Posts Tags Categories

Contents

AZ-900 [8] - Cost Management, Governance and Compliance In Azure

Kalyan Mudumby included in AZ-900 Azure Fundamentals
   736 words   4 minutes 
/az-900-08-cost-management-governance-and-complaince-in-azure/featured-image.png

Cost Management

Different services are billed based on different factors, not every service is billed the same, i.e VMs are billed on time, Storage is billed on the storage used.

Free Services

Here are some services which are always free, user charges are $0

  • Resource Groups
  • Virtual Networks (up to 50)
  • Load Balancer (basic)
  • Azure Active Directory (basic)
  • Network Security Groups
  • Free Tier Web Apps (up to 10)
  • Inbound Data is always free

The rest of the services are charged based on a specific metric, like time and storage. Services that offer a pay-per-usage model/ consumption model only charge us for the resources used. Azure Functions is a great example of this

  • 1 Million executions free per-month
  • $0.20 per million executions (1 dollar for extra 5 million executions) whereas the cheapest virtual machine is $20 per month

Pay-per-usage services

  • Functions
  • Logic Apps
  • Storage (pay per GB)
  • Outbound bandwidth
  • Cognitive Services API

Pay-per-time bills us up to the second, meaning the billing stops when the VM is stopped. This means that the billing can vary based on usage, which is adding a variable to the final pricing. Sometimes we would like to have stability in the billing, if this is our requirement, then we can go for Capacity-Reservation where we pay a fixed price per month for computing power or storage capacity regardless of our usage, we also get deep discounts if we reserve the capacity for a long period like 1 or 3 years, multi-tenant or an isolated environment are also some of the options provided.

Bandwidth pricing varies per region, and differs as we choose the regions and availability zones, which is why moving data out from a cloud provider is an expensive process, as our data storage needs increase, we become more dependent on our cloud provider.

Pricing Calculator

It is very hard to get 100% accurate pricing using the tool, so we often have to make educated guesses to estimate the final bill, here are our configurable options for the services on Azure

  • Region
  • Tier
  • Subscription Type
  • Support Options
  • Dev/Test Pricing

At the end of the estimate, we can export and share the final estimates with our team.

The cost of the server is not just the cost of the hardware but also the other costs that are necessary to keep the server functional such as

  • Electricity
  • Cooling
  • Internet Connectivity
  • Rack Space/real-estate
  • Setup Labor
  • Maintenance Labor
  • Backup

Azure also offers another free tool to track our prices, set budgets, set alerts, and automate our resource usage, we can also have it send us reports of usage to our email automatically.

Resource Tags are a way we can add metadata to our resources, like a project, billing subscription, and support, they can be used in billing estimates like getting all usage costs by a certain resource tag.

Total Cost of Ownership

Azure provides a different calculator to calculate the savings/losses that we inccur when we move to Azure Cloud. It compares the current on-prem cost and compares it to Azure Cloud over 5 years. It helps in our study if moving to the cloud is an economical option.

Governance and Compliance

Many companies follow a certain set of rules that has to followed by everyone and enforced within the organization. We can use Azure tools to automate and enforce the rules(or simply audit for compliance), some of the tools are

  • Azure Blueprints
  • Azure Policy
  • Resource Locks
  • Service Trust Portal

Azure Blueprints

Azure Blueprints is a way we create these policies and enforce them across a subscription. It’s a template for a subscription with roles and policies already defined.

Azure Policy

Azure policy allows us to programmatically define rules eg. all VMs should have a backup, azure regularly checks all resources to make sure that all the rules comply. There are a lot of built-in policies over 1000 policies. Some of them are

  • Require SQL Server X.Y
  • Allowed Locations
  • Allowed VM SKUs
  • Apply a resource tag with a default value

We can create our custom policies using the JSON definition

Resource Locks

Resource locks - the concept of adding a particular restriction to a resource that could be like marking a resource as read-only, which means that the resource cannot be modified or deleted, another lock is the delete lock which means that the resource can be modified, but cannot be deleted, we can also use RBAC to restrict who can access and modify locks

Updated on 2023-03-15
 CloudAzureAZ - 900
Back | Home