Cloud Cost Management Features

Cost Transparency

Multi-cloud cost visibility

Cloud providers are not one-size-fits-all. The majority of businesses leverage more than one cloud provider along with hosting some portion of their cloud workloads in Kubernetes clusters. Harness CCM gives you complete cost visibility to all your AWS, Azure, and GCP cloud workloads in a single dashboard view.

Deep Kubernetes Cost Visibility

Harness CCM gives deep insights into Kubernetes costs, including actionable insights into Kubernetes workloads and clusters’ utilized, idle, and unallocated resources. Understand K8s costs by cluster, namespace, node/instance, workload, or label, and see idle cluster resources across clusters or applications.

Cost Perspectives

Perspectives allow you to create and report your cloud costs in ways that fit your business context and user needs. Perspective views can be created for business leaders, finance, and engineering teams according to how these users need to see cloud costs. Perspectives can also be created to group and filter by Account, Environment, Service, Region, Product, Label, Namespace, Workload, and more.

Cost Categories

Cost categories allow you to map business costs across multiple cloud providers, Kubernetes, and non-Kubernetes workloads into common cost categories, which are then used to create Perspectives. This allows users to normalize resource tags and labels into logical groups that may not have a common tag structure as well as mapping untagged resources by user-defined rules.

Built-in Cloud Cost Dashboards

Harness CCM includes multiple detailed dashboards out-of-the-box to give users deep visibility and business intelligence into their entire cloud cost infrastructure. Pre-defined dashboards by cloud provider, workload, and resource inventory can be customized according to user needs.

Cost Optimization

Cloud AutoStopping™

Unused, idle cloud resources are the single largest cause of wasted cloud spend, especially in non-production test/dev environments. Cloud AutoStopping™ uses AI and ML to actively manage cloud resource idle time effectively, reducing cloud spend by up to 70% for non-production workloads. Idle resources are shut down when not in use and dynamically run on spot instances (as per user-defined rules) with no impact to end users.  

Spot Instance Orchestration

Spot instances offer tremendous savings because they use spare compute capacity the cloud provider isn’t otherwise using. The challenge comes when the provider has a surge in demand and takes back that capacity, interrupting access to spot instances. Harness Cloud AutoStopping has full spot interruption handling with on-demand fall back capabilities built-in to automatically manage spot instance usage across cloud providers.

Cluster Orchestration for EKS

Harness Cluster Orchestrator closes the gap in compute availability guarantees that prevent production workloads from being deployed on lower cost spot instances. Harness Cluster Orchestrator for EKS delivers fully orchestrated, automated spot instance management, as well as AI-powered cluster autoscaling, intelligent bin-packing and distributed Spot orchestration to distribute workloads across HA clusters.

Cost Savings Recommendations

Over-provisioned cloud services are a major source of micro-waste in cloud costs. Across thousands of resources, these aggregate costs are significant. Harness CCM provides clear recommendations on how to optimize compute resources for your ECS usage as well as Kubernetes workloads and node pools to help you reduce costs and improve performance of your cloud infrastructure.

Cost Anomaly Detection

Harness CCM continuously monitors current cloud spend, comparing it against historical usage trends to detect cost anomalies for your Kubernetes clusters and cloud accounts as they occur. When a cost anomaly is detected, resource owners are notified immediately to take action on cost overruns before they spiral out of control. Protect against accidental costs such as test clusters left active, alerts teams to increased SaaS feature usage, and identify recurring events that may happen daily, weekly, or monthly.

Root Cost Analysis

Harness CCM provides the ability to drill down into cloud costs at a granular level to see which clusters, namespaces, nodes, tasks, workloads, labels, storage, and Harness components are driving the most cost. This granular cost visibility, combined with cost anomaly detection, can save engineers days or weeks of effort to find the source of unexpected cloud spend.

Cost Governance

Budgets and Forecasting

Stay up to date with reports and user-defined alerts at various stages of budget consumption at the granularity you need for your business.Set monthly, quarterly, and annual budgets by cost perspective. Track whether your current rate of spending will be within budget with accurate ML-based forecasting.  

Automated Cloud Resource Tagging

No more manual tagging required for cloud resources required to maintain excellent tag cleanliness. The Harness Platform automates the creation of cloud infrastructure throughout the CD development pipeline and can automatically provision resources that are automatically tagged at creation time.

APIs and Integrations

Comprehensive APIs‍ 

Harness provides well-documented REST APIs for automation across our entire platform, including onboarding new teams and projects at scale. Our APIs enable you to automate and monitor your cloud cost management and integrate Harness into your existing monitoring tools.

Cloud Cost Monitoring with Datadog

The Harness Cloud Cost Management UI extension in Datadog makes iteasy for teams to monitor cloud costs alongside their key metrics for cloud services.

Administration

Built-in User Management & Authentication

Harness provides built-in access control features including authentication, authorization, and auditing. It also allows you to enforce password policies, such as password strength, periodically expiring passwords, and enforcing two-factor authentication. 

Data Retention (5 years)

CCM has an industry-leading 5-year retention period, giving our customers long-term views into their cloud cost history. Data retention policies depend on the Harness product and plan you are using. For example, Harness CD and CCM have different data retention policies. 

Provisioning Users with Okta (SCIM)

By using Okta as your identity provider, you can efficiently provision and manage users in your Harness Account, Org, and Project. Harness's SCIM integration enables Okta to serve as a single identity manager for adding and removing users and for provisioning User Groups, helping your team gain efficiencyfor managing many users.

Provision Azure AD Users and Groups (SCIM)

By using Azure AD as your identity provider, you can efficiently provision and manage users in your Harness Account, Org, and Project. Harness' SCIM integration enables Azure AD to serve as a single identity manager for adding and removing users and for provisioning User Groups. This integration improves efficiency when managing large numbers of users.

Provision Users and Groups with OneLogin (SCIM)

You can use OneLogin to provision users and groups in Harness. Harness' SCIM integration enables OneLogin to serve as a single identity manager for adding and removing users. This is especially efficient for managing large numbers of users.

Multiple Organizations

Create organizations and add collaborators so all your organizations can easily work on projects together.

Custom Dashboarding

Create custom dashboards to access the information you need across your entire Harness platform deployment. The Dashboard allows you to organize, explore, and present structured data logically. You can use this data to improve deployments and to inform and improve your operations and business decisions.

‍Managed Service Provider (MSP) Enablement

MSPs provide a valuable service to their customers, helping to manage their cloud spend, consumption, and resources. Harness MSP enablement, combined with role-based access control, ensures that customer accounts remain properly segregated for account security. It also ensures correct billing visibility on a per customer basis.

Security

Single Sign-On (SSO) with OAuth 2.0

Harness supports SSO with OAuth 2.0 identity providers, such as GitHub, Bitbucket, GitLab, LinkedIn, Google, and Azure. These integrations allow you to use an OAuth 2.0 provider to authenticate your Harness Users. Once OAuth 2.0 SSO is enabled, Harness Users can simply log into Harness using their GitHub, Google, or other provider's email address.

Single Sign-On (SSO) with SAML

Harness supports SSO with SAML, integrating with your SAML SSO provider so you can log your users into Harness as part of your SSO infrastructure. 

Single Sign-On (SSO) with LDAP

Harness supports SSO with LDAP implementations, including Active Directory and OpenLDAP. Integrating Harness with your LDAP directory enables you to log your LDAP users into Harness as part of Harness' SSO infrastructure. Once you integrate your Harness account with LDAP, you can create a Harness User Group and sync it with your LDAP directory users and groups. The users in your LDAP directory can then log into Harness using their LDAP emails and passwords.

Two-Factor Authentication (2FA)

Harness provides support for 2FA throughout the Harness Software Delivery Platform with enforcement both at the individual user account level and at the account-wide level. 2FA setup with Harness is easy, using a smartphone-based process using QR codes for initial setup and username/password for all subsequent logins once configured. 

IP Address Whitelist Management

Harness provides the ability for administrators to control what systems Harness users can access within their environments. 

Secrets Management

Harness includes a built-in secret management feature that enables you to store encrypted secrets, such as access keys, and use them in your Harness Connectors and Pipelines. Integrated managers include AWS KMS, HashiCorp Vault, Azure Key Vault, Google KMS, and AWS Secrets Manager.

Log Sanitization

Harness sanitizes deployment logs and any script outputs to mask text secret values. For text and file secrets, the secrets are stored in the Secrets Manager you select. When a text secret is displayed in a deployment log, Harness substitutes the text secret value with asterisks (*) so that the secret value is never displayed.

Audit Trail (2 years data retention)

Harness Audit Trails provide the visibility needed to support organizational governance and prepare for external audits. With Harness Audit Trails, you can view and track changes to your Harness resources within your Harness account with data stored from up to two years prior. Without this data, developers are forced to manually compile information for audits.

Policy-Based Governance

Policy Based Governance (OPA)

Harness Policy-as-Code is a centralized policy management and rules service leveraging the Open Policy Agent (OPA) to meet compliance requirements across software delivery and enforce governance policies. Policies are written as declarative code so they are easy to understand and modify, enabling teams to have autonomy over their processes with oversight and guardrails in place to prevent them from straying from standards.

RBAC (Role based Access Control) - Built in Roles and Custom Roles

Harness provides fine-grained RBAC to enforce separation of duties and control what user groups are granted access to specific resources based on assigned roles. This tool allows businesses to protect their data and key business processes through company-set rules and roles. Built-in roles are available by default to quickly create the desired permissions at the account, organization, and project level within Harness as well as the ability to create custom roles for additional flexibility. CCM specific roles can be set per account.

Audit Trail (2 years data retention)

Harness Audit Trails provide the visibility needed to meet organizational governance needs and prepare for external audits. With Harness Audit Trails, you can view and track changes to your Harness resources within your Harness account with data stored from up to two years prior. Without this data, developers are forced to manually compile information for audits.

Hosting

Harness provides a flexible hosting model that allows for full SaaS implementations, full on-premise implementations, and hybrid implementations. These flexible models allow companies with a variety of security requirements to use Harness CCM.

Hosting includes:

  • Self-managed
  • SaaS
  • Zero touch maintenance (nothing to install/upgrade)
  • Automatic horizontal scaling and high availability
  • Automatic backups and disaster recovery
  • SLA guarantee

Support

Community

Those using open source and source-available products from Harness can access community.harness.io to leverage our community-supported knowledge base. Both Harness staff and users contribute to and grow our shared knowledge. 

Standard

Harness standard support, included for all Harness customers on a paid contract, includes coverage from 9am to 5pm PST Monday through Friday with variable response times based on issue severity. Support entitlements are provided for two named admins for each customer. 

Premier 

Harness standard support, included for all Harness customers on a paid contract, includes coverage 24 hours a day, 7 days a week, with variable response times based on issue severity. Also included at the Premier support level are Zoom-based communication as well as post-incident reports. Support entitlements are provided to all customer staff.