Azure Site Recovery Deployment Planner

As per the following Azure blog post, the Azure Site Recovery (ASR) Deployment Planner tool was released earlier this month, following previews earlier in the year. The tool aims to provide a friction-free way to assess your existing Hyper-V/VMware estates allowing you to understand the costs for compute, network, storage and licensing to protect your workloads to the cloud (including the difficult to understand ones, like initial replication costs..).

I’ve blogged before that I think the ASR solution is a great way to either provide secondary or even tertiary instances of your on-premises workloads in a secondary location with minimal effort and cost. Previously it has been fairly time consuming and manual to gather the information required to correctly estimate costings in Azure.

Let’s have a quick look at the tool from a Hyper-V perspective. The tool is command line based, and can be downloaded from here. Once downloaded you’ll need to extract it onto a workstation that has access to the environment you’ll be assessing. My environment consists of a standalone device with Hyper-V enabled and a couple of VMs. The tool can be executed against clusters if you were in a larger/production setup.

The following link provides additional detail and optional parameters that can be used.

Generate your list of VMs

The first thing I did was generated a .txt file containing the hostname of my Hyper-V host. This can either be IP, individual hostnames, or cluster name. I then executed the following command to retrieve an export of machines running on the host:

image

Profile your VMs

Once you have a list of VMs, it’s now time to profile them. Profiling monitors your virtual machines to collect performance data. Again it is command line based and you have the option to configure settings such as how long the profiling will take place (minutes, hours, days) if you wish. Note: 30 minutes is the minimum duration.

In addition, you can connect an Azure storage account to profile the performance from the host(s) to Azure for additional info. As per the guidance in the Microsoft documentation the general recommendation is 7 days, however as always with any sizing tools 31 days is preferred to capture monthly anomalies. I used the generated list of VMs and executed the following command as a next-step:

image

I created an infinite loop in PowerShell to simulate some CPU load on one of the VMs, rather than it just staying static:

image

Report Generation

Once you have finished profiling, you can execute the tool in report generation mode. This creates an Excel file (.xlsm) which provides a summary of all of the deployment recommendations. To complete this example, I executed the following command:

image

Job done! – The report is now saved in the location detailed above. The report contains a number of areas, with the opening page looking as follows:

image

image

There are many tabs included which breaks down individual details. One thing to bear in mind is configuring the frequency of DR drills and how long they last, as that will affect the costings. The default assumes 4 test failovers per year, lasting 7 days each time. You will want to reduce/increase this accordingly.

This tool contains many good recommendations above and beyond cost, e.g. initial required network bandwidth to fulfil replication, the recommendation as to what VM type, and where to place storage (standard/premium) as well as the throughput from the host platform to an Azure Storage account. Give it a try!

Hints and tips to optimise your Azure costs!

Frustration

It costs too much!

I didn’t expect this bill!

Why am I being charged for this?!

How do I know what I’ll be spending next month!

These are all common queries I hear from customers concerned about their cloud spend when transitioning away from traditional infrastructure. IT teams (as well as finance depts.) are relatively comfortable justifying expenditure every 3, 5 or 7/10 years (if they’re unlucky!) to perform a refresh of their infrastructure hardware, generally through capital based expenditure. However when transitioning to the cloud and operational based expenditure (in most circumstances) this makes the spend much more transparent and therefore increases the accountability on IT teams to justify costs.

Note: Hints and tips are at the bottom, if you want to skip ahead!

Understanding your existing IT ops cost

There are many hidden costs associated with the operation of on-premises infrastructure, some of which are hidden entirely from IT. Broad generalisation incoming! For the most part, (and there are lots of exceptions) IT teams are very good at understanding the costs associated with the components that make up the infrastructure, e.g. servers, racks, network devices, storage, cabling etc. When it comes to other costs such as estates, power, cooling, security and the associated costs with maintaining and managing infrastructure – these are often less understood.

This makes understanding the true cost (per hour or minute) of running an application or service difficult to understand and thus it is different to perform a like for like comparison against a typical cloud service, such as a virtual machine, or database.

As an example let’s take the requirement to run a workload running on a single Windows virtual machine with 4 cores, 16GB memory and 500GB data. Through the Azure pricing calculator this is quick to model:

clip_image002

The above demonstrates clear ops based pricing on a monthly and yearly basis (yes, other components may be required, e.g. VPN gateway) to run the virtual machine workload. This factors in all ancillary costs for Microsoft to run the workload on their infrastructure. Performing the above activity on-premises is much more difficult as you need to understand all the ancillary costs discussed earlier in the post (e.g. estates, power, cooling, etc.), whilst also attempting to break this down into a catalogue of services that you can price individually (e.g. virtual machine, website, database) in order to directly equate costs.

Due to commodities of scale in the hyper-scale cloud platforms like Azure, it is unlikely that you will be able to compete (unless you own your own estate, generate your own power, and manufacture your own hardware!). The following illustrates the catalogue of services available in Azure, each individually priced:

clip_image003

Appreciating Cloud

It is my opinion that the lack of appreciation or understanding of the true cost to operate services on-premises often leads to some of the concerns I discussed in the opening paragraph (remember, it costs too much!) – however this is not the only reason. Many times organisations have a legitimate concern over their cloud spend due to a lack of understanding of the nature of PAYG cloud as well as not using methods that are available to them to get the best possible value out of their cloud spend.

The following paragraphs detail a number of techniques, solutions and methods (some of which only made available recently) to help reduce your spend in Azure through optimising your services and playing cloud at its own game!

Hints & Tips

Remember you are paying as you go (PAYG) in the cloud. Dependent upon the resource type, cloud providers charge per minute or hour. Azure is largely per minute for most resources and is more granular than most providers. It is key to remember this as you can greatly reduce spend by keeping it simple and turning off workloads when not required! Specific to virtual machines, a good example includes domain controllers that typically receive much less demand out of core hours. Other examples may include servers that are part of a load balanced farm, again similar principles applies in that it can be powered off if you know demand has fallen. Again technologies such as Azure Automation (free for the first 500 minutes per month) can be used to do this on a schedule so you don’t even have to remember! Equally, take a look at dev/test labs to help reduce and control your development spend.

Leverage PaaS technologies rather than sticking with tried and tested IaaS workloads. PaaS workloads typically have much more granular billing (i.e. databases in Azure are priced around a DTU, or e-DTU if you want to be all elastic) – by transforming applications to make them cloud-native this can help to better control spend, whilst having other benefits such as increasing agility.

Make use of ‘Reserved Instances’, recently introduced by Microsoft which can reduce spend by up to 72%. This is a game changer for those workloads you know are consistently required, i.e. will be around for 1/3 years. Dependent upon how long you want to commit, Microsoft will provide hefty discounts. Find out more here.

clip_image004

Leverage Azure Hybrid Use Benefits either standalone or in conjunction with Reserved Instances to receive even greater discounts (up to 82% as seen in the figure above). If you have existing Windows licenses with Software Assurance, then these can be leveraged with more information here.

Right-size your workloads, don’t just lift and shift as-is! When you have on-premises virtualisation clusters, VM sprawl fast becomes a big problem, and typically because there is no accountability (usually) for the number of CPUs or Memory allocated to a virtual machine then you often see over provisioned workloads, and lots of them with clear mismatches between CPU/memory (CPU wait, anyone?) Key guidance in this post is to ‘right-size’ your workloads. Analyse them using a tool (Azure Migrate comes to mind) to understand utilisation and then move them to the most applicable Azure VM series.

Get rid of VM sprawl before migration… as with the above recommendation, many VMs do not need moving. Have a hard and fast rule that states you will only migrate what you know is required. Anything else stays on-premises and is powered off at a suitable time. This will avoid your sprawl becoming an expensive sprawl in the cloud.

Understand Azure VM series types as all VMs are not created equally! Azure has a catalogue of VM types canvassing the alphabet. Review the following link and ensure you choose an applicable VM for the workload you are running. For instance, if you require high compute, then an F series may be best, for I/O intensive workloads then look at the Ls series. This leads me nicely to the B-series VM (recently announced as GA in many regions)

clip_image005

Look at what the B series VM can do for you when you have workloads that are very burstable from a CPU perspective. The B series is a cost-effective type for workloads that burst in their performance, e.g. don’t require continuous performance of their CPU. When B series VMs are not using CPU (e.g. in low periods), the VM is building credits. When you have enough credit the VM can burst to 100% of the available CPU. The base price of these VMs are much cheaper than comparative virtual machines

Take a look at Cost Management and Billing (and Cloudyn). Azure has made great strides in providing excellent capabilities available to all users to help manage existing and future spend. Thanks to the acquisition of Cloudyn, Microsoft have introduced these technologies into the Azure portal with reports to help you monitor spending to analyze and track cloud usage, costs, and trends. This capability is free for Azure usage, but can also manage 3rd party cloud systems (e.g. AWS) as a chargeable extra. But we’re trying to save money here, right – not spend more!

Summary

There are many more techniques and methods that you can use to optimise your spend. You could look at using even more modern technologies such as those in the serverless space. Serverless technologies are the nirvana as generally you only pay when the service is being used, as opposed to PaaS which typically heralds a core cost for the type of plan you acquire. Equally, ensuring you are managing your platform in a robust fashion, through modern infrastructure-as-code techniques will help to prevent abuse seen through over-provisioning.

I hope this has provided some useful recommendations/guidance to help you gain more control over your cloud costs, specific to Azure (principles apply across other clouds too) and provided some tips on how to reduce spend where applicable! Hopefully this will help to reduce some of the frustration as done right, cloud can deliver on the cost savings you anticipated whilst also giving you access to all the other benefits.

Increasing automation opportunities with Azure

Image result for azure automation

Automation (and Orchestration which is succinctly different) is always a hot topic for many organisations, for a variety of reasons. From freeing up time completing repetitive tasks, reducing errors in execution (because we’re human!) to making the environment you manage much more efficient are all key benefits.

But what is Automation (and Orchestration if it differs?) At the highest level automation is the ability to take a task, or procedure that you may execute manually and automate it. This task may involve several stages and automation will perform those stages given an input automatically. Examples may include restarting a service, deleting temporary files or creating accounts. Orchestration takes this a step further and allows you to take a series of “tasks” and orchestrate them into a workflow. Examples may include joiner/leaver/transfers account management, virtual machine, application or service provisioning, etc.

For most IT pros, automation has always been something that we’d like to do but either suffer from lack of time to develop the required script/Runbook, lack of environment from which to build the automation or have a mixed estate for which common automation tools have been difficult to come by.

Since Microsoft acquired Opalis in late 2009, Automation trends have become much more commonplace due to the ease by which automation can be created. System Center Center Orchestrator (the evolution of Opalis) provided a platform from which automation “Runbooks” could be created and executed. Using this technology, Organisations began to expand their automation capabilities to create highly automated, self-service driven  environments. Alternative technologies exist outside of the Microsoft ecosystem, e.g. VMware vRealize or Cisco UCS Director.

Whilst Orchestrator is still an excellent technology it requires a fairly hefty server footprint needing management, Runbook, web and database servers to function. In a highly available configuration (and hey, you’ll want your automation platform HA!) this can be a costly investment that requires on-going management and maintenance even before you start to automate.

Azure has evolved this by providing automation technologies in the cloud. This allows you to automate both on-premises workloads as well as cloud based workloads. The following technologies are relevant to Automation in Azure:

I wanted to focus on some of the capabilities within Azure Automation for this particular blog post, but it is worth giving a quick mention to Azure Functions as a possible automation engine, as I’ve seen several customers using this to date. Azure Functions is one of the serverless technologies within Azure providing an engine that can execute several programming languages (C#, JavaScript, PowerShell, etc.) Since majority of operational based automation is created using PowerShell scripts, then Azure Functions can provide a good option. Functions supports Web Hooks (HTTP) which can act as a trigger to run your code. In addition, Functions can also use timers which can execute at a particular date/time.

Whilst Functions provides a legitimate engine for your code, it lacks some of the Azure Automation features, e.g. Hybrid worker roles for on-premises execution. Azure Automation is essentially the cloud/PaaS equivalent of System Center Orchestrator on-premises. It allows you to create either your own PowerShell workflows or use one of the many available via the gallery. The service can be found under “Automation Accounts” in the portal, and the main functionality concerning this post under “Process Automation” with “Runbooks” (and the gallery) as seen in the figure below:

image

As you can see from the following figure, there are numerous pre-canned Runbooks available. These can either be used as-is, or could form the basis of your own Runbooks:

image

Reviewing one of the options takes you to the PowerShell code for that particular script and provides an option for you to “import” to your own automation account for execution:

image

From here you can then edit the script, configure WebHooks, deploy or publish the script:

image

Azure Automation is not only concerned with automation of bespoke activities via Runbooks, it also contains other great functionality, e.g.

  • Ability to perform update management (similar to traditional WSUS / SCCM technologies),
  • Ensure compliance of your workloads via desired state configuration (DSC) which can track configuration and ensure the machine meets the desired state
  • Perform inventory management of your services, in a similar way that you would use tools such as Configuration or Operations Manager
  • Track and manage change related activities integrated into your existing ITSM processes

It is worth nothing that a recent preview announcement for Azure Automation is the introduction of watcher tasks. This relies on the Hybrid Worker role for on-premises integration and allows automation to be triggered when a specific activity occurs, e.g. new ticket in a helpdesk, new event in a SOC, etc. More information can be here.

From a pricing perspective, Azure Automation is very competitive. Process related automation is priced per job execution minute, whilst configuration management tooling is priced per managed node. Typically you get 500 minutes free, per month and then each additional execution per minute is charged at £0.002. You can wrap pricing into the Operations Management Suite (OMS) technologies for further functionality and value.

In summary, Azure Automation is a mature, well developed and agile platform to satisfy your automation requirements. It provides great features and is continuously evolving. Even better, you can take advantage of pre-canned Runbooks, rather than having to write them from scratch!

Azure Virtual Datacentre – Free eBook

Related image

Governance in Azure is a hot topic and I often find myself talking to customers about Azure Enterprise Scaffold which is a prescriptive approach to subscription governance. I noticed today that a new (free) eBook has been released by the Azure Customer Advisory Team (AzureCAT). This book discusses how hosting on a cloud infrastructure is fundamentally different from hosting on a traditional on-premises infrastructure, and provides detail about how you can use the Azure Virtual Datacentre model to structure your workloads to meet your specific governance policies.

The first part of the eBook discusses three essential components; Identity, Encryption and Software Defined Networking with compliance, logging, auditing and reporting running across all these areas. It goes into detail about the technologies available in Azure that can help you to achieve this, for example Microsoft Compliance Manager, Availability Zones and other features such as Global VNet peering which I’ve discussed in other blog posts. It also talks about new and upcoming features such as confidential computing through TEE as well as virtual machine capabilities such as Secure Boot and Shielded VMs. There are many more areas discussed in the book which is well worth reading.

The second part of the eBook brings this to life using Contoso as an example case study and this helps you to visualise and understand how you could interpret it for your organisation. The final part of the book discusses the cloud datacentre transformation, and how this is an on-going process to modernise an organisations IT infrastructure. It talks about the balance between agility and governance and discusses some common workload patterns.

This looks to be a great read (kudos to the AzureCAT team!) to make what is a difficult area easier to understand, and also provides a great model to pin design considerations against. Look forward to reading it in more detail later! The book can be downloaded at the following link: https://azure.microsoft.com/en-us/resources/azure-virtual-datacenter/en-us/

Azure Migration assessment tool when moving to CSP

More and more customers are moving to CSP as the preferred licensing model for their Azure platform. Azure CSP is explained here, however in short it is a licensing program for Microsoft partners, as well as a license channel for various cloud services. It allows partners to offer added value to customers through many services, as well as being able to become a trusted advisor to those customers. CSP currently includes Office 365, Dynamics 365, Enterprise Mobility + Security, Azure as well as other Microsoft online services.

When customers are moving from other agreements, e.g. EAS or PAYG they typically need to perform some form of assessment to ensure they can safely migrate their subscriptions to the CSP program. One of those assessments entails understanding whether you have any services that are not available on CSP, as well as also making sure you are running ARM based resources as opposed to ASM (classic) which is not supported through CSP.

The following assessment tool provides a mechanism to analyse your resources…  https://docs.microsoft.com/en-us/azure/cloud-solution-provider/migration/ea-payg-to-azure-csp/ea-open-direct-assessment ..

The CSP Status and Suggested Approach columns

Source: https://docs.microsoft.com/en-us/azure/cloud-solution-provider/migration/ea-payg-to-azure-csp/ea-open-direct-assessment

As you can see from the figure above, it will show you a suggested approach per resource id/type and guide as to whether there are any issues and what the next steps are.

It will also show you the estimated costings, etc. after moving to CSP, compared with your existing rate via EA:

View the subscription resource costs

Source: https://docs.microsoft.com/en-us/azure/cloud-solution-provider/migration/ea-payg-to-azure-csp/ea-open-direct-assessment

All in all, a fairly simple tool but if you are considering a migration to CSP then well worth running to get some quick details on your current status!

Recap of key Azure features from Ignite Part 2

… continuation of the Part 1 post which can be found here

The following post summarises the recap of the remaining 5 features that I found interesting from the announcements at the Ignite conference.

Azure Top 10 Ignite Features

5. Global Virtual Network Peering (preview)

Inter-VNet peering is a technology that allows you to connect a VNet directly to another VNet, without having to route that traffic via a gateway of some sort. Bear in mind that VNets are isolated until you connect them via a gateway, this feature allows you to essentially peer the VNet with another VNet thus removing the complexity of routing that traffic via a gateway and/or back on-premises. In addition, it allows you to take advantage the Microsoft backbone with low latency and high bandwidth connectivity. Inter-VNet peering is available to use today, however is constrained to a particular region (I.e. you can only peer VNets that exist within UK South, for instance – not between UK South and UK West).

virtual network peering transit

Source: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview

Global VNet peering addresses that and allows you to peer between regions thus gaining global connectivity, without having to route via your own WAN. This feature is currently in preview in selected regions (US and Canada)

4. New Azure VM Sizes

Many new virtual machine sizes have been announced recently, factoring in differing workload types (e.g. for databases) as well as more cost effective virtual machines. A large number of organisations see Azure IaaS as a key platform allowing them to scale workloads that still require complete control over the operating system.

The announcements around Ignite were mainly focused around SQL server and Oracle type workloads that require high memory and storage, but are not typically CPU intensive. Some of the latest specifications, e.g. DS, ES, GS and MS provide constrained CPU counts to 1/4 or 1/2 of the original VM Size.

An example of this would be the Standard GS5 which comes with 32vCPU, 448GB memory, 64disks (up to 256TB total), and the new GS5-16 which comes with 16 and 8 active CPU respectively.

Another interesting VM type announced recently would be the B-series (burstable VMs) which allows credits to be recovered and applied back to your monthly totals for unused CPU. One to review!!

3. Planned VM maintenance

Maintenance in Azure has long been a bug bear of many customers. If you are operating a single virtual machine (which to be fair, you should think about architecting differently anyway…Smile) then at any time Microsoft may perform updates on the underlying hypervisors that run the platform. If your virtual machine is in this update domain then it will be restarted… and certain data (i.e. that stored in cache) may be lost.

Planned VM maintenance helps greatly here as it provides better visibility and control into when maintenance windows are occurring. Even allowing you to proactively start maintenance early at a suitable time for your organisation. You can create alerts, and discover which VMs are scheduled for maintenance ahead of time. In addition, you can choose between VM preserving and VM restarting/re-deploy state to better manage the recovery of the VM post maintenance.

As stated above, this problem goes away if you can re-architect your application accordingly with HA in mind. Plan to use Azure Availability Zones (AAZ) when they come out of preview and if not, look into regional availability and/or introduction of traffic manager and load balancers into your application.

2. Azure Migrate (preview)

Another great announcement was the introduction of a new capability called Azure Migrate, which is currently in preview. This service is similar to the Microsoft Assessment and Planning (MAP) kit however is very Azure focused (whereas MAP tended to be all about discovery and then light-weight Azure assessments).

The tool provides visibility into your applications and services and goes one step further to map the dependencies between applications, workloads and data. Historically, those working with Azure for a while will remember using tools like OMS to achieve this inter-dependency, or mapping it out themselves in pain staking fashion. A brief overview of the tool console is provided in the figures below:

Blog1Blur

Source: https://azure.microsoft.com/en-gb/blog/announcing-azure-migrate/

The tool is currently in preview, and is free of charge for Microsoft Azure customers (at time of writing). It is appliance based, and discovers virtual machines and performs intelligence such as “right-sizing” to the correct Azure VM type (thus saving costly IaaS overheads!!). It maps the multi-tier app dependencies and is a much deeper and richer capability set than MAP.

… and finally… drumroll please…

1. Azure Stack

I wrote a lengthy post on Azure Stack recently for the organisation I work for; Insight UK, and that post can be found here. Azure Stack was and is a big announcement from Microsoft and demonstrates their commitment to the Enterprise in my opinion. Microsoft have firmly recognised the need to retain certain workloads on-premises for a variety of reasons, from security/compliance through to performance, etc.

The Azure Stack is Microsoft’s true Hybrid Cloud platform and is provided by four vendors at present in HPe, Dell, Lenovo and Cisco. It provides a consistent management interface from the public Azure Cloud to on-premises, ensuring your DevOps/IT teams can communicate with applications in the same way irrespective of location. It allows for consistent management of both cloud native applications and legacy applications.

Image result for Azure Stack microsoft

Source: https://blogs.technet.microsoft.com/uktechnet/2016/02/23/microsoft-azure-stack-what-is-it/

Provided as either a four, eight or twelve node pre-configured rack, the software is locked down by Microsoft and only they can amend or provide updates. In addition the Stack firmware and drivers and controlled by the manufacturer and remain consistent with the software versions.

The hardware is procured directly from the vendor and then the resources are charged in a similar way to the public Azure cloud. The stack offers either a capacity based model or pay as you go, and can even operate in offline mode (great example with Carnival Cruise Ships)…

.. thanks for reading! – that’s my top 10 summary of Azure related announcements that came out of the Ignite conference in 2017. There is many more announcements and features and I hope to get more time to lab and write about them in the near future!

Update: Azure VNet Service Endpoints – Public Preview Expanded

I blogged about Virtual Network Service Endpoints (VNSE) recently after it was announced in preview mid September. From the earlier post;

Virtual Network Service Endpoints is a new feature to address situations whereby customers would prefer to access resources (Azure SQL DBs and Storage Accounts in the preview) privately over their virtual network as opposed to accessing them using the public URI.

Typically, when you create a resource in Azure it gets a public facing endpoint. This is the case with storage accounts and Azure SQL. When you connect to these services you do so using this public endpoint which is a concern for some customers who have compliance and regulatory concerns OR just want to optimise the route the traffic takes.

Initially this feature was restricted to the US and Australian regions. I missed the announcement last week that this feature has been expanded into all Azure regions (still in preview) – which is great news. I have introduced the preview of this feature to several customers recently and they saw great advantages in being able to address resources from a storage and SQL perspective privately rather than with a public URI and considered this something that would increase their opportunities in  the Azure space.