Legal Notice: This document is property of EPAM and may not be disclosed, distributed or reproduced without the prior
written permission of EPAM®.
EPAM Cloud Infrastructure
Orchestrator ver.2.5.143
What’s New
March 2019
CI2WN-S141-143
Version 1.0
EPAM Cloud Orchestrator 2.5.143 - What’s New
EPAM SYSTEMS 2
CONTENT
1 Overview ......................................................................................................................................... 3
2 Infrastructure Updates ..................................................................................................................... 4
2.1 EPAM-HU2 – First Month Results ..............................................................................................4
2.2 Windows Images Library Updated .............................................................................................5
3 Security Updates – Nessus Scanner Winds Down ........................................................................... 7
4 Hybrid Cloud Updates ...................................................................................................................... 8
4.1 Integration with AWS .................................................................................................................8
4.1.1 Assigning Managed Policies to AWS Users ............................................................... 8
4.1.2 AWS Regions Access Improvements ......................................................................... 9
4.1.3 Extended AWS Audit ............................................................................................... 10
4.1.4 Change Shape for AWS Instances ........................................................................... 11
4.2 Integration with Microsoft Azure ............................................................................................... 12
4.2.1 Enhanced Resource Description and Auto-IDs......................................................... 12
4.2.2 VM-Level Monitoring ................................................................................................ 12
4.3 Integration with Google ............................................................................................................ 14
4.3.1 All Google Regions Available via EPAM Cloud......................................................... 14
4.3.2 Billing by Regions .................................................................................................... 15
5 Project Management: Delegate Emails .......................................................................................... 16
6 Monitoring Improvements .............................................................................................................. 18
6.1 Financial KPIs to Email ............................................................................................................ 18
6.2 Regions Grouping by Cloud ..................................................................................................... 19
7 Maestro Python SDK Migrtion to Python 3 ..................................................................................... 20
8 Maestro CLI Changes .................................................................................................................... 20
9 Documentation Updates ................................................................................................................ 21
Table of Figures .................................................................................................................................... 22
Version history ...................................................................................................................................... 23
EPAM Cloud Orchestrator 2.5.143 - What’s New
EPAM SYSTEMS 3
1 OVERVIEW
EPAM Cloud Orchestration v.2.5.143 was released on March 16, 2019. The release includes a big
amount of changes related to integration with public clouds, security, monitoring, and project
management.
Within the scope of traditional EPAM Cloud infrastructure updates, we reviewed and updated the
supported images library, and are glad to introduce three new Windows images for OpenStack regions,
including Windows 10. We also gathered the statistics of migration from EPAM-HU1 to EPAM-HU2
region, and have great news for those whose migration is still in progress.
The largest set of changes is related to integration with public clouds. These include improvements in
AWS permissions settings, infrastructure monitoring, and the possibility to resize existing instances. For
Microsoft Azure, monitoring and resource description processes were improved. We are also glad to say
that billing and reporting engine for Google cloud now allows filtering billing data by virtualization regions.
The project management section includes a new feature which the Advanced Management Group
members delegate Cloud-related notifications of high importance to a trusted person from the project
team.
The overall monitoring was improved and became more user friendly with enhanced filtering by regions
for Project and Region-level KPIs, as well as the possibility to send these metrics to email.
The last but not the least – Python SDK for Maestro was updated to be used with Python 3.
The functionality changes, of course, are reflected in Maestro CLI, where necessary, and in EPAM Cloud
documentation. Refer to the EPAM Cloud website for detailed information on the improvements and
features introduced in Orchestrator version 2.5.143.
EPAM Cloud Orchestrator 2.5.143 - What’s New
EPAM SYSTEMS 4
2 INFRASTRUCTURE UPDATES
We are glad to complement the current release with a pack of news on migration to OpenStack and the
recently introduced EPAM-HU2 region, as well as with announcement of Guest OS updates in private
regions.
2.1 EPAM-HU2 – FIRST MONTH RESULTS
A new OpenStack region – EPAM-HU2 was introduced on February 1. The region characteristics are
quite attractive:
• Based on OpenStack Rocky
• Shapes up to 8XL (16CPU, 92GB RAM)
• SSD disks are used
• Recycle bin feature is supported (you can restore an accidentally terminated virtual machine within
7 days after termination)
Right after the introduction, the migration to the new region started. It was announced that all projects that
manage to migrate completely from EPAM-HU1 within a month in terms of self-service, wouldn’t be charged
for the region usage in February.
We are glad to say that six projects completed the migration successfully and could already feel the
discount.
Overall, about 130 servers migrated from EPAM-HU1 to EPAM-HU2 within February, and the number is
growing.
February 2019
EPAM-HU1
EPAM-HU2
731 VMs
555 VMs
131 VMs
0 VMs
Figure 1 - EPAM-HU1 to EPAM-HU2 migration statistics
Today, we are glad to announce that the self-service migration discount is prolonged in March! Thus,
for those who will completely migrate their resources from EPAM-HU1 by March 31 without assistance
from the Cloud Support team, the costs for virtual infrastructure in EPAM-HU1 in March will be set to
0.
EPAM Cloud Orchestrator 2.5.143 - What’s New
EPAM SYSTEMS 5
The typical self-service migration flow is as follows:
1. Create a new server or servers in EPAM-HU2.
2. Setup the servers properly according to your project needs and their role in the infrastructure.
3. Move necessary data from your old servers to the new ones.
When you migrate workloads, as described above, the performance of the resulting infrastructure
is higher than in case you request migration of existing servers via image creation.
The resources in EPAM-HU1 are not affected on the current stage, but we recommend to start
considering complete migration to EPAM-HU2 and other regions, as EPAM-HU1 is already scheduled for
decommissioning in the following steps:
• The creation of new resources in EPAM-HU1 will be restricted since April 1, 2019.
• The region planned closure date is October 1, 2019.
If you have any questions regarding the upcoming migration and region decommissioning, contact EPAM
Cloud Support team, any time (24/7).
2.2 WINDOWS IMAGES LIBRARY UPDATED
EPAM Cloud continue to grow the technical expertise and work on new challenging tasks. We are glad to
announce that this release we brought back the Windows 10 images for OpenStack regions and added
new Windows images to our library.
Typically, Windows 10 is not used in Cloud Computing. However, the need of using Windows 10 is difficult
to overestimate due to its high popularity as a modern workstation OS, advanced protection against modern
security threats and comprehensive management and control over devices and app.
On top of that, our team have added 2 new Windows Servers, reviewed the existing and removed irrelevant
images
The table below reflects changes in the image's library:
ID Description Status Microsoft Info
Win10-64 Windows 10 64-bit Enterprise New link
W2019CoreStd Windows Server Core 2019 Standard New
link
W2019Std Windows Server 2019 Standard New link
W1709Std Windows Server 2016 Standard Decommissioned link
W2012R2Std Windows Server 2012 R2 Standard Edition End Of Life link
Let us bring your attention to the following specifics of the introduced updates:
1. New images will be available in all OpenStack regions:
• EPAM-HU2
• EPAM-BY2
• EPAM-UA2
• EPAM-US2
• EPAM-RU3
• EPAM-IN1 (after notification)
2. The billing for the new Windows images is the same as for existing ones.
3. W1709Std image was decommissioned as it’s no longer relevant.
EPAM Cloud Orchestrator 2.5.143 - What’s New
EPAM SYSTEMS 6
4. The latest actual Windows version is W2019Std. In addition, according to user’s needs, Microsoft
provides Standard Image Core Version without UI part or more convenient Standard Image Core
version with UI part.
5. W2012R2std image is in the end of its useful life. However, the image remains under extended
support and is still available in the library to enable support of existing infrastructures.
The full list of images available in EPAM Cloud images can be found here.
You can also dynamically get the list of the images, supported for your project in a specific region during
instance run with the Run wizard on Cloud Dashboard, or with the or2-describe-images (or2dim)
Maestro CLI command:
Figure 2 - An extract from or2dim command output
EPAM Cloud Orchestrator 2.5.143 - What’s New
EPAM SYSTEMS 7
3 SECURITY UPDATES – NESSUS SCANNER WINDS DOWN
Nessus Scanner is being phasing out and it is not available in public clouds anymore. Though,
Nessus Scanner will be still available in private regions till June 2019. What actions can be
performed for safety reasons?
Please pay attention for these options:
1. For Amazon, you can activate AWS Inspector and GuardDuty for Amazon.
2. For all other public providers – please contact directly the Security Team who can provide you with
the following:
• Information about security issues of your instances and servers in all clouds.
• Vulnerability report that includes the essential information, related to security in EPAM
Cloud, and covers potential and detected vulnerabilities of the resources and accounts
belonging to your project.
Kindly note that all the existing security reports remain available on the Management page of the Cloud
Dashboard, where you can check already scanned security reports of your instances:
Figure 3 - Security info on the Management page
EPAM Cloud Orchestrator 2.5.143 - What’s New
EPAM SYSTEMS 8
4 HYBRID CLOUD UPDATES
EPAM Orchestrator v.2.5.143 traditionally includes improvements and new features related to integration
with public cloud providers. This time, the list includes the following points:
• Integration with Azure is improved with enhanced resource description procedures and
automatically assigned instance and volume IDs. The VM-level monitoring is added to Azure-type
regions.
• Integration with AWS includes the possibility to expand default user permissions with Managed
Policies, ability to resize AWS instances with Orchestrator tools, reviewed regions treatment
approaches, and new monitored metrics.
• For Google Cloud, we supported region-specific reporting which significantly improves costs
tracking and control.
Below, you can find the details on each of these updates.
4.1 INTEGRATION WITH AWS
EPAM Orchestrator integration with AWS was also improved. The new release includes updates related to
permissions management, unused regions treatment, and improved monitoring with new metrics collected
from AWS CloudTrail.
4.1.1 Assigning Managed Policies to AWS Users
Effective and flexible permissions model allows to establish the perfect balance between the benefits of
self-service approach and security restrictions.
By default, a single user’s access to Cloud is defined by their project role and can be expanded to Admin
access or totally denied if necessary. This also applies to access to native tools of public cloud providers.
We are glad to announce that the new EPAM Orchestrator includes an update which allows fine-tuning a
user’s access to AWS. This is done by assigning an AWS Managed Policy to the user.
The Managed Policies include a set of permissions which can be used to set up a specific access level to
one of AWS services (for example, AmazonChimeReadOnly), or to match standard needs of a person with
a specific job function (for example, SupportUser).
EPAM Cloud Orchestrator 2.5.143 - What’s New
EPAM SYSTEMS 9
A member of the Advanced Management Group can assign a Managed Policy to a user by making the
following steps:
Figure 4 - Setting up AWS Managed policies with Manage Cloud wizard
1.1. Run the Manage Cloud wizard.
1.2. Select Manage permissions for a particular user.
1.3. Select project and user.
1.4. Select AWS Managed Policy option and choose the policy from the dropdown list.
1.5. Click Apply or Apply and Close.
The changes will be applied after the user re-logins to Orchestrator.
• The Managed Policies cannot be used to assign permissions for Security
Groups and IAM management.
• The Managed Policies are applied when the user logs in to the AWS
Management Console via the Console wizard on Cloud Dashboard. They
are not applied when the user manages AWS infrastructure with
Orchestrator tools.
4.1.2 AWS Regions Access Improvements
When activating a project in AWS, the users specify the regions to which the access will be granted.
To ensure better control over infrastructure in public clouds, EPAM Orchestrator includes the following
updates related to region access:
• The access via AWS Management Console reflects the settings in Orchestrator. In case a project
is not activated in a specific region in AWS, this region will not be available to project members who
work with the AWS Management Console.
• The regions in which your project hasn’t had any virtual machines, volumes or images within 2
months gets hidden from all Orchestrator tools, except reporting. It will also become unavailable
for users who manage AWS infrastructures via AWS management console.
This is done to make the infrastructure review and monitoring easier, and to omit confusions related
to the actual infrastructure geography.
To return a hidden AWS region, Advanced Management Group members can
use the Activate region option of the Managed Cloud wizard.
EPAM Cloud Orchestrator 2.5.143 - What’s New
EPAM SYSTEMS 10
4.1.3 Extended AWS Audit
Improving monitoring and audit constantly is one of the key ways to set the closer control over virtual
infrastructures and ensure quick and appropriate reaction on any unexpected situation.
Although the existing Orchestrator’s tracking tools already provide various details to users in live mode,
there is always a place for a new improvement, especially when it comes to integration with public clouds.
With EPAM Orchestrator v.2.5.143, we introduce the expanded audit for AWS regions, with more events
retrieved from AWS CloudTrail:
Event type Event
Amazon S3 Bucket Activity Bucket policy, lifecycle, replication is PUT or DELETEd, or a bucket ACL is PUT.
Network Access Control Lists (ACL) Changes Any configuration affecting network ACLs.
Network Gateway Changes A customer or Internet Gateway is created, updated or deleted.
Amazon Virtual Private Cloud (VPC) changes An Amazon VPC, Amazon VPC peering connection or Amazon VPC connection to classic Amazon EC2 instances is created, updated or deleted.
Amazon EC2 Large Instances Changes An 4x or 8x-Large instance is created in AWS
CloudTrail Changes A CloudTrail is created, updated, or deleted. Logging a trail was started or stopped.
Console Sign-In Failures Three or more failed sign-in attempts within 5-minute period.
IAM Policy Changes A change to IAM policies is introduced.
The mentioned events can be reviewed in the new AWS group on the Audit page:
Figure 5 - AWS audit group
The events are collected and logged to the AWS group since March 16, 2019 (the date of EPAM Cloud
Orchestrator v.2.5.143 release).
Security Group and standard AWS EC2 instances audit was implemented
before, and are available in Security and Default audit groups.
EPAM Cloud Orchestrator 2.5.143 - What’s New
EPAM SYSTEMS 11
Please be reminded that Audit events are not removed in Orchestrator and can be tracked back for 100
days in Maestro CLI and till project activation point – on the Audit page.
4.1.4 Change Shape for AWS Instances
Any infrastructure creation is preceded with planning and estimations,
so that the created resources would perfectly fit the project needs.
However, there are cases when the requirements change, and you
need to use a larger or a smaller server. If the infrastructure is hosted
in a public region, the standard approach here was: create a new
server of a sufficient size, move your data there, and kill the initial
server that became too small or too large.
With EPAM Cloud Orchestrator v.2.5.143, you can skip this time- and effort-consuming approach by simply
changing the instance shape using the or2-change-shape (or2chshape) Maestro CLI command with the
following parameters:
or2chshape -r AWS-Region -p project -i instance_id -s target_shape
where the -s/--shape parameter specifies the target Orchestrator shape alias.
Below, you can find the table describing the mapping between Orchestrator shapes and AWS instance
types:
EPAM Cloud Shape EPAM Cloud shape capacity AWS Instance Type
CPU RAM GB Zone Set 1* Zone Set 2**
MICRO 1 0.5 t3.nano t3.nano
MINI 1 1 t3.micro t3.micro
SMALL 1 2 t3.small t3.small
MEDIUM 2 4 t3.medium t3.medium
LARGE 2 8 t3.large t3.large
XL 4 7.5 m5a.large m5.large
2XL 4 16 r5a.large r5.large
3XL 8 15 m5a.xlarge m5.xlarge
4XL 6 23 r5a.xlarge r5.xlarge
5XL 8 32 m5a.2xlarge m5.2xlarge
6XL 8 46 r5a.2xlarge r5.2xlarge
7XL 8 61 m5a.4xlarge m5.4xlarge
8XL 16 122 r5a.4xlarge r5.4xlarge
*Zone Set 1 US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Ireland), Asia Pacific (Singapore)
**Zone Set 2 US West (N. California), Canada (Central), EU (Frankfurt), EU (London), EU (Paris), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Osaka-Local), Asia Pacific (Sydney), Asia Pacific (Mumbai), South America (São Paulo), EU (Stockholm)
On command execution for Amazon instances, EPAM Cloud Orchestrator initiates the instance resizing
procedure on AWS side.
• The target instance should be of a type supported by Orchestrator.
Otherwise, shape change procedure won’t succeed.
• The target instance should be stopped before you initiate the change.
• Instance resizing will influence the instance cost. You can check AWS
Price Calculator to estimate the changes.
SMALL 2XL
EPAM Cloud Orchestrator 2.5.143 - What’s New
EPAM SYSTEMS 12
4.2 INTEGRATION WITH MICROSOFT AZURE
EPAM Cloud integration with Microsoft Azure includes a set of changes related to enhance resource
description, monitoring, and utilization tracking.
4.2.1 Enhanced Resource Description and Auto-IDs
EPAM Orchestrator regularly checks Azure events to see the changes on infrastructure that were performed
by native Azure tools.
With the current release, the detection procedure was enhanced due to improved logic and a more effective
approach to load balancing.
This specifically applies to the way Orchestrator detects and describes resources created in Azure by native
tools. Now, it not only finds new virtual instances and volumes, but also automatically assigns standard
EPAM IDs to them. As a result, Azure resources are referenced by Orchestrator tools in a way which is
unified for all supported cloud providers.
Orchestrator Tools
OrchestratorVM
Storage
Instance ID
Storage ID
Windows Azure
VM
Storage
Instance Name
Storage name
Describe
Figure 6 - Azure instance IDs assignment
• To address an Azure resource with an Orchestrator tool (UI, CLI, or API),
use the resource ID assigned by the Orchestrator.
• The resource name given by Azure is used to match Orchestrator ID with
the resource in Azure.
4.2.2 VM-Level Monitoring
The detailed multi-level monitoring of infrastructure – from general project/region-focused information to
performance of each VM – is an important part of effective virtual infrastructure setup and management.
Meanwhile, one of the key approaches of EPAM Cloud Orchestrator is unification and providing a single
entry point for functionality applied to both private and various public cloud providers.
With this release, we are glad to introduce the feature that supports this approach: VM-level monitoring for
Azure-based instances. The following metrics are available:
• CPU Utilization, %
• Disk read/write, kB
• Network traffic outgoing/ingoing, kB
EPAM Cloud Orchestrator 2.5.143 - What’s New
EPAM SYSTEMS 13
The data is retrieved via Azure Monitoring REST API, processed and displayed on the Monitoring page:
Figure 7 - Azure instance monitoring
The monitoring is enabled by default to all instances running in Azure, it does not need activation and does
not add to your project’s costs.
As with any other VM-level metrics, you can get the details on a specific Azure VM KPI to your email, by
clicking the Email button in the top right corner of the metrics pane, or put the KPI to the Dashboard by
clicking Watch.
EPAM Cloud Orchestrator 2.5.143 - What’s New
EPAM SYSTEMS 14
4.3 INTEGRATION WITH GOOGLE
The updates in integration with Google are focused on the integration coverage and reporting
improvements.
With the current release, EPAM Cloud Orchestrator supported a set of new regions, so that now the full
library of Google Cloud regions is available for EPAM Cloud users.
The recently introduced billing detailing by regions was also supported for EPAM Cloud reporting.
You can find details on each of the changes further in this chapter.
4.3.1 All Google Regions Available via EPAM Cloud
For a long time, EPAM Cloud users could access a limited number of Google Cloud regions. The selection
was based on the regions popularity and geography.
With the current release, we supported the whole set of Google regions. So, the current mapping of the
supported regions and their EPAM Cloud aliases is given below:
Google Region Location EPAM Cloud Alias Comment
asia-east1 Changhua County, Taiwan GCP-AS-EAST
asia-east2 Hong Cong GCP-ASEAST2 New
asia-norhteast1 Tokyo, Japan GCP-AS-NORTHEAST
asia-south1 Mumbai, India GCP-ASSOUTH New
asia-southeast1 Jurong West, Singapore DCP-AS-SOUTHEAST
australia-southeast1 Sydney, Australia GCP-AUSOUTH New
europe-north1 Hamina, Finland GCP-EUNORTH New
europe-west1 St. Ghislain, Belgium GCP-EUWEST
europe-west2 London, England, UK GCP-EUWEST2 New
europe-west3 Frankfurt, Germany GCP-EUWEST3 New
europe-west4 Eemshaven, Netherlands GCP-EUWEST4 New
europe-west6 Zürich, Switzerland GCP-EUWEST6 New
northamerica-northeast1 Montréal, Québec, Canada GCP-NANORTHEAST New
southamerica-east1 São Paulo, Brazil GCP-SAEAST New
us-central1 Council Bluffs, Iowa GCP-USCENTRAL
us-east1 Moncks Corner, South Carolina, USA GCP-USEAST
us-east4 Ashburn, Northern Virginia, USA GCP-USEAST4 New
us-west1 The Dalles, Oregon GCP-USWEST
us-west2 Los Angeles, California, USA GCP-USWEST2
All the regions are available for selection on project activation (either with self-service approach or via a
Support Request). In case your project is already activated in Google Cloud, but it is necessary to add a
new region, a member of the Advanced Management Group can do it with the Activate Region option of
the Manage Cloud wizard.
EPAM Cloud Orchestrator 2.5.143 - What’s New
EPAM SYSTEMS 15
4.3.2 Billing by Regions
Recently, Google supported billing detailing by virtualization regions in which the infrastructure is hosted.
EPAM Orchestrator, immediately supported this feature to make Google billing reports available in a the
most detailed way.
We are glad to say, that Google Cloud reporting now includes information on specific regions in which
Cloud services are used.
The Google Cloud billing is available (just the same as billing for other clouds) on the Reporting page and
with the or2report Maestro CLI command:
Figure 8 - Google report with region detailing
We are also glad to say that the information on billing for Google cloud usage is now updated faster with
minimized delay. Orchestrator checks for updates once in an hour, so as soon as Google provides new
data, they are passed to EPAM Cloud users within the shortest time.
Please also note that region-specific billing data allows to set up more precise financial quota, thus providing
you with more flexible expenses control for Google regions:
Figure 9 - Setting a quota for a Google region
EPAM Cloud Orchestrator 2.5.143 - What’s New
EPAM SYSTEMS 16
5 PROJECT MANAGEMENT: DELEGATE EMAILS
EPAM Orchestrator delivers numerous notifications, aimed to allow project members
keep track of all events, state changes, costs statistics, threats, and other
infrastructure details.
A big set of such notifications is sent to the Advanced Management group – Project
Managers, Project Coordinators, Delivery Managers, and Account Managers.
However, it may be hard to follow all threads, if a person is responsible for a big number of projects. There
are also cases when a person plans to be out of office, and someone needs to step in.
With this release, we are glad to introduce a new feature: emails delegation. The members of the
Advanced Management group select a person who should receive the following project-related
notifications:
• Project Activation Info – The notification informing about project activation in a specific
cloud/region. As soon as activation is performed, project members can start creating virtual
infrastructures in the mentioned cloud.
• The project <project ID> was closed in UPSA - The notification informing about changing the
UPSA project state to “Closed”. Since this moment, the project becomes unavailable for virtual
resources management.
• Run New Instance Approve – The email delivered when a user wants to create a VM when
approval mechanism is on. The receiver can either approve or reject creating a specific VM.
• Weekly Status Report – The report provides project resources utilization and changes overview.
• Weekly Security Report – The report provides info on project security checks, vulnerable
resources and potential threats.
• Quota alert – The alert notifies that the project monthly bill reached a specific threshold.
• Quota update – The email notifies that the project financial quota settings were changed.
• Daily Threshold Exceeded Alert – The email informs that a project’s daily expenses in one
region exceed the default maximum threshold of 300 USD.
• Unusual activity in AWS detected. The notification informs on the excessive growth of new
resources in AWS (the number of VMs created within one hour).
The permissions are delegated with the Delegate option of the Manage Cloud wizard:
Figure 10 - Delegating emails
EPAM Cloud Orchestrator 2.5.143 - What’s New
EPAM SYSTEMS 17
1. Run the Manage Cloud wizard.
2. Select the Delegate option and click Next.
3. Review the list of the users to which the notifications were already delegated (if any). Click Edit to add
a responsible person or to modify the existing delegate, if any.
4. Select delegation parameters:
• The project for which the notifications should be delegated.
• The user (Active Users group for the users who already used Orchestrator, or UPSA Users group
for those who haven’t authorized to EPAM Cloud after they were assigned to the project)
• Select Delegate project notifications.
The possibility to delegate access to the Manage Cloud wizard will be
introduced in the nearest future.
5. Click Apply and close.
The user to whom the notifications are delegated, start receiving the project-related emails instead of the
person who delegated the email. The rest of recipients are not affected.
EPAM Cloud Orchestrator 2.5.143 - What’s New
EPAM SYSTEMS 18
6 MONITORING IMPROVEMENTS
Effective monitoring is one of the keystones of modern enterprise cloud. While the
details on the performance of each VM in infrastructure are really important, the
Project and Region-level KPIs are the data without which the information on the
project won’t be complete, and the utilization trends analysis would be impossible.
EPAM Cloud Orchestrator v.2.5.143 includes improvements for the Monitoring page
which makes keeping track of infrastructure easier and more effective.
6.1 FINANCIAL KPIS TO EMAIL
The common way to monitor project costs is the Reporting page where you can see the current monthly
cost of your infrastructure, and can track you expenses up to a year back. However, the tool does not allow
quick and easy statistics and trending info which is often needed at planning and retro stages.
That’s where project-level Financial KPIs on the Monitoring page step in. Financial KPI allow to monitor
daily and monthly expense trends for your project. The Value shows the recently updated chargeback
info, while the Trend and Deep Dive provide the story of the expenses history by days or by months in a
visualized way.
This data allows to review the infrastructure utilization story and estimate whether and how the Cloud
expenses will change.
Figure 11 - Financial KPI Deep Dive
Moreover, the new Email button on the Deep Dive view, allows you to get the graph with the statistics
directly to your email, for further processing and sharing.
EPAM Cloud Orchestrator 2.5.143 - What’s New
EPAM SYSTEMS 19
6.2 REGIONS GROUPING BY CLOUD
Another change in monitoring tools usability is the introduced grouping by regions.
EPAM Cloud Orchestrator supports 60 virtualization regions in four clouds, which include a private one,
AWS, Azure, and Google. This is why, especially in case the project hosts its infrastructure in across
multiple platforms, a big amount of regions displayed on the screen on project-level monitoring is
inconvenient.
This is why we introduce regions grouping by cloud for project level Deep Dives.
By default, All regions option is selected, and it allows switching between per-cloud totals. If you select a
specific cloud, you will find the detailed list of all regions used by your project in this cloud.
Figure 12 - Region grouping by type
This update increases the user-friendliness of the Deep Dive feature. It not only makes navigation easier,
but also initially provides the summary per-provider statistics without need to retrieve it with additional
manipulations.
EPAM Cloud Orchestrator 2.5.143 - What’s New
EPAM SYSTEMS 20
7 MAESTRO PYTHON SDK MIGRTION TO PYTHON 3
Over a year ago, in cooperation with our colleagues working on DEP Infrastructure Platform, we introduced
Python SDK allowing to implement Orchestrator functions via Python tools.
Initially, the solution is based on Python 2.7, and many projects already use it for resolving their daily tasks.
With this release, we are glad to announce Python SDK update to be compatible with Python 3. The
new version is put to the master branch of the project repository.
We also reconfigured the GitLab CI/CD and set up a new runner (EPM-CSUP, EPAM-BY2). The previous
one was removed.
Python 2.7 compatible version was pushed to a separate branch .
You can find the details on Maestro Python SDK in the Readme file. Find the changelog here.
8 MAESTRO CLI CHANGES
The functional changes and optimization in EPAM Orchestrator are also reflected in changes in
Maestro CLI. The following commands were updated with EPAM Orchestration v.2.5.143:
• or2-describe-nessus-server command now does not include the -t/--type parameter, as only the
internal server one remains available.
• or2-security-check command now does not include the -s/--server parameter, as only internal
server remains available.
Naturally, all changes are reflected in Maestro CLI User Guide and Maestro CLI Quick Reference Card.
EPAM Cloud Orchestrator 2.5.143 - What’s New
EPAM SYSTEMS 21
9 DOCUMENTATION UPDATES
All changes and updates to the EPAM Orchestrator functionality are reflected in the documentation and
other EPAM Cloud resources. With the release of EPAM Orchestrator 2.5.143, the following documentation
updates were made:
• Terraform User Guide was introduced to provide detailed instructions on Terraform Service
usage in EPAM Cloud.
• Maestro CLI User Guide was updated due to the latest functionality changes.
• Hybrid Cloud Guide was updated with the latest changes in AWS, Azure, and Google integration.
• EPAM Cloud Services Guide and FAQ now include guidelines on preparing machine images for
importing to EPAM Cloud.
• Account Management Guide was updated with the information on permissions delegation and
Google Cloud billing changes.
You can always find the full set of EPAM Cloud documentation on the respective page on our web-site.
EPAM Cloud Orchestrator 2.5.143 - What’s New
EPAM SYSTEMS 22
TABLE OF FIGURES
Figure 1 - EPAM-HU1 to EPAM-HU2 migration statistics ......................................................................... 4
Figure 2 - An extract from or2dim command output ................................................................................. 6
Figure 3 - Security info on the Management page .................................................................................... 7
Figure 4 - Setting up AWS Managed policies with Manage Cloud wizard ................................................. 9
Figure 5 - AWS audit group ................................................................................................................... 10
Figure 6 - Azure instance IDs assignment ............................................................................................. 12
Figure 7 - Azure instance monitoring ..................................................................................................... 13
Figure 8 - Google report with region detailing ........................................................................................ 15
Figure 9 - Setting a quota for a Google region ....................................................................................... 15
Figure 10 - Delegating emails ................................................................................................................ 16
Figure 11 - Financial KPI Deep Dive ...................................................................................................... 18
Figure 12 - Region grouping by type ...................................................................................................... 19