Perspective Building Best Practice Information
search cancel

Perspective Building Best Practice Information

book

Article ID: 284289

calendar_today

Updated On:

Products

CloudHealth

Issue/Introduction

What Are Perspectives?

  • CloudHealth Perspectives are “lenses” through which you want to view your infrastructure
    • Example: Perspective is Environment: Groups are development, staging, testing, production
    • Common Perspectives: Product, Team, Owner, Environment, Business Unit, Cost Center
  • Perspectives work across all supported Clouds in the CloudHealth platform (assuming they are set up to include all of the clouds)
  • You can categorize reports by Perspectives in CloudHealth organizations, but the reports will only include the assets in that organization.  You can only edit Perspectives in the Global Organization.

Why Do You Need to Create Perspectives?

  • Perspectives help organize your infrastructure and flow throughout the platform. They are most commonly used in InterActive Reports, but can also be used in Asset Reports and Filtering, Policies, Recommendations, and Cost Reallocation

What Are Assets?

  • An asset is any resource that you provision in the cloud.  Assets include both infrastructure (e.g., EC2 Instances, EBS Volumes, and S3 buckets) and features or frameworks supporting this infrastructure (e.g., IAM users, IAM Policy, and CloudFormation templates).  Effectively, anything that you can provision in the cloud can be considered an asset.
  • Assets can be categorized by type and activity
  • Type
    • Financial: Assets that have associated cost. Your cloud provider charges you for using these assets, for example EC2 Instances or EBS Volumes
    • Nonfinancial: Assets that have no associated cost. For example, Security Groups and CloudFormation templates.
  • Activity
    • Active: Assets that are currently in use within your infrastructure and are available through your cloud provider’s console.
    • Historical: Assets that are no longer in use in your infrastructure but have been archived by CloudHealth for historical reporting.

How to Tag Assets before Building Perspectives

  • Your company likely tags assets directly with the Cloud Provider (in the AWS Console, Azure Portal or GCP Portal for instance).  For assets that are not taggable by these cloud providers, you may choose CloudHealth custom tags. This is done through the Perspective UI.
    • Please refer to “Tag Assets in CloudHealth Platform .” It is important to note that these tags can be used to build Perspectives, but they do not transfer back to the Cloud Provider.

How to Gather Assets in Perspectives and Groups

  • CloudHealth builds Perspectives based on classification rules that partition your assets into groups.  These rules can be based on any asset data in your environment, such as Amazon tags, Chef Environment, or Names.
  • You can allocate assets to only one group within a Perspective.  Therefore, assets within each group are mutually exclusive.  However, an asset that is already allocated to a group in the Environment Perspective can be allocated to a different group in the Team Perspective.

Resolution

How to Build a Perspective

  • There are 3 ways to categorize your Assets in CloudHealth
  • As a best practice, start with the Categorize approach first, and then use Search.  Avoid Simple Search if possible, because it returns a large number of false positives
    • Search
      • Use when you know the specific asset attribute you want to find and what value that attribute should have
      • Example: Owner tag = Vikram
      • You can combine multiple filters to target a specific set of assets using AND or OR logic
      • One group is created per search query
    • Categorize
      • The most commonly used function to gather assets by tag.  The categorize approach is for when you know which asset attribute you want to find, but are unaware of all of the possible values
      • Example: When you want to have all current values of a cost center tag for chargebacks and want new cost centers to be added automatically
      • Multiple groups are created per search query
      • When you categorize by tag you will see a % and a number of categories.  The % tells you what percentage of your infrastructure is categorized with that tag.  The categories are the different values of that tag or the number of groups there will be. (As a best practice if you see a number of categories above 400, you will proactively need to either work with the customer on categorizing their assets another way or ask support to increase the group limit)
    • Simple Search
      • This approach returns assets that contain the term that you use for searching.The term can be part of the asset name, attribute name, or attribute value.  Because this approach can potentially return a large number of false positives, further refinement of the results is necessary.
  • You can also create Placeholder Groups which are blank groups you manually create to reallocate indirect or direct costs to, using Reallocation Rules
  • Add Assets to Groups:
    • Create Groups from Results
      • Create groups one at a time from a set of query results
    • Add Results to Existing Group
      • When you add assets to an existing Group, the classification rule used to collect those assets is also added to the Group to enable ongoing management
    • Create Multiple Groups (Categorize Only)
      • By clicking “Add All,” this option allows you to create multiple static groups at the same time. When a new asset is discovered that meets one of the existing rules, it will be automatically added to the appropriate group.
      • Ex: You categorize by Owner tag and add all so that you have a different group for each owner. When Vikram spins up a new resource and tags it with his name, the Perspective will automatically update and include his new resource in the group labeled Vikram. However if a new employee named Alyssa joins and she tags her resources “Owner:Alyssa,” the Perspective will not create a new group for her since a group named Alyssa does not already exist.
    • Create Dynamic Groups (Categorize Only)
      • By clicking “Add All As a Dynamic Rule,” a bunch of groups that fall under the same ruleset are created.  In the previous example, if new employees join and tag their resources appropriately, new groups will automatically be created for the employees.
    • Things to keep in mind with Dynamic Groups
      • Since tag values are case sensitive, Perspective groups are as well.  For instance, if people tag their infrastructure with “Prod” “prod” and “Production”, these will create 3 separate groups even if they all refer to the same environment.
      • You can merge and split dynamic groups. As an example, if you used the categorization and the groups “Production” and “prod” were created but represent the same thing, you can merge them in the UI.  If you later wanted to unmerge them into separate groups, you can do that too. But these merging and unmerging features only work with dynamic groups.
      • If you select one of the groups in the Dynamic Block and then at the top click “Delete All” this will Delete ALL Groups, not just the one you wish to delete. To delete individual groups you need to use the trash can icon.
      • When you try to delete an empty group in a dynamic rule with the trash can icon or the broom icon, this group will only delete if there is one rule in the Perspective group.  If there are multiple rules you can click the trash can all you want, but nothing will happen. (This is a common support ticket).
  • Categorizing Assets
    • When using the Categorize option in Perspectives, CloudHealth has two categories that group assets together.  The first is “Asset” and the second is “Amazon Taggable Asset.” If you are using these two categories, it is important that you first use the Asset group and then the Amazon Taggable Asset Group.
    • With the “Asset” gather tree, not only will taggable assets like EC2 Instances be pulled in and recognized into the Perspective groups, but also associated and potentially untagged infrastructure like EBS Volumes. (Note: unattached but tagged volumes will not be included, this is also a common customer question)
    • Since the “Asset” gather tree asset type is maintained by CloudHealth, there is a chance that it may not include all taggable assets available (generally newly released assets may not show up) so it is a best practice to run the process again using “Amazon Taggable Asset” (which does not include associated untagged assets like untagged EBS volumes attached to a tagged EC2 instance)
    • To check which services are included in the “Asset” group, look at which services are included in the parenthesis in the UI.

Manage Perspective Groups

  • It is best practice to always delete empty groups because CloudHealth has a soft limit of 400 groups/Perspective and 6 Perspectives that are shown in Interactive Reports. You will see a warning in the Help Center to reach out to Support when they hit 400 groups, but note this message only appears on this page.  If they have a dynamic rule and hit their limit, additional assets meeting this Dynamic Rule will be moved in Assets Not Allocated.
  • One nuance is that Perspectives that are created but left unchecked will still show up in tabular reports (non-graphical reports).  This can be a good workaround for the 24 Perspective limit, if you want to see a list of resources or use the Perspective in policies but do not care about categorizing by this Perspective in the InterActive reports

Update Perspectives

  • Asset Lifecycle
    • If you have included the right privileges to access accounts, then CloudHealth will use the API and update the asset listing every 15 minutes.
    • In cases where scanning is not enabled in the account access policy, or account credentials are not available, EC2 instances are discovered by scanning usage information. This occurs daily.
    • Assets that have been terminated will be expired from CloudHealth 12 months after they have been removed from your cloud infrastructure.
  • Perspective Refreshes
    • Your configured Perspectives are kept up-to-date with new assets as they are added to the platform. It may take up to 3 hours for the newly discovered assets to be included in your Perspectives. You should note that during this time your asset filtering would be affected. This means that recent assets may not be included when a group filter is applied.
      • However, InterActive reports should not be affected by this process because the analysis presented in these reports reflect the 12-24 hour lag in the corresponding data sources.
    • When you make changes to a Perspective, it can take up to a few hours for those changes to be reflected in InterActive reports.  When the Perspective is updating you will see a little red clock icon next to the Perspective name instead of the regular green checkmark.  This will be replaced with the green checkmark when the Perspective is done updating and the changes are included in the reports.
  • Deleting Perspectives
    • It is a best practice to delete old/unused perspectives to avoid confusion and to help with processing speed.  To delete a perspective, first click “Move to Archive” A warning box will pop up that shows dependencies for this Perspective.  That means any saved reports/subscriptions/policies that depend on that Perspective and will no longer work if it is deleted.
    • If you determine it is safe to move the perspective to archive, click “Move to Archive.” The nice thing is this is a soft delete so at any time you can go to your Archive and restore that perspective.
    • If you want to permanently delete a perspective click “Archived Perspectives” and either delete that one perspective or click “Empty Archive” to delete all perspectives that are in the archive. Once you delete a perspective from the Archive, it cannot be restored.

AWS Service Support in CloudHealth

  • Direct Costs
    • Line items for these costs in the AWS Detailed Billing Report or Cost and Usage Report must contain a resource ID in order for them to be mapped to a specific asset. CloudHealth can attribute these costs to a specific asset and can therefore directly allocate them to a Perspective Group.
  • Indirect Costs
    • Line items for these costs in the AWS Detailed Billing Report or Cost and Usage Report may or may not contain a resource ID. If CloudHealth does not provide basic cost allocation and asset reporting for this asset and the line item does not contain tags matching those used in any Perspective Group, then the CloudHealth platform cannot directly attribute these costs to a Perspective Group. However, you can indirectly attribute these costs to a specific Perspective Group using Cost Reallocation Rules.

Common Questions:

Q: What happens when the tag value of an asset does not match those of its related assets?
A: The allocation of an asset and its related assets to Perspectives and Groups can change depending on how each of them is tagged.

Here’s an example: Consider that you have an EC2 Instance (let’s call it Instance1) that is tagged as Env = Prod. You also have an EBS Volume (let’s call it Volume1) tagged as Env = Dev that is attached to Instance1. CloudHealth groups these assets in one of two ways, depending on the Asset Type you select when building a Perspective.

Asset Type is Asset: Instance1 is allocated to the Prod group and Volume1 is also allocated to the Prod group, because it is related to Instance1.

Asset Type is Any Taggable Asset: Instance1 is allocated to the Prod group and Volume1 is allocated to the Dev group, even though it is related to Instance1.

Q: What are custom tags?
A: For assets that are not tagged in the Cloud Provider but you know which group they belong to, you can create a tag within CloudHealth.  You can do this within the Perspective Editor.  It is important to note that this tag only lives within CloudHealth and will not actually tag the asset in the Cloud Provider.

Also, the custom tag follows the asset.  For instance, even though you add custom tags through the Perspective Editor, that tag is assigned to the asset the same way a regular tag is.  If you were to delete the first Perspective where you originally created the custom tag and create a new Perspective, you will still be able to search or categorize based on that custom tag.

Q: Does it matter when you are building a Perspective which order you categorize your infrastructure?
A: Yes! If you have a group with more than one rule, the first rule you created is the first one that will be evaluated.  For instance if you wish to categorize your assets by product tag with the exception of one account, you will first have to categorize by account to isolate that account group and then categorize all remaining assets by product.

Q: What happens to my Perspective if I delete instances that are still tagged?
A: These instances will remain in the same Perspective group and in reports will show the cost that they had historically, but will just show no cost going forward

Q: What happens to my Perspective if I delete a tag on my instances?
A: Changing tags in Perspectives rewrites the past 13 months of data in the platform. If Group A historically had costs but you decide to remove the tag A from all assets in that group, then after you make that change Group A will be an empty group and all of those costs (historically and future) will go into Assets Not Allocated. You will have to manually delete the group if you so choose and find another way to allocate those assets.

Q: What happens to my Perspective if I change the tag on my instances?
A: Again, changing tags in Perspectives rewrites the past 13 months of data in the platform. If Group A historically had costs but you decide to replace the tag A with tag B, then both historically and going forward Group A will be empty because all of those assets are now tagged with tag B. (caveat: if your Perspective is built with Dynamic Groups then this Group B will be automatically added to your Perspective. If you used static groups then you will have to manually add Group B)

Perspectives Best Practices

  1. Create a Multi-Cloud Perspective that is a Catch All - doesn’t have any assets not allocated
  2. Add Date, Who Created, and Purpose when building a Perspective to the Description
  3. Merge groups and clean up empty groups quarterly to avoid hitting limits!
  4. Utilize Tag Management feature to understand which tag keys to use when building Perspective
  5. [internal only] If you need a large perspective to absorb many groups ( > 400), then copy a large existing perspective and empty it: It will then have the higher maximum number of groups of the original perspective
  6. To add above: a section on selecting assets at account / project / subscription level and for Azure specific at RG level
Powered by Wolken Software