The dawn of cloud computing brought unprecedented scalability and flexibility to businesses, but it also introduced a new layer of complexity in cost management with around 30% of cloud waste due to the use of old operating models and a lack of cost optimization strategies. Robust cost management strategies are vital to fully leverage the cloud's potential without draining resources.
A crucial part of this strategy involves organizing and understanding your cloud resources.
"You can't control what you can't measure." - Peter Drucker
This statement rings true when managing cloud expenditures. To optimize cloud spending, we must first gain visibility into our costs, which demands efficient cost-tracking capabilities. These capabilities can only be realized when we have a comprehensive understanding of our resources—who deployed them, who owns them, which project or app is using them, and more. They also need to be methodically organized and labeled within an organizational context.
Today we will explore how to optimize cloud costs using Azure's resource organization tools, including Azure's hierarchical constructs such as management groups, subscriptions, and resource groups. We learn how these tools help structure resources logically and consistently, while exploring Azure's tagging capabilities, which provide the flexibility to associate business context with resources and their respective costs.
This journey of cost optimization does not end with mere organization and tagging. Understanding usage patterns, identifying anomalies, implementing cost accountability measures, and enforcing cost controls are all integral parts of a comprehensive cost management strategy. These important measures can only be achieved through a well-thought-out, consistent, and standardized resource hierarchy and tagging strategy.
However, the cloud cost puzzle has more pieces to it. Some resources like networking, security, databases, and applications may be shared across multiple projects or business units. So how do we attribute their costs accurately? Stay tuned as we navigate the maze of shared costs, and learn how to allocate them effectively and optimize your Azure cloud spending and reduce wastage.
TABLE OF CONTENTS
Understanding Azure's Hierarchical Constructs
Like many expansive platforms, Microsoft offers hierarchical constructs which function as logical containers. These enable organizations to securely hold, manage, and organize their Azure resources. Importantly, this hierarchy provides the capability to track costs at various levels. The importance of proper resource organization cannot be overstated. It lays the foundation for cost visibility—a critical prerequisite for understanding, and consequently optimizing, our costs.
Microsoft provides multiple options for using these constructs, catering to a wide variety of business and IT structures. Azure has four levels of resource management within a Tenant:
1. Management Group
2. Subscriptions
3. Resource Groups
4. Resources
Let's dissect this hierarchy from the bottom up:
Resources: These are instances of services you create, encompassing everything from a virtual machine, a storage volume, to a SQL database.
Resource Groups: Serve to logically group related Azure resources for unified management. For instance, if a server, a storage volume, and a database are all used by a specific application, they might be housed together in a single Resource Group.
Subscriptions: One step above Resource Groups, subscriptions are larger containers that can hold multiple Resource Groups along with their associated resources for coordinated management.
Management Groups: As the apex of the hierarchy (below the Tenant), Management Groups are containers that can organize multiple Subscriptions. They are especially beneficial for larger Azure environments.
It's crucial to understand that every Resource must belong to a Resource Group, every Resource Group must be contained in a Subscription, and Subscriptions can be systematically organized into Management Groups. The size and complexity of your organization directly influence the extent to which you employ these constructs.
Leveraging Hierarchical Constructs for Governance and Cost Management
Hierarchical constructs such as Management Groups, Subscriptions, and Resource Groups in Azure not only facilitate organization and administration, but they also play a pivotal role in cost management and the implementation of governance policies.
One key concept to grasp in this hierarchical system is 'Inheritance'. Settings applied at higher-level structures flow down to lower-level containers, much like how a waterfall cascades down from its source. For example, crucial, global-level settings can be applied at the Management Group level, and these would trickle down to the Subscriptions, Resource Groups, and Resources below. This allows for a top-down governance approach. However, for more granular control, specific project or application settings can be applied at a lower level—like a Subscription or a Resource Group—impacting only the resources within that specific container.
Let's explore a practical example of how we might organize resources in Azure:
Management Groups: These allow you to organize subscriptions hierarchically. For instance, you could establish a Management Group hierarchy based on business units - HR, Finance, Engineering, and so forth, each having its own Management Group.
Subscriptions: Within each Management Group, you might allocate a Subscription to each team or department for production and another for dev/test workloads. For example, within HR, the Talent Acquisition team might have a separate Subscription for production and dev/test environments.
Resource Groups: Further, within the Subscriptions, you could create Resource Groups to manage each application or subsystem. Thus, within the Talent Acquisition production Subscription, you might have separate Resource Groups for different applications.
This setup not only enables policy application and access control at various levels but, crucially for cost management, provides a mechanism to filter and group costs as per our specific needs.
Resource management structure organization can vary greatly and depends on numerous factors such as the nature of your business, your IT Operating Model, the degree of autonomy of your divisions and teams, among others. Common groupings often incorporated into hierarchies include Division, Business Unit, Function, Application, Environment, and Geography.
The Azure Cloud Adoption Framework offers excellent guidance on why and how to organize these containers and resources. This framework provides detailed insights on Overview, Management Groups, and Subscriptions, all crucial elements of effective Azure resource organization.
Harnessing Multiple Subscriptions for Scalability and Effective Cost Management
As we delve into the realms of managing and optimizing costs, we encounter a wide array of variables - multiple services, diverse resources, disparate departments and divisions, unique projects, various cost centers, ownership differences, geographical location, and varying applications. This is where the role of management constructs or containers in cost management becomes paramount.
They bring order to this chaotic variety, helping us make sense of these different dimensions in the context of your business or organization. Once these structures are set up and populated with resources, we can filter by aspects like applications, departments, projects, divisions, and geographies, making cost management more streamlined and contextual.
The cost management data provided by Azure as part of billing and usage data will be intrinsically linked to these management structures. Our cost viewing and analysis tools will be tied to these containers, making cost management a more simplified process. How we set up these constructs will determine whether managing costs on an ongoing basis will be easier or more complicated.
While Azure provides numerous options to cater to a wide variety of organizations, it's important to note that there is no one-size-fits-all approach to organizing these constructs. The goal should be to establish a robust architectural strategy that factors in each of the management levels and the settings that can be applied at each level. Even Microsoft, a colossal organization with hundreds of thousands of employees, employs these constructs to organize their internal IT systems. This allows them to balance between governance and control and the agility needed by their development teams. Having standards and consistency in your model is crucial. Absence of these can make access control enforcement, policy implementation, cost understanding, resource finding, and management overly complex, especially as we scale the environment.
Another essential factor to consider is the naming convention for these constructs. Consistency in naming is pivotal for efficient management and maintenance of your resources. Microsoft provides best practices for naming conventions, and I highly recommend reviewing these and implementing a standardized naming convention.
Remember, it's best to define your resource management hierarchy and tagging strategy simultaneously, as the usage of one will likely influence the other.
Understanding the Importance of Tags in Azure Cost Management
Tags are an indispensable component that underpin many tools, processes, strategies, and tactical measures that enable effective cost management in Azure. In essence, a robust, standardized, and strictly enforced tagging strategy empowers us to address critical questions, such as:
What's the cumulative cost of Application X in our environment?
What's our projected spending for Product Y in March?
What was the Finance division's total cloud expenditure in 2023?
Which project is responsible for the surge in my storage costs?
What are the most expensive cloud services we utilize, so we can prioritize them for cost optimization?
Beyond providing answers to these questions, tags facilitate responsible and accountable spending in the cloud. They offer meaningful units of measurement that cloud providers can't offer on their own. While cloud providers furnish us with the framework, it's up to us to utilize it in a manner that suits our requirements.
Introduction to Tags
Much like the management hierarchy, tags are an instrumental mechanism that assist you in organizing and managing your Azure resources.
In its simplest form, a tag is a label that you assign to a resource.
Tags can be applied to almost any resource in Azure, offering flexibility that extends beyond the scope of subscriptions, resource groups, and management groups. With tags, you can filter or group resources irrespective of their location in the management hierarchy.
Defining Tags
Tags embody simple key/value pairs or name/value pairs. Essentially, they form a link between two elements. For example, Color=Red or Fruit=Banana. Both the key and value are decided by you, based on what fits your organization's needs.
Content of Tags
Your tags should incorporate context about the resource's corresponding application, operational requirements, ownership details, and other significant attributes or properties that can assist you when you need to group resources together, filter them for reporting, or take actions against a specific set of resources. For cost management purposes, we use tags to relate the cost of resources with a context that's essential for our business and operations. Tags facilitate reporting and visualizations, and enable processes like Showback and Chargeback.
Utilization of Tags
Tags are commonly used for classifying workloads, documenting business criticality, defining the business unit that utilizes the resource, denoting the IT team that supports the workload, associating the workload with a cost center, and linking the workload with an environment. Each resource can have up to 50 tags.
Tags for Cost Management
From a cost management perspective, the following types of tags are typically beneficial:
Cost Center or Profit Center
Application Name or Workload Name
Owner Information
Business Unit that utilizes the application
Product that's using the resource
These tags not only provide detailed visibility into resource consumption but also empower organizations to strategize and optimize their Azure costs effectively.
Harmonizing Tags and Resource Hierarchies
Tags and Azure Resource Hierarchies are two important mechanisms that you should leverage to contextualize Azure resources as per your business needs. For instance, if it's crucial for your business to understand the total cost per application, you should either organize your Resource Groups or Subscriptions by application or tag Resources accordingly.
Although having optional tags is fine, you should maintain a universal, core set of tags applied to every Azure resource. Maintaining such a standardized set of tags may seem overwhelming at first, but it is fundamental for efficiently managing the Azure platform at scale. Various tools can aid you in this process, making tagging manageable even at a large scale.
Consider the structure of your Azure environment, from highest to lowest:
Tenant
Management Groups
Subscriptions
Resource Groups
Resources
The quantity of these elements can vary, but a mid to large size organization might typically have 1-2 tenants, 10-20 management groups, 20-100 subscriptions, 100-500 resource groups, and 10,000-100,000 resources.
Applying tags at the tenant or management group level may not provide enough differentiation. Applying them at the resource level would turn into an administratively burdensome task due to the sheer number of resources. A balanced approach may be to apply most tags at the Resource Group or Subscription level and enforce a policy that requires all Resources to inherit tags from their associated Resource Group / Subscription. This strategy strikes a balance between the need for diverse tagging and the practical limitations of tag management.
Enforcing and Maintaining Tagging Strategies
Policies can aid in enforcing tags, and Microsoft provides out-of-the-box policy definitions to ensure tag compliance. For example, you could use the "inherit tag from RG or Sub" policy to apply tags at the RG or Sub level and propagate them to everything beneath in the hierarchy.
Certain principles should guide your tagging strategy, regardless of your organization's structure:
Standardization: Apply consistent, mandatory tags with consistent values, case, and scope across all resources.
Enforcement: Wherever possible, enforce your tagging strategy. Incorporate it into policies, Infrastructure As Code, and pipelines.
Audit: Regularly audit tags that you can't enforce.
Maintenance: As inevitable changes occur in the organization—such as shifts in cost centers, owner changes—you should update tags to reflect these alterations.
A well-thought-out, consistent, standardized, and enforced tagging strategy is foundational to organizing resources in Azure. Organized resources enable cost aggregation and viewing from dimensions that facilitate understanding, estimating, and forecasting costs, thereby enabling responsible cloud financial management.
Managing Shared Costs
Every company deals with shared IT costs that aren't clearly linked with a specific business area. Attributing these shared cloud resources to specific business owners or cost centers accurately and fairly can be challenging. One of the top obstacles in performing Showback or Chargeback in an organization is deciphering these shared costs. It's essential to consider the types of shared costs we typically come across and identify several solutions to distribute these costs across consumers or owners.
While constructs like Tags, Management Groups, Subscriptions, and Resource Groups aid in isolating and classifying resources, some applications and services introduce added complexity that requires special attention.
Types of Shared Costs and Solutions in Azure
In cloud environments, we encounter two primary types of shared costs:
Infrastructure Layer: This includes elements like Express Route circuits that connect your on-premise environment to the cloud, egress bandwidth charges for data migration out of Azure VNets, centralized security components like firewalls, intrusion detection systems, and monitoring and logging tools. These components are tagged and billed as single entities but are utilized by almost every workload in the cloud. The challenge here is how to tag them when they're used by dozens or even hundreds of applications.
Application Layer: This includes shared applications like Business Intelligence tools, back-office applications, and systems used by multiple departments. The issue here is how to attribute these costs to the numerous products, projects, owners, or cost centers that rely on them.
Shared Cost Allocation Solutions
There are fundamentally two ways to solve this:
Central IT Cost Center: The simplest solution is to continue to expense shared costs against a central IT cost center. This may be a feasible option during the early stages of cost management maturity. You can still implement valuable Showback & Chargeback steps without having all shared cost allocations figured out.
People, Process, & Technology Combination: The other option is to identify appropriate allocations for shared costs and attribute them accordingly using a mix of human resources, processes, and technology.
Maturity Path for Shared Cost Allocation
Balancing the benefits of each shared cost allocation approach with the effort it takes to allocate the costs, a common maturity path could be:
Central Charge: Initially, charge the central IT team that manages the application or infrastructure. Keep it as a centrally charged case that doesn’t get distributed across business areas.
Flat Rate Allocation: This method distributes costs equally to all consumers, regardless of their usage. While it's simple, it may not be fair to consumers who use fewer resources.
Azure Cost Allocation Rules: Azure offers programmatic methods for marking shared costs and dividing them based on a predefined allocation rule of your choosing. This helps in reallocating the cost of shared services back to the associated departments or business units.
Third-party Tools: Several vendors offer solutions for shared cloud cost allocation. If allocating shared costs is vital for your business, consider investigating these options.
Custom Solution: Create a custom solution based on the usage of shared resources by each major consumer, measuring against meaningful consumption metrics. This is the most fair and equitable solution but can be complex to implement.
Shared cloud costs are an inevitable part of allocating the full cloud cost bill across consumers. The best cost allocation method depends on your organization's specific needs, including the type of shared application or infrastructure, the number of consumers, and the accuracy and timeliness of cost data. A phased maturity path is recommended, starting simply and maturing into more robust designs as you grow your showback and chargeback models and gain better understanding of your shared applications' usage metrics. Regularly review and adjust your cost allocation plan as needed.
Effective management of shared costs in Azure is crucial for maintaining visibility and control over your cloud spending. Different types of shared costs, whether at the infrastructure or application layer, pose unique challenges that require thoughtful solutions. There's no one-size-fits-all approach, as your strategy will depend on factors such as your organization's size, the complexity of your infrastructure, and your cost management maturity level.
Remember that this is a journey, and the goal is to incrementally improve your shared cost management over time, learning from your experiences and continually refining your approach. Keep in mind that regular reviews and adjustments are vital to ensure your cost allocation plan remains effective and aligned with your organization's evolving needs.
Ultimately, an effective shared cost management strategy will help your organization accurately allocate costs, fostering responsible cloud financial management and ensuring your Azure environment continues to deliver value to your business.
Interested in the future of cloud spending and yearning to master your Azure cloud expenditure? Join us for our new course! "Azure FinOps Masterclass: Ultimate Cloud Cost Savings Blueprint." This all-encompassing guide empowers you with practical strategies and insights to smartly manage your Azure costs while maintaining robust performance. Get it now at a special launch discount, and kickstart your journey towards a cost-efficient cloud future. We look forward to seeing you there!
Comments