Cloud computing providers present a large, robust offering with a seemingly infinite number of configuration options to tailor your deployment perfectly around your needs. However, the flexibility and sheer number of choices that a cloud provider offers when setting up your services are both a blessing and a curse. It can be easy to overlook security loopholes, deploy options that aren’t the most cost-effective, and miss beneficial features which are hidden within the API.
That’s where CloudCheckr’s best practice checks come in. We will take a detailed look at your deployment to ensure your infrastructure is configured properly, and highlight areas that may be cause for concern. These checks will focus on four key areas: security, availability, cost and usage.
Note: You will find Best Practice Checks and Azure Advisor in each subscription account that is configured with CloudCheckr.
While your cloud computing provider handles security of their datacenter, users are responsible for network, host, and application-level security. CloudCheckr will look and see if you are setting proper permissions, if security groups are being utilized properly, if access and permission controls are configured correctly, if proper password policies are in place, if resources are accessible by the public internet, and several other items.
When launching and maintaining an infrastructure it’s easy to lose track of what’s out there, and what’s no longer needed. CloudCheckr can help with this. We will look for items that exists, but aren’t being used, and highlight those for you. Cost checks will also show you potential cost savings, optimizing your subscriptions, or leveraging any available discounts, as well as migrating resources to current generation offering types.
When items are launched in your deployment, it’s important that they are accessible. However, sometimes things can go wrong such instances becoming unhealthy, or certain data centers becoming unreachable. CloudCheckr will look at your deployment to not only verify that everything is up and running, but also ensure that your architecture is properly configured to respond when things do go awry.
There are many options within a cloud environment which, though they are highly recommended, upon further analysis show that they are not consistently or properly deployed. CloudCheckr will review your architecture to see whether you are taking advantage of these features, and whether they are being used in the most advantageous way. We will ensure that autoscaling is configured, and configured properly, within your servers. We’ll ensure that the users in your identity management portals are created according to best practices. That backups are taken automatically and retained for an appropriate amount of time. And that resources are being properly utilized.
Using the Report
The top section of the report allows you to filter your checks by category, resource tag and importance. To filter by category, click on the desired tab in the report: Availability, Cost, Security, or Usage. Use the Importance dropdown to filter by: high, medium, low, or informational. The tag dropdown will consist of the resource tags used within your cloud account. The “Show Ignored” checkbox allows you to view and restore those items that you have flagged to ignore (more on that below).
The items in the report are also categorized with icons and various colors.
- Red (stop sign) = High
- Orange (triangle) = Medium
- Yellow (exclamation point) = Low
- Blue (‘i’) = Informational
- Green (checkmark) = No issues found
The report shows the name of the best practice check, as well as the number of “issues” found (when applicable). If no issues were found with the best practice check, it will display as green.
To view the details, click on the best practice check name. The best practice check will expand and display details and relevant information. The details of the check will show you exactly which items within your environment were picked up by CloudCheckr’s best practice check. For further information, each check contain links to the relevant CloudCheckr details report for the issue found.
To the right of each check you will find three, four, or five icons. Each of these icons give you the ability to take specific action against the check.
These options are:
- Email – Configure check-specific emails. Added emails will receive an this check result detail. You have the option to send always or send when new issues are discovered.
- Tag Filter – Configure the check to only report on resources that have, or do not have, specific resource tags. NOTE: After configuring this option you must run a new report update for this change to take effect.
- Configure – Provides you the ability to determine which parameters will cause the check to find “issues”. For example, you can configure the idle percent and range of days that determines when a Virtual Machine is considered idle.
- Export – Allows you to export the details of the check to CSV.
- Ignore – Hides the check from the report. Allows you to eliminate noise, or checks that are irrelevant to your deployment.
Ignoring Certain Checks
If for any reason you do not want to see a best practice check in your report, CloudCheckr gives you ignore capabilities. Clicking the ‘X’ icon to the right of the report will ignore that best practice check. This means that the check will be hidden from the main report, until it is restored.
To restore a check, click the “Show Ignored” checkbox at the top of the page, click the Refresh button, then click on the category tab of the check you would like to restore.
Click the Restore (circle) icon, and the check will be restored back to the main best practices report. This functionality is also available on the individual items found within each check. If you expand a check, you can click the X to the right of the details found within the check to ignore that specific item (while leaving the main best practice check active). These are also restored within the ‘Show Ignored’ menu by clicking on their restore icon.
NOTE: In addition to being hidden from the main report, ignored checks will also not be delivered in the best practice emails.
Users who also utilize Azure Advisor can have their Azure Advisor results automatically imported into their CloudCheckr Best Practice report. The functionality of the Azure Advisor checks work the same as native CloudCheckr best practice checks.
Click on any item within the Azure Advisor tab to expand and view further details. These checks are also categorized into importance categories, with green meaning no issues were reported by Azure Advisor.