Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

General

  • Where possible we We recommend Cloud accounts be integrated with the central centralized billing and account management offered by the University, known as the Cloud Services Program.  Some benefits include integration with Active Directory centralized authentication for managing access, billing discounts, and improved visibility to our Office of Information Assurance (IT security).
  • Most Cloud services and resources can be accessed and managed programmatically.  As you gain proficiency consider how treating "architecture as code" could be beneficial, e.g. automation and version control.
  • There is no cost for additional Cloud accounts so consider putting projects in separate accounts to maintain a clear separation of data and access.

Security

  • If you have access to the root user for your Cloud account you should not make it a regular practice to use it.  That account should be protected by a complex password and multi-factor authentication.  Do not use the root account unless necessary.
  • All user identities with access to your Cloud account should be configured with multi-factor authentication.
  • Use the principle of least privilege so that users can access and limit users to only the resources they need.  Roles   Policies and Roles can be used to control which services users can access.  Cloud providers may offer builtin job-function roles such as Developer, DBA, etc., as a way to limit users to the appropriate services.
  • Virtual Machines in the Cloud should be properly maintained by promptly installing security updates and be protected by vulnerability and malware scanners such as Qualys and FireEye HX.
  • Use firewalls (a.k.a. security groups) to protect your Cloud resources, such as virtual machines

Cost Avoidance

  • Cloud costs are typically based on usage so shut down services when not in use and delete data that is no longer needed.
  • Unless Create a budget report to be notified of your monthly costs.
  • Create budget alerts to notify you when costs exceed projections.
  • Be aware that there may be a delay of several days before the cost of Cloud usage is known.  Try the estimating your costs using Cloud pricing calculators:
  • It's easy to forget where services have been spun up so, unless there is an architectural reason to do otherwise , deploy services and resources to a single geographic region. It can be easy to forget where services have been spun up and get an unexpected bill.
  • Costs may vary depending on geographic region.  Consider a balance of cost and distance when selecting a geographic region to deploy resources.Create budget alerts to notify you when expenses exceed projections  In AWS we recommend using the us-west-2 (Oregon) region.

Cloud versus On-Premise

  • Cloud costs are typically based on usage so shut down services when not in use and delete data that is no longer needed.
  • Downloading data from the Cloud (a.k.a. egress) usually incurs a cost.  If you need to distribute a lot of data then an on-campus server service may be a better choice.
  • For intermittent use, batch workloads or short term projects the Cloud can be a great fit.  See AWS Batch, Azure Batch, and GCP Dataproc.
  • For long term use of highly utilized resources, buying servers and installing them on campus may be more cost effective.

References