Posts

Showing posts from August, 2022

Role-Based Access Control: Flexible Trust with Maestro

Image
Self-service is one of the five keystones for any effective cloud service. This applies not only to the provisioning of services to customers but also to the way the customers organize their internal workflows. An enterprise that does not allow self-service in Cloud for its employees would definitely lose a big part of Cloud benefits, as the operational part will be complicated, slow, and not reactive enough to face the enterprise needs or arising threats properly. However, the question is – when enabling self-service, how to make sure that things don’t go out of control, especially for large teams and infrastructures? Standard Role-Based Access Control (RBAC) Typically, cloud providers allow their customers to set up role-based access to infrastructure management. In this approach, possible operations are combined into roles, typically by purpose. The users, in their turn, are combined into user groups, according to the tasks they perform and the access level they need to have. ...

Machine-Learning Based Rightsizing: Is it worth it?

Image
Back in March, we shared an exciting story of creating a POC for a machine-learning-based infrastructure rightsizing mechanism . Naturally, such an interesting initiative and promising results could not be put aside, and we went on working on the tool to see how far we could potentially get, and – of course – if all our work is worth the benefits it could bring. From POC to a Product The initial, POC, version of Maestro Cost Advisor (that’s how we called it) was actually quite a simple one in terms of the functionality: it took the virtual machines performance metrics for 4 days, analyzed the CPU and memory load, the timelines, and suggested the following actions to the instances: Scale up Scale down Shutdown Schedule The mechanism analysed the real load on the instances and suggested new instance types based on the 90’s percentile for each parameter. The approach was good enough to prove that the mechanism would work, but definitely not enough to become a business to...