My top strategies for costs optimization and governance in Microsoft Azure (Subscriptions distribution)

Cost optimization is a very complex topic in any cloud scenario, especially at the enterprise level, I like to share some shorts but extremely useful advice on that, I will write more and, maybe I will also record a video.

In the last year I tested many different strategies, and I learned a lot from these, the first important lesson is that there is not a real universal solution for that, you need to accommodate the best practices to your company business strategy.

From my experience it is extremely important to follow, what I like to call, the Azure Scaffold Law (ASL), following the ASL you can keep your Azure strategy focused in the most important pillars.

Look at the article below

Microsoft recently updated the picture below; I think because of the subscription group and more focused on the operational side, which makes sense.

The picture above shows what is important and to take care about in Microsoft Azure, but I think that the old one was more focused about the pillars (see below).

In my opinion, the old one represents the distribution of the most important components; the new one is grouping all together subscriptions and RG, what I define as the distribution strategy.

Maybe I would isolate Subscriptions from RG; they are two different critical components.

Subscription is the real key in any costing strategy.

Obviously, I am speaking for Enterprise Agreement (EA), if you have a single subscription contract, you are forced on managing your distribution strategy using Resource Groups and Tags, no other options on that.

In an enterprise scenario the using of Subscriptions is crucial, and for many reasons, cost isolation, multi-tenants isolation, security and abstractions and more.

In my experience, the best strategy is to create a top subscription that you can call Base and from that subscription create
all other subscription, see below.

At the Base subscription we can configure shared asset like ExpressRoute or Firewalls Appliances etc…

From the Base we can use peering to connect and share the connectivity and the assets.

It is very simple; we need to keep in mind the two basic principles of subscription: Isolation and single billing container.

Subscription is one of the most important components in Microsoft Azure with RBAC and Policies, using these three components you create your entire Azure strategy.

The costing management is another story, very related with subscription but, in term of reporting and distribution, it is very dependent by the platforms and tools available.

Below my actual view based on my experience:

MEP (Microsoft Enterprise Portal), totally based on the concept of Account<>Subscription, you can use it if you are confident on providing administrative access to the subscriptions, something that I don’t recommend, it is good to have just 2 Owners accounts in all the subscriptions, same 2 accounts in all of them.
We need to keep always in mind that a subscription Owner can easily cancel an entire subscription, he can also grant any security access to it and a lot more, too risk.

Cloudyn, good as reading/reporting dashboard, a lot of features to filter your data etc…, I am just using it for that reason only.

Power Bi, really good with Azure Consumption and you can create good reporting using Power BI desktop, I think it is good if you like to provide nice fancy reports to your management.

Azure consumption API, it definitely what you need to create technical cost reporting for your finance department, a lot of APIs exposed, so it is really good to create excel reporting or inside your applications, especially if you look to integrate your applications with Azure Costs Provider.

ServiceNow, another great strategy is integrating ServiceNow with Microsoft Azure ARM, using this way we can control everything happens in our cloud, also creating an approval process and, why not, directly providing the cost allocation to the financial department.

Related blog posts