Learn how to get around the OpsCompass user interface.
If you're new to OpsCompass or cloud resource management tools generally, you may find the density and complexity of the information overwhelming. This article explains the basic user experience and navigation of OpsCompass to help you learn the ropes.
Definitions and Concepts
OpsCompass contains and presents a significant amount of detailed, technical information. In order to fully appreciate what the product may be demonstrating, it is important to understand the product language and context. This section will offer simple definitions for OpsCompass concepts to help you get started:
- Cloud Provider - this is the public cloud provider, such as AWS, Azure, GCP, Microsoft 365.
- Account - this is generic label for AWS Accounts, Azure Subscriptions, GCP Projects and other top-level resource groupings.
- Resource - this refers to an individual unit of cloud functionality, such as AWS::IAM::User, Azure Network Security Group, S3 Bucket, Virtual Machine attached storage volume, or others. OpsCompass supports hundreds of unique resource types. It is common for each account to have hundreds or thousands of individual cloud resources.
- Inventory is simply a collection of all resources in all accounts. Using the inventory module of OpsCompass, you can browse and navigate through all resource information.
- Compliance refers generally to the adherence of cloud resource configurations to controls defined in cybersecurity frameworks, such as NIST, Fedramp, CIS and others. A resource configuration (its properties, policies and relationships) is "compliant" or "not compliant" to a specific check. Accumulations of checks into frameworks enable OpsCompass to display the overall compliance of a group of resources, and to assign it a score.
- Drift refers to changes to the configuration of individual resources. For example, if a user adds an approved IP Address to a firewall, that change is detected in OpsCompass as a Drift, and alerts are created to help you see that change.
- Drift Concern describes what kind of change has occurred. Security drift concerns pertain to changes that may impact public visibility or other security related issues. Similarly Networking, Data, Cost and other types of drift concerns describe changes that affect a specific area.
- Problems - throughout the OpsCompass user interface, the term "Problems" is used to identify a count of compliance check failures for a given resource or set of resources.
- Changes - throughout the OpsCompass user interface, the term "Changes" is used to identify the count of detected changes for a resource or group of resources.
There are many other terms and ideas reflected in OpsCompass, but these will help get you started.
After login, the OpsCompass dashboard is the home page for all users. This dashboard displays an overview of connected resources, recent drift, a compliance score, and information about configuration problems that are most negatively affecting compliance status.
The Navigation Pane on the left allows you to define Scope, or the list of cloud providers and accounts that in the view. The navigation pane is also used to navigate between different product modules, Inventory, Compliance, Drift and License Manager. The bottom of the Navigation Pane includes a button to collapse the pane, yielding screen space to the displayed content.
OpsCompass dashboard contains 6-7 default cards:
- Inventory - this card displays the number of connected cloud providers, accounts/subscriptions/projects, and resources. Clicking on a cloud provider icon will direct you to the Inventory module, filtering the inventory module to resources from the selected cloud provider.
- Potential License Risk - This card shows the dollar amount of your potential license risk for your licensing products. If you have more than one, both of the numbers will show up.
- Compliance - this card is a summary of resource compliance. Based on the currently defined scope and enabled compliance framework, your overall compliance score is displayed. Additionally, each enabled compliance framework is displayed, with a bar indicating the count of high, medium and low severity compliance check violations relevant to the specific framework.
- Highest Impact Fixes - this card displays the compliance check failures that are most impactful to improving overall OpsCompass compliance score. Clicking a check failure link will direct the user to a Check Results page, which shows all resources that fail the specific check in question.
- Recent Drift - this card displays a tag cloud of recent drift, grouped by Drift Concern. Selecting a specific Drift Concern will direct the user to the Drift module, filtered to recent drift of the selected type.
- Resources - this card is a summary of all resource types for the currently selected scope. Clicking on any resource type will direct the user to the Inventory module, filtering the inventory list to resources of the selected type.
- Accounts - this card displays the list of all connected accounts in the current scope. This view also summarizes the compliance score for each account, for all enabled compliance frameworks. The count of problems (compliance check failures), changes (detected drifts), and the total count of resources are also shown. Clicking on an account name will direct the user to the Inventory module, filtered to the resources in the selected account.
Understanding the Importance of Scope
Scoping the view in OpsCompass helps trim the accounts in view to a smaller subset, making it easier to understand the impact of problems and changes. Scope is a global view filter, that persists across modules. Scope is retained as part of a user's profile so that future sessions in the product retain a user's scope.
In many cases this is an easy way to filter to a specific environment or workload. The scope feature is a global view filter, and is located in the navigation bar. Changes to Scope affect all product modules as you navigate between tools.
In this case, only the production environment is needed. To select a single account or cloud provider, double-click the account. Alternatively, you can select each account or provider with a single click to provide a view of drift alerts from multiple accounts.
- Cloud Provider - select or de-select a cloud provider to view all toggle all accounts of that provider. Selecting AWS, for example, will toggle all AWS accounts.
- Cloud Accounts - select or de-select a specific cloud account/subscription/project to toggle that specific account. Selecting accounts affects the Cloud Provider group above. For example, if you de-select AWS in the Cloud Provider area and then select an AWS account from the Cloud As
The option "Make Default" will ensure that future OpsCompass sessions filters to this specific scope for each module.
OpsCompass contains several modules to present specific scenarios. Each module adheres to basic product navigation conventions, including Page Filters, Scope sensitivity, clickable / non-clickable text.
- Clickable Text - OpsCompass clearly identifies clickable text using common blue text. This helps users understand which content can be followed easily.
- Page Filters in OpsCompass are used to filter a module's view to a specific context, such as filtering to a specific resource type, a specific date range or a specific condition, such as compliance check violations that have been granted an exception. Each module's page filter varies slightly to include options that are specific to the functionality of the module. Manually applied Page Filters persist for the current session. For each Page Filter, a user can save and recall many page filters for use. This can be handy when working in multiple cloud workloads.
- Breadcrumbs - OpsCompass offers breadcrumbs (linear navigation links) to simplify navigation in complex views. Rather than using the back button, it is often preferable to return to a prior view or state. Breadcrumbs in OpsCompass are helpful in this type of navigation.