The RosettaOps Model¶
Two-tier governance that earns trust incrementally -- from read-only visibility (with the real-time Monitoring Service) to full lifecycle automation across AWS, Azure, GCP, Alibaba Cloud, OVH, and OpenStack.
Why Two Tiers¶
No enterprise gives a new vendor write access on day one. Cloud operations teams need to validate a platform's value before granting it permission to change anything.
RosettaOps is RosettaHub's cloud operations product -- the unified governance abstraction layer across all clouds. It provides the same APIs for account vending, sandboxing, budgets, compliance, and landing zones regardless of the underlying provider. Its two-tier model maps directly to the real trust boundaries in enterprise cloud operations:
- See the problem -- read-only visibility plus the real-time Monitoring Service builds confidence and reveals waste.
- Stop and fix it -- full enforcement, remediation, and lifecycle automation, with optional Account Vending Machine for greenfield estates.
Each tier delivers standalone value. You can stay at Observe indefinitely, or move to Automate when the business case is clear.
Apr 2026 revision
Earlier drafts had three tiers (Observe / Govern / Automate). The middle Govern tier was dropped to simplify the offering: most buyers were either read-only (Observe) or full-platform (Automate). Brownfield buyers who only want governance enforcement get it under Automate -- the AVM features are optional and sit dormant until adopted. The real-time Monitoring Service (live cost estimate + continuous cost-vs-budget) moved into Observe.
Tier Overview¶
graph LR
subgraph tier1 ["TIER 1 -- Observe"]
O1["Read-only visibility"]
O2["Real-time Monitoring Service"]
O3["Cost dashboards + allocation"]
O4["Compliance scanning"]
end
subgraph tier2 ["TIER 2 -- Automate"]
A1["Enforcement at creation"]
A2["Auto-remediation"]
A3["AVM (optional)"]
A4["Lifecycle automation"]
end
tier1 -- "Trust established" --> tier2
style tier1 fill:#e3f2fd,stroke:#1565c0,color:#000
style tier2 fill:#e8f5e9,stroke:#2e7d32,color:#000Automate is a strict superset of Observe: everything visible in Observe is still visible in Automate; Automate adds the write-side capabilities.
Tier 1 -- RosettaOps Observe¶
Access Level: Read-Only
Observe requires no write access to your cloud accounts. RosettaHub reads telemetry, inventory, and billing data only. Nothing in your environment is modified.
Observe gives you real-time, multi-cloud visibility -- the unified multi-cloud view that most organizations lack today. Many enterprises operate across two or more clouds with no unified cost or compliance view. Observe solves that immediately, and adds the real-time Monitoring Service so cost-vs-budget signals fire continuously rather than after the bill arrives.
Capabilities¶
| Capability | Description |
|---|---|
| Real-time resources | Live inventory of every cloud resource across accounts and providers |
| Real-time cost estimation | Event-driven cost tracking across all connected clouds -- not billing-lag estimates |
| Real-time Monitoring Service | Live cost estimate plus continuous cost-vs-budget evaluation. Surfaces overspend continuously, not after the bill arrives |
| Unified multi-cloud cost dashboard | Single view of spend across AWS, Azure, GCP, Alibaba Cloud, OVH, and OpenStack |
| Cost allocation | Account, project, team, and tag-based breakdowns; multi-account rollups |
| Resource inventory and audit | Complete catalog of cloud resources with metadata and ownership |
| Compliance posture scanning | Findings against 10 standards (SOC 2, HIPAA, PCI DSS, GDPR, NIST 800-53/171/CSF, FedRAMP, ISO 27001, CIS) -- read-only findings, no remediation |
| Idle detection | Identifies idle compute, idle databases, orphaned storage volumes and snapshots, unattached IP addresses, idle load balancers |
| Savings recommendations | Commitment and reservation utilisation, right-sizing, Spot conversion candidates |
| Real-time AI usage tracking | Track AI model API consumption across providers |
| Exportable reports | Download cost, inventory, and compliance data for stakeholders |
Coming Soon
- Compliance posture dashboard -- Visual compliance status across all accounts and frameworks. Coming Q2 2026.
- AI-driven cost forecasting -- Predictive spend analysis powered by historical trends. Coming Q2 2026.
Standalone Value¶
Observe answers questions that many organizations simply cannot answer today:
- How much are we spending across all clouds, right now?
- Are we on track against budget today, or did we already blow past it last week?
- Which accounts have resources that violate compliance baselines?
- Who owns the resources driving the most cost?
The data Observe surfaces typically reveals enough waste to build the business case for Automate.
Tier 2 -- RosettaOps Automate¶
Access Level: Full Lifecycle Management
Automate has full write access. It can enforce policies at resource creation, auto-remediate compliance drift, modify, stop, and terminate existing resources -- subject to Protected Account Designation.
Automate closes the loop. Where Observe shows you the fire, Automate stops new fires from starting and puts out existing ones.
Capabilities¶
Everything in Observe, plus:
Enforce at creation¶
| Capability | Description |
|---|---|
| Budget hard stops | Real-time budget caps that prevent overspend, not just alert on it |
| Quota enforcement | Creation-time limits on machines, volumes, storage, instance types |
| Region and service restrictions | Control which cloud services and regions users can provision in |
| Account sandboxing | Policy guardrails at the account boundary so blast radius is bounded |
| Compliance policy enforcement | Preventive policies that block non-compliant provisioning at creation time |
| Auto-remediation on drift | Automatically correct configuration drift after provisioning |
Permissions and access¶
| Capability | Description |
|---|---|
| RBAC | Role-based access control across all platform resources |
| Role-based service restrictions | Control which cloud services and instance types users can provision |
| Federated multi-cloud console | Single sign-on console access across AWS, Azure, GCP |
| Role and identity management | Manage cloud identities, roles, and permissions from one UI |
| Account provisioning from pools | Vend cloud accounts instantly from warm pools with guardrails already applied |
AI governance¶
| Capability | Description |
|---|---|
| Per-user model budgets | Spending limits on AI/ML model API consumption per team or project |
| Model restrictions | Control which AI models each role can call |
| Token audit trail | Full audit log of AI model usage by user, project, and time |
Cost actions¶
| Capability | Description |
|---|---|
| Spot instance hibernation | Automatically hibernate Spot instances to preserve state and reduce cost (60-90% savings) |
| Autostop | Stop idle compute on trigger or schedule |
| One-click idle cleanup | Apply savings recommendations as a single action |
| Account cleanup | Identify and remove idle resources, orphaned storage volumes, unused snapshots |
| Compute shutdown on trigger or schedule | Stop or terminate instances based on inactivity, time-of-day, or custom triggers |
| Account freeze and unfreeze | Suspend all non-essential compute in an account instantly, and restore it later |
Lifecycle automation (optional)¶
| Capability | Description |
|---|---|
| Account Vending Machine (AVM) | Pool, assign, sandbox, clean, and return cloud accounts on demand |
| Scheduled resource lifecycle policies | Define policies that automatically age out, resize, or terminate resources on a schedule |
AVM is optional for brownfield estates
Automate's AVM features sit dormant if you don't need them. Brownfield buyers can adopt Automate purely for the enforcement layer (creation-time quotas, auto-remediation, governed AI, cost actions) on existing accounts without restructuring their account estate.
Coming Soon
- MCP server access -- Programmatic governance via the Model Context Protocol server. Coming Q2 2026.
Critical Safety: Protected Accounts¶
Protected Account Designation
Any cloud account can be designated as Protected. Protected accounts are exempt from all automated actions at the platform level -- no cleanup, no shutdown, no freeze. This ensures that production workloads and other critical environments are never touched by automation, regardless of any policy or schedule configured in Automate.
Protected Account Designation is the safety mechanism that makes full lifecycle automation viable for enterprises. Teams can automate aggressively in development and sandbox accounts while maintaining absolute certainty that production is off limits.
Feature Comparison¶
The following table summarizes which capabilities are available at each tier.
| Capability | Observe | Automate |
|---|---|---|
| Real-time resources (live inventory) | ||
| Real-time cost estimation | ||
| Real-time Monitoring Service (live cost + continuous budget) | ||
| Unified multi-cloud cost dashboard | ||
| Cost allocation (account, project, team, tag) | ||
| Resource inventory and audit | ||
| Compliance posture scanning (findings) | ||
| Idle detection | ||
| Savings recommendations | ||
| Real-time AI usage tracking | ||
| Exportable reports | ||
| Budget hard stops | ||
| Quota enforcement (machines, volumes, storage) | ||
| Region and service restrictions | ||
| Account sandboxing | ||
| Compliance policy enforcement | ||
| Auto-remediation on drift | ||
| RBAC | ||
| Federated multi-cloud console access | ||
| Role and identity management | ||
| AI governance (model budgets, restrictions, audit) | ||
| Spot instance hibernation | ||
| Autostop | ||
| One-click idle cleanup | ||
| Account cleanup (idle / orphaned resources) | ||
| Compute shutdown on trigger / schedule | ||
| Account freeze / unfreeze | ||
| Account Vending Machine (optional) | ||
| Scheduled resource lifecycle policies | ||
| Protected Account Designation |
How Customers Progress¶
The two-tier model is designed around a natural upgrade path where Observe builds the case for Automate.
Observe reveals the problem¶
Most organizations begin with Observe because it requires zero write access -- the lowest possible risk. Within days, the unified cost dashboard, real-time resource inventory, and Monitoring Service surface waste that was previously invisible: idle instances, orphaned volumes, accounts with no budget controls, and compliance gaps. The Monitoring Service in particular catches budget overruns continuously, not after the bill arrives.
This data alone often reveals six- or seven-figure annual savings opportunities.
Observe builds the case for Automate¶
Once stakeholders can see the waste, the conversation shifts from "do we have a problem?" to "how do we stop it from getting worse, and clean up what's already there?" The business case for Automate writes itself: the cost of inaction is now visible on a dashboard.
Automate's enforcement layer -- creation-time quotas, budget hard stops, compliance policy enforcement, auto-remediation on drift -- stops new waste at the source. Its cost actions -- Spot hibernation, autostop, one-click idle cleanup, account cleanup -- eliminate existing waste. AVM is optional for brownfield estates that don't need account vending.
graph LR
See["<b>See it</b>\n\nObserve reveals waste.\n<i>Real-time Monitoring Service\ncatches it as it happens.</i>"]
Fix["<b>Stop it. Fix it.</b>\n\nAutomate enforces, remediates,\nand cleans up.\n<i>Production is protected.</i>"]
See -->|"Data builds the case"| Fix
style See fill:#e3f2fd,stroke:#1565c0,color:#000
style Fix fill:#e8f5e9,stroke:#2e7d32,color:#000Each tier delivers value on its own. There is no requirement to progress -- organizations can remain on Observe as long as it meets their needs.
Next Steps¶
- RosettaOps Guide -- Detailed administration and governance documentation.
- Cloud Accounts -- Connect your cloud providers to RosettaHub.
- Organizations -- Set up your organizational hierarchy.
- Enterprise Solutions -- How RosettaOps serves enterprise and SMB teams.
- Getting Started -- Get up and running with RosettaHub.