How to Use Azure Resource Groups for Better VM Management

How to Use Azure Resource Groups for Better VM Management

When you create a virtual machine in Microsoft Azure, you are required to assign it to an Azure Resource Group. This grouping structure may seem like just another bit of administrivia, but savvy users will utilize this structure for better governance and cost management for their infrastructure.

What are Azure Resources Groups?

Azure Resources Groups are logical collections of virtual machines, storage accounts, virtual networks, web apps, databases, and/or database servers. Typically, users will group related resources for an application, divided into groups for production and non-production — but you can subdivide further as needed.

You will manage groups through the “Azure Resource Manager”, where you can deploy and manage groups. Benefits of the Azure Resource Manager include the ability to manage your infrastructure in a visual UI rather than through scripts; tagging management; deployment templates; and simplified role-based access control.

Group structures like Azure’s exist at the other big public clouds — AWS, for example, offers optional Resource Groups, and Google Cloud “projects” define a level of grouping that falls someplace between Azure subscriptions and Azure Resource Groups.

How to Use Azure Resource Groups Effectively for Governance

Azure resource groups are a handy tool for role-based access control (RBAC). Typically, you will want to grant user access at the group level – groups make this simpler to manage and provide greater visibility.

Effective use of tagging allows you to identify resources for technical, automation, billing, and security purposes. Tags can extend beyond resource groups, which allows you to use tags to associate groups and resources that belong to the same project, application, or service. Be sure to apply tagging best practices, such as requiring a standard set of tags to be applied before a resource is deployed, to ensure you’re optimizing your resources.

Azure Resources Groups Simplify Cost Management

Azure Resource Groups also provide a ready-made structure for cost allocation  — groups make it simpler to identify costs at a project level. Additionally, you can use managing and to manage resource scheduling and, when they’re no longer needed, termination.

You can do this manually, or through your cost optimization platform such as ParkMyCloud. To this end, we have just released functionality that allows you to use ParkMyCloud’s policy engine to manage Azure resources at the group level. For almost all Azure users, this means automatic assignment to teams, so you can provide governed user access to ParkMyCloud. It also means you can set on/off schedules at the group level, to turn your non-production groups off when they’re not needed. Try it out and let us know what you think.

Microsoft Azure VM Types Comparison

Microsoft Azure VM Types Comparison

Microsoft Azure VM types come in a wide range optimized to meet various needs. Machine types are specialized, and vary by virtual CPU (vCPU), disk capability, and memory size, offering a number of options to match any workload.

With so many options available, finding the right machine type for your workload becomes confusing – which is why we’ve created this overview of Azure VM types (as we did before with EC2 instance types, and Google Cloud machine types). Note that while AWS EC2 instance types have names associated with their purpose, Azure instance type names are simply in a series from A to N.The chart below and written descriptions are a brief and easy reference, but remember that finding the right machine type for your workload will always depend on your needs.

General Purpose

General purpose VMs are suitable for balanced CPU and memory, making them a great option for testing and development, smaller to medium databases, and web servers with lower traffic:

DC-series

The latest family of virtual machines stand out for data protection and code confidentiality. SGX technology and a 3.7GHz Intel XEON E-2176G Processor back these machines, and in conjunction with Intel Turbo Boost Technology, they can go up to 4.7 GHz.

Av2 Series

A-series VMs have a CPU-to-memory ratio that works best for entry level workloads, like those for development and testing. Sizing is throttled for consistent processor performance to run the instance.

Dv2-series

Dv2 VMs boast powerful CPUs – roughly 35% faster than D-series VMs – and optimized memory, great for for production workloads. With the same memory and disk configurations as the D-series, based upon either a 2.4 GHz or 2.3 GHz processor and Intel Boost Technology, they can go to up to 3.1 GHz.

Dv3-series

With expanded memory and adjustments for disk and network limits, the Dv3 series Azure VM type offers the most value to general purpose workloads. Best for enterprise applications, relational databases, in-memory caching, and analytics.

B-series

Similar to the AWS t-series machine type family, B-series VMs are burstable and ideal for workloads that do not rely on full and continuous CPU performance. Customers can purchase a VM size that builds up credits when underutilized, and the accumulated credits can be used as bursts – spikes in compute power that allow for higher CPU performance when needed. Use cases for B-series VM types include development and testing, low-traffic web servers, small databases, micro services, and more.

Dsv3-series

With premium storage and a 2.4 or 2.3 GHz Intel Xeon processor that can achieve 3.5 GHz thanks to Intel Turbo Boost Technology 2.0, the Dsv3-series is best suited for most production workloads.  

Compute Optimized

Compute optimized Azure VM types offer a high CPU-to-memory ratio. They’re suitable for medium traffic web servers, network appliances, batch processing, and application servers.

Fsv2-series

With a base core frequency of 2.7 GHz and a maximum single-core turbo frequency of 3.7 GHz, Fsv2 series VM types offer up to twice the performance boost for vector processing workloads. Not only do they offer great speed for any workload, the Fsv2 also offers the best value for its price based on the ratio of Azure Compute Unit (ACU) per vCPU.

F-series

F-series Azure VM types are great for workloads that require speed thanks to the 2.4 GHz Intel Xeon processor, reaching speeds up to 3.1 GHz with the Intel Turbo Boost Technology 2.0. The F-series is your best bet for fast CPUs but not so much when it comes to memory or temporary storage per vCPU. Analytics, gaming servers, web servers, and batch processing would work well with the F-series.

Memory Optimized

Memory optimized VM types are higher in memory as opposed to CPU, and best suited for relational database services, analytics, and larger caches.

M-Series

Enterprise applications and large databases will benefit most from the M-series for having the most memory (up to 3.8 TiB) and the highest vCPU count (up to 128) of any VM in the cloud.

Dv2-series, G-series, and the DSv2/GS

For applications that require fast vCPUs, reliable temporary storage, and demand more memory, the Dv2, G, and DSv2/GS series all fit the bill for enterprise applications. The Dv2 series offers a speed and power with a CPU about 34% faster than that of the D-series. Based on the 2.3 and 2.4 GHz Intel Xeon® processors and with Intel Turbo Boost Technology 2.0, they can reach up to 3.1 GHz. The Dv2-series also has the same memory and disk configurations as the D-series.

Ev3-series

The Ev3 follows in the footsteps of the high memory VM sizes originating from the D/Dv2 families. This Azure VM types provides excellent value for general purpose workloads, boasting expanded memory (from 7 GiB/vCPU to 8 GiB/vCPU) with adjustments to disk and network limits per core basis in alignment with the move to hyperthreading.

Storage Optimized

For big data, SQL, and NoSQL databases, storage optimized VMs are the best type for their high disk throughput and IO.

Ls-series

VMs provide as much as 32 vCPUs with the Intel® Xeon® processor E5 v3 family. The Ls-series comes with the same CPU performance as the G/GS-Series and 8 GiB of memory per vCPU. This type works best applications requiring low latency, high throughput, and large local disk storage.

GPU

GPU VM types, specialized with single or multiple NVIDIA GPUs, work best for video editing and heavy graphics rendering – as in compute-intensive, graphics-intensive, and visualization workloads.

  • NC, NCv2, NCv3, and ND sizes are optimized for compute-intensive and network-intensive applications and algorithms.
  • NV and NVv2 sizes were made and optimized for remote visualization, streaming, gaming, encoding, and VDI scenarios.]

High Performance Compute

For the fastest and most powerful virtual machines, high performance compute is the best choice with optional high-throughput network interfaces (RDMA).

H-series

For the latest in high performance computing, the H-series Azure VM was built for handling batch workloads, analytics, molecular modeling, and fluid dynamics. These 8 and 16 vCPU VMs are built on the Intel Haswell E5-2667 V3 processor technology featuring DDR4 memory and SSD-based temporary storage.

And besides sizable CPU power, the H-series provides options for low latency RDMA networking with FDR InfiniBand and different memory configurations for supporting memory intensive compute requirements.

What Azure VM type is right for you?

With six virtual machine types belonging to multiple families and coming in a range of sizes, how do you determine the right Azure VM type for your workload? The good news is that with this many options, you’re bound to find the right type to meet your computing needs – as long as you know what those needs are. With good insight into your workload, usage trends, and business needs, you’ll be able to find the Azure VM type that’s right for you.

 

5 Free Azure Training Resources

5 Free Azure Training Resources

With a growing demand for Microsoft Azure, there’s never been a better time to seize the opportunity to learn the platform with free Azure training resources. Whether you’re an AWS expert looking to expand your cloud expertise or just getting started in your cloud computing career, there’s a training resource for every experience level and learning type. Jump in with our list of 5 free Azure training resources:  

1. Microsoft Azure

The most obvious resource for free Azure training is the source itself. Microsoft does a great job of providing virtual courses, hands-on training, and documentation for users with a range of experience:  

  • Get hands on and learn on the go with an Azure free account. It’s free to sign up and $200 credit is yours to spend in the first 30 days. That’s a month of free exploration to “test and deploy enterprise apps, create custom mobile experiences, and gain insight from your data.”  
  • And for those who enjoy some light reading, there’s Microsoft Azure Documentation. Jump in and start learning with quickstarts, samples, and tutorials.

2. YouTube

YouTube had to make the list. The mecca of free videos makes it easy to channel surf your way through a variety of Azure training videos. Some of the most popular channels for free Azure training include:

  • Microsoft Azure (69,871 subscribers) offers demos, technical insights and training videos.
  • Cloud Ranger Network  (19,594 subscribers) accompanies a popular blog on all things Microsoft Azure, making it a great resource for supplemented learning with both video and text.
  • Azure DevOps (3,256 subscribers) deserves a nod as a great niche channel for developers looking to make use of Azure’s developers services.

3. GitHub

If anyone knows Azure – it’s GitHub. The world’s leading development platform is all about open source learning, building, and project management in a community of 28 million developers. And in an effort to make Azure the leading cloud for developers, Microsoft acquired GitHub earlier this year, making it likely that the platform will become even more rich in free Azure training. Get started on the Microsoft Azure page.

4. Blogs

Bloggers offer new insights, ideas, and the latest on all things cloud computing – if you know where to look. CloudRanger.net is solely-focused on Microsoft Azure, along with the previously mentioned YouTube channel. Microsoft has their own Azure blog, of course. But for a more well-rounded blog with additional content on AWS and Google Cloud Platform, check out Cloud Academy.

5. EDx

Founded by Harvard University and MIT, EDx is a massive online course provider. Take advantage of free online university-level courses and be on your way to earning professional certifications. Azure course topics include databases, security, cosmos DB, and more.

Take Advantage of These Free Azure Training Resources

With no end in sight for cloud computing and a bright future ahead for Microsoft – free Azure training is both abundant and rewarding. We picked our top 5 resources for their reliability, quality, and range of information. Whether you’re new to Azure or consider yourself an expert, these resources will get you on the right foot.

Further reading:

Google Hangouts & Microsoft Teams Integrations for Cloud Server Monitoring

New in ParkMyCloud: we’ve released integrations with chat clients Google Hangouts and Microsoft Teams to make cloud server monitoring easier and integrated into your day. Now, ParkMyCloud users can get notifications when their resources are about to turn on or off, when a user overrides a schedule, and more.

We created these integrations based on popular demand! ParkMyCloud has had a Slack integration since last summer. Now, we’re encountering more and more teams that set themselves up as pure Google or pure Microsoft shops, hence the need. If your team only uses Google tools – Google Cloud Platform for cloud, Google OAuth for SSO, and Google Hangouts for chat — you can use ParkMyCloud with all of these. Same with Microsoft: ParkMyCloud integrates with Microsoft Azure, ADFS, and Microsoft Teams.  

ParkMyCloud notifications in Google Hangouts – note the “view resource” link will take you straight to the resource in ParkMyCloud

Here’s what actions ParkMyCloud admins can get notified on through a chat client for better cloud server monitoring:

  • Resource Shutdown Warning – Provides a 15-minute warning before an instance is scheduled to be parked due to a schedule or expiring schedule override.
  • User Actions – These are actions performed by users in ParkMyCloud such as manual resource state toggles, attachment or detachment of schedules, credential updates, etc.
  • Parking Actions – These are actions specifically related to parking such as automatic starting or stopping of resources based on defined parking schedules.
  • Policy Actions – These are actions specifically related to configured policies in ParkMyCloud such as automatic schedule attachments based on a set rule.
  • System Errors – These are errors occurring within the system itself such as discovery errors, parking errors, invalid credential permissions, etc.
  • System Maintenance and Updates – These are the notifications provided via the banner at the top of the dashboard.

There are a few ways these can be useful. If you’re an IT administrator and you see your users toggling resource states frequently, the notifications may help you determine the best parking schedule for the users’ needs.

Or let’s say you’re a developer deep in a project and you get a notification that your instance is about to be shut down — but you still need that instance while you finish your work. Right in your Microsoft Teams window, you can send an override command to ParkMyCloud to keep the instance running for a couple more hours.

ParkMyCloud notifications in Microsoft Teams

These integrations give ParkMyCloud users better perspective into cloud server monitoring, right in the same workspaces they’re using every day. Feedback? Comment below or shoot us an email – we are happy to hear from you!

P.S. We also just created a user community on Slack! Feel free to join here for cloud cost, automation, and DevOps discussions.

Cloud User Management Comparison: AWS vs. Azure vs. GCP vs. Alibaba Cloud

Cloud User Management Comparison: AWS vs. Azure vs. GCP vs. Alibaba Cloud

When companies move from on-prem workloads to the cloud, common concerns arise around costs, security, and cloud user management. Each cloud provider handles user permissions in a slightly different way, with varying terminology and roles available to assign to each of your end users. Let’s explore a few of the differences in users and roles within Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform, and Alibaba Cloud.

AWS IAM Users and Roles

AWS captures all user and role management within IAM, which stands for “Identity and Access Management”. Through IAM, you can manage your users and roles, along with all the permissions and visibility those users and service accounts have within your AWS account. There are a couple different IAM entities:

  • Users – used when an actual human will be logging in
  • Roles – used when service accounts or scripts will be interacting with resources

Both users and roles can have IAM policies attached, which give specific permissions to operate or view any of the other AWS services.

Azure RBAC

Azure utilizes the RBAC system within Resource Manager for user permissions, which stands for “Role Based Access Control”. Granting access to Azure resources starts with creating a Security Principal, which can be one of 3 types:

  • User – a person who exists in Azure Active Directory
  • Group – a collection of users in Azure Active Directory
  • Service Principal – an application or service that needs to access a resource

Each Security Principal can be assigned a Role Definition, which is a collection of permissions that they can utilize to view or access resources in Azure. There are a few built-in Role Definitions, such as Owner, Contributor, Reader, and User Access Administrator, but you can also create custom role definitions as well depending on your cloud user management needs.  Roles may be assigned on a subscription by subscription basis.

Google Cloud Platform IAM

Google Cloud Platform also uses the term IAM for their user permissions. The general workflow is to grant each “identity” a role that applies to each resource within a project. An identity can be any of the following:

  • Google account – any user with an email that is associated with a Google account
  • Service account – an application that logs in through the Google Cloud API
  • Google group – a collection of Google accounts and service accounts
  • G Suite domain – all Google accounts under a domain in G Suite
  • Cloud Identity domain – all Google accounts in a non-G-Suite organization

Roles in Google Cloud IAM are a collection of permissions. There are some primitive roles (Owner, Editor, and Viewer), some predefined roles, and the ability to create custom roles with specific permissions through an IAM policy.

Alibaba Cloud RAM

Alibaba Cloud has a service called RAM (Resource Access Management) for managing user identities. These identities work in slightly different ways than the other cloud service providers, though they have similar names:

  • RAM-User – a single real identity, usually a person but can also be a service account
  • RAM-Role – a virtual identity that can be assigned to multiple real identities

RAM users and roles can have one or more authorization policies attached to them, which in turn can each have multiple permissions in each policy. These permissions then work similarly to other CSPs, where a User or Role can have access to view or act upon a given resource.

Cloud User Management – Principles to Follow, No Matter the Provider

As you can see, each cloud service provider has a way to enable users to access the resources they need in a limited scope, though each method is slightly different. Your organization will need to come up with the policies and roles you want your users to have, which is a balancing act between allowing users to do their jobs and not letting them break the bank (or your infrastructure). The good news is that you will certainly have the tools available to provide granular access control for your cloud user management, regardless of the cloud (or clouds) you’re using.

6 Types of Overprovisioned Resources Wasting Money on Your Cloud Bill

6 Types of Overprovisioned Resources Wasting Money on Your Cloud Bill

In our ongoing discussion on cloud waste, we recently talked about orphaned resources eating away at your cloud budget, but there’s another type of resource that’s costing you money needlessly and this one is hidden in plain sight – overprovisioned resources. When you looked at your initial budget and made your selection of cloud services, you probably had some idea of what resources you needed and in what sizes. Now that you’re well into your usage, have you taken the time to look at those metrics and analyze whether or not you’ve overprovisioned?

One of the easiest ways to waste money is by paying for more than you need and not realizing it. Here are 6 types of overprovisioned resources that contribute to cloud waste.  

Unattached/Underutilized Volumes

As a rule of thumb, it’s a good idea to delete volumes that are not attached to instances or VMs. Take the example of AWS EBS volumes unattached to EC2 instances – if you’re not using them, then all they’re doing is needlessly accruing charges on your monthly bill. And even if your volume is attached to an instance, it’s billed separately, so you should also make a practice of deleting volumes you no longer need (after you backup the data, of course).

Underutilized database warehouses

Data warehouses like Amazon Redshift, Google Cloud Datastore, and Microsoft Azure SQL Data Warehouse  were designed as a simple and cost-effective way to analyze data using standard SQL and your existing Business Intelligence (BI) tools. But to get the most cost savings benefits, you’ll want to identify any clusters that appear to be underutilized and rightsize them to lower costs on your monthly bill.

Underutilized relational databases

Relational databases such as Amazon RDS, Azure SQL, and Google Cloud SQL offer the ability to directly run and manage a relational database without managing the infrastructure that the database is running on or having to worry about patching of the database software itself.

As a best practice, Amazon recommends that you check the configuration of your RDS for any idle DB instances. You should consider a DB instance idle if it has not had a connection for a prolonged period of time, and proceed by deleting the instance to avoid unnecessary charges. If you need to keep storage for data on the instance, there are other cost-effective alternatives to deleting altogether, like taking snapshots. But remember – manual snapshots are retained, taking up storage and costing you money until you delete them.

Underutilized Instances/VMs

We often preach about idle instances and how they waste money, but sizing your instances incorrectly is just as detrimental to your monthly bill. It’s easy to overspend on large instances or VMs that are you don’t need. With any cloud service, whether it’s AWS, Azure, or GCP, you should always “rightsize” your instances and VMs by picking the instance size that is optimized for the size of your workload – be it compute optimized, memory optimized, GPU optimized, or storage optimized.

Once your instance has been running for some time, you’ll have a better idea of whether not the chosen size is optimal. Review your usage and make cost estimates with AWS Management Console, Amazon CloudWatch, and AWS Trusted Advisor if you’re using AWS. Azure users can review their metrics from Azure Monitor data, and Google users can import GCP metrics data for GCP virtual machines. Use this information to find under-utilized resources that can be resized to better optimize costs

Inefficient Containerization

Application containerization allows multiple applications to be distributed across a single host operating system without requiring their own VM, which can lead to significant cost savings. It’s possible that developers will launch multiple containers and fail to terminate them when they are no longer required, wasting money. Due to the number of containers being launched compared to VMs, it will not take long for container-related cloud waste to match that of VM-related cloud waste.

The problem with controlling cloud spend using cloud management software is that many solutions fail to identify unused containers because the solutions are host-centric rather than role-centric.  

Idle hosted caching tools (Redis)

Hosted caching tools like Amazon ElastiCache offer high performance, scalable, and cost-effective caching. ElastiCache also supports Redis, an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker. While caching tools are highly useful and can save money, it’s important to identify idle cluster nodes and delete them from your account to avoid accruing charges on your monthly bill. Be cognizant of average CPU utilization and get into the practice of deleting the node if your average utilization is under designated minimum criteria that you set.

How to Combat Overprovisioned Resources (and lower your cloud costs)

Now that you have a good idea of ways you could be overprovisioning your cloud resources and needlessly running up your cloud bill – what can you do about it? The end-all-be-all answer is “be vigilant.” The only way to be sure that your resources are cost-optimal is with constant monitoring of your resources and usage metrics. Luckily, optimization tools can help you identify and automate some of these best practices and do a lot of the work for you, saving time and money.

Page 1 of 612345...Last »