Feature Overview

Purpose:  This document describes the use case and proposes a technical implementation to modify an existing Red Hat product (The Cost Explorer) to fulfill critical requirements for Red Hat’s customers on disconnected/isolated networks. This is a high-potential enhancement with tremendous applicability across the US Intelligence Community and US/Foreign Departments of Defense.

Goals

Red Hat government customers run OpenShift 4 clusters on disconnected networks and enclaves, which are physically isolated from the public internet (by design) in order to meet security, heightened data integrity,and availability requirements. Government customers typically run multi-tenant clusters (for larger internal and external government) and cleared defense contractor entities; subsequently, there is a critical requirement to implement a cost-sharing and chargeback model of running the Container Platform hosting these entities (or tenants). This is key to success for many Platform as a Service (PaaS) government infrastructure programs, who rely on tenant resources to support and scale the platform infrastructure. A tool to capture tenant usage and cost is absolutely essential to success for this Platform as a Service chargeback model. 

Currently, customers can deploy and run the Cost Management and Metrics Operator (CMMO) on their disconnected clusters to collect the raw data on resource consumption. However, to fully view the consumption breakdown and apply various cost models and markup, they need to upload the data collected by the CMMO to the Cost Explorer hosted by Red Hat on cloud.redhat.com.

This solution is not viable in a disconnected network environment, as the clusters are not only disconnected from the Internet but also contain sensitive data including labels, namespace, and specific customer identification that could also be considered classified (or sensitive) – either independently or classified upon data aggregation; therefore they cannot be uploaded to the public domain. Additionally, the ability to send data from a CLASSIFIED to an UNCLASSIFIED information system is tedious, oftentimes manual, and extremely time-intensive and error-prone, which introduces substantial costs and unnecessary risks to the customer. For these reasons, customers are unable to upload the data collected by the CMMO into the Cost Explorer. 

The only recommended implementation of CMMO on an isolated and disconnected network is to develop an in-house solution that includes various cost models (as well as markup) and use it to parse the data provided by CMMO. There have been instances of customers who have skilled developers on their staff attempting to accomplish this, but the resulting product is typically inadequate to the data and quality product currently provided by Cost Explorer. However, this in-house developed capability only reflects a small subset of customers (both current and any possible future customers,) as the vast majority of customers in this situation do not have the ability or in-house technical staff and developers to build a custom solution. 

This newly-developed capability will benefit both current and future customers operating in a disconnected environment and will also be a viable option for the customers that are able to develop some limited in-house solutions given that their solution is not as full-featured as Cost Explorer. There is a very large potential user base for this capability, including multiple high-payoff, high-revenue opportunities across IC/DoD. Note: These customers are not just US government customers, but other non-US entities as well (e.g. the UK Ministry of Defense is currently in need of this solution). 

Requirements

An on-premise Red Hat Cost Explorer is needed to allow disconnected clusters to take advantage of the data collected by the CMMO.

(Optional) Use Cases

As a cluster administrator, I need to be able to mirror the latest version of the on-premise Cost Explorer application as a container image or an operator and host it in my disconnected registry. 

As a cluster administrator, I need to be able to deploy the on-premise Cost Explorer application on the cluster so that I can make use of the data being collected by the CMMO. 

As a cluster administrator, I need to be able to configure the on-premise Cost Explorer application on the cluster by selecting one of the available cost models.

As a cluster administrator, I need to be able to configure the on-premise Cost Explorer application on the cluster by applying markup to the cost breakdown so I charge my tenants. 

As a cluster administrator of the disconnected cluster I need to see the total usage and cost by login in and viewing the breakdown of the cost associated with the cluster. 

As a tenant of the disconnected cluster I need to see my usage and cost by login in and viewing the breakdown of the cost associated to my workloads. 

Background, and strategic fit

The best way to treat this is that there is no internet or proxy available and everything needed by the application should be self-contained within the application.

Assumptions

It is assumed that the image or operator will be hosted alongside OpenShift Container Platform images or operator images in the Red Hat registry or in quay.io

It is assumed that the images can be released when updates are made to the Cost Explorer

It is assumed that the On-Premise Cost Explorer can be run on an OpenShift Container Platform.

Customer Considerations

Customers should be able to host the application container images and or related operator images on the disconnected registries and are expected to be able to install and configure the application.

Documentation Considerations

Usual user guides for deploying and configuring the application will be needed.

Customers running disconnected multi-tenant clusters are able to use the on-premise cost explorer to apply chargeback to their various customers and tenants.

This feature will need new content and some update to the existing Cost Management Metrics Operator content to show customers how the two are used on disconnected clusters.

• Customers will need to understand how to install and configure this application
• Customers will use this feature to implement chargeback for the multitenant clusters and be able to apply cost models and markup to their tenants
• Similar reference to the Cost Management and Metrics Operator where this feature is the complement to have the full coverage for chargeback story
• New Content, Updates to existing content, and Release Notes

Questions

 **