Here are my thoughts on your questions. These answers are by no means the “best” solution as that will be different depending on your environment and requirements. These are a few items and ideas that may help you out.
How can I effectively use Morpheus to monitor and control cloud costs across these providers?
Morpheus has several features you can explore to assist with this. Utilization and Costing reports are a start, but I find the following tools useful:
- Budgets - This tool to be one of the best for setting “guard rails” on users\groups\tenants. This allows you to set an amount and force them to stay within it.
- Policies - If you are looking to limit resource utilization take a look at the Policies. You can set CPU RAM and storage limits to effectively manage resource consumption. This allows you to estimate cost based on a max, and when set the users will need to contact an admin to adjust those limits so additional back-office activities around billing and such can be adjusted.
- Catalog - I have also found that creating “t-shirt” sized Catalog based deployments can also be effective in controlling cost as it limits what users can deploy. Creating Large, Medium, Small server deployment catalog items for example may be a way to help control utilization. These catalog items also can show upfront pricing before being deployed so the user knows the financial impact the sever will have against their budget.
- Guidance - This can be used to help right size existing servers to conserve cost and resources.
What are some of the best strategies for automating the deployment of applications across multiple clouds using Morpheus? We are looking to streamline our processes and reduce manual intervention.
When deploying in Morpheus I find it quite easy to keep my installs not only streamlined but the same on every platform by utilizing Workflows. This would work at the OS layer by automating the install after the OS is built. They are only limited by your imagination (and coding ability). Using logic in the scripts you can adjust for different OS’s and ensure that all settings are as expected on each install. Workflows are based on our concept of Tasks (individual code objects) that can be reused in multiple Workflows. Furthermore, if integrated with GIT or Ansible you can have a standard code repository that these task are built on allowing even greater levels of logic and automation within the Workflow. If you need to capture variables for the Tasks, we allow for Custom Options to be collected in Forms and passed as variables in most common coding languages such as Bash, PowerShell, Python and many others. While this allows you to be hands off it also allows some level of customization on the users’ part if needed.
Another route to explore in this is our ability to work with Terraform. If your app requires multiple servers or cloud SaaS’s you could build repeatable TerraForm deployments with Morpheus injecting the needed changes between customers using the Custom Options as listed above to customize.
We have a similar concept to this built in to the app known as App Blueprints. While you can build Blueprints based on Terraform you can also build them in Morpheus using our Blueprint wizard to configure multiple servers to be deployed as a single App.
Given the increasing complexity of our environment; what security and compliance features within Morpheus should we focus on? Any tips on setting up effective policies and alerts?
You should familiarize yourself with how Roles function. Think of it as our AD. This allows you to limit users access to resources and the actions they can take. To take full advantage of this you may want to review how you currently ingest and carve up your clouds. Tenants are the top level allowing you to isolate resources and even provide additional Identity Management on each Tenant. This is very useful when operating as an MSP. This allows you to place authentication and access control on the consuming party based on the roles you created. Groups are another way within the Tenant to further carve out users into… well… groups. Within the isolate resources you provided the Tenant the Groups can be granted\denied access to only a subset of those resources.
Isolation is key (just my opinion). As a customer previously, I worked in a VMware shop. We would create separate networks and storage for each Tenant and allow only that Tenant to access those resources. This created not only a logical isolation in the app but a physical isolation in our datacenters. The cloud equivalent to this would be GCP Projects or AWS VPC’s, and I believe VNets in Azure. With the Cloud approach you mentioned if you are an MSP I would probably look at mapping one of these as a separate Cloud for each Tenant to not allow for shared resources. Each one would have its own service account user and permission that would not allow interaction from another cloud without explicit access being granted from you or the team that manages the cloud.
How do you utilize Morpheus for performance monitoring across different cloud providers? Any recommended practices for setting up dashboards and alerts?
I have not used Morpheus extensively to monitor application performance outside of the Health alerts for individual servers. But with that said, I do know that you can setup basic checks within our Monitoring that can look for down services and such. If you are looking for more advanced monitoring, you may look at something such as DataDog which we have a plug-in for. This will add a DataDog tab on your instances that will include monitoring details pulled from your DataDog setup.
We are considering integrating other tools and services with Morpheus. Which integrations have you found to be particularly beneficial; and are there any potential pitfalls to watch out for?
We have a lot of plug-ins available; I find the MSDNS one quite useful for my linux servers in my Windows based domain. Lots of customers take advantage of our IPAM offerings. The next most utilized ones I have been asked to assist with are the backup providers and Service Now.
My best advice to avoid pitfalls is to be open to chatting with Morpheus prior to integrating them. We can help plan and offer assistance in the process to make it easier on you. We offer professional services that will be more than happy to work alongside you in getting these solutions not only configured in the system but working as expected.