As more large enterprises adopt Azure cloud, especially those that have traditionally used Microsoft tools, we have observed growing interested in Microsoft Azure Enterprise Agreements, commonly known as EAs. We thought it would be useful to understand more about Microsoft EA’s, how they work with Azure, and what they mean to both the enterprise and the ISV.
What is an Azure Enterprise Agreement?
While you can create an Enterprise Agreement with Microsoft specifically for Azure, most companies using this option already have an EA in place for use of their software assets like Windows, Office, Sharepoint, System Center, etc. If you have an EA for other products, then you can simply add Azure to that existing agreement by making an upfront monetary commitment. You can then use eligible Azure cloud services throughout the year to meet the commitment. And you can pay for additional usage beyond the commitment, at the same rates. So, like any Enterprise License Agreement (ELA), including AWS’s EDP, you are committing to a contract term and volume to gain additional discounts.
According to Microsoft, the Enterprise Agreement is designed for organizations that want to license software and cloud services for a minimum three-year period. The Enterprise Agreement offers built-in savings ranging from 15 percent to 45 percent based on committed spend – and given how these commitments typically work, it is likely that the more you buy, the better your discount. The minimum listed commitment for an EA is 500 more users or devices for commercial companies (250 for public sector), and they specifically state this minimum does not apply to Server and Cloud Enrollment, an offering aimed at companies with EAs in place to help them standardize on Microsoft server and cloud technologies.
As it turns out, the Azure Enterprise commitment minimum is very low. You are required to make an upfront monetary commitment for each of the three years of the agreement, with a minimum order value of one “Monetary Commitment SKU” of $100 per month ($1,200/year). This low commitment make sense: once an enterprise is on a cloud platform, it’s sticky – land and expand is the name of the game for Azure, AWS, and Google. They expect infrastructure to grow significantly beyond the minimum, and just need to get a foot in the door. And of course,the starting point on the cloud is supposed to be much cheaper and flexible than on prem infrastructure.
Benefits of an Azure Enterprise Agreement… Beyond Pricing
There are certain Azure-specific EA benefits besides just price to entice users to move off of Pay-As-You-Go. You can create and manage multiple Azure subscriptions with a single EA. You can also roll up and manage all your subscriptions, giving you an enterprise view of how many resource minutes you’re using per subscription. In addition, you can assign subscription burn to accounting departments and cost centers so you can more easily manage budgets and see spend at various roll up levels.
EAs give you access to certain features that you’d otherwise be required to purchase separately. For example, an Azure EA gives you the option to purchase Azure Active Directory Premium, which will give you access to multi-factor authentication, 99.99% guaranteed uptime, and other features. Pay-As-You-Go only gives you access to the free version of Azure AD.
Besides getting the best pricing and discounts, what are some of the other added benefit an EA might provide to an enterprise:.
A common IT platform deployed across the organization.
Minimal up-front costs and the ability to budget more effectively by locking in pricing and spreading payments over three years.
Flexibility to choose from Microsoft cloud services, on-premises software, or a mix of both and migrate on your own terms.
Simplified purchasing with predictable payments through a single agreement for cloud services and software.
Managed licensing throughout the life of your agreement with the help of a Microsoft Certified Partner or a Microsoft representative.
Now, for vendors like ParkMyCloud, that need Azure pricing data to perform our service, how are we affected by the EA? Not adversely: the good news is that Microsoft makes EA pricing available through dedicated APIs and/or the Azure Price Sheet. We can match this information to a customer by using their Offer ID which defines their EA subscription and corresponding pricing (discounts).
How Else Can You Save Money on Azure?
Whether an Azure Enterprise Agreement makes sense for your organization is up to you to decide. Luckily, it’s not the only way to keep Azure costs in check. Here are a few others to explore:
One of the key drivers to a multi-cloud strategy is the fear of vendor lock-in. “Vendor lock-in” means that a customer is dependent on a particular vendor for products and services, and unable to use another vendor without substantial switching costs or operational impact. The vendor lock-in problem in cloud computing is the situation where customers are dependent (i.e. locked-in) on a single cloud service provider (CSP) technology implementation and cannot easily move to a different vendor without substantial costs or technical incompatibilities.
Vendor Lock-in: Public Cloud vs. Traditional Infrastructure
Before the cloud, IT was running in dedicated on-premises environments, requiring long-term capital investments and an array of software license commitments and never ending hardware refresh contracts. Based on that experience, it is understandable that a customer would be concerned about lock-in. Many large IT vendors like Oracle, IBM, HP, and Cisco would “lock” customers into 3-5-10 year Enterprise License Agreements (ELAs) or All You Can Eat (AYCE) hardware and software license agreements, promising huge discounts and greater buying power – but only for their products, of course. I used to sell these multi-year contracts. There is a common ground for sure, as the customer was locked-in to the vendor for years. But that was then and this is now. Is vendor lock-in really a concern for public cloud users?
Isn’t the point of cloud to provide organizations the agility to speed innovation and save costs by quickly scaling their infrastructure up and down? I mean, we get it – your servers, data, networking, user management, and much more are in the hands of one company, so the dependence on your CSP is huge. And if something goes wrong, it can be very detrimental to your business – your IT is in the cloud, and if you’re like us, your entire business is developed, built and run in the cloud. Most likely, some or all of your organization’s IT infrastructure where you are developing, building and running applications to power your business and generate revenue, is now off-premise, in the cloud. But although “lock-in” sounds scary, you are not stuck in the same way that you were with traditional hardware and software purchases.
Can You Really Get “Locked In” to Public Cloud?
Let’s talk about the realities of today’s public cloud-based world. Here are a couple of reasons why vendor lock-in isn’t as widespread a problem as you might think:
No Long-Term Commitments: Customers can adopt the cloud on their own terms. AWS, Azure, and Google Clouds are designed so customers only use the services when they see value, and they are free to use the technology of their choice. Pay-as-you-go pricing provides customers with the ability to shut down their environment, export their data and virtual machines (VMs), and walk away without ever incurring another expense. Customers are billed monthly without any required long-term commitments or contracts regardless of spend or support tier.
Customer Choice: Today’s cloud customers have alternatives to proprietary tools with advances in open source software technologies, along with a range of ‘as-a-service’ capabilities that can remake traditional IT — IaaS, PaaS, and even SaaS. A wide range of solutions that support industry standards allow customers to choose what they want to invest in and architect for application portability from the beginning, if they so choose.
Moving Into and Out of a CSP: Generally speaking, cloud services are built to support both migration into and out of their platforms, and CSPs and the industry at large provide many tools and documented techniques to make it easy to do both. Many cloud service providers offer tools to help move data between networks and technology partners. Customers can securely move information in and out of the cloud regardless of where that information is going: cloud-to-cloud or cloud-to-data center.
How to Mitigate Risk with a Multi-Cloud Strategy
Now the cloud is not without risk, and when we talk to customers the primary vendor lock-in concerns we hear are related to moving to another cloud service provider IF something goes awry. You hope that this never has to happen, but it’s a possibility. The general risks include:
Data transfer risk – it is not easy to move your data from CSP to another.
Application transfer risk – If you build an application on one CSP that leverages many of its offerings, the reconfiguration of this application to run natively on another provider can be an extremely expensive and difficult process
Infrastructure transfer risk – Every major CSP does things a little bit differently.
Human knowledge risk – simply put, AWS is not the same as Azure which is not the same as GCP, and your IT team has likely gained a lot of institutional knowledge about that provider’s tools and configurations.
To minimize the risk of vendor lock-in, your applications should be built or migrated to be as flexible and loosely coupled as possible. Cloud application components should be loosely linked with the application components that interact with them. And, adopt a multi-cloud strategy.
How Much Should You Worry About Vendor Lock-In?
Many companies are familiar with vendor lock-in from dealing with traditional enterprise companies mentioned above – you begin to use a service only to realize too late what the terms of that relationship brings with it in regards to cost and additional features and services. The same is not entirely true with selecting a cloud service provider like AWS, Azure, or Google Cloud. It’s difficult to avoid some form of dependence as you use the new capabilities and native tools of a given cloud platform. In our own case, we use AWS and we can’t just wake up tomorrow and use Azure or Google Cloud. However, it’s quite possible to set your business up to maintain enough freedom and mitigate risk, so you can feel good about your flexibility.
So how much should enterprises worry about vendor lock-in in public cloud? IMHO: they shouldn’t.
Shadow IT: you’ve probably heard of it. Also known as Stealth IT, this refers to information technology (IT) systems built and used within organizations without explicit organizational approval or deployed by departments other than the IT department.
A recent survey of IT decision makers ranked shadow IT as the lowest priority concern for 2019 out of seven possible options. Are these folks right not to worry? In the age of public cloud, how much of a problem is shadow IT?
What is Shadow IT?
So-called shadow IT includes any system employees are using for work that is not explicitly approved by the IT department. These unapproved systems are common, and chances are you’re using some yourself. One survey found that 86% of cloud applications used by enterprises are not explicitly approved.
A common example of shadow IT is the use of online cloud storage. With the numerous online or cloud-based storage services like Dropbox, Box, and Google Drive, users have quick and easy methods to store files online. These solutions may or may not have been approved and vetted by your IT department as “secure” and/or a “company standard”.
Another example is personal email accounts. Companies require their employees to conduct business using the corporate email system. However, users frequently use their personal email accounts either because they want to attach large files, connect using their personal devices, or because they think the provided email is too slow. One in three federal employees has stated they had used personal email for work. Another survey found that 4 in 10 employees overall used personal email for work.
After consumer applications, we come to the issue of public cloud. Companies employ infrastructure standards to make support manageable throughout the organization, manage costs, and protect data security. However, employees can find these limiting.
In our experience, the spread of technologies without approval comes down to enterprise IT not serving business needs well enough. Typically, the IT group is too slow or not responsive enough to the business users. Technology is too costly and doesn’t align well with the needs of the business. IT focuses on functional costs per unit as the value it delivers; but the business cares more about gaining quick functionality and capability to serve its needs and its customers’ needs. IT is also focused on security and risk management, and vetting of the numerous cloud-based applications takes time – assuming the application provider even makes the information available. Generally, enterprise IT simply doesn’t or cannot operate at the speed of the other business units it supports. So, business users build their own functionalities and capabilities through shadow IT purchases.
Individuals or even whole departments may turn to public cloud providers like AWS to have testing or even production environments ready to go in less time than their own IT departments, with the flexibility to deploy what they like, on demand.
Is Shadow IT a problem?
With the advent of SaaS, IaaS and PaaS services with ‘freemium’ offerings that anyone can start using (like Slack, GitHub, Google Drive, and even AWS), Shadow IT has become an adoption strategy for new technologies. Many of these services count on individuals to use and share their applications so they can grow organically within an organization. When one person or department decides one of these tools or solutions makes their job easier, shares that service with their co-workers, and that service grows from there, spreads from department to department, growing past the free tier, until IT’s hand is forced to explicit or implicit approve through support. In cases like these, shadow IT could be considered a route to innovation and official IT approval.
On the other hand, shadow IT solutions are not often in line with organizational requirements for control, documentation, security, and reliability. This can open up both security and legal risks for a company. Gartner predicted in 2016 that by 2020, a third of successful attacks experienced by enterprises will be on their shadow IT resources. It’s impossible for enterprises to secure what they’re not aware of.
There is also the issue of budgeting and spend. Research from Everest Group estimates that shadow IT comprises 50% or more of IT spending in large enterprises. While this could reduce the need for chargeback/showback processes by putting spend within individual departments, it makes technology spend far less trackable, and such fragmentation eliminates the possibility of bulk or enterprise discounting when services are purchased for the business as a whole.
Is it a problem?
As with many things, the answer is “it depends.” Any given Shadow IT project needs to be evaluated from a risk-management perspective. What is the nature of the data exposed in the project? Is it a sales engineer’s cloud sandbox where she is getting familiar with new technology? Or is it a marketing data mining and analysis project using sensitive customer information? Either way, the reaction to a Shadow IT “discovery” should not be to try to shame the users, but rather, to adapt the IT processes and provide more approved/negotiated options to the users in order to make their jobs easier. If Shadow IT is particularly prevalent in your organization, you may want to provide some risk management guidance and training of what is acceptable and what is not. In this way, Shadow IT can be turned into a strength rather than a weakness, by outsourcing the work to the end users.
But, of course, IT cannot evaluate the risk of systems it does not know about. The hardest part is still finding those in the shadows.
VMware Cloud on AWS is an integrated hybrid cloud offering jointly developed by AWS and VMware. It’s targeted at enterprises (or companies) who are looking to migrate on-premises vSphere-based workloads to public cloud, and provides access to native AWS services.
Overview of VMware Cloud on AWS
VMware Cloud on AWS provides an integrated hybrid cloud environment, allowing you to maintain a consistent infrastructure between the vSphere environment in your on-prem data center and the vSphere Software-Defined Data Center (SDDC) on AWS. It also provides a unified view and resource management of your on-prem data center and VMware SDDC on AWS with a single console.
Digital transformation continues to drive businesses to the cloud to stay competitive. But integrating public cloud with existing private cloud infrastructure requires many technical processes, and skill differences between on-prem and cloud environments to be leveraged for both of these to work simultaneously. This combined offering makes it easier for those familiar with VMware to integrate into the public cloud without having to rewrite applications or modify operating models.
One reason this offering is attractive to customers is that it provides optimized access to native AWS services including compute, database, analytics, IoT, AI/ML, security, mobile, resource deployment, and application services.
Another reason is that with automatic scaling and load balancing VMware Cloud on AWS can adapt to the changing business needs across global regions. They also position themselves as a cost-effective solution for reducing upfront investment costs with no application re-factoring or re-architecting needed when migrating. We’ll take a look at the pricing solutions it offers for on-demand and subscription models, but first, let’s see what VMware Cloud for AWS can do for the enterprise.
Use Cases for VMware Cloud on AWS
Accelerated and Simplified Data Center Migration
VMware Cloud on AWS claims to accelerate and simplify the migration process for businesses by reducing migration efforts and complexity between on-prem environments and the cloud. Once in the cloud, users can leverage VMware and AWS services to modernize applications and run mission-critical applications quickly with VMware availability and performance combined with the elastic scale of AWS.
Extend the Data Center to the Cloud with Your Existing Skillset
This offering lets users who are used to VMware keep a consistent and familiar environment on the cloud. Since VMware Cloud on AWS doesn’t require re-tooling or re-educating, IT teams can continue to deliver consistently on vSphere-based infrastructure and operations that are already implemented in existing on-prem data centers.
Add a Robust Disaster Recovery Service to Your Environment
One offering available is VMware Site Recovery: on-demand disaster recovery as a service, optimized for VMware Cloud on AWS to reduce risk without the need to maintain a secondary on-prem site. You can securely replicate workloads to VMware Cloud on AWS so you can spin them up on-demand if disaster strikes.
Flexible Dev/Test Environment
You can use VMware SDDC-consistent dev/test environments that can integrate with modern CI/CD automation tools and access native AWS services seamlessly. You can spin up an entire VMware SDDC in under two hours and scale host capacity in a few minutes.
VMware Cloud on AWS Cost Compared
So, how does the pricing shake out? Hosts can be purchased on-demand or as a 1-year or 3-year subscription. If you choose on-demand pricing, you’ll pay for the physical host by the hour that the host is active with no upfront cost, while the long-term subscription is set to provide up to 50% cost savings over an equivalent period compared to on-demand service, but you pay the costs upfront. It’s a similar idea to AWS Reserved Instances, which may or may not be worth the cost.
Depending on the use case, pricing is similar to standard AWS pricing. See how it compares in price with standard AWS or estimate your costs with the pricing estimator.
Top Tips for Using VMware Cloud on AWS
VMware Cloud on AWS is a good hybrid cloud option for those who want to stay in the VMware ecosystem while dipping their toe in AWS. Here are our top tips for using this offering:
Estimate prices in advance: One of the main reasons you want to estimate your pricing before committing to a subscription is to avoid overspend. Idle and overprovisioned resources you are not actually using result in wasted cloud spend, so make sure you’re not oversizing or spending money on cloud resources that should be turned off.
Educate stakeholders on the fact that this allows you to bridge on-premises infrastructure and public cloud without disruption.
Consider whether jumping straight to the cloud is possible for some workloads – many companies start with dev/test. If so, you may be able to skip this intermediary step.
It’s that time of year again at ParkMyCloud’s cloud optimization headquarters. Summer is in full swing, the 4th of July is on Thursday, and the USWNT is in World Cup semi-finals – let’s GO USA. And, of course, ParkMyCloud is four years old.
Anniversaries in Review
We always like to take a moment of reflection on these anniversaries –– here are our previous ones, if you’re curious:
This past year has been a big one for ParkMyCloud. As you may be aware we were acquired in May by Turbonomic, the leader in application resource management. In the short time since that acquisition, things have been nothing but positive for ParkMyCloud and our customers. ParkMyCloud remains a separate brand and we continue to invest in the product and add new features to the platform to help our customers automate cost control for AWS, Azure and Google clouds. We now have more than 1,100 organizations in more than 50 countries using ParkMyCloud, achieving an average ROI of 815%. Yes, you read that correctly – 815%!
A few interesting trends found in the cloud usage tracked in our platform over the last 12 months:
There are now more Google Cloud projects being managed in the ParkMyCloud platform than Azure subscriptions, but conversely are more Azure resources than Google resources.
We now see ParkMyCloud customers using both Azure and Google Cloud together. This is new – in the past we have seen combinations of AWS and Azure as well as AWS and Google Cloud.
Every large enterprise that was using AWS exclusively 2-3 years ago now also has some Azure resources in the platform. Combined with the last data point, you can see how multi-cloud is truly the current reality.
The resource count in the platform is up over 600% over the last year. Obviously organic growth and the acquisition of new customers drives this, but we have seen a big uptick in the use of scale groups and analytics workloads, an effect of greater needs for elasticity.
Looking Ahead: Bigger and Better Cloud Optimization and Automation Coming Soon
The big news for our customers this year has been the addition of rightsizing to the platform. We currently support automated rightsizing for AWS and Google Cloud, and will have Azure complete in a few weeks. Soon, we’ll also be offering scheduled resizing which will give you flexibility to align resizing with your internal maintenance windows and other specific times to minimize downtime. During the second half of this year, we plan to add support for containers, snapshot management and the ability to identify AWS Reserved Instances. This last addition will help users see how they are utilizing their Reserved Instances and whether their utilization needs to match their reservations. Users will also be able to plan Reserved Instance purchases based on their uptime needs, better matching reservations vs. on-demand resources with schedules.
How do we develop this roadmap and stay on a path of constant improvement? We have a lot of customer conversations and get great input from our customers on our Slack channel. We hear about containers, serverless and other more advanced PaaS offerings that users would like to manage in addition to the main culprit of cloud waste, oversized and idle resources.
As always, we are open to feedback on what’s most important to you. What would help you optimize your cloud environment? Let us know in the comments below (or if you prefer, Slack or email.)
If we don’t hear from you, we will make these ground-breaking decisions on a warm Tuesday evening at Crooked Run Brewery in Sterling, VA (that’s where some of our best ideas come from). If you are in the vicinity, swing by for a beer!