1-888-317-7920 info@2ndwatch.com

Managing Azure Cloud Governance with Resource Policies

I love an all you can eat buffet. One can get a ton of value from a lot to choose from, and you can eat as much as you want or not, for a fixed price.

In the same regards, I love the freedom and vast array of technologies that the cloud allows you. A technological all you can eat buffet, if you will. However, there is no fixed price when it comes to the cloud. You pay for every resource! And as you can imagine, it can become quite costly if you are not mindful.

So, how do organizations govern and ensure that their cloud spend is managed efficiently? Well, in Microsoft’s Azure cloud you can mitigate this issue using Azure resource policies.

Azure resource policies allow you to define what, where or how resources are provisioned, thus allowing an organization to set restrictions and enable some granular control over their cloud spend.

Azure resource policies allow an organization to control things like:

  • Where resources are deployed – Azure has more than 20 regions all over the world. Resource policies can dictate what regions their deployments should remain within.
  • Virtual Machine SKUs – Resource policies can define only the VM sizes that the organization allows.
  • Azure resources – Resource policies can define the specific resources that are within an organization’s supportable technologies and restrict others that are outside the standards. For instance, your organization supports SQL and Oracle databases but not Cosmos or MySQL, resource policies can enforce these standards.
  • OS types – Resource policies can define which OS flavors and versions are deployable in an organization’s environment. No longer support Windows Server 2008, or want to limit the Linux distros to a small handful? Resource policies can assist.

Azure resource policies are applied at the resource group or the subscription level. This allows granular control of the policy assignments. For instance, in a non-prod subscription you may want to allow non-standard and non-supported resources to allow the development teams the ability to test and vet new technologies, without hampering innovation. But in a production environment standards and supportability are of the utmost importance, and deployments should be highly controlled. Policies can also be excluded from a scope. For instance, an application that requires a non-standard resource can be excluded at the resource level from the subscription policy to allow the exception.

A number of pre-defined Azure resource policies are available for your use, including:

  • Allowed locations – Used to enforce geo-location requirements by restricting which regions resources can be deployed in.
  • Allowed virtual machine SKUs – Restricts the virtual machines sizes/ SKUs that can be deployed to a predefined set of SKUs. Useful for controlling costs of virtual machine resources.
  • Enforce tag and its value – Requires resources to be tagged. This is useful for tracking resource costs for purposes of department chargebacks.
  • Not allowed resource types – Identifies resource types that cannot be deployed. For example, you may want to prevent a costly HDInsight cluster deployment if you know your group would never need it.

Azure also allows custom resource policies when you need some restriction not defined in a custom policy. A policy definition is described using JSON and includes a policy rule.

This JSON example denies a storage account from being created without blob encryption being enabled:

{
 
"if": {
 
"allOf": [
 
{
 
"field": "type",
 
"equals": "Microsoft.Storage/ storageAccounts"
 
},
 
{
 
"field": "Microsoft.Storage/ storageAccounts/ enableBlobEncryption",
 
"equals": "false"
 
}
 
]
 
},
 
"then": { "effect": "deny"
 
}
 
}

The use of Azure Resource Policies can go a long way in assisting you to ensure that your organization’s Azure deployments meet your governance and compliance goals. For more information on Azure Resource Policies visit https://docs.microsoft.com/en-us/azure/azure-policy/azure-policy-introduction.

For help in getting started with Azure resource policies, contact us.

-David Muxo, Sr Cloud Consultant

Facebooktwittergoogle_pluslinkedinmailrss

2W Insight Cloud Cost Accounting Tool: New Features

Enabling enterprises to accurately distribute cloud expenses to their unique cost reporting structure

Accurate distribution of cloud costs among business units, applications, projects etc. according to accepted accounting practices is one of the grea challenges facing enterprise IT Managers and Financial Accountants today. 2W Insight 7.0 simplifies cloud cost accounting by enabling enterprises to create an organizational hierarchy of cost centers aligned to their reporting structure, where resources are assigned, budgets are managed and financial reports are published.

Organizational Hierarchy

2W Insight 7.0 enables enterprises to create a multi-level organizational structure of cost centers tailored to their financial reporting requirements. Users create cost centers for each project, applications, workload etc., then map them to the financial reporting structure. Once the cost centers and structure are established, users assign cloud resources (including reserved instances) to the cost centers where the costs are incurred.  2W Insight applies AWS pricing rules to the usage within each cost center.  As you move up the hierarchy of cost centers, 2W Insight combines the usage from the linked (lower level) cost centers and re-applies the AWS pricing rules to the combined usage ensuring pricing is accurate, earned tier discounts are applied and reserved instances savings are optimized.

Example Organizational Reporting Structure:

Insight 7.0
Assigning Resources to Cost Centers

2W Insight 7.0 enables enterprises to deploy various strategies when assigning resources to cost centers. Enterprises that have implemented a strategy where each workload is placed in a separate AWS account can assign an account to a cost center.  When assigned, all usage/cost in the AWS account will be included in the cost center.  For enterprises that have implemented a strategy where a single AWS account includes multiple workloads, 2W Insight enables user to filter the resources in one or multiple accounts (by tag, attribute etc.) to locate and assign resources to cost centers. Once assigned, a rule can be added to automatically assign new resources that meet the filter criteria into the cost center. This provides strict governance and control of the resource assignments and provides accurate financial reporting.  It also ensures that the elastic nature of the cloud (resources coming and going based on demand) are aligned to the enterprises cloud cost accounting policies.

Budget Management and Alerting

Once the organizational structure is created and resources have been assigned to cost centers, it is important to manage the budget for each cost center.  2W Insight allow users to set budgets for each cost center and receive notifications when budgets are at risk.  Users can receive alerts if a single day’s usage exceeds a set daily budget threshold (e.g. if a single days cost is 120% of the daily budget), when the MTD cost exceeds a set monthly budget threshold (e.g. if the month-to-date usage reaches 100% of the monthly budget) or when the month-to-date cost exceeds a set month-to-date budget threshold (MTD cost exceeds MTD budget by 10%). Budget management and alerting ensures you know in advance if your costs are at risk of exceeding budget.

Showback reports

2W Insight comes standard with month-end reports for each of your cost centers.  These “Showback” reports detail the costs associated with each of your cost centers by AWS product, and users can be set up to receive the reports at the end of each month. Once users begin receiving these reports, they become more aware and therefore more responsible for their AWS spend.

2W Insight Cloud Cost Accounting tool is provided at no charge to all of our Managed Cloud Services customers. To receive a demonstration of its capabilities and how 2nd Watch helps our clients manage the complexity of the public cloud, please contact us at insight.support@2ndwatch.com.

-Tim Hill, Product/Program Manager

Facebooktwittergoogle_pluslinkedinmailrss

Cloud Cost Complexity: Bringing the unknown unknowns to light

When first speaking to mid-size and large enterprises considering embracing the Amazon Web Services (AWS) cloud, the same themes come up consistently.  Sometimes it comes out explicitly and sometimes it is just implied, but one item that nearly all are apprehensive about is their discomfort with “unknown unknowns” (the stuff you don’t even know that you don’t know). They recognize that AWS represents a paradigm shift in how IT services are provisioned, operated, and paid for, but they don’t know where that shift might trip them up or where it will create gaps in their existing processes.  This is a great reason to work with an AWS Premier Partner, but that is a story for another day.

Let’s talk about one of the truly unknown unknowns – AWS Cost Accounting.  The pricing for Amazon Web Services is incredibly transparent.  The price for each service is clearly labeled online and publicly available.  Amazon’s list prices are the same for all customers, and the only discounts come in the form of volume discounts based on usage, or Reserved Instances (RIs).  So if all of this is so transparent, how can this be an unknown unknown?  The devil is in the details.

The scenario nearly always plays out the same way.  An enterprise starts by dipping a toe into the AWS waters.  It starts with one account, then two or three. Six months later they have 10 or 20 AWS accounts.  This is a good thing. AWS is designed to be easy to consume – Nothing more than a credit card is required to get started.  The challenge comes when your organization moves to consolidated invoice billing.  Your organization may be doing this because you want central procurement to manage the payments, you want to pool your volume for discounts, or it may be as simple as wanting it off your credit card. Either way, you now have an AWS bill that might not be what was expected (the unknown unknown).

If you have ever seen an AWS bill, you know they contain a phenomenal amount of useful information.  Amazon provides a spreadsheet monthly with every line item that was billed for the period with amazing detail and precision.  The down side of this wealth of information is that once you start accumulating several AWS accounts on the same consolidated bill, the bill becomes exponentially more difficult to rationalize and track your costs.

In contrast to the unknown unknown, the ability to accurately attribute per-workload costs is one of AWS’ best features and a strong attractor to AWS.  For many organizations, the ability to provide showback or chargeback bills to business units is extraordinarily valuable.  Once a business unit can see the direct costs of their IT resources they can make more informed business decisions.  It is amazing how often HA and DR requirements get adjusted when a business unit can calculate the cost / benefit of each option.

Along with the apprehension of unknown unknowns, many organizations are both excited and a little scared of going to a truly variable cost model.  They are used to knowing what their costs are (even if they are over provisioned).  The idea that they won’t know what the workload will cost until it is up and running on AWS can be a scary one.  This fear can be flipped into a virtue – try it!  Run a quick POC and the workload for performance, cost etc.  See if it works for your use case.  If it does, great; if not, it didn’t cost much to find out.

Managing your costs in AWS means more than just deciphering your bill this month.  It also means the ability to track historical spend by service and interpret the results.  Business units need to understand why their portion of the bill is going up or down and what is driving the change.

The solution to the cost accounting challenge is to use a cost accounting tool specific to AWS.  As Amazon is quick to point out, the pricing model, while transparent, is also fluid.  They have dropped pricing on various services more than 50 times in the last few years.  To effectively manage AWS costs, users want a comprehensive solution that can take a consolidated bill and make it easy to generate real insights.  Most on-premise or co-located solutions cannot match the granularity and accuracy of AWS with a properly implemented cost accounting tool.  With the right tool you can take one of the unknown unknowns and make it a powerful advantage for your journey to the public cloud!

2nd Watch offers software and services that simplify your cloud billing as part of our Managed Billing solution.  This solution expands upon our industry-leading cloud accounting platform with a trained concierge to help facilitate billing questions, making analyzing, budgeting, tracking, forecasting and invoicing the cost of the public cloud easier. Our Managed Billing Service lets you accurately allocate deployment expenses to your financial reporting structure and provides business insights through detailed usage analytics and budget reporting. We offer these services for free to our Managed Services customers.  Find out more at www.2ndwatch.com/Managed-Cloud.

-By Marc Kagan, Managed Cloud Specialist

Facebooktwittergoogle_pluslinkedinmailrss

Cloud Cost Optimization with AWS

AWS regularly cuts customer cost by reducing the price of their services.  This happened most recently with the price reduction of C4, M4 and R3 instances.  These instances saw a 5% price cut when running on Linux.  This was their 51st price reduction.  Customers are clearly benefiting from the scale that AWS can bring to the market.  Spot Instances and Reserved Instances are another way customers can significantly reduce the cost to run their workloads in the cloud.

Sometimes these cost savings are not as obvious, but they need to be understood and measured when doing a TCO calculation.  AWS recently announced Certificate Manager.  Certificate Manager allows you to request new SSL/TLS certificates and then manage them with automated renewals.  The best part is that the service is free!  Many vendors charge hundreds of dollars for new certificates, and AWS is now offering it for free.  The automated renewal could also save you time and money while preventing costly outages.  Just ask the folks over at Microsoft how costly a certificate expiring can be.

Another way AWS reduces the cost to manage workloads is by offering new features in an existing service.  S3 Standard – Infrequent Access is an example of this.  AWS offered the same eleven 9s of durability while reducing availability from four 9s to three.  Customers who are comfortable going from 52 minutes of downtime a year to 8.5 hours of downtime per year for objects that don’t need the same level of availability can save well over 50%, even at the highest usage levels.  When you add features like encryption, versioning, cross-region replications and others, you start to see the true value.  Building and configuring these features yourself in a private cloud or in your own infrastructure can be costly add-ons.  AWS often offers these add-ons for free or only charges for the associated use, like the storage cost for cross-region replication.

Look beyond CPUs, memory, and bytes on disk when calculating the savings you will get with a move to AWS.  Explore the features and services you cannot offer your business from within your own datacenter or colocation facility.  Find a partner like 2nd Watch to help you manage and optimize your cloud infrastructure for long-term savings.

-Chris Nolan, Director of Product

Facebooktwittergoogle_pluslinkedinmailrss

Introducing the Scheduled Reserved Instance

Amazon Web Services will continue to lower its prices for IaaS (Infrastructure as a Service) and PaaS (Platforms as a Service) for a number of different reasons. But that doesn’t mean that your public cloud costs will go down over time. Over the past 2 years I’ve seen SMB’s and Enterprise firms surprised by rising cloud costs despite the falling rates. How does this happen? And how can your business get ahead of the problem?

Let’s examine how AWS can lower its rates over and over again.

First is the concept of capacity planning, which is much different in the public cloud when compared to the traditional days of voice and data infrastructure. In the “ole days” we used the 40-60-80 rule. Due to the lengthy lead times to order circuits, rack equipment, run cables and go-live, enterprise IT organizations used 40-60-80 as triggers for when to act on new capacity building activities. At 40% utilization, the business would begin planning for capacity expansion. At 60% utilization, new capacity would be ordered. At 80% utilization, the new capacity would be turned up and ready for go-live. All this time, IT planners would run around from Business Unit to Business Unit trying to gather their usage forecasts and growth plans for the next 12-24 months. It was a never ending cycle. Wow – that was exhausting!

Second is the well-known concept of Economies of Scale, which affords AWS cost advantages due to the sheer size, scale and output of its operations globally. Simply put, more customers will lead to more usage, and Amazon’s fixed costs will be spread over more customers. As a result, the cost per unit (EC2 usage hour, Mbps of Data Transfer, or Gigabyte of S3 storage) will decrease. A lower cost per unit allows Amazon to safely lower its prices and lead the market in public cloud adoption.

In the public cloud world, Amazon can gauge customer commitment, capacity planning and growth estimates by offering reservations for its infrastructure – otherwise known as Reserved Instances. Historically Reserved Instances come in six different types – No Upfront, Partial Upfront and Full Upfront (referring to the initial down payment amount) and offered in a 1-year or 3-year commitment. No Upfront RI’s have the lowest discount factor over the commitment term, and Full Upfront RI’s have the highest discount factor. With the help of Reserved Instances, AWS has been able to plan its capacity in each region by offering customers a discount for their extended commitment. Genius!

But it gets better. In January, AWS released a new type of Reserved Instance that gives the customer more time control and also provides Amazon with more insight into what time of day the AWS resource will be used. Why is this new “Scheduled Reserved Instance” important?

Well, a traditional RI is most effective when the instance runs all day and all year. There is a breakeven point for each RI type, but for simplicity let’s assume that the resource should be always-on to achieve the maximum savings.

However a Scheduled Reserved Instance allows the customer to designate which hours of which day the resource will run. Common use cases include month-end reporting, daily financial risk calculations, nightly genome sequencing, or any regularly scheduled batch job.

Before the Scheduled RI, the customer had 3 options – (1) run the compute on-demand and pay the highest price, (2) reserve the compute with a Standard RI and waste the time when the job’s not running (known as spoilage), or (3) try to run it on Spot Instances and hope their bid is met with available capacity. Now there’s a fourth option – The Scheduled Reserved Instance. Savings are lower, typically in the 5-10% range compared to on-demand rates, but the customer has incredible flexibility in scheduling hours and recurrence. Oh yeah – and did I mention that AWS can now sell even more excess capacity at a discount?

With so many options available to AWS customers, it’s important to find an AWS Premier Partner that can analyze each cloud workload and recommend the right mix of cost-reducing techniques. Whether the application usage pattern is steady state, spiky predictable, or uncertain-unpredictable, there is a combination of AWS solutions designed to save money and still maintain performance. Contact 2nd Watch today to learn more about Cloud Cost Optimization Reports.

-Zach Bonugli, Managed Cloud Specialist

Facebooktwittergoogle_pluslinkedinmailrss

Simplified Cloud Billing

Cloud billing is often complex and one-dimensional, and allocating costs across your organization – to the right departments and projects – can be difficult and time-consuming. With over 28,000 different ways to buy products and services from AWS, enterprises need sophisticated software and expertise to ensure they are maximizing the use of their AWS resources while optimizing their cloud spend and controlling cloud sprawl.

2nd Watch Managed Billing can help simplify your cloud billing. 2W Managed Billing provides a concierge-level billing service and online billing portal that simplifies analyzing, budgeting, tracking, forecasting and invoicing the cost of the public cloud, giving you an easy-to-understand view into your cloud costs.

Download the 2nd Watch Managed Billing datasheet to learn more about how managed billing can help you gain visibility into and understand your cloud bill. Or sign up for a free trial of 2W Managed Billing Service to start effectively managing your cloud usage and costs across your organization right away.

-Nicole Maus, Marketing Manager

Facebooktwittergoogle_pluslinkedinmailrss