Managing Amazon Web Services public providers

Last updated 20 December, 2018

About resource usage in AWS public accounts

When managing a hybrid cloud, you will want to understand and manage the utilization of your cloud resources.

HPE OneSphere provides you with cloud analytics, which is information about your hybrid cloud consumption. Cloud analytics tell you who is using how much of which services.

Understanding resource usage from the Providers screen

On the Providers screen, under Public Accounts, select a public cloud provider to see utilization and performance information about virtual machine deployments and hosts. 

Utilization and performance information about deployments in AWS standalone accounts is not provided.

  • Click on a Amazon Web Services public cloud provider name to see scores for the virtual machine deployments in the provider.

  • After selecting a public cloud provider, view details about the score.

Each graph shows a score from 0 to 1000, where 1000 is the highest score. The score is an abstract value that represents the relative state of the virtual machine deployment. Clicking an individual category in the bar graph displays details specific to each category. Click the information icon  to display more information about the Rating Breakdown.

NOTE:

Resource usage metrics for public cloud providers can take up to an hour to appear.

  • Rating

    Overall score computed from the Availability, Utilization, and Performance scores. The score is weighted as follows:

    • Availability: 50%

    • Utilization: 30%

    • Performance: 20%

  • Availability

    Score computed from the proportion of time that the virtual machine or host is available for use.

  • Utilization

    The score is measured against the target utilization rate of 75%. A high score means you are using a large percentage of the target utilization.

    • Public cloud: Number of CPU cores used out of the total number of cores. For AWS, the score is computed from raw consumption metrics as an aggregation of all current EC2 and RDS (Relational Database Services) instances deployed by the AWS account assigned to this provider.

  • Performance

    For AWS, the score computed from raw performance metrics that measure network congestion and overall network performance.

    • Public cloud: Average queue depth checks (Amazon Elastic Block Store (EBS) queue length and the Relational Database Service (RDS) queue length). The score begins to drop from 1000 when the average queue length rises above 8.

Adding a Public Billing Account for AWS

Add a Public Billing Account to connect HPE OneSphere to an AWS payer account. After you add a Public Billing Account, you can add a public account to connect HPE OneSphere to each member account in AWS.

Prerequisites
Procedure
  1. From the HPE OneSphere main menu, click Settings.
  2. From the Settings screen, click Public Billing Accounts.
  3. Click the plus sign  on the right side of the screen.
  4. From the Add Public Billing Account screen, select the Amazon Web Services (AWS) logo.
  5. Enter the required information about your AWS payer account.

    To find your Amazon account information, log in to your Amazon Web Services EC2 account. In the upper right corner, click My Account or the HPE OneSphere payer account name, then select Security Credentials. Note the following information:

    • Access Key ID

      The 20 alphanumeric character ID is displayed under Access Keys.

    • Secret Access Key

      If you don't know your Secret Access Key, you can make inactive or delete your existing Access Key ID and create a new Access Key. When you create a new Access Key, the 40 alphanumeric character ID is displayed under Access Keys and is available for download in a .csv file.

    • S3 Cost Bucket Name

      To find the cost bucket name, open the AWS S3 console. Existing buckets are displayed under Bucket Name.

  6. Select the HPE OneSphere project you want to associate with your billing account.

    NOTE:

    Each Public Billing Account must be associated with a project. A project can be associated with only one Public Billing Account. If a project has not been added for your Public Billing Account, the administrator or project creator will need to add a new project.

  7. Click Add Billing Account.

Adding a public account to connect to your AWS member account

Adding a public account to connect HPE OneSphere to your existing AWS member account allows you to:

  • Deploy virtual machines and containers to preconfigured zones in AWS.

  • Collect billing information about your virtual machine and container deployments, including those deployed using HPE OneSphere or previously existing in AWS.

Prerequisites
Procedure
  1. From the HPE OneSphere main menu, select Projects.
  2. Click the project you want to associate with your public account.

    NOTE:

    A project can be associated with only one of each type of public account. For example, you can associate a single project with one AWS public account and one Azure subscription account.

    If a project has not been added for your member account, the administrator or project creator will need to add a new project.

  3. From the project screen, click Public Accounts.
  4. Click the Amazon Web Services logo.
  5. Enter your AWS member account information.

    To find your Amazon account information, log in to your Amazon Web Services EC2 account. In the upper right corner, click My Account or the HPE OneSphere payer account name, then select Security Credentials. Note the following information:

    • Access Key ID

      The 20 alphanumeric character ID is displayed under Access Keys.

    • Secret Access Key

      If you don't know your Secret Access Key, you can make inactive or delete your existing Access Key ID and create a new Access Key. When you create a new Access Key, the 40 alphanumeric character ID is displayed under Access Keys and is available for download in a .csv file.

  6. Click Add Public Account.

Adding regions to an AWS public account

Adding regions to your AWS public account allows you to:

  • Launch deployments from the zone associated with your AWS account.

  • Collect usage and cost data for utilization and showback display in the HPE OneSphere Insights and Providers screens.

Prerequisites

The administrator added a public account in HPE OneSphere to connect to an AWS account.

Procedure
  1. From the HPE OneSphere main menu, select Projects.
  2. Select the project containing the public account you want to update.
  3. From the resulting screen, click Public Accounts.
  4. Click on the public account you want to update.
  5. Scroll down to see the list of regions for the public account, and click the plus sign.
  6. From the Add Region screen, select the region you want to add from the dropdown list of available regions that have been configured in AWS.
  7. Click Add Region. 

    NOTE:

    For public providers, a zone is automatically created in any region you choose to add. You cannot manually add any additional zones to a region in a public provider.

Checking AWS compliance 

HPE OneSphere includes a set of compliance checks for AWS services that are representative of a broader set of compliance rules and frameworks available from Cloud Technology Partners (a Hewlett Packard Enterprise company). Running compliance checks on your project allows you to monitor your managed services in AWS against compliance frameworks. An example of a compliance framework is the set of standards for recommended security controls for information systems at federal agencies.

After you run compliance checks in HPE OneSphere, you can click a link to get more information about Cloud Technology Partners' Continuous Compliance for AWS. Continuous Compliance for AWS is an enterprise-class managed service that provides continuous compliance monitoring, continuous regulatory and compliance framework updates, real-time reporting, as well as extensive public cloud and enterprise security experience to support the remediation process.

IMPORTANT:

HPE OneSphere requires additional permissions in AWS to check the compliance of AWS services. If you previously imported and attached the HPE OneSphere managed .json policy file to the IAM user identity in AWS, you must update the file in AWS with a new .json file.

See Setting up an AWS managed account to download the .json file.

Prerequisites

The administrator added a public account in HPE OneSphere to connect to an AWS account.

Procedure
  1. From the HPE OneSphere main menu, select Projects.
  2. Select the project containing the public account for which you want to check compliance.
  3. From the resulting screen, click AWS Compliance.
  4. (Optional) From the resulting screen, click Run compliance checks and view the results on the screen.
    HPE OneSphere runs compliance checks periodically. You can see how much time has elapsed since the last check; for example, "Last run 18 minutes ago."

    A successful run shows a checkmark  next to the following compliance checks.

    • The Root account should not be used

    • EBS volumes should be encrypted

    • CloudTrail should be enabled in all regions

    • RDS volumes should be encrypted

    • RDS instances should not be publicly accessible

  5. Correct any compliance checks shown with a warning icon.
  6. (Optional) Click Get In Control to request a CTP Continuous Compliance for AWS Demo.

Updating and deleting Public Billing Accounts for AWS 

If you change or rotate the credentials for your master or payer account in AWS, you must update the credentials for the billing account in the HPE OneSphere portal.
Prerequisites

The administrator added a public billing account for Amazon Web Services (AWS), and has a valid Access key and Secret Key for the AWS account.

Procedure
  1. From the HPE OneSphere main menu, click Settings.
  2. From the Settings screen, click Public Billing Accounts.
  3. Click the AWS Public Billing Account you want to update or delete.
  4. From the resulting screen, click Update Billing Account.
  5. Update your account information as needed, then click Update Billing Account.
  6. To delete the public billing account, scroll down to the bottom of the screen and click the Delete Billing Account trash icon, then click Yes, Delete Billing Account.

    NOTE:

    Before attempting to delete a public billing account, make sure to delete all underlying public accounts associated with that account.

Updating and deleting public AWS accounts

If your AWS access key changes, update the key information in your public provider account.

Prerequisites

The administrator added a public billing account for Amazon Web Services (AWS) and a provider public account.

Procedure
  1. From the HPE OneSphere main menu, click Projects.
  2. From the Projects screen, choose the project linked to the public account you want to update or delete.
  3. From the resulting screen, click Public Accounts.
  4. From the Public Accounts screen, click the account you would like to update or delete.
  5. From the resulting screen, click Update Public Account.
  6. Update your Access Key ID as needed, and enter your Secret Access Key, then click Update Provider.
  7. To delete the provider, scroll down to the bottom of the screen and click the Delete Provider trash icon,  then click Yes, Delete Provider.

    Deleting a provider removes the settings for the connection between HPE OneSphere and the provider; it does not delete any virtual machines, services, or data. 

    NOTE:

    If there are active regions or zones in a provider, you must delete the regions and zones before you can delete the provider. Deleting a region in a public provider will automatically delete the zone associated with that region.

Viewing resource usage in an AWS public cloud

View scores for provider availability, utilization, and performance for AWS public cloud providers from the HPE OneSphereProviders screen.

For detailed information, see About resource usage.

Procedure
  1. From the HPE OneSphere main menu, select Providers.
  2. Select Public Accounts.
  3. Select the AWS public account you want to view, then click the graph to see the overall rating, and the utilization, availability, and performance scores. Click the individual categories for details specific to each category.

    Scores range from 0 to 1000, where 1000 is a perfect score. The score is an abstract value that represents the relative state.

    You can click the information icon  to see a detailed explanation of the Rating Breakdown.

    NOTE:

    It may take up to an hour for resource metrics to appear.