Use policies to enforce standards
Azure Policy: a service you can use to create, assign, and manage policies. These policies apply and enforce rules that your resources need to follow. These policies can enforce these rules when resources are created, and can be evaluated against existing resources to give visibility into compliance. Examples of rules include; only allowing specific resources to be created in specific regions, enforcing naming conventions, enforcing specific tags.
Note: once you create a policy, you need to assign it to something (e.g. resource group) before it takes effect.
Resource Locks: a setting that can be applied to any resource to block modification or deletion. Resource locks can set to either Delete or Read-only. Delete will allow all operations against the resource but block the ability to delete it. Read-only will only allow read activities to be performed against it. Resource locks can be applied to subscriptions, resource groups, and to individual resources, and are inherited when applied at higher levels. Resource locks apply regardless of RBAC permissions. Even if you are an owner of the resource, you must still remove the lock before you’ll actually be able to perform the blocked activity.
Predict costs and optimise spending for Azure
Azure has three main customer types;
- Enterprise: sign an Enterprise Agreement and commit to spend a negotiated amount on Azure services. Have access to customised pricing
- Web direct: general public prices for Azure resources, and their monthly billing and payments occur through the Azure website
- Cloud Solution Provider: Microsoft partner companies that a customer hires to build solutions on top of Azure. Payment and billing for Azure usage occur through the customer’s CSP
When you provision an Azure resource, Azure creates one or more meter instances for that resource. The meters track the resources’ usage, and generate a usage record that is used to calculate your bill. At the end of each monthly billing cycle, the usage values will be charged to your payment method and the meters are reset.
Factors affecting cost;
- Resource type
- Azure billing zones (for data going out of Azure data centres) – 4 geographical zones exist presently
Azure Pricing Calculator: a free web-based tool that allows you to input Azure services and modify properties and options of the services. It outputs the costs per service and total cost for the full estimate. Cost estimates can be saved, shared (as URL) or exported as .xlsx
Azure Cost Management: free, built-in Azure tool that can be used to gain greater insights into where your cloud money is going. You can see historical breakdowns of what services you are spending your money on and how it is tracking against budgets that you have set. You can set budgets, schedule reports, and analyse your cost areas.
Cloudyn: a Microsoft subsidiary, allows you to track cloud usage and expenditures for your Azure resources and other cloud providers including Amazon Web Services and Google. Usage for Azure is free, and there are paid options for premium support and to view data from other clouds.
Total Cost of Ownership (TCO) calculator: a useful tool you can use to predict your cost savings if you are starting to migrate to the cloud.
Azure Advisor: a free service built into Azure that provides recommendations on high availability, security, performance, and cost. Advisor analyses your deployed services and looks for ways to improve your environment across those four areas. Advisor makes cost recommendations in the following areas:
- Reduce costs by eliminating unprovisioned Azure ExpressRoute circuits
- Buy reserved instances to save money over pay-as-you-go
- Right-size or shutdown underutilised virtual machines
Azure Credits: For Visual Studio subscribers to try out new services such as App Service, Windows 10 VMs, Azure SQL Server databases, Containers, Cognitive Services, Functions, Data Lake, and more without incurring any monetary costs. When you activate this benefit, you will own a separate Azure subscription under your account with a monthly credit balance that renews each month while you remain an active Visual Studio subscriber. Used for Dev/Test only and without any SLAs.
Spending Limits: to help prevent you from exhausting the credit on your account within each billing period. When your Azure usage results in charges that use all the included monthly credit, the services that you deployed are disabled and turned off for the rest of that billing period. Once a new billing period starts, assuming there are credits available, the resources are re-activated and deployed.
Reserved Instances: purchased in one-year or three-year terms, with payment required for the full term up front, but offering significant cost savings.
Azure Hybrid Benefit: gives customers the right to use their Windows Server licenses for virtual machines on Azure. To be eligible for this benefit, your Windows licenses must be covered by Software Assurance. Note: Standard Edition licenses can only be used once either on-prem or in Azure. Datacentre Edition licenses can be used both on-prem and in Azure concurrently. Azure Hybrid Benefit for SQL Server enables you to use your SQL Server licenses with active Software Assurance to pay a reduced rate.
The Enterprise Dev/Test and Pay-As-You-Go Dev/Test offers are a benefit you can take advantage of to save costs on your non-production environments. This benefit gives you several discounts, most notably for Windows workloads, eliminating license charges and only billing you at the Linux rate for virtual machines. This also applies to SQL Server and any other Microsoft software that is covered under a Visual Studio subscription (formerly known as MSDN). There are a few requirements for this benefit, one being that it’s only for non-production workloads, and another being that any users of these environments (excluding testers) must be covered under a Visual Studio subscription.