Many organizations embrace the cloud in order to pay less on infrastructure. So it might seem counterintuitive to pay for additional cloud management solutions when the cloud vendors offer native tools to lower costs. But do native tools match up with best-of-breed third party offerings?
Amazon Web Services, Microsoft Azure and Google Cloud all offer their own consoles or portals for managing infrastructure within their individual clouds. But almost all stop there. They don’t manage competitors’ clouds. This is understandable but enterprises are increasingly adopting two or more clouds. This means cloud administrators need to learn, log in to and navigate two or more interfaces to gain total visibility of their cloud infrastructures. In short, the native tools offer no way to get the “big picture.”
Azure does sell the ability to view AWS cloud spend, within the Azure Portal, for an extra 1% of those costs, but they have no tools for AWS cost optimization. This makes sense as Microsoft has no interest in making AWS more affordable.
By comparison, best-of-breed multi-cloud tools such as CloudCheckr give users the ability to create custom dashboards with many pre-built informational panes for a variety of cloud platforms. Such panes include Best Practice Trends, Cost Savings, Total CPU Utilization, and Month-to-Date Spend. These panes can be configured to report on individual accounts or across a MAV (Multi-Account View), to give quick and easy insights into multiple aspects of a deployment in one place. The Dashboard owner can grant permission access to any other user in the same account, allowing for management visibility into day-to-day operations. Multi-cloud dashboards simply aren’t possible using the native tools from the cloud vendors.
AWS offers over 100 Trusted Advisor checks for paid Support or Enterprise customers. Microsoft has around 90 Azure Advisor and Azure Security Center checks, but only CloudCheckr is the “Independent Advisor”, displaying those AWS and Azure native checks, side-by-side with hundreds of CloudCheckr’s own internally developed checks. Because these checks are internally developed, CloudCheckr can often fix the misconfigurations automatically using Self-Healing Automation. Altogether, CloudCheckr displays over 600 Best Practice Checks in one easy to review screen.
AWS Console has no permission controls to enable you to create different levels of end-user access. CloudCheckr’s end-user permissions are extremely granular, down to single reports and features within the platform. Reports can be individually permissible out to end-users, which allows you to create customized solutions for your stakeholders or customers.
While native tools typically store historical data or reports for around one year, CloudCheckr’s SnapBack™ stores up to seven years of read-only historical data, accessible via a dropdown menu, ideal for audit purposes.
Service Providers and large Enterprises often need to chargeback or show back reports to allocate shared costs. AWS does not have this ability. Fortune 1000 enterprises and the Top MSPs in the world leverage CloudCheckr to generate invoices, automatically, with costs allocated according to business requirements.
Within AWS Console, customers or stakeholders have full access to raw blended and unblended cost information and are able to flag any invoiced amounts that differ from what AWS reports. Using CloudCheckr, the customer or stakeholder sees only the up-to-date cost information that you make available to them; this gives you the ability to configure custom costs, and full control over whether blended and unblended costs are visible in reports.
AWS and Azure offer recommendations for Reserved Instances but they make these recommendations based on 7, 30 or 60 days worth of historical data. Before making a long-term commitment of one- or three-years, you want to have as much usage history as possible, to better predict trends. CloudCheckr lets users select from 30, 60, 90 or even 180 days of history… a full six months, to make more accurate RI recommendations.
AWS provides simple charts and reports which may need to be exported to a third party Business Intelligence tool for in-depth analysis. CloudCheckr’s Pivot Explorer is built-in and provides immediate, interactive sophisticated reports on-the-fly. CloudCheckr allows users to group and filter costs by account, region, service, operation, usage type, and tag.
Right Tool for Right Sizing
While AWS has some Right Sizing recommendations built-in, CloudCheckr’s tools can recommend moving up, down or to a different instance type altogether. And CloudCheckr can empower the user to automatically make the change, via “Fix Now” or “Request Fix” workflows to avoid manual configuration using the AWS Console and reduce the chance of error.
AWS has a one-size fits all methodology for right sizing. CPU utilization of 1% or less is considered idle and anything between 1% and 40% is underutilized. Both are measured over exactly a 14 day time period. CloudCheckr lets administrators choose the percentage and time period, such as 5% over 14 days or 20% over 30 days, etc. CloudCheckr provides detailed heat maps for Elastic Load Balancing (ELB) and CPU, on both a relative and absolute basis, for EC2, RDS, ElastiCache, DynamoDB and Redshift. These reports can additionally be filtered by tags to help you identify usage trends associated with different groups of resources. This data can then be used to leverage CloudCheckr’s scheduling so you can automatically turn off instances when you know they won’t be needed, such as over the weekend.
AWS Inspector can be configured to check the compliance of resources according to a handful of industry standards and regulations, such as CIS, HIPAA, and PCI-DSS. However, there is a monthly cost per standard and per resource checked which can quickly add up. Total Compliance comes standard with CloudCheckr and scores an entire infrastructure according to 35 distinct regulations including CIS, HIPAA, PCI-DSS, SOC2, ISO, NIST and dozens more.
AWS GuardDuty is complementary to CloudCheckr and can be used as a last line of defense. CloudCheckr’s focus is on preventing security issues from happening by ensuring best practices are followed and guardrails are in effect. GuardDuty addresses security threats and intrusion attempts. This is similar to building a home with a strong lock to prevent break-ins and also an alarm system in case a break-in occurs. Both are valuable but the alarm alone would not prevent any break-ins.
Many of CloudCheckr’s Best Practice Checks, particularly for Security misconfigurations, support Self-Healing Automation. A user can select “Fix Now” and have CloudCheckr handle the change or “Always Fix” which tells CloudCheckr to always make the correction, without human intervention, and send a notification upon completion. A workflow can be established where a junior administrator can select “Request Fix” and a senior admin is notified and can approve or send back the request. Users can also leverage “Fix Now” and “Request Fix” for Right Sizing AWS EC2 instances.
AWS Console cannot be white-labeled or otherwise customized for end-user access. CloudCheckr can be fully white labeled to drive brand recognition and loyalty. CloudCheckr’s white labeling options include personalization of the interface as well as a custom URL and alert email addresses.
AWS distributes Reserved Instances and Savings Plans according to their own algorithms. This makes it difficult for MSPs to redistribute discounts from such advance purchases. CloudCheckr offers Arbitrage capabilities, where MSPs can choose where RIs and Savings Plans are applied, and charge On-Demand rates as desired, earning the difference as profit.
Enterprises, Resellers, and Service Providers often find they are paying for resources that are used by multiple departments or customers. Rather than absorb the cost, they need a way to split the charges equitably. A tool like CloudCheckr’s Tag Splitting can do just that, whether the costs are ISV charges for Backup or shared cloud resources. CloudCheckr allows administrators to tag costs that are untaggable in AWS, like Data Transfer, Kinesis, and CloudWatch costs.
There’s nothing wrong with using the free tools that come with each cloud platform, but there is some merit to the saying “you get what you pay for”… each of those vendors has an incentive to promote their cloud and increase your use of that cloud. If you use more than one cloud, or think you might in the future, an independent cloud management solution is the way to go.
Todd Bernhard has been with CloudCheckr handling Product Marketing and Technical Evangelism roles since 2017. He holds multiple certifications including AWS Solutions Architect Associate, Microsoft Azure Fundamentals, Google Cloud Associate Engineer and FinOps Certified Practitioner. Prior to joining CloudCheckr, Mr. Bernhard was an award-winning, bestselling mobile app developer and entrepreneur and previously worked for Sun Microsystems, as an Evangelist, Sales and Technical Trainer and Product Marketing Manager for Sun’s high-end data center servers.
Cloud Resources Delivered
Get free cloud resources delivered to your inbox. Sign up for our newsletter.