Cloud Governance

Commander's cloud governance capabilities cover the follow primary areas:

Cloud Governance Overview

Discovery and monitoring of cloud resources

Often engineering teams spin up small development projects and forget to tear them down, which collectively adds to your cloud costs. To prevent unnecessary costs, application workloads need to be properly monitored and managed.

When you add your private and public cloud assets to Commander management, you gain the single pane-of-glass required to properly manage your hybrid cloud infrastructure. For cost visibility and optimization, Commander also provides extensive Cost Management capabilities in the areas of rightsizing, power scheduling, and Reserved Instance management.

Tag and label enforcement

You can use Commander’s tag and label synchronization combined with Commander’s Tag Compliance Policy to ensure that resources like AWS instances or GCP VMs have the appropriate tags and labels.

When the appropriate tags and labels are used, you can utilize power scheduling recommendations to power down dev test workloads during prime times. You can also make policy enforcement as strict or lenient as you like — you could report on instances that don't follow corporate tag and label rules or be more restrictive and ensure they are always powered off; you could even run custom workflows to perform a specific action upon detection of an offending instance or VM.

For more information, see Tag and Label Enforcement.

Instance type control

When you set up self-service provisioning for users through the Service Portal, you can control the instance types and VMs available to them. This keeps the available instance types and VMs down to a manageable number, and it can allow better use of Reserved Instances.

For information on setting up the self-service Service Catalog, see Catalog. For information on how to take advantage of the cost savings offered by Reserved Instances, see Manage Reserved Instance Recommendations and AWS Reserved Instance Recommendations Report.

Commander’s Service Catalog and provisioning automation can also enforce cloud governance policies at provisioning time through workflows. For example, security image scans can be executed before powering on a new VM, and the master images in the service catalog that are used as templates for the organization can be updated with the latest security patches. New production VMs can also be registered and scheduled for the appropriate backup services when they're provisioned.

See Self-Service for an overview on self-service provisioning and management, and Workflow Examples and Use Cases for how workflows can be used to provision services.

Lifecycle automation

Engineering teams often deploy public cloud application workloads for short-term use, and those workloads hang around because there's no lifecycle monitoring or enforcement. Commander allows you to fully automate a lifecycle decommissioning process and to target resource areas that are specific to R&D (such as accounts, regions, or VPCs). For more information, see Lifecycle and Policy Management.

Change request orchestration

Commander’s orchestration engine makes it easy to automate changes for production and development deployments. For production, you can use strict controls for who must approve changes, and you can schedule the changes for set maintenance windows. For development, you can be more lenient — you can automatically approve requests to downsize instances but still require approvals for requests to increase instance sizes that exceed resource or cost quotas. For more information, see Manage Service Requests and Configure Maintenance Windows.