Azure Fundamentals

Part 4/4 – Azure Resource Manager, Pricing Calculators

Material source:

Microsoft documentation

Control and organise Azure resources with Azure Resource Manager

Azure Resource Groups: Resource Groups: a logical container inside a subscription, for Azure resources to help you manage and organise them. Resource groups are also a scope for applying RBAC permissions. These resources are anything you create in an Azure subscription like virtual machines, Application Gateways, and CosmosDB instances. All resources must be in a resource group and a resource can only be a member of a single resource group. If you delete a resource group, all resources contained within are also deleted. Resource groups can’t be nested. Some best practices for deployment of resource groups include;

  • Consistent naming convention
  • Organise resource groups according to set principles (by type, by location, by department, by environment, etc.)
Azure Resource Groups

Azure Resource Groups

Tags: name/value pairs of text data that you can apply to resources and resource groups. Tags allow you to associate custom details about your resource. e.g. department, cost centre, environment, etc. A resource can have up to 15 tags. The name is limited to 512 characters for all types of resources (except storage accounts: limit of 128). The tag value is limited to 256 characters for all types of resources. Tags are not inherited from parent resources. Not all resource types support tags, and tags can’t be applied to classic resources.

You can use Azure Policy to automatically add or enforce tags for resources your organisation creates based on policy conditions that you define. For example, you could require that a value for the Department tag is entered when someone in your organisation creates a virtual network in a specific resource group.

Use policies to enforce standards

Azure Policy: a service you can use to create, assign, and manage policies. These policies apply and enforce rules that your resources need to follow. These policies can enforce these rules when resources are created, and can be evaluated against existing resources to give visibility into compliance. Examples of rules include; only allowing specific resources to be created in specific regions, enforcing naming conventions, enforcing specific tags.

Note: once you create a policy, you need to assign it to something (e.g. resource group) before it takes effect.

Resource Locks: a setting that can be applied to any resource to block modification or deletion. Resource locks can set to either Delete or Read-only. Delete will allow all operations against the resource but block the ability to delete it. Read-only will only allow read activities to be performed against it.  Resource locks can be applied to subscriptions, resource groups, and to individual resources, and are inherited when applied at higher levels. Resource locks apply regardless of RBAC permissions. Even if you are an owner of the resource, you must still remove the lock before you’ll actually be able to perform the blocked activity.

Predict costs and optimise spending for Azure

Azure has three main customer types;

  • Enterprise: sign an Enterprise Agreement and commit to spend a negotiated amount on Azure services. Have access to customised pricing
  • Web direct: general public prices for Azure resources, and their monthly billing and payments occur through the Azure website
  • Cloud Solution Provider: Microsoft partner companies that a customer hires to build solutions on top of Azure. Payment and billing for Azure usage occur through the customer’s CSP

When you provision an Azure resource, Azure creates one or more meter instances for that resource. The meters track the resources’ usage, and generate a usage record that is used to calculate your bill. At the end of each monthly billing cycle, the usage values will be charged to your payment method and the meters are reset.

Factors affecting cost;

  • Resource type
  • Services
  • Location
  • Azure billing zones (for data going out of Azure data centres) – 4 geographical zones exist presently

Azure Pricing Calculator: a free web-based tool that allows you to input Azure services and modify properties and options of the services. It outputs the costs per service and total cost for the full estimate. Cost estimates can be saved, shared (as URL) or exported as .xlsx

Azure Cost Management: free, built-in Azure tool that can be used to gain greater insights into where your cloud money is going. You can see historical breakdowns of what services you are spending your money on and how it is tracking against budgets that you have set. You can set budgets, schedule reports, and analyse your cost areas.

Cloudyn: a Microsoft subsidiary, allows you to track cloud usage and expenditures for your Azure resources and other cloud providers including Amazon Web Services and Google. Usage for Azure is free, and there are paid options for premium support and to view data from other clouds.

Total Cost of Ownership (TCO) calculator: a useful tool you can use to predict your cost savings if you are starting to migrate to the cloud.

Azure Advisor:  a free service built into Azure that provides recommendations on high availability, security, performance, and cost. Advisor analyses your deployed services and looks for ways to improve your environment across those four areas. Advisor makes cost recommendations in the following areas:

  • Reduce costs by eliminating unprovisioned Azure ExpressRoute circuits
  • Buy reserved instances to save money over pay-as-you-go
  • Right-size or shutdown underutilised virtual machines

Azure Credits: For Visual Studio subscribers to try out new services such as App Service, Windows 10 VMs, Azure SQL Server databases, Containers, Cognitive Services, Functions, Data Lake, and more without incurring any monetary costs. When you activate this benefit, you will own a separate Azure subscription under your account with a monthly credit balance that renews each month while you remain an active Visual Studio subscriber. Used for Dev/Test only and without any SLAs.

Spending Limits: to help prevent you from exhausting the credit on your account within each billing period. When your Azure usage results in charges that use all the included monthly credit, the services that you deployed are disabled and turned off for the rest of that billing period. Once a new billing period starts, assuming there are credits available, the resources are re-activated and deployed.

Reserved Instances: purchased in one-year or three-year terms, with payment required for the full term up front, but offering significant cost savings.

Azure Hybrid Benefit: gives customers the right to use their Windows Server licenses for virtual machines on Azure. To be eligible for this benefit, your Windows licenses must be covered by Software Assurance. Note: Standard Edition licenses can only be used once either on-prem or in Azure. Datacentre Edition licenses can be used both on-prem and in Azure concurrently. Azure Hybrid Benefit for SQL Server enables you to use your SQL Server licenses with active Software Assurance to pay a reduced rate.

The Enterprise Dev/Test and Pay-As-You-Go Dev/Test offers are a benefit you can take advantage of to save costs on your non-production environments. This benefit gives you several discounts, most notably for Windows workloads, eliminating license charges and only billing you at the Linux rate for virtual machines. This also applies to SQL Server and any other Microsoft software that is covered under a Visual Studio subscription (formerly known as MSDN). There are a few requirements for this benefit, one being that it’s only for non-production workloads, and another being that any users of these environments (excluding testers) must be covered under a Visual Studio subscription.