devices and the internet. Luminate’s activity policies prevents unauthorized access to the corporate
resources through implementing continuous and contextual authorization to enterprise applications that
ensure secure access.
Using the Luminate allows the company to:
• cloak corporate resources from the end users and the internet
• ensure only point-to-point application-level access
• provide secure, restricted access to 3rd party users & BYOD access
• continuously enforce contextual authorization based on user and device context
• implement a least-privileged access model, conforming ZTX (Zero Trust Extended) and CARTA
(Continuous Adaptive Risk and Trust Assessment) models
You can find more details about Luminate following the link.
The first step of implementing the enhancements in security policy is an integration of all EPAM internal
services that provide web access to SDP data protection perimeter with Luminate.
In compliance with this approach EPAM Cloud divided application link into three endpoints taking into
consideration the tools purposes and user needs:
• cloud.epam.com – main EPAM Cloud website endpoint. Available for all external and internal
EPAM users. Contains publicly available information related to EPAM Cloud.
Figure 3 - Cloud website
• console.cloud.epam.com - Cloud management endpoint (Cloud UI) under Symantec SDP protection.
Available for EPAM users after authorization on cloud.epam.com.
EPAM Cloud Orchestrator 2.5.154 - What’s New
EPAM SYSTEMS 9
The first login to a Luminate-protected application needs you to enter your corporate
credentials. After that, authorization to any protected application is performed
automatically.
Figure 4 - Cloud UI
• api.cloud.epam.com - Programmatic access endpoint. Used for API and CLI access to the Cloud. Can be
accessed only from EPAM network.
Figure 5 - Cloud API
More information about EPAM implementation of the Symantec Secure Access Cloud (Luminate) Software
Defined Perimeter (SDP) architecture and answers for the frequently asked questions you can find by the
link.
EPAM Cloud Orchestrator 2.5.154 - What’s New
EPAM SYSTEMS 10
3.3 IAM USERS SECURITY IMPROVED
Permissions and access integrity is an important brick in the security wall, guarding virtual infrastructures.
This question becomes especially important when it comes to securing projects that host their resources in
a hybrid cloud environment.
Thus, starting from September 1, the IAM users access to public cloud regions is aligned with the
project activation status.
Initially, any project activated in AWS, Azure, or Google has access to specific regions within these clouds.
Users typically need to specify in which exact regions their project should be activated, and the project team
can access only these regions via EPAM Orchestrator.
Same with role-based access to native consoles of public cloud providers: when logging in using the
Console wizard on Cloud Dashboard, you not only get permissions level depending on your project role
but can also see only the regions active for your project in the specific cloud.
This rule is now also applied to existing and new IAM users, who had the possibility to manage resources
in the regions, not enabled for their projects in EPAM Cloud.
If you have resources or services in public cloud regions that are not activated in EPAM Cloud, the
access to these regions and resources in them will be locked on September 1 (still, the existing
resources or services will not be affected).
To omit or fix this situation, please make sure that your project is activated in all regions you actually work
with.
This can be done in the following steps:
1. Compare the regions for which your project is billed to the regions in which it is activated
in Cloud.
To do it, go to the Reporting page and compare the regions mentioned in the project report to the
regions displayed in the project tree:
+
+
-
Figure 6 - Comparing used and activated regions
2. If the report includes the regions that are not displayed in the Project Tree, activate the project in
the missing regions in EPAM Orchestrator.
The members of the Advanced Management Group (Project Manager, Project Coordinator,
Delivery Manager, or Account Manager) can do it in terms of self-service by using the Activate
Region option of the Manage Cloud wizard on the Dashboard, as described in this instruction.
EPAM Cloud Orchestrator 2.5.154 - What’s New
EPAM SYSTEMS 11
In case you do not belong to the Advanced Management Group, you can submit a support request
for project activation in the necessary regions. The request will need approval from the Project
Manager or Coordinator.
We recommend performing the review in the nearest time, to make sure that the access changes that will
be introduced on September 1, will not affect your projects performance.
3.4 SECURITY POLICY UPDATED
Applying new tools and approaches needs not only documenting but also the review of
the existing agreements and regulations.
Considering the latest changes in EPAM Cloud security, we reviewed and updated one
of the main regulatory documents of the service – EPAM Cloud Security Policy.
The main changes introduced to the document are:
Section Changes
3.1 Main Points Shared responsibility model is described
3.2.1 General Points General information on Luminate and two endpoints for Cloud website
added
3.2.2 Permissions Delegating account configuration for Project Managers and Project
Coordinators is described
3.2.3 Access to VMs Updated the information on Linux user names and SSH keys usage
3.2.6 Providing Access to
External Users
Specified that external users have no access to native management
consoles of public cloud providers by default
3.6 Using External Cloud
Providers
Updated the information about Nessus scanner usage
Added information about Qualys scanner usage
3.7.1 Security Checks Updated the information about Nessus security checks
Added information about Qualys scanner security checks
3.8 Cloud Emails and
Notifications
Added information about Advanced Management Group emails
delegation possibilities
Do not hesitate to review the document and see the details for all changes!
EPAM Cloud Orchestrator 2.5.154 - What’s New
EPAM SYSTEMS 12
4 COST OPTIMIZATION
The other important directions EPAM Orchestrator evolved in this release is cost optimization.
Now, EPAM Cloud users can access raw billing data for AWS and Google Cloud Platform, and purchasing
AWS instances under different options is now available via Orchestrator.
4.1 AWS QUICKSIGHT: DETAILED COSTS MONITORING
The massive transformation of AWS billing processing started with the previous EPAM orchestrator update,
when we followed the recommended best practices and integrated the new Cost and Usage Reports and
started processing them with AWS Athena.
Introducing Athena, in its turn, allowed us to implement another important integration.
Thus, we are glad to announce that AWS QuickSight service is now available for account managers who
are responsible for one or multiple accounts in AWS.
The service allows deep-dive access to billing data of your accounts. EPAM Cloud Support team has
prepared a standard dashboard that will allow you to quickly find answers to the most important and
frequently arising questions.
Figure 7 – Reserved Instances Rate on QuickSight
The service is activated by request to the Cloud Support Team, and does not imply any additional costs for
your accounts.
To make the solution work even more effectively, in September, AWS Enterprise support team will deliver
a webinar, focused on the QuickSight service usage and capabilities. Keep track of the announcements!
EPAM Cloud Orchestrator 2.5.154 - What’s New
EPAM SYSTEMS 13
4.2 GOOGLE COSTS: NATIVE VIEW WITH BIGQUERY
EPAM Orchestrator v.2.5.154 provides users, having their projects in Google Cloud, with the possibility to
monitor and analyze their billing information directly from Google.
Billing information can be gathered and stored in the BigQuery service. Upon sending a request via the
SQL queries, you can obtain and analyze necessary data using your own tools and approaches. But unlike
standard EPAM Cloud Reporting feature that produces already processed and standardized detailed
reporting, BigQuery allows access to raw data in the Google native format and you can use this info
according to your needs.
Collecting a project’s GCP billing info in Google BigQuery is enabled by a Support Request to EPAM Cloud
team.
After the request is processed, the users with AdminAccess role can access the collected data on the
Google Cloud Platform console, by logging in with the Console button on the Cloud Dashboard.
Figure 8 - Viewing BigQuery data
Billing information is collected in tables. Each table displays billing information for a month, starting with the
month when the BigQuery service was activated.
The BigQuery service is paid and billed according to standard Google Policy. To find out about
BigQuery pricing go to Google Cloud Provider website.
More details on how to use BigQuery you can find in the native Google Documentation.
EPAM Cloud Orchestrator 2.5.154 - What’s New
EPAM SYSTEMS 14
4.3 ALL AWS INASTANCES PURCHASE OPTIONS AVAI
EPAM Cloud Orchestrator 2.5.154 - What’s New
EPAM SYSTEMS 15
• Spot Instances can provide up to a 90% discount compared to On-Demand purchasing option. Spot
Instances can be used for different stateless, fault-tolerant, or flexible applications.
To run spot instances via the Run wizard on the Cloud Dashboard, select an AWS region on the first
step, and Request spot instance on the second:
Figure 11 - Running Spot instances
After that, specify spot details, review the selection and approve instance creation.
Once you use Maestro CLI, just add the –spot flag to or2run instance call. You can also specify the
–max-price parameter to select the maximum price for your instance:
or2run –p project –r AWS-Region –s shape –i image –c count --spot
--max-price price
• Reserved Instances provide a significant discount (up to 75%) compared to On-Demand pricing and
enables a capacity reservation when used in a specific Availability Zone. You have the flexibility to
change families, OS types, and tenancies while benefitting from Reserved Instance pricing when you
use Convertible Reserved Instances.
Any member of the project can submit correspondent request at EPAM Service
Desk and provide the details but the approve from Account Manager’s side is
mandatory.
More details about AWS Reserved Instance types, prices and operation you
can find on the the AWS Reserved reference page.
The project can buy AWS Reserved Instances only if the following conditions are met:
• The project’s infrastructure cost is billed to the external client.
• The reservation period is not larger than 1 year.
• The Reserved Instances are 100% prepaid.
• The latest generation of the instance type family is used.
In case the specified Reserved Instances pre-payment rules are violated, the project can get additional
billing items during the whole reservation period. These items can include the costs related to the
Reserved Instances and 15% processing fee.
In case Reserved Instance monthly utilization is too low to ensure the planned savings, the Cloud
support team is eligible to share the benefits of the underused Reserved instances across EPAM AWS
Organization tree. All the costs related to the underutilized Reserved Instance will still be assigned to
the project that owns the Reserved Instance.
EPAM Cloud Orchestrator 2.5.154 - What’s New
EPAM SYSTEMS 16
In case a project is closed before the reservation of its Reserved Instance is over, all the unpaid monthly
Reserved Instance costs are summed and added to project bill before the closure.
5 REPORTING UPDATES
Reporting is a very important part of EPAM Orchestrator, as it allows you to be proactively informed on the
most important events in the infrastructure and billing updates.
A special place in the reporting system is taken by reports related to billing. Any information related to
project costs is vital, as it influences project budget planning, and allows project manages to keep abreast
of project expenses, having a clear understanding of whether the project plays well into the project scope
and making strategic decisions based on this information.
With this release, we start to send billing-related notifications from the new email address:
[email protected] instead of [email protected].
In this way we ensure that such important notifications will be transparently tracked and easily found in your
email system. Due to this improvement you can set up alerts and filtering to effectively detect the important
system notifications in order to easily highlight them among other letters sent by EPAM Orchestrator.
The following notifications are included in this mailout:
Report name Description
Quota Alert notifies when the project quota exceeds.
Quota Update notifies about the project quota update.
Daily Threshold Exceeded
Alert
notifies when daily expenses in any region exceed the limit of 300
USD.
Report for project contains the finalized Cloud chargeback for user’s project.
Reports for account projects
– (Summary Report for
Account Managers)
sent at the end of each billing month and contains the finalized Cloud
chargeback for all projects in the user’s account.
Summary report contains the information on billing costs and resource usage within a
month.
Project Sponsor Summary provides the billing statistics for billable and non-billable projects at
which the recipients are assigned as Project Sponsor.
Unit Report
(Business Unit Report for
Head of Global Operations)
shows the most expensive (by infrastructure cost) projects in user’s
portfolio within a month.
Monthly Analytic
Optimization report
sent at the end of each billing month and provides analytics as well
as recommendations for project costs optimization.
Please be kindly reminded that in one of our previous releases we introduced the Email Delegation feature.
With the help of delegation functionality you can select your trusted contacts who should receive an
important project-related notifications on their email addresses.
EPAM Cloud Orchestrator 2.5.154 - What’s New
EPAM SYSTEMS 17
6 MAESTRO CLI CHANGES
The changes in EPAM Cloud functionality are traditionally reflected in updates in Maestro CLI.
The following commands were updated in the new release:
• or2-security-check (or2sc) command can now be used to initiate Qualys security scan. To select
between Nessus or Qualys security scanners, use respective --nessus or --qualys flags.
• or2-run-instances (or2run) command now allows to run AWS Spot Instances without specifying
the –max-price parameter. If the parameter is not specified, the on-demand instance price is used
as the default value.
You can find the detailed information on Maestro CLI usage and commands references in Maestro CLI
User Guide.
Please also note that starting with this release Maestro CLI can be launched with Git Bash shell (MinGW).
EPAM Cloud Orchestrator 2.5.154 - What’s New
EPAM SYSTEMS 18
7 DOCUMENTATION AND KNOWLEDGE SHARING
The current production update is accompanied by a wide range of documentation and knowledge base
updates.
This includes two large webinars delivered by AWS team within the enterprise support scope, as well as
reviewed Hybrid Cloud guide and other documentation improvements
7.1 AWS WEBINARS BY AWS TEAM
Back in May, EPAM Cloud Consulting team has widely assisted in organizing
a series of two face-to-face lectures in cooperation with Amazon Team in
Minsk. The lectures were delivered in Russian by our special guest, Roman
Boiko, a Solution Architect from the AWS team.
These lectures sparked interest among Product Owners, Project Managers,
Engineers, Developers, DevOps as they deepen knowledge in containers and serverless architecture for
deploying microservices as well as DevOps best practices in AWS.
We are glad to announce that in August Roman Boiko will deliver two lectures in English and EPAMers all
over the world can join the event.
You could register and join the events:
• Containers against Serverless. What is better, and when?
Microservices are a great way to segment your application into well-defined, self-contained units
of functionality. In this talk, we will discuss two common architectures for deploying microservices:
containers and serverless. We will compare the architectures and share best practices on how to
choose the approach that best suits you.
When: August 15, 2019, 14:00-15:30 UTC
Details
• DevOps AWS Approaches. How we use them to develop our services
Learn how Amazon enables its developers to rapidly release and iterate software while maintaining
industry-leading standards on security, reliability, and performance. In this talk, we will discuss the
culture of two-pizza teams and how to maintain a DevOps culture in a large enterprise
When: August 22, 2019, 14:00-15:30 UTC
Details
Once these lectures are conducted, we will make a record of the trainings. They will be available on EPAM
Cloud video portal, so you can study the lectures at your pace.
EPAM Cloud Orchestrator 2.5.154 - What’s New
EPAM SYSTEMS 19
7.2 HYBRID CLOUD DOCUMENT REVIEWED AND REBUILT
Hybridization in EPAM Cloud is constantly developing. With each release, we introduce new features
deepening the integration with supported public cloud providers. We tend to make integration with public
cloud providers as unified as possible and carry out unification of tools used by EPAM Cloud users.
All updates and new features are naturally reflected in our documentation. Having faced with so many
updates, we came to the conclusion that existing Hybrid Cloud Guide had to be reviewed, restructured and
updated according to the latest changes.
The new version is focused on the unified way of managing virtual infrastructures in a hybrid environment.
Still, as we work with different cloud providers, we highlighted the specifics of integration with each of them,
if this or that point differs from the standard approaches.
The main changes introduced to the new version of the Hybrid Cloud Guide are:
• A general public cloud usage roadmap replaced provider-specific roadmaps that we used before.
• Cloud coverage and aliases descriptions were reviewed and improved.
• Cloud infrastructure management process instructions were focused on using Cloud UI (with hints
on Maestro CLI usage where applicable).
• The instructions and access rules for using native tools of public cloud providers were reviewed
and updated.
• The security section was reviewed, unified and brought into accordance with the latest changes in
EPAM Cloud Security Policy.
This is the first release of the updated Hybrid Cloud Guide. We will continue reviewing and updating it t
according to upcoming changes. Meanwhile, if you have any comments or suggestions related to the
document, please feel free to address them to EPAM Cloud Consulting team.
7.3 OTHER DOCUMENTATION UPDATES
All changes and updates to the EPAM Orchestrator functionality are reflected in the documentation and
other EPAM Cloud resources. With the release of EPAM Orchestrator 2.5.154, the following documentation
updates were made:
• EPAM Cloud Security Policy was reviewed and updated to meet the latest improvements in
EPAM Cloud and corporate security approaches.
• EPAM Cloud Orchestrator: Hybrid Cloud Guide was reviewed and restructured to reflect latest
advances in unification and Cloud UI tools improvements.
• EPAM Cloud Orchestrator: Quick Reference Card was updated upon changes in the Maestro CLI
• EPAM Cloud Orchestrator: Maestro CLI User Guide was updated upon changes in the Maestro
CLI
• EPAM Cloud Orchestrator: Account Management Guide – information about reporting and raw
billing data compilation from AWS and Google added.
EPAM Cloud Orchestrator 2.5.154 - What’s New
EPAM SYSTEMS 20
TABLE OF FIGURES
Figure 1 - Shared responsibility map ............................................................................................................ 6
Figure 2 - Security scan by Qualys ............................................................................................................... 7
Figure 3 - Cloud website ............................................................................................................................... 8
Figure 4 - Cloud UI ........................................................................................................................................ 9
Figure 5 - Cloud API ...................................................................................................................................... 9
Figure 6 - Comparing used and activated regions ...................................................................................... 10
Figure 7 - Top 10 AWS Accounts on QuickSight ........................................................................................ 12
Figure 8 - Requesting BigQuery data .......................................................................................................... 13
Figure 9 - AWS instance specifics by purchase option ............................................................................... 14
Figure 10 - Running On-Demand instances ................................................................................................ 14
Figure 11 - Running Spot instances ............................................................................................................ 15
EPAM Cloud Orchestrator 2.5.154 - What’s New
EPAM SYSTEMS 21
VERSION HISTORY
Version Date Summary
1.0 August 17, 2019 First published