Frequently Asked Questions
Suggested: Remediation, Onboarding, Well-Architected, Cost Management, Compliance, ITSM, Platform Specific
Remediation
The well architecture review based on the five pillars of AWS best practices including Operational Excellence, Security, Reliability, Performance Efficiency, and Cost Optimizations which provides a regular mechanism for reviewing your infrastructure. The term ‘Remediation’ helps you to correct those vulternabilities present in all the pillars as well as compliances aligned with the best practices.
We have remediation steps for almost every vulnerabilities of AWS, Azure, and GCP. There are two types of remediation:
- Manual Remedaition (CLI and Console steps)
- One-Click Remediation Automated ( Need Access and privileges)
CloudEnsure audits the cloud account and the failed issues are then displayed to the user, for remediating those issues.
One method is to manually remediate it by clicking on a particular issue and following the CLI or Console level steps in your cloud portfolio to remediate the issue.
One-click remediation is basically automated remediation process in which user doesn’t need to perform any CLI or console steps, only with the click of :Fix Now” button the issue will be remediated. The steps will be performed at the backend. But for now its available only for few of the checks and elevated rights are required to enable this.
Onboarding
Yes, definitely you can create a custom rule and add them to Amazon Web Services (AWS) Config.
We would require AWS account ID and Role-ARN for CloudEnsure AWS Onboarding.
We would require GCP Account name for CloudEnsure GCP Onboarding. A Billing bucket from the user.
We would require Reference Azure Account Name, Domain Name, Tenant Id, Application Id, Secret Key for CloudEnsure Azure Onboarding.
For free trials any two cloud can be addded and for premium plans ‘n’ cloud can be added.
Well-Architected
CloudEnsure covers 60+ most used services from all cloud providers ensuring that SaaS, PaaS, IaaS all types of services are included in the audit. The checks for services are added every month.
Depends on the account, it may take upto 3-4 hours
There is no such limitation on how many well-architected reviews (WAR) you can take. However, we recommend everyone to re-visit once after three-six month of time duration.
A WAR helps you to realize to take the best decision while building systems on Amazon web services (AWS).
• Better insights on how to apply AWS design principles in an effective way to improve the overall AWS workload over the time.
• Ability to identify to mitigate the risk one step ahead understanding you enhances your current infrastructure.
• Uncover the new services that assist you build and deploy AWS workloads and respond faster to possibility to develop.
Every time you perform a well architecture review, you have more chances to make your infrastructure better using cloud services.
There is lot of information available on the well-architecture framework. You can easily find white papers, videos, images, info-graphics and case-studies present over AWS website. If you have any specific query regarding Cloudensure well architecture audit process, you can directly connect with us over a phone call or drop us an email.
No. CloudEnsure’s SaaS models – Essentials & Premium, use only the read-only access of your cloud account.
CloudEnsure covers 1000+ checks as part of the well-architected audit. The checks are added every month
CloudEnsure covers 60+ most used services from all cloud providers ensuring that SaaS, PaaS, IaaS all types of services are included in the audit. The checks for services are added every month
To book a review with Cloudensure, you just need to fill up the contact us form, our team will reach out to you. Or else you can just drop an email at sales@cloudensure.io.
Cloudensure will provide template IAM user credentials to allow us securely without sharing your AWS security credential to review your AWS workloads.
No. CloudEnsure’s SaaS models – Essentials & Premium, use only the read-only access of your cloud account. So there is no additional cost to you. However, if you opt for the hosted model where you get the real-time monitoring, prediction and decision making engines, you can expect marginal hosting charges metered by the application.
Cost Management
CloudEnsure provides long term as well as immediate cost recommendations spanning from right sizing, suggesting reserved instances to releasing unused resources. The recomendations are constantly enhanced to keep up with the industry standards
It provides insights around the cost for a particular account with various trends and visualisations to get better clarity on the account.
Based on the date filter you can look back for 3 months data.
CloudEnsure provides Recommendations on a daily basis.
Yes, CloudEnsure provides cost recommendations which includes Recommendations on RI, Savings, Rightsizing, Unused Resources
No. They are different and are an alternative to Reserved Instances. There are advantages and disadvantages, which could affect your decision of choosing the best option for your business.
AWS and AWS Marketplace will continue to make Reserved Instances available. The new Savings Plans do not offer support to Redshift, RDS instances, ElastiCache. So businesses will still have to purchase Reserved Instances for saving money on these services.
Compute Savings Plans and EC2 Instance Savings Plans are the two types of Plans. They are quite similar to Convertible RIs and Standard. They are available in no upfront, all upfront and partial upfront terms for a period of 1 or 3 years.
You can purchase both types of AWS Savings Plans. This is just like how you purchase Convertible and Standard Reserved Instances. The financial benefits of the new discount program will get maximized due to Splitting Savings Plans.
No. Your usage will be billed depending on the Reservation rate, Savings Plan rate, and On-Demand rate. AWS will identify the potential discount programs that usage qualifies for. The application will be in the order of Standard Reservation, Convertible Reservation, and Savings Plan.
Unlike Reserved Instances, there are no scope attribute that exist for Savings Plans. But you can apply the discounts of Savings Plan to On Demand Capacity Reservation (ODCR) deployments. The ODCR will thus become much cheaper.
$0.001 per hour is the minimum financial commitment needed for any of the Savings Plan. Depending on the commitment you make, you can spend accordingly per hour, per day, and peryear.
CloudEnsure integrates with the AWS APIs to pull metadata from your cloud account w.r.t security, cost, operations, etc. CloudEnsure doesn’t track your application data or passwords.
Once the account is onboarded, It will take 24hrs to get updated.
We only fetch meta data information for the cloud providers.
(On boarding document)
AWS – Cost Explorer, For Azure – Rate card, usage API, GCP – Billing file
It will get updated every 24hrs (once in day).
It will get updated every 24hrs (once in day).
Compliance
Compliance with regulations like HIPAA, FedRAMP, and PCI require collaborative efforts between your CSP, your cloud governance software, and your organization. We have identified compliance vulnerabities and mapped it back to cloud services and checks in order to be more compliant with respect to your cloud infrastructure.
We offer a complete compliance solution that includes a range of tools. Our cloud rules help you set boundaries that are organizationally defined and proactive. The supported compliances are as follows-
HIPAA, CIS, PCI-DSS, APRA, NIST, GDPR, GxP, WAF, Azure Security Benchmark, DoD, CCM, IRS1075 also we are actively adding more compliances.
Compliance score is a metric for calculating your organization’s current posture with a selected filters of rules and benchmarking them to the compliance frameworks you are being scored against.
Compliance score can be calculated as following below –
Compliance Score = Total no. of passed checks/Total no. of checks * 100
Yes, we can configure the compliances by selecting or deselecting compliance standards from the setting icon.
We have categories the compliances issuesbased on severity – Catastrophic, Critical, Moderate and Low.
You can login to CloudEnsure, and see all the vulnerabilities for your choice of compliance segeregated by severity or you can download the full report in pdf or excel format.
Yes and No. CloudEnsure’s compliance check module runs audits for several industry compliances like PCI-DSS, GDPR, HIPAA, CIS, ISO 27001, MAS, etc. But these industry-standard audits have several functional requirements too which are not tracked by CloudEnsure. Hence we would advise customers to use CloudEnsure as a confirming tool on your cloud compliance which normally covers 99% of your compliance needs.
ITSM
Our solutions can be configured to authenticate with the help of Integrated Database Management System (IDMS). All you need to do is add an identity provider to the system. It could include SAML IDMS, LDAP, or an internal IDMS.
As of now we have our platform integrate with third-party tools like ServiceNow, Fresh Service, PagerDuty, ZenDesk & JIRA. Very soon we will have our integration-ready with CASD, slack to name a few
Platform-Specific
CloudEnsure is an intelligent cloud management assistant that runs audits of your cloud setup and analyses the same against the 5 pillars of AWS Well-architected Framework. It also conducts compliance checks for various industry standards including PCI-DSS,GDPR, HIPAA, CIS, etc.
CloudEnsure is a carefully built product from the stable of Powerupcloud – a Premier Consulting Partner with AWS and a Gold Partner with Microsoft Azure operating in 4 countries, with customers across 12 nations and over 200 certified cloud engineers and architects. With all the rich experience from running 1000s of well-architected reviews (WARs) for Powerup customers’ accounts, the think tank at Powerup has congregated to automate the otherwise manual audit process and build a tool from it to provide continuous cloud compliance set-up to their customers.
– CloudEnsure facilitates the following on your cloud setup:
Continuously tracks changes in your cloud account, identifies the vulnerabilities and recommends fixes under the 5 pillars of AWS Well-Architected Review.
Continuously monitors your cloud account for industry-leading compliances including GDPR, PCI-DSS, HIPAA, CIS, MAS, to name some.
Tracks your cost on AWS and monitors the utilization metrics. Based on the data collected, CloudEnsure recommends the potential savings on your overall cloud spend under different categories including reserved instances, cleaning unused resources, sizing down the servers, etc.
Real-time monitoring of your on-cloud servers, databases and storage across various vital infrastructure metrics like CPU, Memory, Storage, Disk IOPS, Network I/O, etc.
Foretell failures before time, through past trend analysis and extrapolate data to determine future failures, if any. CloudEnsure’s failure prediction is powered by advanced regression machine learning algorithms.
The crown jewel of all, CloudEnsure’s neural network powered decision-making AI engine will interpret the alerts in real-time and autonomously decide upon executing a known run-book or escalate to a support engineer.
CloudEnsure has 2 plans – Premium & Enterprise. Essentials and Premium are SaaS versions while Enterprise is a hosted version.
CloudEnsure is available for purchase in 3 models –purchase using your credit card, through AWS Marketplace or via direct billing with CloudEnsure partners.
CloudEnsure’s SaaS application is SSL certified and the sensitive data is encrypted in-travel and at-rest. CloudEnsure runs on AWS, which follows AES 256-bit encryption. In addition to this, CloudEnsure servers are protected by TrendMicro’s Deep Security agent, which handles anti-virus, anti-malware, IDS & IPS protection.
No. CloudEnsure tool is built in a linear model so that there is full transparency between customers, partners and us. Only the user with the customer’s admin details can view data as we have implemented the Key Management System for all users. Anyone at CloudEnsure trying to access the data will see only the hashed values as they don’t have access to the key.
AWS Trusted Advisor covers only 54 rules and doesn’t provide implementable recommendations like CloudEnsure does. CloudEnsure covers over 500 rules across Well Architected Review (WAR) and Compliance Checks with its intelligent assistant providing accurate and easy-to-implement fixes. With CloudEnsure, you can flag vulnerabilities and assign them to your engineers for fixing.
CloudEnsure covers more than 500 checks across Well-Architected Review (WAR) and Compliance Checks with its intelligent assistant providing accurate and easy-to-implement fixes. With a few more compliance standards coming up, we are estimating the number of checks to cross 750 in a few months.
Yes. CloudEnsure’s pricing is not an AWS account based. It is based on your AWS billing. You can run several accounts, but our pricing is uniform. CloudEnsure’s plan and cost details can be found on the pricing page.
CloudEnsure has different frequencies for different audits. The Well-Architected Review (WAR) audits happen every 60 minutes (this can be tuned to every 4 hours) and the data is captured while the compliance checks and cost analytics audits are run every 24 hours.
We are currently building the Azure integration and we will soon launch the GCP integration too. Both of these are slated to hit GA (global availability) by mid-2019.
A cloud management platform with an integrated platform allows managing of different cloud infrastructure in public, private and hybrid cloud environment. Your organization can use cloud management platform to optimize its assets and services consumption to keep the cost down. CMP provides incomparable efficiency and maneuver use for a variety of organization stakeholders, including operational, R&D, analytics & reporting teams and key business decision makers.
For the SaaS edition of CloudEnsure, it takes 30 minutes to onboard an account and use the platform. For the Premium edition, it takes 2 working days for the hosting.
We already have 600 AWS checks, 350+ Azure checks implemented in our platform.
Its a SaaS platform and a web application so, there is no specific system requirements as such.
The latest versions of the following browsers are supported by the CloudEnsure User Console:
Windows – Google Chrome, Mozilla Firefox, and Microsoft Edge.
Linux – Google Chrome, Mozilla Firefox
Mac OS – Safari and Google Chrome
No, we make use of the read access, and there is no other access that is specifically required.
Need not to worry; you can talk to our support team for any queries and get your answer quickly.
AWS, AZURE, GCP
A well architected review based on the 5 pillars, and therefore it became important to all the business entities should be involved in the workload can join the review meeting.
Mentioned below roles may be involved in the process;
• IT Infrastructure Engineer
• DevOps Engineer
• Developers
• DBA’s
• Support Team
• Security Engineer
CloudEnsure is a SaaS platform and we make use of the website to use the platform. Further down the line, we can integrate various cloud accounts of different providers with the help of onboarding documents.
No. CloudEnsure’s SaaS models – Essentials & Premium, use only the read-only access of your cloud account.
We offer support to Amazon Web Services (AWS) and Azure. It also includes AWS air-gapped partitions, AWS GovCloud, and Azure Government.
CloudEnsure is a SaaS platform and we make use of the website to use the platform. Further down the line, we can integrate various cloud accounts of different providers with the help of onboarding documents.
To book a review with Cloudensure, you just need to fill up the contact us form, our team will reach out to you. Or else you can just drop an email at sales@cloudensure.io.
Cloudensure will provide template IAM user credentials to allow us securely without sharing your AWS security credential to review your AWS workloads.