Optimizing Consumption in Microsoft Azure
Consumption Optimization: Principles to Consider
For a Microsoft Azure solution to be fully beneficial to your business, striking the optimal balance between performance and consumption is imperative. This means business and technical decisions should be guided by balancing stakeholder's business requirements against the primary cost drivers of Azure solutions to achieve a workable synergy of parts.
Consumption optimization is not just about reducing the costs of a technical solution. Delivering a solution which fails to meet core business needs simply because the cost is low, is a cheap strategy that in the end, results in poor technical and financial outcomes.
This article focuses on understanding the core business requirements and translating those needs into stable technical solutions that reduces consumption without compromising performance.
Optimizing Azure Compute
One approach for optimizing compute resources in Azure is ensuring the right sizing, which means the workload you have fits the service size or SKU. For example, if your applications never spike above 15% of the available compute resources and you have a virtual machine with 56GB RAM and 16 processing cores, you’re throwing money away.
To devise an effective compute optimization strategy, assess your workload requirements by monitoring performance metrics and examining how much CPU is used - not at a certain point in time, but over a period of time.
Services like virtual machine scale sets or App Services can be configured to automatically scale up or down to meet fluctuating resource needs. Furthermore, if your workload is only used during business hours, a simple solution (one that is often largely ignored) is to turn them off when not in use.
Optimizing Azure Network Costs
All the network connected devices reside in Azure Virtual Network, the principal resource to consider when balancing performance and costs. The major cost drivers in Azure networking include bandwidth, virtual network peering, and ExpressRoute.
In Azure networking, it’s important to work out how much data is expected to flow and where it’s flowing. For example, virtual machines communicating across the public internet are treated as egress traffic and are charged. VNets communicating within the same Azure region will not be charged, but if the VNets are in different Azure regions, charges will be incurred. Furthermore, traffic crossing the VPN resource gateways, whether in the same or different region, is chargeable.
Microsoft is now offering the Azure Virtual WAN service, which helps you create a global software-defined WAN environment. This strategy employs hub-and-spoke architecture to connect multiple VNets to a central VNet that contains resources to be shared. It has a service that helps monitor and diagnose networking resources like VMs and routing problems, analyses whether resources are performing optimally, and/or if they are incurring costs for no apparent reason.
Log Analytics can also be used here for the purposes of monitoring, alerting and presenting any number of solutions. Lastly, Traffic Analytics gives you insights into how users/applications are interacting with networking resources, detecting incorrect network configurations and analyzing network flow patterns.
Azure Storage Optimization
To determine effective Azure storage optimization strategies, classify your storage costs according to storage account types. There are 2 types of general-purpose accounts: V1 and V2, and their costs are directly proportional to the amount of data stored. Actions on the account such as writing data, reading content, and listing the structure incur more charges. Apart from general-purpose accounts, there are blob accounts, disk storage for virtual machines, and Data Lake Storage for big data and analytics.
For a Data Lake Storage, the cost per transaction block is much lower than that of general purpose accounts. Blob storage and general-purpose accounts commonly use access tiers. The hot tier has higher storage costs but lower access costs, while the cool tier has higher access costs but cheaper storage costs. Use whichever strategy best fits your business requirements.
Redundancy factors also increase costs in storage. In ascending order of cost, the least costly is the Locally Redundant Storage. It is replicated around individual storage units. Zone Redundant Storage is replicated across zones and is more expensive than LRS. Geo-redundant Storage (GRS) is replicated between paired Azure regions, and the Read Access Geo-Redundant Storage (RA-GRS), the most expensive, is accessible as read-only.
Optimizing Azure App Service Costs
App Service costs can be dramatically reduced by using the right implementation strategies without compromising on performance.
Plan for costs according to the level of features and service offerings available in App Service pricing plans. The plans are covered by Microsoft SLA and as you increase the hosting plan, other resources like storage and application instances increase in tandem. Use per-app scaling to specify the maximum number of workers which an application is allowed to run on, which in turn, frees up resources for high-performing apps to scale on. You can also use Azure Monitor to configure an App Service plan and automatically scale to a higher plan when specific performance thresholds are exceeded. This can also be done on a schedule basis, where the plan scales up during business hours and scales down during off-peak times when less resources are utilized.
Optimizing Identity Costs
When optimizing Azure Identity solutions, the primary cost drivers to note are the Azure Active Directory Licensing models. Azure AD Domain Services is not only the most common but also the most basic service for setting up identity management. It allows for provisioning of AD DS services without needing to manage Domain Controllers. From this service, any system running Windows OS can be joined and managed directly from Azure. All these Identity features are available at different licensing levels. These levels include the Free tier, Basic tier, Premium P1 tier and the Premium P2 tier.
To maintain security, all features that protect identities in Azure are implemented and managed from Identity Security. Make use of the Azure AD Multifactor-Authentication feature, which offers at least two authentication methods during login. Azure conditional access evaluates any potential risks in Azure platform and enforces predetermined actions. If you have issues with too many privileged user accounts, enforce Azure AD Privileged Identity Management. Through systematic approvals, this feature introduces the idea of limiting the length of time a user stays with administrator rights.
If you need to collaborate with other organizations without having to set up separate external directories or accounts, use Azure AD B2B. You can build business to business collaboration driven by identity management and protect your business platform at the same time. This feature is covered in the free tier. External users can also authenticate to your organization using third party identity platforms like LinkedIn or Facebook. For this to happen, they’ll need to use Azure AD B2C. Pricing is directly related to the number of users and number of authentications.
Last but not least, we can support existing on-premises identities using Azure AD Connect, which synchronizes user and security information from on-premises AD DS with Azure AD. It is a free implementation of Microsoft Identity Manager. Azure AD Connect is completely free and has no licensing costs.
