Azure Governance and Tools – Pros and Cons

Azure and Tools, a very delicate balance able to drastically affect the success of our Azure Governance, what to do and how to consider them?

The number of features and tools in Microsoft Azure is incalculable, Microsoft is developing a lot of new things every day, especially in the Azure portal area.
Also, the community is developing a lot of tools for Azure, and most of them are in Github. There are also many tools and products developed by external companies.
Is our governance dependent on Microsoft tools?

My answer is yes.

People have developed tools with their idea of Azure in mind, and sometimes this idea meets the best governance practices and productivity, sometimes not.
I want to give you a clear example of that.

Monitoring our Azure network infrastructure is a complex activity, especially when we need to understand values as consumption or we need to troubleshoot performances.

As always, there are many options available in Microsoft Azure that we can use to retrieve information of our network, some of them are very useful, others less.
Recently I faced some exciting challenges, and I realized that collecting information like total inbound and outbound bandwidth, the number of total requests in the subscription, and more, it is not simple.
The problem is always the same, a lot of features available, but sometimes very complex to use, this is due by the architecture behind these tools.

Network watcher provides traffic analytic to collect information about our network when we configure this feature, and we immediately notice that we need to enable that for each network security group (NSG) in our subscription.

Why the network security group and not a virtual network?

In my opinion, there is no answer to that.

In a subscription, we may have hundreds of NSG, and also in multi-level, because we can associate an NSG to a subnet or a network card.

It is so important to keep in mind that our governance choices may affect our productivity and our control in the cloud.
Develop our custom tools is expensive, and it requires time and investments, but they provide us a useful abstraction from the platform.
Behind the scenes, Microsoft Azure is a universe of REST APIs, PowerShell scripts, and microservices exposing public interfaces.
We can develop our specific tools using any code we are familiar with, and this is a great choice.

We also need to distinguish the type of tools provided by Azure, and I define two main categories, the UI and the Script oriented.
Azure Portal GUI is a UI tool, and KUSTO is a scripting tool.

“A Kusto query is a read-only request to process data and return results. The request is stated in plain text, using a data-flow model designed to make the syntax easy to read, author, and automate. The query uses schema entities that are organized in a hierarchy similar to SQL’s: databases, tables, and columns.”

Where do we need to invest more?

There is not a quick answer to that, and we need to be smart.
We need to invest time looking at the tools offered by the portal, and we need to understand the limits and the real advantage of them.
We also need to invest time in study tools like KUSTO, understand the real potential and especially the complexity.
We need to create an Azure Tools Adoption decision matrix document, something we can provide to our internal teams to quickly understand how to approach a specific Azure feature and which tools to use.

Should we let tools pilot our governance?

The previous question is another complicated question to answer.

Sometime it may happen, this is human unconscious behavior, many times we assume that, because the tools have been developed in a specific way, then we need to follow the guidance, but it is not.

A clear example is the Azure EA Management Portal.

The EA Portal has a very old-fashioned way to handle the relationship between Departments, Accounts, and Subscriptions, we may drive our governance looking at this tool, but I’m afraid that’s not right.

During my training, I speak about this critical aspect very profoundly because it is essential to understand that Governance and Tools must work together in harmony.



Related blog posts