In the recent past, I worked at a company where our developers had access to our main production AWS account.
This approach had several benefits:
- Admin team saved considerable provisioning time
- Developers got their resources quickly
- DevOps could test things on-the-fly with very little overhead
- The company saved considerable capital expense by avoiding purchase of spare testing hardware.
But it also had some pretty significant disadvantages:
- The DevOps team didn't routinely decommission or stop provisioned AWS instances leading to VM Sprawl
- Costs were not predictable
To get around these issues, I ended up implementing policy which required certain instances be tagged to track and account for how they were being used. The problem with approaching the issue of usage like this is that it was difficult to scan through 100 plus EC2 systems to determine at-a-glance if it was still needed. Plus, the business still racked up a significant amount of spending for compute with less than clear visibility as the continuing need.
On the plus side, AWS and other IaaS/PaaS public cloud providers provide opportunities to add new flexible capacity to your environment for everything from testing to running actual production instances of software. Similarly, presenting your internal datacenter IT as IaaS can deliver benefits to the organization but at the same time that approach is also rife with the same issues (ownership, usage and identifying resources for retirement once they are no longer needed). In Private Cloud, we cut out the middle man and allowed the developers to directly provision instances internally, but we are were still faced with the same issues of who owned what, and for what purpose any one particular VM was needed. Fundamentally, that’s a downside of any good IaaS environment. The easier you make it for users to get resources, the more vigilant you must be in tracking the origins and use of each of those VMs. After all, your internal resources have real cost, and wasting money on unneeded hardware purchases, power, or cooling doesn’t benefit the organization.
Tracking and accountability is a core issue that we are keenly focused on here at CloudBolt. Keeping tight control over VM sprawl is a key CloudBolt C2 feature that not only helps keep usage in check, it helps makes use of everything you have in your IT war chest to its maximum capacity no matter where it sits.
