Skip to content

This site is automatic translation of http://www.marcelosincic.com.br, original in portuguese

Controlling Costs in Azure with Cloudyn

Much has been said about Cloudyn’s purchase of Microsoft and how it would be integrated into Azure’s cost management.

The truth is that before Cloudyn Azure had few good tools to manage costs, involving:

  • Detail of costs and pre-defined periods (day, week, month, year, etc.)
  • Comparison between costs and planned budget
  • Higher costs
  • "Orphan" or expired objects
  • Others…

It was possible to use Power BI but required a very thorough knowledge of the data layer that Azure exported, leaving most customers without good support.

Thinking about that, when buying Cloudyn Microsoft made the tool available for free (some additional features are paid) that fulfills these tasks and with several additional and practical reports.

Installing and Configuring Cloudyn

The installation is nothing more than an application that exists in the Azure Marketplace, named Cost Management, but if you look for Cloudyn it will also appear:

capture20180306180552915

capture20180306180627270

Enter the data for notification and the business model that you use, usually the first two (EA or CSP). In the case of individual is for those who uses OPEN, Credit Card or MSDN signatures as is my case:

capture20180306180730866

In the following screen will be requested data to find the signatures, in my case the MSDN offer and my Azure tenant, which can be found in the portal in Subscriptions:

capture20180306180850256

From there Cloudyn already finds all the subscriptions associated with its user and links the subscriptions:

capture20180306181608327

capture20180306181707726

Using Cloudyn’s Budget Reports

Important: Data may take 3 to 4 days to be populated.

Reports are the high point of the tool, analytic cost reports based on budget are excellent.

capture20180306181748042

capture20180306181949093

For these reports to work, it is important to create the budget in the "Projection and Budget" option:

capture20180306182422406

From there it is already possible to extract the Reports of Projected vs. Used, which is the great pain of Azure clients today.

Detailing Consumption and Optimizations

Cloudyn’s initial dashboard is instructional and informative in and of itself:

capture20180312104401184

In Asset Controller it is possible to see a summary of what we are having of resources and the evolution of these resources:

capture20180312104510959

One of the most important features is in Optimizer where we can see orphan resources or overallocations, which are the hints Cloudyn provides with costs.

See that in my case, it has 2 disks that are not linked to any VMs, ie paid the storage without using:

capture20180312104525928

Discos

Already browsing the menus and running the reports we have a very interesting that is Cost Navigator where we can see several periods and detail the costs in the period:

capture20180312104621971

And mainly, as commented on the previous topic, compare my Budget with the Realized:

capture20180312104736182

Some other reports that I did not read here are interesting:

CONCLUSION

It is worth installing and using this tool, the cost of it in your environment is minimal in relation to the quality of the data presented.

It is important to remember that in many cases it is important to use TAGs to separate resources into groups, if necessary.

However, even without the TAGs it is possible to use filters in the reports for some more specific data.

Advertisements

Microsoft Advanced Thread Analytics (ATA)

Many customers I visit have no idea what the ATA is, even though it has EMS (Enterprise Mobility + Security) licensing. https://www.microsoft.com/en-us/cloud-platform/advanced-threat-analytics

Understanding the ATA

To better understand what ATA is, we need to remember what behavioral security products are (https://msincic.wordpress.com/2016/07/24/windows-defender-atp-the-new-security-product/).

This type of product is not based on malicious code that is downloaded from a DAT with code information that will be executed (virus signature).

In behavioral security services you analyze trends, common uses and suspicious activities, for example a user who has never logged in to a server is now an administrator and accesses various machines.

Installing the ATA

The installation is very simple because online communication is performed directly with an Azure URL that receives and processes with Machine Learning the received security log data.

To install just run the installer which is very simple and intuitive. After installing the server, we can install the Gateway that is the Domain Controller server that will be analyzed collecting the security logs.

Once installed the administration is very simple and it is possible to advance in the settings informing for example the SID of a user to serve as an invasion diagnosis, an IP range of vulnerable machines (in DMZ for example) and other resources.

Once installed the maintenance of it is automatic both the server and the gateways that are monitored.

Checking AD Security Issues

After a few days it is already possible to see in the panel some alerts, for example below the warning that some computers are using vulnerable encryption level:

capture20170807171826449

capture20170807171926453

capture20170807171951836

capture20170807172020133

This other example is a case of remote execution of commands and scripts by a remote server. Of course in this case I will close the warning, since it is an expected attitude because I have the Honolulu project on the same machine that runs WMI commands:

capture20180226144319686

capture20180226144405535

See that in both cases I can know what happened, who was the user and on what server / desktop the suspicious activity occurred.

In addition, the detection history helps us understand if this is a real call or just a specific activity.

Receiving Alerts and Reports

ATA allows you to configure the receipt of alerts and reports with the data.

I can run standalone reports:

capture20170807172144683

Or schedule to receive by email every day, as well as alerts:

capture20170807172207309

How to get the ATA

That is the question that many ask, but it is important to remember that as an online product, it can be purchased by anyone who has Microsoft 365 with Security (new EMS, the old EMS or else purchased individually.

Remembering that as it is a product linked to the O365, the acquisition is per user, even if standalone.

Let’s Talk about the Microsoft Honolulu Project?

The Honolulu project was heavily commented on some time ago and linked to a new Windows graphical interface or functionality.

Now on December 01 came a new Preview and documentation version of Honolulu and is already well mature and with final architecture defined.

What is the Honolulu Project?

It is a new MANAGEMENT interface for Windows Server.

This is not a replacement for Windows Server 2012/2016 Server but rather an interface based on new protocols for access and ease of use, in addition to management capillarity.

What are the advantages of Honolulu over Server Manager?

Server Manager is a very good tool, but it is based on local protocols (RPC, WinRM and others) and is based on a GUI that needs to be installed.

Honolulu is 100% web-based for data access and uses WinRM, WMI and PowerShell for server administration.

With Honolulu it is possible to do things that Server Manager does not do, such as running scripts, Windows Update, administering and monitoring VMs, etc.

On the other hand, Honolulu does not manage as many services as Server Manager, such as File Server, DHCP, DNS, etc. that continue to be managed by the MMC tools.

How to install Honolulu?

The installation is very simple, but you have to define the architecture.

Basically we can use installed on a single server and bind others in administration as nodes, or else install a server as Gateway to access others and facilitate traffic when we have many servers in a farm:

deployment

In general for these tools the ideal is to create a server with little memory and processing power (in the figure the second model) not to burden servers with other functions, since it creates a service for the Honolulu:

capture20180108110941303

To download Honolulu, because it is still an Preview, you need to use the Windows Server product evaluation page at https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-honolulu

How to manage a server with Honolulu?

Let’s go the basic screens. First we insert a server in the list and from there it is possible by any browser to see usage graphs, configure items, make remote connection, execute PowerShell commands, etc.

First, let’s add new servers, clusters or even Windows 10 Client:

capture20180108103235350

In sequence simply indicate the user and choose the server / cluster you want to view:

capture20180108103532804

The level of detail ranges from HW items to detailed graphs for each of the server / client ritual items being monitored:

capture20180108104007877

Even some items such as physical disks, volumes and Storage Space can now be administered in Honolulu:

capture20180108104156585

An interesting feature is that you can manage Windows Update remotely:

capture20180108104311080

Managing VMs in a Hyper-V is also one of the highlights by the level of detail and the intuitive interface:

capture20180108104402669

capture20180108104503812

Finally, follow the Honolulu technical documentation link: https://docs.microsoft.com/en-us/windows-server/manage/honolulu/honolulu

Azure Stack 1-Understand Solution

Now available in most countries of the world where Microsoft has Datacenters, the Azure Stack became a constant theme.

But first you need to understand the focus and composition of the solution.

How is composed?

The Azure Stack is a rack of servers with sizes and settings pre-determined, today available from Dell, HP, Lenovo and Cisco.

Img0

The HW manufacturer was approved and standardized, which ensures updates direct from the Azure Stack for both software and hardware.

Does that mean that I can’t use my own settings? Exactly, to ensure that the system updated and the hyper-converged work the drivers have to be type-approved and tested.

It is important to understand that all the Azure Stack is based on the hyper-converged, IE are used the technologies of SDN (Software Defined Network) and SDS (Software Defined Storage) or SDx in General as they are called.

That is, there is no dedicated storage. Each server has a part of 15 k SAS disks and SSD discs, with the Storage Space Direct (S2D) enabled. This allows the servers have their stores added to the share each other volumes.

To guarantee data with the S2D is guaranteed by the distribution of data between servers, as does the VMWare vSAM or Nutanix.

For whom?

Unlike what many people think, the Azure Stack does not target the customer who thinks Microsoft Azure expensive and yes it has limitations in relation to public clouds.

For example, some cases in Ignite were of Swisscom and KPMG of Sweden.

KPMG the scenario was the legislation and the requirement of some customers who didn’t want their audit data in public cloud for more that try to justify the given security. The solution was the Azure Stack where KPMG would have the same services used by other branches in the world, but on-premisse.

Already the case of Swisscom was to be a local Datacenter as the Azure has no one in the country. So, those customers who want to use public cloud services using private cloud Azure Stack to host their local services.

That is, the main customers are, among others:

  • Countries where there are no restrictions about legal store data in other countries
  • Data centers interested in offer services to your user the same interface of the Azure, but locally, for example in Brazil only have one DC Microsoft Azure and a traditional provider could use the Azure Stack as Avaliability point Group
  • Companies with high usage of computer resources based in IaaS and have own Datacenter
  • Companies with tradition on-cause you don’t want to view your data out of the environment but wish to use the Cloud model Publishes “in place” with easy maintenance and high level support

And that customer who thinks the Azure expensive, worth using the Stack? At the tip of the pencil, not because we need to remember that it is a rack and need cooling, energy, high floor and all the other costs involved in a physical DC.

How much does Azure Stack?

You must first view the cost of Hardware that can be sold differently by each of the 4 current manufacturers.

For example in the case of the Dell configurations start at 20 CORE servers 4 and 4.1 TB and can reach 12 servers per rack, and the maximum capacity of 4 Racks with 12 servers each.

In addition, we have the servers Low, Mid and High profille, where a rack with 12 servers High Profile capacity is 336 Core 6.1 TB RAM, 138TB, cache, 1.2 PB of disk!!

Now let’s talk about the cost of Software. It is important to remember that the Azure Stack has no software cost, or whether billing as a service, which includes:

  • Updates of the Software Stack
  • Driver updates and logical components
  • Pre-configuration of the provision and components and templates
  • Microsoft Azure support is the same as answering Azure Stack

That is to say, the Azure Stack has a cost for consumption, not with licensing, in “Pay-As-You-Use”, based on the table below:

Img1

References: https://azure.microsoft.com/pt-br/overview/azure-stack/how-to-buy/

Based on that, we have for example a VM A2 which costs U $130/month in Microsoft Azure, in the Azure Stack goes for $40/month.

Of course you must include the TCO Datacenter infrastructure, warranty and support of HW, and electric power administration in Microsoft Azure does not have.

Even so, large environments that already have the Datacenter becomes advantageous option for already include many of these embedded costs.

And if the customer does not want to pay for consumption?

It is also possible to get the cost per CORE, but personally I see no advantage because the cost increases for the following reasons:

  • The template variable “Pay-As-You-Use” scalability also reflects on the price decrease when the load
  • The disconnected model it is necessary to pay separately the Windows and SQL licensing in the model “Pay-As-You-Use” is built
  • In the disconnected model annual payment is upfront

Img2

All Azure services are available in the Azure Stack?

Not yet. As you can see in the table of prices the most important Yes.

For example, some types of VMs as G could not run on the Stack and the same with some high-capacity services such as Machine Learning and Cognitive Services.

It is possible to create plans and join different solutions to create complex workloads, as documented in https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-offer-services-overview

Conclusion

Azure became the flagship product of Microsoft and Stack integration between public and private clouds actually becomes a unique experience!

Visit the link and learn product details: https://docs.microsoft.com/en-us/azure/azure-stack/

Azure Reserved Instance Available for purchase

In a post at the beginning of the month we comment on the Azure Reserved Instance on https://msincic.wordpress.com/2017/10/24/reducao-de-custos-com-azure-reserved-instance/

Now it is available for purchase and also on the calculator of Azure (Azure Pricing Calculator) to estimate the economy so much just the VM and AHUB.

To remind, the AHUB is the feature that allows economy by using the licenses that you have acquired Software Assurance https://msincic.wordpress.com/2017/07/18/software-asset-management-sam-converting-licensing-for-azure/

Using the calculator

Visit the Azure cost calculator and adding a VM will see the option to include the AHUB also laughs at 1 or 3 years.

Below are the pictures demonstrating how to choose and the possible reduction of $102 to a normal, $58 in a VM laughs at 3 years and joining the AHUB to U $24!!!!!

capture20171120110156861

capture20171120110220871

capture20171120110233228

And finally with the AHUB option:

capture20171120110319645

Buying Reserved Instance in the Azure Portal

RI purchase the portal requires that first enabled the offer in the signature.

It is important that subscriptions to MSDN or benefit and Dev/test not have RI because it comes at a cost of 40 to 60% lower in the VMs.

capture20171120111114106

capture20171120111131190

capture20171120111232554

capture20171120111322235

Conclusion: We Now have a VM with more than 80% off joining the offers of RI and AHUB!!!

Cost reduction with Azure Reserved Instance

A few months ago, in July, we discuss the use of licensing alternatives ways to reduce costs with the Azure using CPP and AHUB at https://msincic.wordpress.com/2017/07/18/software-asset-management-sam-converting-licensing-for-azure/

The CPP (Compute Pre-Purchase) is a very good resource for allowing to buy a package of hours for a particular instance type of VMs in Azure.

But Microsoft surprised a few weeks ago the Group of MVPs and commercial team with information about a new offer, the Reserved Instance: https://azure.microsoft.com/en-us/pricing/reserved-vm-instances/

image

The following is a summary that I put together to explain the main differences between the models:

image

Stay tuned to the GA of the Reserved Instance by using the link at the beginning of this article.

Acquiring and licensing the Azure who – Operations Management Suite

We present many times to the client this solution, which runs on Azure brings benefits too great for it’s it administrator.

Has been much talked about the who, originally called System Center Advisor, after Log Insights (Using the Azure Log Analytics (OMS) and the SCOM on Same Machine and https://msincic.wordpress.com/2014/05/14/system-center-advisor-preview-news/)

I’m very fond of showing the Health Check solutions (Active Directory and SQL) and Change Log:

im1

But many do not understand how the licensing to purchase this solution.

What are the possibilities to acquire?

First is good to remember the basic levels that a management space (as they are called the "tenants") can be:

im2im3

  • Free – Useful for testing because it does not limit to only a few of the packages, but the collection is limited to 512 KB per day of logs and only 7 days retention
  • Standalone -allows you to collect without restriction of size and retention of 30 days (can be customized), has no price per server/node for storage consumed. However, it does not allow to use all the solution packages that need to be acquired in packages E1 or E2
  • Standard and Premium -allows you to collect without restriction, retention of 365 days and allows use of solution packages, depending on the chosen level
  • Who – this is the bundle E1 or E2 that can be purchased on an as-needed basis, with price per managed nodes and that includes System Center licensing and other services
Which of the models worth?

If your intention is to use the counters and how Healthy Check solutions and some analysis, you can select the Standalone plan where you can use several solutions paying only the log store so much.

But with the Standalone cannot evolve into other solutions, such as network traffic analysis and mapping solutions.

Due to this limitation, the ideal is to have the bundles of who where you will be able to choose the solutions and also include a number of services and built-in consumption, besides all the Licensing System Center.

Who packages E1 and E2

Without doubt the best option for companies, where you get services and packages with System Center included (or via Add-on if you already have) and you can use other services already included in the price.

https://www.microsoft.com/en-us/cloud-platform/operations-management-suite-pricing

im4

As we see in the image above, the bundles are composed of management packs (image below), services such as Backup and Recovery Site and the licensing of System Center.

This is very interesting when we compare the costs of each of the services and what they include:

im5im6

Just compare the cost of each Management Pack with the value of E1 and E2 to notice that it’s not worth a Standalone acquisition/Standard/Premium, only the cost of the Protection/Recovery is already practically the bundle value E2.

What if I already have the System Center or licensing Windows CIS (Cloud Infrastructure Suite)?

In this case do not have to pay twice the System Center, because as the E1 and E2 already include can acquire by add-on, or be added to the package that already has and may choose to continue renewing the CIS/Licensing System Center or converting to who:

im7

Personally I think it’s good for this case continue with the System Center licensing/CIS, since I use some nodes with who and some don’t depending on the model of monitoring that wish to adopt.

How can I estimate and compare and decide these costs?

Microsoft has a calculator where you select the services and receives the comparison between the bundles who E1 and E2 or standalone purchases: http://oms-calculator-webapp.azurewebsites.net/home

im8