Business organizations large and small have been gradually making the move towards a hybrid infrastructure where some information technology (IT) infrastructure resides in-house and some resides in a public cloud such as Microsoft Azure. With this trend comes the question, how do I keep my public cloud costs under control? Microsoft Azure provides a number of built-in features that provide an accurate overview of where and how Azure dollars are spent.

The Azure Cost Control Challenge

Azure provides a huge selection of IT resources that is growing daily. Not long ago we had the usual selection of A0 through A4 virtual machines that provided standard computing. Today Azure hosts a large selection of new types of virtual machines including the DSv2, Dv2, DS, D, Av2, A0-7 series for standard computing, Fs, F series for high CPU requirements, GS, G, DSv2, DS series for high memory requirements, Ls series for high IO requirements using SSD disks, NV, NC series for high graphics requirements, and H, A8-11 series for high networking requirements. Some of these resource intensive VMs can be quite pricey. For example, an H16mr VM which features 16 CPU cores, 224 GB RAM, and 2 TB disk will set you back over $3,800/month. Common costly pitfalls include:

  • VMs that are provisioned to perform a test scenario, then left on and forgotten.
  • VMs that are shutdown from within the VM and not in the Azure portal. Some technical admins may think that shutting down the VM in the VM OS would stop the costs from running.  It does not. The VM must be shut down in the Azure portal and its resources deallocated for the meter to stop.

Access to billing information

You can view billing information at https://portal.azure.com/#blade/Microsoft_Azure_Billing/SubscriptionsBlade in the new Azure portal. After you click on the subscription you wish to view, click on Cost Analysis link to open the Cost Analysis blade

Azure-Costs-Billing-Image

In Azure and most public clouds, you’ll notice quickly that the most costly cloud services are:

  • Compute: This is by far the most expensive of the 3 main cloud services; being compute, storage, and networking. For example, Virtual machines
  • Networking: A distant second. Azure ingress traffic is free. That’s uploading data to Azure. Azure egress traffic (downloading or reading files from Azure) costs under 9 cents per GB in North America and Europe, with the first 5GB/month free.
  • Storage:
    • Premium storage: that’s back-ended by SSD disks and provides high IOPS. For example, P30 disk provisions 5k IOPS
    • Page Blobs: These are 1 TB logical disks that can be attached to VMs. In a Standard VM this provisions 500 IOPS while in a Basic VM this provisions 300 IOPS.
    • Block Blobs: The cheapest form of storage. Can be used as a file repository using desktop tools such as CloudBerry Explorer for Azure Storage. It can also be configured to be publicly accessible or not via Shared Access Signatures.

Controlling Your Azure Costs: Resource Groups and Tags

As business organizations mature, management will require more visibility into IT expenditures and even break down IT budget per department or business unit.  Charge-back and Show-back become common terms that refer to the break down of an organization unit’s IT spending per project/task/resource category. This level of visibility is essential in understanding the driving forces behind IT spending which is the first step towards optimizing that spending to produce the most return for the organization.

With the new Azure portal we have access to Azure Resource Groups. Resource Groups are logical containers to help organize resources. For example, you can provision a Resource Group for a line of business application called VersaStore that requires traditional front end web tier, middle application tier, and back end SQL tier. That would require provisioning one or more VMs in each tier, with associated resources such as storage accounts, network security groups, vNet, internal and external IP objects, vault objects for backup, … By placing all the Azure resources for VersaStore in a Resource Group, that insures they’re provisioned in the same Azure data center which is important for achieving optimum latency. It also makes it very easy to decommission the entire deployment by simply deleting the Resource Group which deletes all objects under it.

Each Azure resource such as a VM or Storage account can be assigned one or more tags. The tags serve to provide reporting based on such tags. Tags take the key/value format. For example, we can have a tag called ‘Department’ (this is the tag key), that accepts values such as ‘accounting’, ‘marketing’, ‘engineering’, and ‘HR’. Once tagged, you can produce a report at the end of the month for example to show the ‘marketing’ department IT costs in a given Azure subscription.

I recommend an initial period of in depth planning of your resource tagging strategy for your organization. For example, the following tag key/values can be used in a typical organization:

Department: values such as accounting, marketing, engineering, HR
Project: values such as Windows 10 deployment, AD merge, …
Type: values such as Dev, QA, Prod
Cost Center

Controlling your Azure Costs: Auto VM Shutdown

A new feature in the new Azure portal is the ability to schedule a VM for automatic shutdown at a given point in time:

Azure Automatic VM Shutdown Screenshot

Controlling your Azure costs: policies

Policies provide a great tool for the Azure account/billing admin to control which services the technical/subscription admins can provision. This prevents overspending in the first place, whereas the other options merely inform of the over-spending after it occurs.

Policies are available in the new Azure portal under the Subscription policy blade:

Azure Costs Subscription Blade Screenshot

When you create a new policy you can select from the following policy types:

Azure Policy Screenshot

For example, you can create a policy that restricts the provisioning all VM SKUs except Basic A0-A4 and Standard A0-A4:

Azure Assignment Policy Screenshot

A policy is then bound to a subscription:

azure policy screenshot

If a technical/subscription admin attempts to provision a VM outside the allowed set of VMs, the VM deployment will fail with an error similar to:

azure screenshot error policy

Controlling your Azure costs: Billing Alerts

One of the optional (Preview) services currently available in Azure is Billing Alert Service. To activate it, go to the Azure classic account portal, and click to sign up:

Then go to your chosen subscription under subscriptions, click Alerts, and click to add an Alert:

You can have up to 5 different billing alerts.

Azure-Costs-Billing-Image-b