News & Blog

Maestro: Empowering Hybrid Cloud Orchestration with robust security and cost-effective deployment

Maestro stands as a versatile hybrid cloud orchestrator, offering a seamless and unified gateway to major cloud providers, including AWS, Azure, Google Cloud, and OpenStack for private datacenters. At its core, Maestro leverages the power of Terraform, enabling the provisioning and management of diverse cloud resources across these platforms.

Going beyond the fundamental function of hosting virtual resources, Maestro incorporates an array of complementary components that empower users to maintain absolute control over their virtual infrastructures. Key features encompass auditing, monitoring, billing, and reporting functionalities. These ancillary tools bolster users' ability to track and optimize their cloud usage, ensure security and compliance, and gain actionable insights into their cloud-based operations. With Maestro, businesses can efficiently harness the potential of hybrid cloud environments, streamlining operations and maximizing their cloud investments.

Maestro represents a unique framework designed to deliver the Cloud Orchestrator in two distinct forms: as a Software-as-a-Service (SaaS) offering and as a deployable application tailored for specific customers. This flexible approach ensures that all features and customizations are accessible and applicable to both deployment models.

Behind the scenes, Maestro's backend is built using Java and comprises two integral components: a server-less part, leveraging AWS Lambda, and a server-full part, built on AWS EC2. This architecture allows for efficient and scalable execution, adhering to best practices in AWS security.

To ensure robust authentication, Maestro relies on AWS Cognito services, which enables secure and seamless access control for users. With its adaptable framework and emphasis on AWS services, Maestro offers a powerful and secure solution for cloud orchestration, accommodating various deployment preferences and meeting the specific needs of individual customers.

Each component within Maestro is designed to function independently, offering standalone capabilities that can be utilized separately, even beyond the scope of the Cloud Orchestrator. For authentication, Maestro seamlessly integrates with Active Directory. Users can access AWS services directly using their domain credentials, and the authentication process is facilitated through the SAML protocol. Once authenticated, users are granted access within pre-configured IAM roles, requiring no interaction with Maestro.

Access to the Maestro platform is also based on the user's domain credentials, but in this case, the OAuth 2.0 protocol is employed. This enables streamlined and secure authentication for any enterprise with an Active Directory. The robust integration of Maestro with Active Directory ensures smooth user experiences and enhanced security measures, making it a reliable solution for cloud orchestration within diverse enterprise environments.

We have taken diligent measures to ensure that deploying Maestro remains cost-effective. Since we leverage AWS services that operate on a pay-as-you-go model, our application follows the same principle. In our thorough calculations, we determined that the Proof of Concept (POC) installation incurred a daily cost of $5, with an additional $1 charged for every 100 active users. It's important to note that this cost calculation solely covers the services consumed by the Maestro application and does not include any charges related to the infrastructure created by the users. By adopting this approach, we aim to offer our users a budget-friendly solution while providing the necessary resources to efficiently manage their cloud environments using Maestro.

To enhance security, we have implemented an approval framework that can be applied to any action performed by end users. This framework allows us to wrap critical actions with an approval process, ensuring that potentially risky operations receive the necessary oversight. When an action does not require approval, the system automatically executes the command.

Recognizing that different enterprises may have varying infrastructure management restrictions, we offer the flexibility to secure certain features under an approval process. In such cases, actions are executed only after manual approval by a designated individual. To streamline the approval process, we leverage email notifications with convenient approve and reject buttons, providing an easy way for responsible personnel to authorize or deny specific actions.

Behind the scenes, this approval mechanism is built using AWS Step Functions, following a well-defined reference architecture. By incorporating this approval framework, we prioritize security and compliance, empowering enterprises to tailor their infrastructure management according to their unique policies and requirements.

Request a demo or demonstration of the solution now.
Blog