Business organizations large and small have been gradually making the move towards a hybrid infrastructure where some information technology (IT) infrastructure resides in-house and some resides in a public cloud such as Microsoft Azure. With this trend comes the question, how do I keep my public cloud costs under control? Microsoft Azure provides a number of built-in features that provide an accurate overview of where and how Azure dollars are spent.
The Azure Cost Control Challenge
Azure provides a huge selection of IT resources that is growing daily. Not long ago we had the usual selection of A0 through A4 virtual machines that provided standard computing. Today Azure hosts a large selection of new types of virtual machines including the DSv2, Dv2, DS, D, Av2, A0-7 series for standard computing, Fs, F series for high CPU requirements, GS, G, DSv2, DS series for high memory requirements, Ls series for high IO requirements using SSD disks, NV, NC series for high graphics requirements, and H, A8-11 series for high networking requirements. Some of these resource intensive VMs can be quite pricey. For example, an H16mr VM which features 16 CPU cores, 224 GB RAM, and 2 TB disk will set you back over $3,800/month. Common costly pitfalls include:
Access to billing information
You can view billing information at https://portal.azure.com/#blade/Microsoft_Azure_Billing/SubscriptionsBlade in the new Azure portal. After you click on the subscription you wish to view, click on Cost Analysis link to open the Cost Analysis blade
In Azure and most public clouds, you’ll notice quickly that the most costly cloud services are:
Controlling Your Azure Costs: Resource Groups and Tags
As business organizations mature, management will require more visibility into IT expenditures and even break down IT budget per department or business unit. Charge-back and Show-back become common terms that refer to the break down of an organization unit’s IT spending per project/task/resource category. This level of visibility is essential in understanding the driving forces behind IT spending which is the first step towards optimizing that spending to produce the most return for the organization.
With the new Azure portal we have access to Azure Resource Groups. Resource Groups are logical containers to help organize resources. For example, you can provision a Resource Group for a line of business application called VersaStore that requires traditional front end web tier, middle application tier, and back end SQL tier. That would require provisioning one or more VMs in each tier, with associated resources such as storage accounts, network security groups, vNet, internal and external IP objects, vault objects for backup, … By placing all the Azure resources for VersaStore in a Resource Group, that insures they’re provisioned in the same Azure data center which is important for achieving optimum latency. It also makes it very easy to decommission the entire deployment by simply deleting the Resource Group which deletes all objects under it.
Each Azure resource such as a VM or Storage account can be assigned one or more tags. The tags serve to provide reporting based on such tags. Tags take the key/value format. For example, we can have a tag called ‘Department’ (this is the tag key), that accepts values such as ‘accounting’, ‘marketing’, ‘engineering’, and ‘HR’. Once tagged, you can produce a report at the end of the month for example to show the ‘marketing’ department IT costs in a given Azure subscription.
I recommend an initial period of in depth planning of your resource tagging strategy for your organization. For example, the following tag key/values can be used in a typical organization:
Department: values such as accounting, marketing, engineering, HR
Project: values such as Windows 10 deployment, AD merge, …
Type: values such as Dev, QA, Prod
Controlling your Azure Costs: Auto VM Shutdown
A new feature in the new Azure portal is the ability to schedule a VM for automatic shutdown at a given point in time:
Controlling your Azure costs: policies
Policies provide a great tool for the Azure account/billing admin to control which services the technical/subscription admins can provision. This prevents overspending in the first place, whereas the other options merely inform of the over-spending after it occurs.
Policies are available in the new Azure portal under the Subscription policy blade:
When you create a new policy you can select from the following policy types:
For example, you can create a policy that restricts the provisioning all VM SKUs except Basic A0-A4 and Standard A0-A4:
A policy is then bound to a subscription:
If a technical/subscription admin attempts to provision a VM outside the allowed set of VMs, the VM deployment will fail with an error similar to:
Controlling your Azure costs: Billing Alerts
One of the optional (Preview) services currently available in Azure is Billing Alert Service. To activate it, go to the Azure classic account portal, and click to sign up:
Then go to your chosen subscription under subscriptions, click Alerts, and click to add an Alert:
You can have up to 5 different billing alerts.