Before we dive in to CoreStack Assessments, it might help to understand some of the key components that comprise them. Namely: workloads, assessments, and frameworks.
A workload encapsulates either a business application or a system.
A workload can also be defined more easily as a logical set of cloud resources. A workload stores information required to identify your cloud resources but not the actual list of resources themselves.
When you run a Workload Assessment, you can run it against various workloads that are comprised of cloud resources included in your cloud accounts. These resources can then be analyzed for compliance with whichever standards, framework, or best practices that are relevant.
A framework provides the means to evaluate/assess your cloud workloads/accounts against laid out design principles, best practices, and standard procedures. Each major cloud provider has defined their specific Well-Architected Framework, which helps its customers evaluate their cloud resources and ensure they conform to industry-defined best practices. Both industry standard and custom frameworks are supported by CoreStack.
Each assessment framework consists of a series of questions along with their specific best practices. These questions are grouped under specific pillars, and the hierarchy is:
- Best practices
In theory, the assessment/evaluation is done through manual means where each best practice is evaluated for its applicability and marked as being adhered to or not based on evidences/evaluations. CoreStack has a collection of policies developed to help evaluate some of these best practices, and some of these are mapped against best practices.
Such best practices which have policies mapped can be assessed automatically through policy execution, and hence are considered "Automated" in nature. Other best practices with no policy mapping are "Manual" in nature.
An assessment is the encapsulation of the actual assessment process that evaluates a workload against a particular cloud provider's Well-Architected Framework.
Assessments, once run, show you the progress of the assessment starting with initiation and going on to approval and eventually completion -- along with milestones. Assessments also include an iterative process where users answer questions and best practices for each of their relevant workloads; as well as provide attachments and comments as needed.
Count of resolved best practices / Count of applicable best practices
(Count of resolved best practices + Count of best practices that are not applicable) / Total best practices
When an assessment is triggered, it can be in any of the states described below:
|In progress||After the assessment has started and till it is either completed or abandoned.|
|Completed||Post completion of approval of the assessment.||The assessment owner can approve the assessment run at any state by marking best practice as Verified and adding mandatory comments.|
|Abandoned||Assessment run is abandoned. It could be for multiple reasons, such as, retirement or inactivation of workload or framework.||Can be marked as Abandoned from any state.|
Various status of best practices are explained in the table below:
|Open||For Manual assessments, the status is Open till the reviewer marks it as Verified. By default, all best parctices (both Manual and Automated) are in Open status.|
|Verified||A user's action which indicates that best practice is followed.|
- If the best practices are Manual in nature, then the reviewer can review them and mark as Verified.
- If best practices are Automatic in nature, but shows policy violation when the assessment is run, then the reviewer has the option to mark them as Verified with Exception with mandatory comments.
- If there are no policy violation found during Automatioc scan, then the best practices are automatically set to Verified status.
|Not Applicable||A reviewer can mark a best practice as Not Applicable.|
The status of a question depends on the status of best practices. Refer to the table that shows the status of question.
|Open||If any of the best practice for a question is in Open status, then the overall status of the question is Open.|
|Verified||A question is marked as Verified if at least one best practice is in Verified status and rest of the best practices are either Verified or Not applicable.|
|Not Applicable||Question having Not Applicable status are not considered within the assessment. A question becomes Not Applicable when all the best practices under that question are not applicable.|
Updated 27 days ago