Among the many ways to purchase and consume Azure resources are Azure low priority VMs. These virtual machines are compute instances allocated from spare capacity, offered at a highly discounted rate compared to “on demand” VMs. This means they can be a great option for cost savings – for the right workloads. And we love cost savings! Here’s what you need to know about this purchasing option.
How Azure Low Priority VMs Work
The great part about these virtual machines is the price: it’s quite attractive with a fixed discount of 60-80% compared to on-demand. The “low priority” part means that these VMs can be “evicted” for higher priority jobs, which makes them suitable for fault-tolerant applications such as batch processing, rendering, testing, some dev/test workloads, containerized applications, etc.
Low priority VMs are available through Azure Batch and VM scale sets. Through Azure Batch, you can run jobs and tasks across compute pools called “batch pools”. Since batch jobs consist of discrete tasks run using multiple VMs, they are a good fit to take advantage of low priority VMs.
On the other hand, VM scale sets scale up to meet demand, and when used with low priority VMs, will only allocate when capacity is available. To deploy low priority VMs on scale sets, you can use the Azure portal, Azure CLI, Azure PowerShell, or Azure Resource Manager templates.
When it comes to eviction, you have two policy options to choose between:
Stop/Deallocate (default) – when evicted, the VM is deallocated, but you keep (and pay for) underlying disks. This is ideal for cases where the state is stored on disks.
Delete – when evicted, the VM and underlying disks are deleted. This is the recommended option for auto scaling because deallocated instances are counted against your capacity count on the scale set.
Azure Low Priority VMs vs. AWS Spot Instances
So are low priority VMs the same as AWS Spot Instances? In some ways, yes: both options allow you to purchase excess capacity at a discounted rate.
However, there are a few key differences between these options:
Fixed vs. variable pricing – AWS spot instances have variable pricing while Azure low priority VMs have a fixed price as listed on the website
Integration & flexibility – AWS’s offering is better integrated into their general environment, while Azure offers limited options for low priority VMs (for example, you can’t launch a single instance) with limited integration to other Azure services.
Visibility – AWS has broad availability of spot instances as well as a Spot Instance Advisor to help users predict availability and interruptibility. On the other hand, Azure has lower visibility into the available capacity, so it’s hard to predict if/when your workloads will run.
Should You Use Azure Low Priority VMs?
If you have fault-tolerant batch processing jobs, then yes, low priority VMs are worth a try to see if they work well for you. If you’ve used these VMs, we’re curious to hear your feedback. Have you had issues with availability? Does the lack of integrations cause any problems for you? Are you happy with the cost savings you’re getting? Let us know in the comments below.
When you create a virtual machine in Microsoft Azure, you are required to assign it to an Azure Resource Group. This grouping structure may seem like just another bit of administrivia, but savvy users will utilize this structure for better governance and cost management for their infrastructure.
What are Azure Resources Groups?
Azure Resources Groups are logical collections of virtual machines, storage accounts, virtual networks, web apps, databases, and/or database servers. Typically, users will group related resources for an application, divided into groups for production and non-production — but you can subdivide further as needed.
You will manage groups through the “Azure Resource Manager”, where you can deploy and manage groups. Benefits of the Azure Resource Manager include the ability to manage your infrastructure in a visual UI rather than through scripts; tagging management; deployment templates; and simplified role-based access control.
Group structures like Azure’s exist at the other big public clouds — AWS, for example, offers optional Resource Groups, and Google Cloud “projects” define a level of grouping that falls someplace between Azure subscriptions and Azure Resource Groups.
How to Use Azure Resource Groups Effectively for Governance
Azure resource groups are a handy tool for role-based access control (RBAC). Typically, you will want to grant user access at the group level – groups make this simpler to manage and provide greater visibility.
Effective use of tagging allows you to identify resources for technical, automation, billing, and security purposes. Tags can extend beyond resource groups, which allows you to use tags to associate groups and resources that belong to the same project, application, or service. Be sure to apply tagging best practices, such as requiring a standard set of tags to be applied before a resource is deployed, to ensure you’re optimizing your resources.
Azure Resources Groups Simplify Cost Management
Azure Resource Groups also provide a ready-made structure for cost allocation — groups make it simpler to identify costs at a project level. Additionally, you can use managing to manage resource scheduling and, when they’re no longer needed, termination.
You can do this manually, or through your cost optimization platform such as ParkMyCloud. To this end, we have just released functionality that allows you to use ParkMyCloud’s policy engine to manage Azure resources at the group level. For almost all Azure users, this means automatic assignment to teams, so you can provide governed user access to ParkMyCloud. It also means you can set on/off schedules at the group level, to turn your non-production groups off when they’re not needed. Try it out and let us know what you think.
Microsoft Azure VM types come in a wide range optimized to meet various needs. Machine types are specialized, and vary by virtual CPU (vCPU), disk capability, and memory size, offering a number of options to match any workload.
With so many options available, finding the right machine type for your workload becomes confusing – which is why we’ve created this overview of Azure VM types (as we did before with EC2 instance types, and Google Cloud machine types). Note that while AWS EC2 instance types have names associated with their purpose, Azure instance type names are simply in a series from A to N.The chart below and written descriptions are a brief and easy reference, but remember that finding the right machine type for your workload will always depend on your needs.
General purpose VMs are suitable for balanced CPU and memory, making them a great option for testing and development, smaller to medium databases, and web servers with lower traffic:
The latest family of virtual machines stand out for data protection and code confidentiality. SGX technology and a 3.7GHz Intel XEON E-2176G Processor back these machines, and in conjunction with Intel Turbo Boost Technology, they can go up to 4.7 GHz.
Dv2 VMs boast powerful CPUs – roughly 35% faster than D-series VMs – and optimized memory, great for production workloads. With the same memory and disk configurations as the D-series, based upon either a 2.4 GHz or 2.3 GHz processor and Intel Boost Technology, they can go to up to 3.1 GHz.
With expanded memory and adjustments for disk and network limits, the Dv3 series Azure VM type offers the most value to general purpose workloads. Best for enterprise applications, relational databases, in-memory caching, and analytics.
Similar to the AWS t-series machine type family, B-series VMs are burstable and ideal for workloads that do not rely on full and continuous CPU performance. Customers can purchase a VM size that builds up credits when underutilized, and the accumulated credits can be used as bursts – spikes in compute power that allow for higher CPU performance when needed. Use cases for B-series VM types include development and testing, low-traffic web servers, small databases, micro services, and more.
With a base core frequency of 2.7 GHz and a maximum single-core turbo frequency of 3.7 GHz, Fsv2 series VM types offer up to twice the performance boost for vector processing workloads. Not only do they offer great speed for any workload, the Fsv2 also offers the best value for its price based on the ratio of Azure Compute Unit (ACU) per vCPU.
F-series Azure VM types are great for workloads that require speed thanks to the 2.4 GHz Intel Xeon processor, reaching speeds up to 3.1 GHz with the Intel Turbo Boost Technology 2.0. The F-series is your best bet for fast CPUs but not so much when it comes to memory or temporary storage per vCPU. Analytics, gaming servers, web servers, and batch processing would work well with the F-series.
Memory optimized VM types are higher in memory as opposed to CPU, and best suited for relational database services, analytics, and larger caches.
For applications that require fast vCPUs, reliable temporary storage, and demand more memory, the Dv2, G, and DSv2/GS series all fit the bill for enterprise applications. The Dv2 series offers speed and power with a CPU about 34% faster than that of the D-series. Based on the 2.3 and 2.4 GHz Intel Xeon® processors and with Intel Turbo Boost Technology 2.0, they can reach up to 3.1 GHz. The Dv2-series also has the same memory and disk configurations as the D-series.
The Ev3 follows in the footsteps of the high memory VM sizes originating from the D/Dv2 families. This Azure VM types provides excellent value for general purpose workloads, boasting expanded memory (from 7 GiB/vCPU to 8 GiB/vCPU) with adjustments to disk and network limits per core basis in alignment with the move to hyperthreading.
For big data, SQL, and NoSQL databases, storage optimized VMs are the best type for their high disk throughput and IO.
VMs provide as much as 32 vCPUs with the Intel® Xeon® processor E5 v3 family. The Ls-series comes with the same CPU performance as the G/GS-Series and 8 GiB of memory per vCPU. This type works best applications requiring low latency, high throughput, and large local disk storage.
GPU VM types, specialized with single or multiple NVIDIA GPUs, work best for video editing and heavy graphics rendering – as in compute-intensive, graphics-intensive, and visualization workloads.
NC, NCv2, NCv3, and ND sizes are optimized for compute-intensive and network-intensive applications and algorithms.
NV and NVv2 sizes were made and optimized for remote visualization, streaming, gaming, encoding, and VDI scenarios.]
High Performance Compute
For the fastest and most powerful virtual machines, high performance compute is the best choice with optional high-throughput network interfaces (RDMA).
For the latest in high performance computing, the H-series Azure VM was built for handling batch workloads, analytics, molecular modeling, and fluid dynamics. These 8 and 16 vCPU VMs are built on the Intel Haswell E5-2667 V3 processor technology featuring DDR4 memory and SSD-based temporary storage.
And besides sizable CPU power, the H-series provides options for low latency RDMA networking with FDR InfiniBand and different memory configurations for supporting memory intensive compute requirements.
What Azure VM type is right for you?
With six virtual machine types belonging to multiple families and coming in a range of sizes, how do you determine the right Azure VM type for your workload? The good news is that with this many options, you’re bound to find the right type to meet your computing needs – as long as you know what those needs are. With good insight into your workload, usage trends, and business needs, you’ll be able to find the Azure VM type that’s right for you.
With a growing demand for Microsoft Azure, there’s never been a better time to seize the opportunity to learn the platform with free Azure training resources. Whether you’re an AWS expert looking to expand your cloud expertise or just getting started in your cloud computing career, there’s a training resource for every experience level and learning type. Jump in with our list of 5 free Azure training resources:
1. Microsoft Azure
The most obvious resource for free Azure training is the source itself. Microsoft does a great job of providing virtual courses, hands-on training, and documentation for users with a range of experience:
Get hands on and learn on the go with an Azure free account. It’s free to sign up and $200 credit is yours to spend in the first 30 days. That’s a month of free exploration to “test and deploy enterprise apps, create custom mobile experiences, and gain insight from your data.”
And for those who enjoy some light reading, there’s Microsoft Azure Documentation. Jump in and start learning with quickstarts, samples, and tutorials.
YouTube had to make the list. The mecca of free videos makes it easy to channel surf your way through a variety of Azure training videos. Some of the most popular channels for free Azure training include:
Microsoft Azure (69,871 subscribers) offers demos, technical insights, and training videos.
Cloud Ranger Network (19,594 subscribers) accompanies a popular blog on all things Microsoft Azure, making it a great resource for supplemented learning with both video and text.
Azure DevOps (3,256 subscribers) deserves a nod as a great niche channel for developers looking to make use of Azure’s developers services.
If anyone knows Azure – it’s GitHub. The world’s leading development platform is all about open source learning, building, and project management in a community of 28 million developers. And in an effort to make Azure the leading cloud for developers, Microsoft acquired GitHub earlier this year, making it likely that the platform will become even more rich in free Azure training. Get started on the Microsoft Azure page.
Bloggers offer new insights, ideas, and the latest on all things cloud computing – if you know where to look. CloudRanger.net is solely-focused on Microsoft Azure, along with the previously mentioned YouTube channel. Microsoft has their own Azure blog, of course. But for a more well-rounded blog with additional content on AWS and Google Cloud Platform, check out Cloud Academy.
Founded by Harvard University and MIT, EDx is a massive online course provider. Take advantage of free online university-level courses and be on your way to earning professional certifications. Azure course topics include databases, security, cosmos DB, and more.
Take Advantage of These Free Azure Training Resources
With no end in sight for cloud computing and a bright future ahead for Microsoft – free Azure training is both abundant and rewarding. We picked our top 5 resources for their reliability, quality, and range of information. Whether you’re new to Azure or consider yourself an expert, these resources will get you on the right foot.
New in ParkMyCloud: we’ve released integrations with chat clients Google Hangouts and Microsoft Teams to make cloud server monitoring easier and integrated into your day. Now, ParkMyCloud users can get notifications when their resources are about to turn on or off, when a user overrides a schedule, and more.
We created these integrations based on popular demand! ParkMyCloud has had a Slack integration since last summer. Now, we’re encountering more and more teams that set themselves up as pure Google or pure Microsoft shops, hence the need. If your team only uses Google tools – Google Cloud Platform for cloud, Google OAuth for SSO, and Google Hangouts for chat — you can use ParkMyCloud with all of these. Same with Microsoft: ParkMyCloud integrates with Microsoft Azure, ADFS, and Microsoft Teams.
ParkMyCloud notifications in Google Hangouts – note the “view resource” link will take you straight to the resource in ParkMyCloud
Here’s what actions ParkMyCloud admins can get notified on through a chat client for better cloud server monitoring:
Resource Shutdown Warning – Provides a 15-minute warning before an instance is scheduled to be parked due to a schedule or expiring schedule override.
User Actions – These are actions performed by users in ParkMyCloud such as manual resource state toggles, attachment or detachment of schedules, credential updates, etc.
Parking Actions – These are actions specifically related to parking such as automatic starting or stopping of resources based on defined parking schedules.
Policy Actions – These are actions specifically related to configured policies in ParkMyCloud such as automatic schedule attachments based on a set rule.
System Errors – These are errors occurring within the system itself such as discovery errors, parking errors, invalid credential permissions, etc.
System Maintenance and Updates – These are the notifications provided via the banner at the top of the dashboard.
There are a few ways these can be useful. If you’re an IT administrator and you see your users toggling resource states frequently, the notifications may help you determine the best parking schedule for the users’ needs.
Or let’s say you’re a developer deep in a project and you get a notification that your instance is about to be shut down — but you still need that instance while you finish your work. Right in your Microsoft Teams window, you can send an override command to ParkMyCloud to keep the instance running for a couple more hours.
ParkMyCloud notifications in Microsoft Teams
These integrations give ParkMyCloud users a better perspective into cloud server monitoring, right in the same workspaces they’re using every day. Feedback? Comment below or shoot us an email – we are happy to hear from you!
P.S. We also just created a user community on Slack! Feel free to join here for cloud cost, automation, and DevOps discussions.
When companies move from on-prem workloads to the cloud, common concerns arise around costs, security, and cloud user management. Each cloud provider handles user permissions in a slightly different way, with varying terminology and roles available to assign to each of your end users. Let’s explore a few of the differences in users and roles within Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform, and Alibaba Cloud.
AWS IAM Users and Roles
AWS captures all user and role management within IAM, which stands for “Identity and Access Management”. Through IAM, you can manage your users and roles, along with all the permissions and visibility those users and service accounts have within your AWS account. There are a couple different IAM entities:
Users – used when an actual human will be logging in
Roles – used when service accounts or scripts will be interacting with resources
Both users and roles can have IAM policies attached, which give specific permissions to operate or view any of the other AWS services.
Azure utilizes the RBAC system within Resource Manager for user permissions, which stands for “Role Based Access Control”. Granting access to Azure resources starts with creating a Security Principal, which can be one of 3 types:
User – a person who exists in Azure Active Directory
Group – a collection of users in Azure Active Directory
Service Principal – an application or service that needs to access a resource
Each Security Principal can be assigned a Role Definition, which is a collection of permissions that they can utilize to view or access resources in Azure. There are a few built-in Role Definitions, such as Owner, Contributor, Reader, and User Access Administrator, but you can also create custom role definitions as well depending on your cloud user management needs. Roles may be assigned on a subscription by subscription basis.
Google Cloud Platform IAM
Google Cloud Platform also uses the term IAM for their user permissions. The general workflow is to grant each “identity” a role that applies to each resource within a project. An identity can be any of the following:
Google account – any user with an email that is associated with a Google account
Service account – an application that logs in through the Google Cloud API
Google group – a collection of Google accounts and service accounts
G Suite domain – all Google accounts under a domain in G Suite
Cloud Identity domain – all Google accounts in a non-G-Suite organization
Roles in Google Cloud IAM are a collection of permissions. There are some primitive roles (Owner, Editor, and Viewer), some predefined roles, and the ability to create custom roles with specific permissions through an IAM policy.
Alibaba Cloud RAM
Alibaba Cloud has a service called RAM (Resource Access Management) for managing user identities. These identities work in slightly different ways than the other cloud service providers, though they have similar names:
RAM-User – a single real identity, usually a person but can also be a service account
RAM-Role – a virtual identity that can be assigned to multiple real identities
RAM users and roles can have one or more authorization policies attached to them, which in turn can each have multiple permissions in each policy. These permissions then work similarly to other CSPs, where a User or Role can have access to view or act upon a given resource.
Cloud User Management – Principles to Follow, No Matter the Provider
As you can see, each cloud service provider has a way to enable users to access the resources they need in a limited scope, though each method is slightly different. Your organization will need to come up with the policies and roles you want your users to have, which is a balancing act between allowing users to do their jobs and not letting them break the bank (or your infrastructure). The good news is that you will certainly have the tools available to provide granular access control for your cloud user management, regardless of the cloud (or clouds) you’re using.