CCM onboarding path
This topic describes the different phases and steps involved in onboarding with Harness CCM. Follow these steps to ensure that you have all the settings and resources required for moving forward with your CCM setup.
Overview
This section lists the major onboarding phases and provides links to more details.
Phase 1: Initial setup
| Step | Details | Demo video |
|---|---|---|
| Review usecases | Review use cases and success criteria against what is supported today | |
| Configure SSO | SAML SSO with Harness, Okta, OneLogin, Keycloak, etc | |
| Configure RBAC | Configure access control to restrict access | |
| Setup cost visibility | Create cloud connectors and kubernetes connectors for cost data visibility | Watch Video |
Phase 2: Cost reporting
| Step | Details | Demo video |
|---|---|---|
| Explore cost using perspectives | A perspective can be used to visualize data from multiple cloud providers | |
| Explore cost using dashboards | Explore cost data using powerful BI dashboard | |
| Root cost analysis | Understand detailed breakdown of cloud spend | |
| Cost anomalies | Protect from anomalous spend |
Phase 3: Cost optimization
| Step | Details | Demo video |
|---|---|---|
| Setup cloud connectors | Set up cloud connectors enabling optimization permissions | |
| Recommendations | Explore right sizing recommendations for node pools and other resource types | |
| AutoStopping - Stop resources when they are idle | Create AutoStopping rules to stop resources (VMs, k8s workloads, ECS tasks etc) when they are not in use |
Phase 4: Cost governance
| Step | Details | Demo video |
|---|---|---|
| Setup budgets | Setting up a cloud budget is crucial to control costs, prevent overspending, and maintain financial transparency in cloud operations | |
| Asset governance | Powerful governance based on cloud custodian policies |
Phase 5: Automation
| Step | Details | Demo video |
|---|---|---|
| CCM APIs | Integrate with CCM APIs to extend the usage | |
| Terraform provider | Manage CCM entities using Terraform |
Phase 1: Initial setup
Step 1. Review usecases
CCM supports AWS, GCP, and Azure cloud providers. It offers various features that cater to different cloud resources across these platforms. To confirm that your specific use case is fully supported by CCM, please refer to the What's Supported in Harness CCM section.
Step 2. Configure SSO
Harness supports Single Sign-On (SSO) with SAML, integrating with your SAML SSO provider to enable you to log your users into Harness as part of your SSO infrastructure. The user can choose between a variety of SSO integrations according to their needs.
For more information, go to Authentication.
Step 3. Configure RBAC
CCM provides various set of RBAC permissions to control access to various entities. For more information go to CCM Roles and Permissions.
Step 4. Setup cost visibility
First step in setting up Harness CCM is to create the cloud connector for respective cloud providers. A cloud connector is the configuration details which Harness uses to access the cloud provider APIs. At first, CCM will have the readonly permissions to access the cost data from the cloud providers.
Connector setup varies based on the cloud provider.
- Setup cost visibility for AWS
- Setup cost visibiltiy for Azure
- Setup cost visibiltiy for GCP
- Setup cost visibiltiy for Kubernetes
After the connectors are created, it will take atleast 24hrs for the cost data to be visible in CCM.
Phase 2: Cost reporting
Step 1. Explore cost using perspectives
A perspective can be used to visualize data from multiple cloud providers.
CCM generates default perspectives based on cloud connectors, allowing users to explore cost data for each cloud provider. These default perspectives offer a solid foundation for understanding the concept of perspectives. Additionally, when Kubernetes connectors are available, CCM generates a `Cluster`` perspective. This cluster perspective displays cost data for all clusters such as k8s, ECS, and more.
For more information, go to Create perspectives
Step 2. Explore cost using dashboards
CCM leverages comprehensive BI dashboards, offering powerful capabilities. While both perspectives and dashboards enable exploration of cost data similarly, dashboards leverage a complete Business Intelligence platform for advanced scenarios. CCM utilizes Google's Looker to empower its dashboards, enabling diverse data visualizations and report creation.
Furthermore, dashboards facilitate common use cases such as scheduled report delivery, alerting, and customization of metrics and measures. CCM comes equipped with pre-built, commonly used dashboards for easier initial setup and utilization.
For more information, go to Create Dashboards
Step 3. Performing root cost analysis
In the realm of cloud computing, root cost analysis takes on a crucial role in understanding and optimizing the expenses associated with utilizing cloud services. Cloud computing offers scalability, flexibility, and cost-effectiveness, but without proper management, it can lead to unexpected expenses. Root cost analysis in this context involves dissecting the various components contributing to the overall cloud expenditure, including compute, storage, network usage, data transfer, and additional services like databases or specialized tools.
By conducting root cost analysis in cloud computing, businesses can gain insights into the primary drivers behind their cloud expenses. This involves scrutinizing usage patterns, understanding the costs associated with different types of services or instances, and identifying inefficiencies or unnecessary spending. With this detailed understanding, organizations can implement cost optimization strategies, such as rightsizing instances, utilizing long term commitments like reserved instances or spot instances and leveraging AutoStopping to align resources with actual demand. This approach enables businesses to make informed decisions about resource allocation, effectively manage their cloud budgets, and ensure cost efficiency while leveraging the benefits of cloud technology.
For more information, go to Root cost analysis
Step 4. Cost anomalies
Detecting strange spending patterns in cloud computing is really important. It helps save money by spotting where resources are wasted and stops budgets from being used up unexpectedly. It also helps prevent security problems by catching unusual activities early, like someone getting into an account they shouldn't. Finding these odd spending habits also helps make sure everything runs smoothly, avoids wasting resources, and lets companies follow the rules about data security and money management. Overall, keeping an eye on weird spending in the cloud is key for saving money, staying secure, and running things efficiently.
For more information, go to Cost anomalies
Phase 3: Cost optimization
Utilizing Cloud Cost Management not only offers in-depth insights into cloud expenses but also generates actual cost savings by implementing optimization techniques on cloud resources.
Step 1. Setup cloud connectors
As part of the Cost Reporting setup, cloud connectors for retrieving cost data are already established. These connectors are configured at either the master or billing account level and provide read-only access to the billing data.
To enable optimization features, CCM requires individual cloud connectors with read-write permissions.
For AWS, these connectors must be set up at the level of each individual AWS child account. For more details, refer to the AWS setup guide.
For GCP, you need to create connectors for each GCP project. For more information, refer to the GCP setup guide.
For Azure, connectors should be created for each Azure subscription. For instructions, refer to the Azure setup guide.
If you need to create multiple connectors, this process can be automated using the connector creation APIs. Alternatively, you can use the Harness Terraform provider for this task.
Step 2. Recommendations
CCM can provide three types of recommendations.
- Right sizing recommendations coming from the cloud providers that are linked
- Workload & Nodepool recommendations computed by CCM for the connected kubernetes clusters
- Various other recommendations coming from Asset Governance policies
For more information on recommendations, go to Recommendations
Workflow for recommendations
Recommendations are generated daily, and CCM offers Jira integration to streamline the workflow for implementing these suggestions. Once a Jira account is connected, CCM can automatically generate Jira issues and assign them to the appropriate team member for implementation.
The workflow unfolds as follows:
- A cloud engineer or the designated cost owner reviews the daily recommendations.
- A Jira ticket is created for implementing each recommendation and is assigned to the respective owner within the engineering team.
- The engineering team reviews and works on implementing the recommendations. Once a recommendation is successfully implemented, the Jira status can be updated, marking the recommendation as applied in CCM.
For more information on Jira workflow, go to View and apply recommendations.
Step 3. AutoStopping
Cloud resources utilized for non-production setups, like QA and UAT, often remain idle for extended periods. AutoStopping efficiently addresses this by intelligently stopping these resources when not in use and automatically restarting them when needed. This feature helps minimize idle costs associated with maintaining these environments.
AutoStopping employs a detection mechanism that listens for signals, including network traffic, to identify activity. This ensures a responsive and adaptive approach to resource management.
Furthermore, AutoStopping is versatile and can seamlessly integrate with a variety of workloads like:
- EC2 VMs, ASG
- Kubernetes workloads (Deployments, Statefulset)
- ECS workloads
- RDS databases
- Azure VMs
- GCP VMs
All the supported configurations for AutoStopping is available at the What's supported page.
For more information on AutoStopping, go to AutoStopping.
Sample application
AutoStopping is configured individually for each application. CCM facilitates testing AutoStopping by offering a sample HTTP application that can be installed into the cloud account. This allows users to assess and validate the functionality of AutoStopping in a practical setting.
For more information on AutoStopping sample app, go to Sample app.
Rollout AutoStopping rules for all non-prod accounts
After successfully testing AutoStopping with the sample application in a practical setting, the next step is to implement AutoStopping across all non-production accounts. If a central team manages the cloud resources, they should oversee the deployment of AutoStopping. However, if different teams control various cloud resources, each team should take responsibility for integrating their resources with AutoStopping.
AutoStopping is well-supported by APIs and Terraform, which simplifies the creation of rules at scale. Once AutoStopping is operational, its configuration can be converted into API calls or Terraform scripts. These can then be uniformly applied to other cloud resources.
For more information see API docs / Terraform provider.
Phase 4: Cost governance
Step 1. Setup budgets
Harness CCM Budgets enable you to create custom budgets and receive notifications if your spending exceeds or is projected to exceed these budgets. These budgets are adaptable, constructed from Perspectives, and can encompass data across various cloud providers. You can opt for a dynamic budget that incorporates a growth rate or set your budget based on the previous period's spending. CCM also provides alerts for any budget overruns, assisting you in managing your cloud expenditures effectively.
For more information on budgets, go to Budgets.
Step 2. Asset governance
Asset governance helps you manage your cloud resources by allowing you to filter and tag them, and then apply specific actions. It uses YAML syntax to define rules, facilitating a well-managed, secure, and cost-optimized cloud infrastructure. This process is built on the well-known open-source platform, Cloud Custodian.
Asset governance provides a straightforward approach to optimizing your cloud spending.
Enable Asset governance for cloud connectors
Asset governance is compatible with AWS, Azure, and GCP. To implement it, you must create connectors for each AWS account, Azure subscription, or GCP project, in addition to the master billing connector. You can edit existing connectors to activate asset governance. Additionally, adding the "GOVERNANCE" tag to the connector's YAML configuration (found under Account Settings -> Account Resources -> Connectors) will enable this feature.
connector:
name: connector name
identifier: id
accountIdentifier: harness account id
type: CEAws
spec:
....
featuresEnabled:
- VISIBILITY
- OPTIMIZATION
- GOVERNANCE -> Add this tag
Asset governance recommendations
Once the connector permissions are updated, asset governance generates recommendations. These are produced daily for a select group of resources supported by Cloud Custodian. Once created, these recommendations become available alongside other suggestions. After reviewing a recommendation, you can apply it directly from the asset governance user interface. Additionally, you can set up enforcement to apply the recommendation on a regular basis.
For more information on Asset governance, go to Asset governance.
Phase 5: Automation
The entire CCM feature setup can be automated to seamlessly integrate into an organization's automation processes. This automation includes creating cloud connectors as new cloud accounts are provisioned, automatically establishing asset governance rules to manage cloud accounts, setting up AutoStopping rules for new cloud resources, and other use cases.
CCM supports this level of automation through the use of CCM APIs and a Terraform provider.
Step 1. CCM APIs
The CCM API documentation is accessible at Harness API docs. To utilize the CCM APIs, you can use either a service account or a personal access token. It is advisable for the service account to have CCM admin permissions to enable the execution of all CCM-related actions.
For more information on service accounts and API keys, go to Service accounts.
Step 2. Terraform provider
CCM resources can also be created using Harness Terraform provider. Terraform provider supports creation of connectors and AutoStopping rules.
For a complete list of Harness platform IP addresses that need to be permitted, please refer to the central IP whitelisting list.