Legal Notice: This document is property of EPAM and may not be disclosed, distributed or reproduced without the prior

written permission of EPAM®.

EPAM Cloud Infrastructure

Orchestrator ver.2.5.143

What’s New

March 2019

CI2WN-S141-143

Version 1.0

EPAM Cloud Orchestrator 2.5.143 - What’s New

EPAM SYSTEMS 2

CONTENT

1 Overview ......................................................................................................................................... 3

2 Infrastructure Updates ..................................................................................................................... 4

2.1 EPAM-HU2 – First Month Results ..............................................................................................4

2.2 Windows Images Library Updated .............................................................................................5

3 Security Updates – Nessus Scanner Winds Down ........................................................................... 7

4 Hybrid Cloud Updates ...................................................................................................................... 8

4.1 Integration with AWS .................................................................................................................8

4.1.1 Assigning Managed Policies to AWS Users ............................................................... 8

4.1.2 AWS Regions Access Improvements ......................................................................... 9

4.1.3 Extended AWS Audit ............................................................................................... 10

4.1.4 Change Shape for AWS Instances ........................................................................... 11

4.2 Integration with Microsoft Azure ............................................................................................... 12

4.2.1 Enhanced Resource Description and Auto-IDs......................................................... 12

4.2.2 VM-Level Monitoring ................................................................................................ 12

4.3 Integration with Google ............................................................................................................ 14

4.3.1 All Google Regions Available via EPAM Cloud......................................................... 14

4.3.2 Billing by Regions .................................................................................................... 15

5 Project Management: Delegate Emails .......................................................................................... 16

6 Monitoring Improvements .............................................................................................................. 18

6.1 Financial KPIs to Email ............................................................................................................ 18

6.2 Regions Grouping by Cloud ..................................................................................................... 19

7 Maestro Python SDK Migrtion to Python 3 ..................................................................................... 20

8 Maestro CLI Changes .................................................................................................................... 20

9 Documentation Updates ................................................................................................................ 21

Table of Figures .................................................................................................................................... 22

Version history ...................................................................................................................................... 23

EPAM Cloud Orchestrator 2.5.143 - What’s New

EPAM SYSTEMS 3

1 OVERVIEW

EPAM Cloud Orchestration v.2.5.143 was released on March 16, 2019. The release includes a big

amount of changes related to integration with public clouds, security, monitoring, and project

management.

Within the scope of traditional EPAM Cloud infrastructure updates, we reviewed and updated the

supported images library, and are glad to introduce three new Windows images for OpenStack regions,

including Windows 10. We also gathered the statistics of migration from EPAM-HU1 to EPAM-HU2

region, and have great news for those whose migration is still in progress.

The largest set of changes is related to integration with public clouds. These include improvements in

AWS permissions settings, infrastructure monitoring, and the possibility to resize existing instances. For

Microsoft Azure, monitoring and resource description processes were improved. We are also glad to say

that billing and reporting engine for Google cloud now allows filtering billing data by virtualization regions.

The project management section includes a new feature which the Advanced Management Group

members delegate Cloud-related notifications of high importance to a trusted person from the project

team.

The overall monitoring was improved and became more user friendly with enhanced filtering by regions

for Project and Region-level KPIs, as well as the possibility to send these metrics to email.

The last but not the least – Python SDK for Maestro was updated to be used with Python 3.

The functionality changes, of course, are reflected in Maestro CLI, where necessary, and in EPAM Cloud

documentation. Refer to the EPAM Cloud website for detailed information on the improvements and

features introduced in Orchestrator version 2.5.143.

EPAM Cloud Orchestrator 2.5.143 - What’s New

EPAM SYSTEMS 4

2 INFRASTRUCTURE UPDATES

We are glad to complement the current release with a pack of news on migration to OpenStack and the

recently introduced EPAM-HU2 region, as well as with announcement of Guest OS updates in private

regions.

2.1 EPAM-HU2 – FIRST MONTH RESULTS

A new OpenStack region – EPAM-HU2 was introduced on February 1. The region characteristics are

quite attractive:

• Based on OpenStack Rocky

• Shapes up to 8XL (16CPU, 92GB RAM)

• SSD disks are used

• Recycle bin feature is supported (you can restore an accidentally terminated virtual machine within

7 days after termination)

Right after the introduction, the migration to the new region started. It was announced that all projects that

manage to migrate completely from EPAM-HU1 within a month in terms of self-service, wouldn’t be charged

for the region usage in February.

We are glad to say that six projects completed the migration successfully and could already feel the

discount.

Overall, about 130 servers migrated from EPAM-HU1 to EPAM-HU2 within February, and the number is

growing.

February 2019

EPAM-HU1

EPAM-HU2

731 VMs

555 VMs

131 VMs

0 VMs

Figure 1 - EPAM-HU1 to EPAM-HU2 migration statistics

Today, we are glad to announce that the self-service migration discount is prolonged in March! Thus,

for those who will completely migrate their resources from EPAM-HU1 by March 31 without assistance

from the Cloud Support team, the costs for virtual infrastructure in EPAM-HU1 in March will be set to

0.

EPAM Cloud Orchestrator 2.5.143 - What’s New

EPAM SYSTEMS 5

The typical self-service migration flow is as follows:

1. Create a new server or servers in EPAM-HU2.

2. Setup the servers properly according to your project needs and their role in the infrastructure.

3. Move necessary data from your old servers to the new ones.

When you migrate workloads, as described above, the performance of the resulting infrastructure

is higher than in case you request migration of existing servers via image creation.

The resources in EPAM-HU1 are not affected on the current stage, but we recommend to start

considering complete migration to EPAM-HU2 and other regions, as EPAM-HU1 is already scheduled for

decommissioning in the following steps:

• The creation of new resources in EPAM-HU1 will be restricted since April 1, 2019.

• The region planned closure date is October 1, 2019.

If you have any questions regarding the upcoming migration and region decommissioning, contact EPAM

Cloud Support team, any time (24/7).

2.2 WINDOWS IMAGES LIBRARY UPDATED

EPAM Cloud continue to grow the technical expertise and work on new challenging tasks. We are glad to

announce that this release we brought back the Windows 10 images for OpenStack regions and added

new Windows images to our library.

Typically, Windows 10 is not used in Cloud Computing. However, the need of using Windows 10 is difficult

to overestimate due to its high popularity as a modern workstation OS, advanced protection against modern

security threats and comprehensive management and control over devices and app.

On top of that, our team have added 2 new Windows Servers, reviewed the existing and removed irrelevant

images

The table below reflects changes in the image's library:

ID Description Status Microsoft Info

Win10-64 Windows 10 64-bit Enterprise New link

W2019CoreStd Windows Server Core 2019 Standard New

link

W2019Std Windows Server 2019 Standard New link

W1709Std Windows Server 2016 Standard Decommissioned link

W2012R2Std Windows Server 2012 R2 Standard Edition End Of Life link

Let us bring your attention to the following specifics of the introduced updates:

1. New images will be available in all OpenStack regions:

• EPAM-HU2

• EPAM-BY2

• EPAM-UA2

• EPAM-US2

• EPAM-RU3

• EPAM-IN1 (after notification)

2. The billing for the new Windows images is the same as for existing ones.

3. W1709Std image was decommissioned as it’s no longer relevant.

EPAM Cloud Orchestrator 2.5.143 - What’s New

EPAM SYSTEMS 6

4. The latest actual Windows version is W2019Std. In addition, according to user’s needs, Microsoft

provides Standard Image Core Version without UI part or more convenient Standard Image Core

version with UI part.

5. W2012R2std image is in the end of its useful life. However, the image remains under extended

support and is still available in the library to enable support of existing infrastructures.

The full list of images available in EPAM Cloud images can be found here.

You can also dynamically get the list of the images, supported for your project in a specific region during

instance run with the Run wizard on Cloud Dashboard, or with the or2-describe-images (or2dim)

Maestro CLI command:

Figure 2 - An extract from or2dim command output

EPAM Cloud Orchestrator 2.5.143 - What’s New

EPAM SYSTEMS 7

3 SECURITY UPDATES – NESSUS SCANNER WINDS DOWN

Nessus Scanner is being phasing out and it is not available in public clouds anymore. Though,

Nessus Scanner will be still available in private regions till June 2019. What actions can be

performed for safety reasons?

Please pay attention for these options:

1. For Amazon, you can activate AWS Inspector and GuardDuty for Amazon.

2. For all other public providers – please contact directly the Security Team who can provide you with

the following:

• Information about security issues of your instances and servers in all clouds.

• Vulnerability report that includes the essential information, related to security in EPAM

Cloud, and covers potential and detected vulnerabilities of the resources and accounts

belonging to your project.

Kindly note that all the existing security reports remain available on the Management page of the Cloud

Dashboard, where you can check already scanned security reports of your instances:

Figure 3 - Security info on the Management page

EPAM Cloud Orchestrator 2.5.143 - What’s New

EPAM SYSTEMS 8

4 HYBRID CLOUD UPDATES

EPAM Orchestrator v.2.5.143 traditionally includes improvements and new features related to integration

with public cloud providers. This time, the list includes the following points:

• Integration with Azure is improved with enhanced resource description procedures and

automatically assigned instance and volume IDs. The VM-level monitoring is added to Azure-type

regions.

• Integration with AWS includes the possibility to expand default user permissions with Managed

Policies, ability to resize AWS instances with Orchestrator tools, reviewed regions treatment

approaches, and new monitored metrics.

• For Google Cloud, we supported region-specific reporting which significantly improves costs

tracking and control.

Below, you can find the details on each of these updates.

4.1 INTEGRATION WITH AWS

EPAM Orchestrator integration with AWS was also improved. The new release includes updates related to

permissions management, unused regions treatment, and improved monitoring with new metrics collected

from AWS CloudTrail.

4.1.1 Assigning Managed Policies to AWS Users

Effective and flexible permissions model allows to establish the perfect balance between the benefits of

self-service approach and security restrictions.

By default, a single user’s access to Cloud is defined by their project role and can be expanded to Admin

access or totally denied if necessary. This also applies to access to native tools of public cloud providers.

We are glad to announce that the new EPAM Orchestrator includes an update which allows fine-tuning a

user’s access to AWS. This is done by assigning an AWS Managed Policy to the user.

The Managed Policies include a set of permissions which can be used to set up a specific access level to

one of AWS services (for example, AmazonChimeReadOnly), or to match standard needs of a person with

a specific job function (for example, SupportUser).

EPAM Cloud Orchestrator 2.5.143 - What’s New

EPAM SYSTEMS 9

A member of the Advanced Management Group can assign a Managed Policy to a user by making the

following steps:

Figure 4 - Setting up AWS Managed policies with Manage Cloud wizard

1.1. Run the Manage Cloud wizard.

1.2. Select Manage permissions for a particular user.

1.3. Select project and user.

1.4. Select AWS Managed Policy option and choose the policy from the dropdown list.

1.5. Click Apply or Apply and Close.

The changes will be applied after the user re-logins to Orchestrator.

• The Managed Policies cannot be used to assign permissions for Security

Groups and IAM management.

• The Managed Policies are applied when the user logs in to the AWS

Management Console via the Console wizard on Cloud Dashboard. They

are not applied when the user manages AWS infrastructure with

Orchestrator tools.

4.1.2 AWS Regions Access Improvements

When activating a project in AWS, the users specify the regions to which the access will be granted.

To ensure better control over infrastructure in public clouds, EPAM Orchestrator includes the following

updates related to region access:

• The access via AWS Management Console reflects the settings in Orchestrator. In case a project

is not activated in a specific region in AWS, this region will not be available to project members who

work with the AWS Management Console.

• The regions in which your project hasn’t had any virtual machines, volumes or images within 2

months gets hidden from all Orchestrator tools, except reporting. It will also become unavailable

for users who manage AWS infrastructures via AWS management console.

This is done to make the infrastructure review and monitoring easier, and to omit confusions related

to the actual infrastructure geography.

To return a hidden AWS region, Advanced Management Group members can

use the Activate region option of the Managed Cloud wizard.

EPAM Cloud Orchestrator 2.5.143 - What’s New

EPAM SYSTEMS 10

4.1.3 Extended AWS Audit

Improving monitoring and audit constantly is one of the key ways to set the closer control over virtual

infrastructures and ensure quick and appropriate reaction on any unexpected situation.

Although the existing Orchestrator’s tracking tools already provide various details to users in live mode,

there is always a place for a new improvement, especially when it comes to integration with public clouds.

With EPAM Orchestrator v.2.5.143, we introduce the expanded audit for AWS regions, with more events

retrieved from AWS CloudTrail:

Event type Event

Amazon S3 Bucket Activity Bucket policy, lifecycle, replication is PUT or DELETEd, or a bucket ACL is PUT.

Network Access Control Lists (ACL) Changes Any configuration affecting network ACLs.

Network Gateway Changes A customer or Internet Gateway is created, updated or deleted.

Amazon Virtual Private Cloud (VPC) changes An Amazon VPC, Amazon VPC peering connection or Amazon VPC connection to classic Amazon EC2 instances is created, updated or deleted.

Amazon EC2 Large Instances Changes An 4x or 8x-Large instance is created in AWS

CloudTrail Changes A CloudTrail is created, updated, or deleted. Logging a trail was started or stopped.

Console Sign-In Failures Three or more failed sign-in attempts within 5-minute period.

IAM Policy Changes A change to IAM policies is introduced.

The mentioned events can be reviewed in the new AWS group on the Audit page:

Figure 5 - AWS audit group

The events are collected and logged to the AWS group since March 16, 2019 (the date of EPAM Cloud

Orchestrator v.2.5.143 release).

Security Group and standard AWS EC2 instances audit was implemented

before, and are available in Security and Default audit groups.

EPAM Cloud Orchestrator 2.5.143 - What’s New

EPAM SYSTEMS 11

Please be reminded that Audit events are not removed in Orchestrator and can be tracked back for 100

days in Maestro CLI and till project activation point – on the Audit page.

4.1.4 Change Shape for AWS Instances

Any infrastructure creation is preceded with planning and estimations,

so that the created resources would perfectly fit the project needs.

However, there are cases when the requirements change, and you

need to use a larger or a smaller server. If the infrastructure is hosted

in a public region, the standard approach here was: create a new

server of a sufficient size, move your data there, and kill the initial

server that became too small or too large.

With EPAM Cloud Orchestrator v.2.5.143, you can skip this time- and effort-consuming approach by simply

changing the instance shape using the or2-change-shape (or2chshape) Maestro CLI command with the

following parameters:

or2chshape -r AWS-Region -p project -i instance_id -s target_shape

where the -s/--shape parameter specifies the target Orchestrator shape alias.

Below, you can find the table describing the mapping between Orchestrator shapes and AWS instance

types:

EPAM Cloud Shape EPAM Cloud shape capacity AWS Instance Type

CPU RAM GB Zone Set 1* Zone Set 2**

MICRO 1 0.5 t3.nano t3.nano

MINI 1 1 t3.micro t3.micro

SMALL 1 2 t3.small t3.small

MEDIUM 2 4 t3.medium t3.medium

LARGE 2 8 t3.large t3.large

XL 4 7.5 m5a.large m5.large

2XL 4 16 r5a.large r5.large

3XL 8 15 m5a.xlarge m5.xlarge

4XL 6 23 r5a.xlarge r5.xlarge

5XL 8 32 m5a.2xlarge m5.2xlarge

6XL 8 46 r5a.2xlarge r5.2xlarge

7XL 8 61 m5a.4xlarge m5.4xlarge

8XL 16 122 r5a.4xlarge r5.4xlarge

*Zone Set 1 US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Ireland), Asia Pacific (Singapore)

**Zone Set 2 US West (N. California), Canada (Central), EU (Frankfurt), EU (London), EU (Paris), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Osaka-Local), Asia Pacific (Sydney), Asia Pacific (Mumbai), South America (São Paulo), EU (Stockholm)

On command execution for Amazon instances, EPAM Cloud Orchestrator initiates the instance resizing

procedure on AWS side.

• The target instance should be of a type supported by Orchestrator.

Otherwise, shape change procedure won’t succeed.

• The target instance should be stopped before you initiate the change.

• Instance resizing will influence the instance cost. You can check AWS

Price Calculator to estimate the changes.

SMALL 2XL

EPAM Cloud Orchestrator 2.5.143 - What’s New

EPAM SYSTEMS 12

4.2 INTEGRATION WITH MICROSOFT AZURE

EPAM Cloud integration with Microsoft Azure includes a set of changes related to enhance resource

description, monitoring, and utilization tracking.

4.2.1 Enhanced Resource Description and Auto-IDs

EPAM Orchestrator regularly checks Azure events to see the changes on infrastructure that were performed

by native Azure tools.

With the current release, the detection procedure was enhanced due to improved logic and a more effective

approach to load balancing.

This specifically applies to the way Orchestrator detects and describes resources created in Azure by native

tools. Now, it not only finds new virtual instances and volumes, but also automatically assigns standard

EPAM IDs to them. As a result, Azure resources are referenced by Orchestrator tools in a way which is

unified for all supported cloud providers.

Orchestrator Tools

OrchestratorVM

Storage

Instance ID

Storage ID

Windows Azure

VM

Storage

Instance Name

Storage name

Describe

Figure 6 - Azure instance IDs assignment

• To address an Azure resource with an Orchestrator tool (UI, CLI, or API),

use the resource ID assigned by the Orchestrator.

• The resource name given by Azure is used to match Orchestrator ID with

the resource in Azure.

4.2.2 VM-Level Monitoring

The detailed multi-level monitoring of infrastructure – from general project/region-focused information to

performance of each VM – is an important part of effective virtual infrastructure setup and management.

Meanwhile, one of the key approaches of EPAM Cloud Orchestrator is unification and providing a single

entry point for functionality applied to both private and various public cloud providers.

With this release, we are glad to introduce the feature that supports this approach: VM-level monitoring for

Azure-based instances. The following metrics are available:

• CPU Utilization, %

• Disk read/write, kB

• Network traffic outgoing/ingoing, kB

EPAM Cloud Orchestrator 2.5.143 - What’s New

EPAM SYSTEMS 13

The data is retrieved via Azure Monitoring REST API, processed and displayed on the Monitoring page:

Figure 7 - Azure instance monitoring

The monitoring is enabled by default to all instances running in Azure, it does not need activation and does

not add to your project’s costs.

As with any other VM-level metrics, you can get the details on a specific Azure VM KPI to your email, by

clicking the Email button in the top right corner of the metrics pane, or put the KPI to the Dashboard by

clicking Watch.

EPAM Cloud Orchestrator 2.5.143 - What’s New

EPAM SYSTEMS 14

4.3 INTEGRATION WITH GOOGLE

The updates in integration with Google are focused on the integration coverage and reporting

improvements.

With the current release, EPAM Cloud Orchestrator supported a set of new regions, so that now the full

library of Google Cloud regions is available for EPAM Cloud users.

The recently introduced billing detailing by regions was also supported for EPAM Cloud reporting.

You can find details on each of the changes further in this chapter.

4.3.1 All Google Regions Available via EPAM Cloud

For a long time, EPAM Cloud users could access a limited number of Google Cloud regions. The selection

was based on the regions popularity and geography.

With the current release, we supported the whole set of Google regions. So, the current mapping of the

supported regions and their EPAM Cloud aliases is given below:

Google Region Location EPAM Cloud Alias Comment

asia-east1 Changhua County, Taiwan GCP-AS-EAST

asia-east2 Hong Cong GCP-ASEAST2 New

asia-norhteast1 Tokyo, Japan GCP-AS-NORTHEAST

asia-south1 Mumbai, India GCP-ASSOUTH New

asia-southeast1 Jurong West, Singapore DCP-AS-SOUTHEAST

australia-southeast1 Sydney, Australia GCP-AUSOUTH New

europe-north1 Hamina, Finland GCP-EUNORTH New

europe-west1 St. Ghislain, Belgium GCP-EUWEST

europe-west2 London, England, UK GCP-EUWEST2 New

europe-west3 Frankfurt, Germany GCP-EUWEST3 New

europe-west4 Eemshaven, Netherlands GCP-EUWEST4 New

europe-west6 Zürich, Switzerland GCP-EUWEST6 New

northamerica-northeast1 Montréal, Québec, Canada GCP-NANORTHEAST New

southamerica-east1 São Paulo, Brazil GCP-SAEAST New

us-central1 Council Bluffs, Iowa GCP-USCENTRAL

us-east1 Moncks Corner, South Carolina, USA GCP-USEAST

us-east4 Ashburn, Northern Virginia, USA GCP-USEAST4 New

us-west1 The Dalles, Oregon GCP-USWEST

us-west2 Los Angeles, California, USA GCP-USWEST2

All the regions are available for selection on project activation (either with self-service approach or via a

Support Request). In case your project is already activated in Google Cloud, but it is necessary to add a

new region, a member of the Advanced Management Group can do it with the Activate Region option of

the Manage Cloud wizard.

EPAM Cloud Orchestrator 2.5.143 - What’s New

EPAM SYSTEMS 15

4.3.2 Billing by Regions

Recently, Google supported billing detailing by virtualization regions in which the infrastructure is hosted.

EPAM Orchestrator, immediately supported this feature to make Google billing reports available in a the

most detailed way.

We are glad to say, that Google Cloud reporting now includes information on specific regions in which

Cloud services are used.

The Google Cloud billing is available (just the same as billing for other clouds) on the Reporting page and

with the or2report Maestro CLI command:

Figure 8 - Google report with region detailing

We are also glad to say that the information on billing for Google cloud usage is now updated faster with

minimized delay. Orchestrator checks for updates once in an hour, so as soon as Google provides new

data, they are passed to EPAM Cloud users within the shortest time.

Please also note that region-specific billing data allows to set up more precise financial quota, thus providing

you with more flexible expenses control for Google regions:

Figure 9 - Setting a quota for a Google region

EPAM Cloud Orchestrator 2.5.143 - What’s New

EPAM SYSTEMS 16

5 PROJECT MANAGEMENT: DELEGATE EMAILS

EPAM Orchestrator delivers numerous notifications, aimed to allow project members

keep track of all events, state changes, costs statistics, threats, and other

infrastructure details.

A big set of such notifications is sent to the Advanced Management group – Project

Managers, Project Coordinators, Delivery Managers, and Account Managers.

However, it may be hard to follow all threads, if a person is responsible for a big number of projects. There

are also cases when a person plans to be out of office, and someone needs to step in.

With this release, we are glad to introduce a new feature: emails delegation. The members of the

Advanced Management group select a person who should receive the following project-related

notifications:

• Project Activation Info – The notification informing about project activation in a specific

cloud/region. As soon as activation is performed, project members can start creating virtual

infrastructures in the mentioned cloud.

• The project <project ID> was closed in UPSA - The notification informing about changing the

UPSA project state to “Closed”. Since this moment, the project becomes unavailable for virtual

resources management.

• Run New Instance Approve – The email delivered when a user wants to create a VM when

approval mechanism is on. The receiver can either approve or reject creating a specific VM.

• Weekly Status Report – The report provides project resources utilization and changes overview.

• Weekly Security Report – The report provides info on project security checks, vulnerable

resources and potential threats.

• Quota alert – The alert notifies that the project monthly bill reached a specific threshold.

• Quota update – The email notifies that the project financial quota settings were changed.

• Daily Threshold Exceeded Alert – The email informs that a project’s daily expenses in one

region exceed the default maximum threshold of 300 USD.

• Unusual activity in AWS detected. The notification informs on the excessive growth of new

resources in AWS (the number of VMs created within one hour).

The permissions are delegated with the Delegate option of the Manage Cloud wizard:

Figure 10 - Delegating emails

EPAM Cloud Orchestrator 2.5.143 - What’s New

EPAM SYSTEMS 17

1. Run the Manage Cloud wizard.

2. Select the Delegate option and click Next.

3. Review the list of the users to which the notifications were already delegated (if any). Click Edit to add

a responsible person or to modify the existing delegate, if any.

4. Select delegation parameters:

• The project for which the notifications should be delegated.

• The user (Active Users group for the users who already used Orchestrator, or UPSA Users group

for those who haven’t authorized to EPAM Cloud after they were assigned to the project)

• Select Delegate project notifications.

The possibility to delegate access to the Manage Cloud wizard will be

introduced in the nearest future.

5. Click Apply and close.

The user to whom the notifications are delegated, start receiving the project-related emails instead of the

person who delegated the email. The rest of recipients are not affected.

EPAM Cloud Orchestrator 2.5.143 - What’s New

EPAM SYSTEMS 18

6 MONITORING IMPROVEMENTS

Effective monitoring is one of the keystones of modern enterprise cloud. While the

details on the performance of each VM in infrastructure are really important, the

Project and Region-level KPIs are the data without which the information on the

project won’t be complete, and the utilization trends analysis would be impossible.

EPAM Cloud Orchestrator v.2.5.143 includes improvements for the Monitoring page

which makes keeping track of infrastructure easier and more effective.

6.1 FINANCIAL KPIS TO EMAIL

The common way to monitor project costs is the Reporting page where you can see the current monthly

cost of your infrastructure, and can track you expenses up to a year back. However, the tool does not allow

quick and easy statistics and trending info which is often needed at planning and retro stages.

That’s where project-level Financial KPIs on the Monitoring page step in. Financial KPI allow to monitor

daily and monthly expense trends for your project. The Value shows the recently updated chargeback

info, while the Trend and Deep Dive provide the story of the expenses history by days or by months in a

visualized way.

This data allows to review the infrastructure utilization story and estimate whether and how the Cloud

expenses will change.

Figure 11 - Financial KPI Deep Dive

Moreover, the new Email button on the Deep Dive view, allows you to get the graph with the statistics

directly to your email, for further processing and sharing.

EPAM Cloud Orchestrator 2.5.143 - What’s New

EPAM SYSTEMS 19

6.2 REGIONS GROUPING BY CLOUD

Another change in monitoring tools usability is the introduced grouping by regions.

EPAM Cloud Orchestrator supports 60 virtualization regions in four clouds, which include a private one,

AWS, Azure, and Google. This is why, especially in case the project hosts its infrastructure in across

multiple platforms, a big amount of regions displayed on the screen on project-level monitoring is

inconvenient.

This is why we introduce regions grouping by cloud for project level Deep Dives.

By default, All regions option is selected, and it allows switching between per-cloud totals. If you select a

specific cloud, you will find the detailed list of all regions used by your project in this cloud.

Figure 12 - Region grouping by type

This update increases the user-friendliness of the Deep Dive feature. It not only makes navigation easier,

but also initially provides the summary per-provider statistics without need to retrieve it with additional

manipulations.

EPAM Cloud Orchestrator 2.5.143 - What’s New

EPAM SYSTEMS 20

7 MAESTRO PYTHON SDK MIGRTION TO PYTHON 3

Over a year ago, in cooperation with our colleagues working on DEP Infrastructure Platform, we introduced

Python SDK allowing to implement Orchestrator functions via Python tools.

Initially, the solution is based on Python 2.7, and many projects already use it for resolving their daily tasks.

With this release, we are glad to announce Python SDK update to be compatible with Python 3. The

new version is put to the master branch of the project repository.

We also reconfigured the GitLab CI/CD and set up a new runner (EPM-CSUP, EPAM-BY2). The previous

one was removed.

Python 2.7 compatible version was pushed to a separate branch .

You can find the details on Maestro Python SDK in the Readme file. Find the changelog here.

8 MAESTRO CLI CHANGES

The functional changes and optimization in EPAM Orchestrator are also reflected in changes in

Maestro CLI. The following commands were updated with EPAM Orchestration v.2.5.143:

• or2-describe-nessus-server command now does not include the -t/--type parameter, as only the

internal server one remains available.

• or2-security-check command now does not include the -s/--server parameter, as only internal

server remains available.

Naturally, all changes are reflected in Maestro CLI User Guide and Maestro CLI Quick Reference Card.

EPAM Cloud Orchestrator 2.5.143 - What’s New

EPAM SYSTEMS 21

9 DOCUMENTATION UPDATES

All changes and updates to the EPAM Orchestrator functionality are reflected in the documentation and

other EPAM Cloud resources. With the release of EPAM Orchestrator 2.5.143, the following documentation

updates were made:

• Terraform User Guide was introduced to provide detailed instructions on Terraform Service

usage in EPAM Cloud.

• Maestro CLI User Guide was updated due to the latest functionality changes.

• Hybrid Cloud Guide was updated with the latest changes in AWS, Azure, and Google integration.

• EPAM Cloud Services Guide and FAQ now include guidelines on preparing machine images for

importing to EPAM Cloud.

• Account Management Guide was updated with the information on permissions delegation and

Google Cloud billing changes.

You can always find the full set of EPAM Cloud documentation on the respective page on our web-site.

EPAM Cloud Orchestrator 2.5.143 - What’s New

EPAM SYSTEMS 22

TABLE OF FIGURES

Figure 1 - EPAM-HU1 to EPAM-HU2 migration statistics ......................................................................... 4

Figure 2 - An extract from or2dim command output ................................................................................. 6

Figure 3 - Security info on the Management page .................................................................................... 7

Figure 4 - Setting up AWS Managed policies with Manage Cloud wizard ................................................. 9

Figure 5 - AWS audit group ................................................................................................................... 10

Figure 6 - Azure instance IDs assignment ............................................................................................. 12

Figure 7 - Azure instance monitoring ..................................................................................................... 13

Figure 8 - Google report with region detailing ........................................................................................ 15

Figure 9 - Setting a quota for a Google region ....................................................................................... 15

Figure 10 - Delegating emails ................................................................................................................ 16

Figure 11 - Financial KPI Deep Dive ...................................................................................................... 18

Figure 12 - Region grouping by type ...................................................................................................... 19

EPAM Cloud Orchestrator 2.5.143 - What’s New

EPAM SYSTEMS 23

VERSION HISTORY

Version Date Summary

1.0 March 16, 2019 First published