1-888-317-7920 info@2ndwatch.com

Cost Accounting for Amazon WorkSpaces

Who would have thought, back in 2014, when AWS launched Amazon WorkSpaces it would have such an impact on the virtual desktop market?  Amazon WorkSpaces—AWS’ fully managed, secure desktop computing service—allows enterprises to easily provision cloud-based virtual desktops and provide users access to the documents, applications, and resources they need from any supported device. Over these three short years, Amazon WorkSpaces has made great strides in reducing the costs related to VDI deployment, support and software packaging while improving service levels and deployment time of new applications. Amazon WorkSpaces provides the flexibility to securely work from anywhere, anytime and on any device without the cost and complexity of traditional VDI infrastructure.

However, enterprises have faced a few challenges when deploying Amazon WorkSpaces.  One of the grea challenges with wholesale deployment of Amazon WorkSpaces has been how to allocate the costs associated with thousands of instances to the various departments that are using each resource.  In 2016 AWS enabled users to tag each workspace with up to 50 tags.  While this is a step in the right direction, tagging is not included in the launch process. Instead, users have to remember to tag the instance after it is launched. This is where the process tends to break down, leaving thousands of dollars related to cloud spend either un-allocated or incorrectly allocated.

To address this drawback, it is important to create and implement two processes. The first step is pretty basic: Develop a process and train all team members responsible for launching new WorkSpaces to tag each workspace after it is launched.  The second step is to set up automation to efficiently audit and provide notifications when resources (specifically Amazon WorkSpaces) are launched without a particular tag or set of tags.  Unfortunately, with Amazon WorkSpaces you aren’t able to use the AWS Config “required-tags” rule to enforce your process policy as Config only supports a limited set of AWS resource types. (NOTE: You can check out the AWS Config Developer Guide for more on using it to enforce tag requirements on Config supported resources.) Instead, you can roll your own tag enforcement solution using AWS Lambda and CloudTrail.

This process is fairly simple. When you activate AWS CloudTrail logs, AWS will dump all API calls as JSON log files to an S3 bucket.  You can then setup a trigger on that bucket to invoke an AWS Lambda function that can scan the logs for specific events, such as Amazon WorkSpace’s “CreateWorkSpaces” method. If it finds an event, it can publish a message to an SNS topic notifying you that the resource does not have the appropriate tag.  You can even set the message up to include the creator tag that AWS adds to all new resources. This way, if you need to know who launched the instance in order to determine how to tag it, you will have that information included.

Even when you have the tag in place there is still the issue of how to allocate those costs incurred before the resource was tagged.  Because AWS tags are point in time, only costs associated after the tag is in place will be included in any AWS tag report. 2nd Watch’s cloud financial management tool, CMP|FM, is a powerful resource that can provide accurate cost accounting and deep, financial insight into Amazon WorkSpaces usage by applying boundaries by month to all tags.  In other words, any tag applied during the middle of the month will be applied to the entire month’s usage— appropriately accounting for all of your costs associated with Amazon WorkSpaces—without the need to manually allocate them to the correct department.

If you are looking to deploy Amazon WorkSpaces across your enterprise, it is important to ensure that you have the systems in place for proper cost accounting.  This includes implementing documented processes for tagging during launch and automation to identify and manage untagged instances, and leveraging powerful tools like 2nd Watch CMP|FM for all your cost allocation needs to ensure accurate cost accounting.

— Timothy Hill, Senior Product Manager, 2nd Watch

Facebooktwittergoogle_pluslinkedinmailrss

2W Insight Cloud Cost Accounting Tool: New Features

Enabling enterprises to accurately distribute cloud expenses to their unique cost reporting structure

Accurate distribution of cloud costs among business units, applications, projects etc. according to accepted accounting practices is one of the grea challenges facing enterprise IT Managers and Financial Accountants today. 2W Insight 7.0 simplifies cloud cost accounting by enabling enterprises to create an organizational hierarchy of cost centers aligned to their reporting structure, where resources are assigned, budgets are managed and financial reports are published.

Organizational Hierarchy

2W Insight 7.0 enables enterprises to create a multi-level organizational structure of cost centers tailored to their financial reporting requirements. Users create cost centers for each project, applications, workload etc., then map them to the financial reporting structure. Once the cost centers and structure are established, users assign cloud resources (including reserved instances) to the cost centers where the costs are incurred.  2W Insight applies AWS pricing rules to the usage within each cost center.  As you move up the hierarchy of cost centers, 2W Insight combines the usage from the linked (lower level) cost centers and re-applies the AWS pricing rules to the combined usage ensuring pricing is accurate, earned tier discounts are applied and reserved instances savings are optimized.

Example Organizational Reporting Structure:

Insight 7.0
Assigning Resources to Cost Centers

2W Insight 7.0 enables enterprises to deploy various strategies when assigning resources to cost centers. Enterprises that have implemented a strategy where each workload is placed in a separate AWS account can assign an account to a cost center.  When assigned, all usage/cost in the AWS account will be included in the cost center.  For enterprises that have implemented a strategy where a single AWS account includes multiple workloads, 2W Insight enables user to filter the resources in one or multiple accounts (by tag, attribute etc.) to locate and assign resources to cost centers. Once assigned, a rule can be added to automatically assign new resources that meet the filter criteria into the cost center. This provides strict governance and control of the resource assignments and provides accurate financial reporting.  It also ensures that the elastic nature of the cloud (resources coming and going based on demand) are aligned to the enterprises cloud cost accounting policies.

Budget Management and Alerting

Once the organizational structure is created and resources have been assigned to cost centers, it is important to manage the budget for each cost center.  2W Insight allow users to set budgets for each cost center and receive notifications when budgets are at risk.  Users can receive alerts if a single day’s usage exceeds a set daily budget threshold (e.g. if a single days cost is 120% of the daily budget), when the MTD cost exceeds a set monthly budget threshold (e.g. if the month-to-date usage reaches 100% of the monthly budget) or when the month-to-date cost exceeds a set month-to-date budget threshold (MTD cost exceeds MTD budget by 10%). Budget management and alerting ensures you know in advance if your costs are at risk of exceeding budget.

Showback reports

2W Insight comes standard with month-end reports for each of your cost centers.  These “Showback” reports detail the costs associated with each of your cost centers by AWS product, and users can be set up to receive the reports at the end of each month. Once users begin receiving these reports, they become more aware and therefore more responsible for their AWS spend.

2W Insight Cloud Cost Accounting tool is provided at no charge to all of our Managed Cloud Services customers. To receive a demonstration of its capabilities and how 2nd Watch helps our clients manage the complexity of the public cloud, please contact us at insight.support@2ndwatch.com.

-Tim Hill, Product/Program Manager

Facebooktwittergoogle_pluslinkedinmailrss