Dashboards

CloudOps

The CloudOps dashboard offers increased cloud observability across different clouds. It offers a bird’s eye view of operations and brings to notice important issues which can have an impact on smooth cloud operations.

This dashboard is divided into Four sections: Tenant Based Summary, Information, Insights and Inference. 

Tenant Based Summary 

If there are multiple tenants under an Account Admin, they can view the focused CloudOps dashboard details based on the Tenant selected. 

Information

This section showcases the current state of cloud infrastructure.

Activity Log

Every activity performed in the last 24 hours on the cloud, be it through CoreStack or directly using the AWS or Azure portal is captured for immediate and future reference. For example, provisioning a VM, updating a resource, etc are all marked as activities. This helps monitor the activities performed in cloud. An increase in the activity log number is a cause of concern. This section shows activities for last 24 hours.

Threshold Alerts

Alerts that indicate that a metric is trespassing its preset threshold limit. An alert metric could be  a spike in CPU usage or VM downtime.

Click on an alert for a more detailed view, analysis and methods of resolution.

Click the graph icon to view the utilization trend of a specific metric for which alert is received.

Metric utilization trends can be viewed for a day or over a week or over a month. Also, CoreStack’s machine learning capabilities forecasts the utilization trend for the next 15 days. This helps you to plan and take informed decisions.

The Utilization Trend is split into three sections: Observation, Prediction and Prescribe.

Observation

This section showcases the deviations in the metric. There is a comparison of the average threshold of a given metric versus the recorded deviation. This list shows the top three deviations noted by the system.

Prediction

This section determines the variation that the utilization of the metric will display in the next 24 hours and the next 7 days.

Prescribe

In this section, you can rewrite the threshold condition, based on the usage. Depending on the average trend, the buffer value can be increased by say 20%, thereby changing the threshold limit. To change the threshold limit:

1. View the weekly average value, highlighted in the blue box. This is the base value on top of which the buffer limit is set. In this example it is 91.30

2. Next, use the drop-down menu to set the buffer value. Let’s choose 20%

3. As is seen, the recommended value is now 109.56, as provided in the red box. Click apply to set the new threshold limit.

 

Resolving a Threshold Alert

Resolve threshold alerts, using the Resolve button provided next to each of the alerts.

This opens a pop-up box with further options on resolution. There is a confidence level assigned to each resolution option. CoreStack’s machine learning capabilities will internalize the decisions made each time and will increase the confidence levels over a period of time.

There are three resolution actions available for Virtual Machines. The resolution actions will vary based on the resource types for which monitoring threshold is detected.Confidence level is calculated based on the previous actions performed by the users:

  1. Stop the virtual machine
  2. Start the virtual machine
  3. Resize the virtual machine

You can choose either of the actions and apply from here to resolve the alert.

Automation Failures

CoreStack employs automation features such as Templates and Scripts to make operations streamlined and automatic. At times there are automation issues such as technical faults which stop these Templates and Scripts from getting executed. These failures appear in the Automation Failures list.

Click View to drill down to view details of each of the failures and attempt resolution.

As can be seen, the status of the automation job is displayed as Create_Failed.  To rerun the job, navigate to the Action column and select rerun from the drop-down menu.

Person Hours Saved

CoreStack’s automation capabilities helps organizations cut back on the person hours otherwise spent on manual management and governance of cloud environments. This counter showcases the number of person hours saved by CoreStack.


Insights

This section displays the state of the cloud environment over the past few days. The number of activity logs and threshold alerts determine the noisiness of cloud accounts and displays those accounts that face problems frequently.

Last 30 days trends

This line graph displays the number of activity logs, automation failures and threshold alerts everyday over a 30 day period. This helps to monitor spikes and identify reasons for those.

Top 5 Noisy Accounts (Across Cloud Account)

This pie chart showcases the top 5 cloud accounts that have high number of threshold alerts and activity logs.

Top 5 Noisy Resources (Across Cloud Account)

This pie chart showcases the top 5 resources such as virtual machines/servers that have high number of threshold alerts and activity logs.

Inference (Threshold Alert Prediction)

This section displays the forecasts in the increase/decrease of threshold alerts. The alerts are shown for the next 1 day, 2 days, and the next 15 days.

To view the list of alerts, click on any of the blocks. In this example, let’s view the details for the Next 1 Day.

Compliance Dashboard

Compliance is one of the most important aspects of cloud governance. Every business must adhere to the local and international legal regulations such as HIPAA, PCI-DSS, SOX and more. With CoreStack, ensuring cloud compliance is easier than ever before.

CoreStack’s Compliance Dashboard offers an in-depth view of the compliance status of the cloud in a single pane. It displays security findings and appropriate recommendations for the same.

This dashboard is split into 3 sections: Tenant Based Summary, Non-Compliance and Cloud Specific Security Findings. 

  1. Tenant Based Summary – Admin can view the Compliance details of each tenant separately based on the selection.
  2. Non-compliance – This section shows security findings as per the configurations set in the Policies section. For example, it can be a company policy to not leave Port 22 open. So when such an incident occurs it is a non-compliant vulnerability. If the user wants then the port can remain open and the rule application skipped so that it doesn’t show up again as a vulnerability.
  3. Cloud Native Security Findings – This section displays security findings that are high-risk, for example, using a system with old updates, not installing patch updates, etc. There are no recommendations provided for this.
Tenant Based Summary:

 

Non-compliance

Any resources in the cloud that are vulnerable, for example, open ports, those will be populated in this section as a finding under the appropriate category.There are many categories, for example, security, cost optimization, standards, etc.

By Category

This pie chart shows category-wise number of security findings. Clicking on a category shows the list of findings under it.

To view recommendations for a specific security finding in the list, click View. This redirects you to a new tab with the Recommendations dashboard. Learn more about Recommendations.

Top 3 Accounts(Across Cloud Accounts)

This section displays a donut diagram representing the top three accounts with the highest number of security findings. Click on an account to view a list of security findings:

To view recommendations for a specific security finding in the list, click View. This redirects you to a new tab with the Recommendations dashboard. Learn more about Recommendations.

Compliance Posture

This is the last subsection in the Non-Compliance section. The Compliance Posture is essentially a counter that displays the

  • Total number of security findings
  • Number of open findings

Findings against which no action has been taken.

  • Number of resolved findings

When a security finding recommendation is revoked/deleted, it is considered resolved. This counter displays the number of findings resolved by taking action other than skip.

  • Number of acknowledged findings

When a security finding recommendation is skipped, it is considered acknowledged. The user acknowledges that it is a vulnerability, yet enables the system to allow it. The next time a security finding will not be logged for the acknowledged vulnerability.

Cloud Specific Security Findings

These security findings are vulnerabilities that are picked up by CoreStack as per the tagged cloud accounts.

Azure can be configured to identify security vulnerabilities in the system. For example, installation of suspicious packages in the VM, not installing OS security updates, quota limit breached by a service, etc.

These vulnerabilities are tagged here, and shown as per three categories – specific to cloud accounts, infrastructure and consortiums such as  NIST, CISA, FEDRAMP, CCE, etc.

Cloud Accounts

This pie chart shows the cloud accounts and the number of security findings for each of these.

Compliance Summary (Consortium Specific)

This section shows the number of security findings for consortiums such as NIST, CISA, FEDRAMP, CCE, etc. To view security findings list, click on the number.

The list appears as shown:

Compliance Summary (Infrastructure Specific)

This area showcases vulnerabilities specific to infrastructural resources, such as endpoint protection and security updates. For example, non-installation of OS security updates, inability to collect data from a resource endpoint is not reachable (resource group has been deleted), etc.


Cost Analytics

Since cloud follows a pay-per-use approach, it is vital for organizations to ensure cost economic cloud usage. CoreStack understands this and thus offers a dynamic cost analytics dashboard that provides an in-depth view of the cloud costs across tags, locations and resource groups.

This dashboard is split into these four sections: 

  1. Account Summary
  2. Service Cost Summary 
  3. Account Wise Cost Summary
  4. Account Level Usage Analytics

Account Summary

Admin can view the Cost details of each tenant separately based on the selection. 

 

Service Cost Summary

This section displays the total costs incurred due to cloud utilization, of by default, the entire month. It also shows the break of the costs for different clouds – AWS, Azure and more. Click on a cloud to view its cost details.

The costs can be viewed on a day or yearly basis as well.

Quick Snapshots

This is a pop-up box that shows cost notifications. For example, top consuming region for a specific cloud account, or average decrease in cloud spend in last x months for a cloud account. This snapshot is provided yearly till date.

Account Wise Cost Summary

This section showcases the total, projected and budgeted costs for each cloud account tagged with CoreStack.

This helps to easily monitor if cloud costs are overshooting the set budget. Also the projected costs help in increasing/decreasing cloud consumption accordingly.

Account Wise Usage Analytics

This offers an in-depth view of the costs for a specific cloud account in a line graph form. For an Azure account,  you can toggle the view as per cloud account location, tags or resource groups.

For an AWS account however only location and Linked Accounts toggle options appear.

In the below image we can view the location cost per day for cloud resources in the AWS US-West-2 location. In the right hand side section, the individual cloud resources and their cost breakup is made available for a detailed view.

If the costs for a specific virtual machine are high, you can downsize the machine right from this section.

The Downsize option gives three different options to select from for greater cost savings. Click Apply to select one.

You can also change the locations of specific VMs to reduce costs.

Select the location from the options list and click Send Mail to confirm location change.


Consumption

The consumption dashboard showcases the current state of cloud utilization to the consumer. This dashboard is particularly useful as it shows the number of failed and pending provisioning orders, number of active VMs, and those that that are expiring today and in the next 7 days.

You can click on any of these counter numbers for a detailed view.

For example, let’s click on the Pending Order counter number. The Order History page appears wherein the list of Pending Orders is displayed as shown below:

Apart from the counter, there are four other areas that the dashboard sheds light on:

  1. Top Apps
  2. Usage Cost
  3. Total Orders
  4. Order Status Distribution

Top Apps – Those apps that are utilized the most on cloud are listed here.

Usage Cost – This section displays the cloud usage costs incurred on a per month basis, in dollars.

Total Orders – The total number of orders requested and those approved are plotted in an area graph  on a month-on-month basis.

Order Status Distribution – This doughnut chart displays the distribution of order statuses – provisioned, pending and failed, till date.


Recommendations

The recommendations dashboard offer insights into the security findings displayed in the Compliance dashboard and provides resolutions.

While the security findings mentioned in the Compliance Dashboard have individual recommendation view buttons, in the Recommendation dashboard, these are grouped under a policy name.

This dashboard is split into three main sections – Tenant wise Summary, Summary and All Recommendations. 

Tenant wise Summary: 

Admin can view the recommendation details of each tenant separately based on the selection. 
 

 

Summary

This section shows 5 types of crucial data:

  1. Total Recommendations – This shows the total number of recommendations
  2. Open Recommendations – This shows the number of unresolved and open recommendations
  3. Skipped Recommendations – These are the recommendations that have been acknowledged but will not be resolved. The user wants the status quo maintained
  4. Cost Savings Recommended – Shows the dollar value that can be saved by following recommendations
  5. Cost Savings Till Date – The dollar value saved by following recommendations till date is listed here

All Recommendations

Toggle View

You can toggle the view to list the recommendations as per Category or Account. Let’s click category to view the recommendations filtered for Security, Cost Optimization and Standards categories.

Click on a recommendation to view it in detail and obtain the list of impacted resources.

Change the Recommendation Status

The recommendation status varies from policy to policy. For example, for a storage policy, it can be delete storage, for a security group policy it can be revoke rule, etc.

Revoke – This action will resolve the issue by correcting the fault. For example if an RDP port is open, using revoke will close the port. Also, it will ensure that from the next time the system itself will close the port and not allow it to become a security finding.

Skip – This action will acknowledge the issue but will not have any impact on the finding. CoreStack’s machine learning capabilities will learn to not mark it as a security finding in the future.

Steps to apply actions to a recommendation:

  1. Click on a recommendation to view the list of impacted resources.
  2. In the Impacted Resources list, select a resource and then from the drop-down menu select an action.

In this example, we select a Security Group policy related recommendation, and revoke the SecurityGroup rule.

The rule has been revoked and the recommendation has helped resolve the security finding.

Cost Savings Recommended

Every cent saved using CoreStack is measurable using the cost savings recommended feature. Whenever a Cost Optimization recommendation is accepted and marked resolved, the dollar amount saved is added in the cost savings recommended counter.