Skip to main content
IT Unconference

Cardinal Cloud — Discounts & Support Options for AWS, GCP and Azure

Proposed by Noah Abrahamson and Irina Zaks

Where will the conversation continue?
#cop-cloud Slack channel
Cardinal Cloud has lined up a number of cloud service provider discounts. Come and learn about what's included and how to take advantage of them. Also learn about your support options on campus.
Notes

Significant discounts for Amazon & Google Cloud Platform (hopefully Microsoft Azure in future)
Have committed Stanford to certain expenditure for cloud

Discounts: https://uit.stanford.edu/cloud-vendor/reduce-cost
Cardinal Cloud: https://cardinalcloud.stanford.edu/

All educational institutions have global data egress charges waived (e.g. when data goes from S3 bucket to Internet to users) so don't have to worry about data being moved

AWS - charged first, then reverse invoice for data egress charges

  1. UIT Hosting services handles the billing for it

  2. When you use Cardinal Cloud AWS, credits also processed for you and PTA charged accordingly and don't have to worry about PCard; otherwise don't get credit unless submitting back to Amazon to redeem

Azure and Google - doesn't charge for egress to begin with

Cardinal Cloud

  1. Great way to streamline operational processes

  2. Comes with security configurations; if not through Cardinal Cloud, compliance concerns/violation

Wasabi Cloud Storage - object storage intended to be drop-in replacement for Amazon S3 (uses same syntax as S3), doesn't have latency of Glacier and fewer worries about early deletions

Q: GCP prices - current or future prices?

  1. Current prices. These discount programs covers multiple years and we're well ahead of commitment. Trying to negotiate better prices with increased usage.

Q: Any discount with Digital Ocean?

  1. No current discounts. Digital Ocean use is discouraged due to no Business Associate Agreements; we have BAAs with AWS, GCP, Azure.

New/Change/Cancel Request Forms available in Service Now

  1. Also useful if want to change PTA

  2. Sub Account Name - use something useful for department

  3. Can split billing to a few PTAs

  4. Account will be created and you will be able to log in via SUNet ID, already integrated with University login and can manage workgroups

Minimal guardrails put in place for security - https://uit.stanford.edu/cardinal-cloud/aws-security-and-management

  1. CloudTrail - won't pay for the storage for CloudTrail (S3 bucket for logs paid for by ISO)

  2. AWS Config - will check to make sure best practices in place (e.g. EBS volumes are encrypted), don't use it to revert changes, IAM users have MFA enabled for console access

  3. VPC Flow Logs - for forensics (S3 bucket for logs also paid for by ISO)

  4. AWS GuardDuty - for detecting threads and malicious activities

  5. Qualys CloudView Access - monitoring security

  6. Service Control Policies - e.g. can't delete Stanford's SAML provider for SSO logins

  7. Region restriction - e.g. no mainland China

For collaborating with others

  1. Can use sponsored accounts

  2. Can add integration using VPC peering

  3. Can manage workgroups for Google groups to give access to a group for GCP

Q: How has Research Computing been collaborating with others?

  1. Leverage SUNets identity workgroups

  2. In a few cases, with Google sponsored work, have also been using outside identities (like a google.com for a Google engineer)

For GCP, we have similar security configurations?

  1. Currently in transition, GCP has Security Command Center, but currently can see every group's information; GCP has a premium product that Stanford hasn't yet obtained, but currently looking into tools that will similarly view info for all three cloud providers

More ways to collaborate/get help

  1. TCG Office Hours: https://tcg.sh/oh

  2. Cloud Community of Practice: third Thursdays every month on Zoom to talk about Cloud.

    1. See #cop-cloud Slack channel (shared across Stanford University Enterprise Grid). Info: https://cop.stanford.edu/community/cloud-computing