Companies going to the Cloud with their business, products or services, face the same kind of challenges and tend to fall into the same kind of pits. The biggest challenge is that the Cloud feels quite different from anything you knew before. This can lead to doubt and slow adoption pace. Worst case it leads to failures and even rejection. Some jump in fearlessly in happy-go-lucky-style when adopting a Cloud strategy for their company. They can certainly become somewhat productive, but it is not very likely your result will be optimal to your needs. At least not straight away. The danger is that this new-found freedom might feel like and might be a great improvement from before. What’s the problem then? The perceived efficiency can trick people into not seeking or finding their good or even best solution in the Cloud.
What if these fearless enthusiasts knew the rest of the story – how great would their future be then? How does one find the whole story in the Cloud when it’s shrouded in, well, clouds? How much time should we spend searching for a good path doubting if we are doing it the right way? Time is always our most expensive commodity in any Enterprise. In the beginning in the Cloud footing will feel a little wobbly. I have seen several Cloud projects progress too slowly or even halt when companies feel unsure of how to proceed – if they proceed at all.
The Azure Platform has evolved from crude to handle into an enabling platform which makes you and your business reach unparalleled productivity and efficiency when you start using the full capabilities offered! Here are a few things to consider:
The Azure Platform supports Role Based Access Control (RBAC).
This is great because one of the first concerns or objections I hear when a company is adopting Cloud is a sense of losing control. With RBAC you can grant least privilege level access to the developers and operations personnel that are charged with working with your Azure Resources. This means that not only is it difficult for someone to sabotage you externally be stealing credentials, or internally by being a malicious employee and it is also not possible to access the wrong environments by accident. RBAC was not always in Azure and many companies that have been on Azure for years still do not use this feature so secure access to corporate Azure resources. Unfortunately, a low level of security awareness has festered become ingrained into the corporate culture which means that they have stopped paying attention to the great risk they are potentially exposing their company, their intellectual property (IP) and their data to. I visited a bank once with a lot of Azure subscriptions and hundreds of mission critical assets in the Cloud. Their lead Architect proudly signed in and showed me all their resources in Azure. All the while I could not help but to think that this company, this bank, was only one password away from letting someone into the root of their core business. This was not even a two-factor-authenticated user identity. I was stunned. Which security audit do you think that would have passed? When you use the Cloud, you need to grant the right access level to the right users, IT-Staff, Developers, Testers, etc. You do that in such a way that each identity gets least privilege access, only gets access on demand and you ensure there are clear security boundaries between different parts of your services and assets.
The next thing that usually hinders and hampers a healthy Cloud adoption is the perceived lack of overview of cost and the reported risk of doing the wrong thing which can be expensive. I agree, the Azure Platform offers great opportunity to shoot yourself in the foot and incur for instance runaway costs. Fortunately, the Azure Platform also offers you the ability to tag all resources you provision. At the end of the month you will get a detailed bill outlining the exact cost for every transferred byte and every CPU cycle consumed. With these tags added in the right way you can group costs of similar origin, for instance “Department”, “Cost center”, “Environment, whatever you like. This enables you to follow up on the trend lines for those costs for each grouping within your Enterprise.
If not every co-worker applies the corporately mandated tagging when they create new resources, you can still end up with orphaned resources. “Whose database is that one which is costing us money each month? To which environment does it belong and who owns it? Can I delete it or am I throwing away some critical data if I do?” Wouldn’t it be great if everyone always did what they were supposed to do and applied the correct tags? You know this will not happen, right? Isn’t it great then that you can apply policy to your Azure subscriptions so that incorrect provisioning can simply be denied, corrected or at least audited as it happens?
A policy which states that you are denied deploying in any other region than west or north Europe:
{ "if" : { "not" : { "field" : "location", "in" : [“westeurope", “northeurope"] } }, "then" : { "effect" : "deny" } }
You will get audit trace on who did what to which resource at which time and what was the outcome of the operation? You can even prevent your developers from, for instance, creating Godzilla sized Virtual Machines just because they thought it was funny. (Godzilla, or G-series, is a very large VM size available in Azure. Great and powerful machines and quite expensive.) All the power you need to categorize, control and constrain cost are there in the Platform. You need to learn how to take advantage of it.
Now you are secure and you have control over costs. It is time to become even more efficient. Unless you use resources in Azure in an optimized way you will be giving away free money to Microsoft. “If you run it we will charge you for it”! I’m sure Microsoft won’t mind but they do at the same time care that you are a satisfied customer which in this case means you need to be enabled to be an efficient customer. While the Cloud may be considered infinite from your perspective (it stretches all the way to the end of your credit limit) it is still a finite and costly resource for the provider, Microsoft. If they can greater numbers of more satisfied customers into the same data centers, the same hardware, it will be a good deal for them and it will be a great deal for you! This is one of the key promises in the Cloud: To enable you to pay only for what you use. In Azure, you can automate (, automate, automate – you must always say that word three times) every aspect of your resource usage in such a way that you can cut costs while being completely assured to deploy the same resources in the same way repeatedly efficiently and without fault. In the Azure Platform, there are capabilities for “infrastructure as code” known as Azure Resource Management (ARM).
With ARM, you can create templatized sets of resources that map to your business. You can parameterize them to provision the same environment multiple times and to create separate environments for the different concerns of production, staging, testing and development. You can even automate environment creation for temporary test scenarios, and completely delete resources for development over the weekend or the holidays when no developers are using them. Resources that do not exist in the Cloud will cost you nothing and all the minutes that you run resources will incur cost. Learning about automation, automation, automation is always a winning proposition and in the Azure Platform there are ample opportunities to greatness in this regard.
All the features above and more are already in the Platform. Azure has your back! Problem is that most companies are underusing them because they just don’t know and can’t take advantage.
I can’t tell you how many times I have assisted and guided efforts where the missing features were right in front of them. – “Oh, really? I did not know you could do that! That’s great and helps so much!” Knowledge is key here and there are several ways to gain it. In case you want to go hands on with these features and more I have a workshop ready for you. It is offered currently at the NDC Oslo pre-conference and I can always special deliver on request. In this workshop, you will unlock the fundamental truths and skills about Azure. After this workshop, you will have full understanding and control of the nature of the Azure Platform which enables you to get to the Cloud. Azure Wizardry Workshops.
You should absolutely work to adopt these strategies to get a healthy, high quality experience of the Cloud. Simply put the secret to productivity in the Cloud is to know what the heck you are doing! I feel like there should be a smiley here. Strategically the smart thing to do when you get going to the Cloud is to get experts in the room early on to set the stage. Time, again, is always the most expensive commodity. A good guide can give you a map, a compass and directions on how to get to the Cloud enjoyably, effectively and expediently! Good luck!