Azure Subscriptions–Best Practices

· , , , , , , , ,

What is a Windows Azure Account?

Windows Azure Account is a shell to provide;

  • Reporting on usage of the services.
  • Billing of the services.
  • And Account Administration.

You can access Windows Azure Account using the following link: https://account.windowsazure.com 

What is Windows Azure Subscription?

Windows Azure Subscription provides you;

  • The services themselves like (Virtual Machines, Cloud Services, Azure SQL, Biztalk, Windows Azure Active Directory, Virtual Networks, etc.)
  • Control on who can use the resources.

You can access Windows Azure Subscription using the following link: https://manage.windowsazure.com

Understanding the Hierarchy

image

Account has multiple Subscriptions and a Single Subscription has multiple Services.

If you have Microsoft’s Enterprise Agreement, then you can associate multiple accounts with the Enterprise Agreement (EA). The benefit for having an Enterprise Agreement is that it gives you best overall pricing for the services you want to use in Azure.

image

Accessing EA portal: https://ea.windowsazure.com

What is the best way – Accounts per project OR Single Account with Subscriptions per project per environment?

Typically within any IT Project changes introduced need to follow through a testing and promotion process like Dev –> UAT –>Production. Each of the environments has a specific stakeholder and purpose.

Recommendation would be to create separate subscription for each of the environments. This gives granular control over the billing and who controls what! You wouldn’t want developers accessing Business Critical Production Services !

If there are multiple projects, you could create accounts per project and then within that account create subscription per environment. This gives even more granular control on billing, but personally I feel this is an overkill. Plus this could create issues on providing access to individuals, specially if you are using WAAD (Windows Azure Active Directory) for access control and single sign-on.

Instead create one account and then subscriptions per project per environment with appropriate naming convention. The reason for recommending this approach is more related to how you manage the access control to the subscriptions. I shall cover access control in a separate article.

Does this mean that you have to part with granular level of billing control? – Not really ! You can still find out how much a project is contributing to the costs. When you log on to your account, you will see billing information per subscription and within the invoice you will see that it is broken down to services usage level. The trick is to follow and adhere to certain naming convention for the subscriptions. The naming convention should be such that, it will allow you to identify which company, business unit, project and environment a subscription belongs to. Defined one of the approaches below.

If you have an Enterprise Agreement, you can download usage reports for all the accounts and subscriptions covered by the agreement. The usage report is in the form of a Excel Report and breaks it down to usage per service used within a subscription. Very handy to report on.

Naming a Subscription

As I was mentioning earlier a naming convention should be such that, it will allow you to identify which company, business unit, project and environment a subscription belongs to. You cloud use something like…

{Company Name Acronym}-{Market Unit Acronym}-{Business Unit Acronym}-{Project Name Acronym}-{Environment Type Acronym}

Not necessary that your organisation will have all the elements; you can skip those and concentrate on what you have within your organisation structure. But you probably will definitely have Company Name, Project Name and Environment Type.

There are lots of acronym generator online that can help you to build appropriate acronyms for you project etc. Some of them are;

Don’t have any favourites …. I generally use a thumb rule to use first letter from each of the word within the name …. examples;

Name Acronym
UK Market Unit UKMU
Administration and Data Control ADC
Electronic Messaging and Distribution EMD

 

 

You get the idea ! Must say sometimes it does generate some funny acronyms… Smile

For Environment Types I use the following ….

Name Acronym
Development Environment DEV
Smoke Environment SMK
System Integration Environment SIT
UAT Environment UAT
Pre-Production Environment PRP
Production Support Environment PSE or BAU
Production Environment PRD or PROD

An example of Subscription Name generated using the recommendation from above

  • Company Name – ABC International Ltd. (Acronym: ABCI)
  • Market Unit – International Market Unit (Acronym; IMU)
  • Business Unit – No Business Unit
  • Project Name – Complaints Management Information Reporting (Acronym: CMIR)
  • Environment Type – UAT Environment (Acronym: UAT)

So using this your subscription name would be ABCI-IMU-CMIR-UAT. Not much of use when you just look at the name, but with above context, you will be able to correlate a subscription to a market unit, project and type (i.e. production or non-production).

3 responses to “Azure Subscriptions–Best Practices”

  1. michael stephenson (@michael_stephen) Avatar
    michael stephenson (@michael_stephen)

    hi girish

    good to see you blogging. I think there is also the challenge around what type of subscription it is. If your doing small projects then a “solution” type subscription works well as a unit of isolation but then as things grow you have dependancies between your subscriptions. If you consider infrastructure then you are more likely to have a big shared subscription with lots of machines in a virtual network. You are more likely to isolate at subnet level then subscription level.

    I think this concept of multiple logical data centres in the cloud and the multi-tenant idea take a little bit to understand. I still believe the key missing gap here is billing tags to be applied by your enterprise admin to resources. That way you can have a hollistic billing view which can be different to your physical resource layout

    hope things are good

    mike

    Reply
  2. Hossein Avatar
    Hossein

    Is there any updated version of this conversation? I was wondering what the new best practices are.

    Reply
  3. Irfaan Avatar
    Irfaan

    Concerning ‘who controls what’, within a subscription a user who is given a role to 1 resource group cannot see the other resource groups. So, I would say that ‘Dev’, ‘Test’ & ‘Prod’ could be done within 1 subscription whereby a resource group is created for each phase. Users involved in ‘Dev’ will be allowed to see only ‘Dev resource group’.

    As far as the billing is concerned, each resource group can be given a different tag and the case is solved.

    It would be great if you guys could comment on that.

    Reply

Leave a reply to Irfaan Cancel reply