In this series of blog, you will learn about the ways to optimize your Azure costs. I will showcase and demonstrate different methods and tricks which can help you reduce your bills for Azure.
Problem
You have the following Azure Resources which are costing high and as an MSP or a customer itself you want the cost to be reduced.
- Azure Storage Accounts (Premium)
- Defender for Cloud – Servers and Storage Account
- API Management Service (Premium)
Solutions
- Azure Storage Account (Premium)
Let us first understand how Microsoft is charging you for the data ingestion in storage accounts. The charge is based upon three factors:
Data Volume x Quantity of operations (WRITE, READ, APPEND) x Redundancy
Then comes the concept of tiering (Hot, Cold, Cool, Archive). Each of these tiers have different storage cost and access cost. In the PAYG model at the time of this writing, the Hot tier charges $0.0203 per GB while Cool and Cold charges $0.012 and $0.0045 respectively. If your data is piling up on the Premium storage on a Hot tier, you can either move that data to another storage account of Standard SKU by using AzCopy and then apply Lifecycle policies to move between Cool/Cold tiers as per requirement OR you can directly apply Lifecycle policies on Premium SKU but that only supports Delete operation after a certain “LastModifiedDate” or “LastCreatedDate” if you do not intend to retain the data.
Another way of reducing the cost is to purchase a Reserved Capacity for your Blobs for the term of 1 or 3 years. At the time of this writing, the first 100 TB/Month for 1 year reservation in Hot tier is $1703 and for 3 years is $1371.
You can check out detailed pricing table here by Microsoft: Azure Blob Storage pricing | Microsoft Azure - Defender for Cloud – Servers and Storage Account
There is no customer who would not like to secure their servers and storage accounts specially if a customer belongs to some government entity. Microsoft once again offers a great solution for Azure cloud i.e. Defender for Cloud which is not same as Defender for Endpoint or Defender for Office 365 (i will talk about these solutions in another blog).
The Defender for Cloud is for your Azure resources (Native and Arc-enabled both).In this blog, I will focus on two plans offered by Defender for Cloud, one for the servers which protects your Azure Compute resources and another storage accounts which protects your Blobs, Files, Tables or Queues.The Defender for Cloud – Servers has two plans (Plan 1 and Plan 2). At the time of this writing, each of these costs 5$/server/month and $15/server/month respectively with different set of capabilities. You can toggle ON and OFF capabilities which will reduce the cost but you will not be fully leverage the Defender for Cloud. For example, if you turn OFF Endpoint Protection, the MDE extensions will not be installed on your VMs to onboard them on Defender for Endpoint. Same with Vulnerability Assessment, if you turn that OFF, your VMs will not be scanned for any vulnerability powered by MDVM. At the end, your security and infrastructure team has to sit and decide together what features they should bring into the organization to protect the resources. If there is any 3rd party security solution that has similar capabilities, they can safely turn OFF from Defender for Cloud.
The Defender for Cloud – Storage account plan does not have any variation, there is only single plan with $10/storage account/month. On top of that, Defender for Cloud provides Anti-malware scanning for your data in storage accounts in the form of Blobs. The costing for this particular feature is $0.15/GB on-upload malware which means it will be triggering the scan whenever any PUTBLOB or APPEND operation occurs inside the container. The default limit is set at 5000 GB. Once that limit is reached, the scanning shall be stopped and it will reset at the very next month. You can control the cost by changing the cap value from 5000 GB to a lesser value keeping in view of your data ingestion. You can enable this cap value on either subscription level or at storage account. The best use-case is to use this cap value thoughtfully to your critical storage accounts and non-critical - API Management Service (Premium)
The API Management service is a great resource provided by Azure to abstract your backend architecture with frontend or consumers. If you are a developer, you would know how APIs works, I will not go in detail here. Microsoft provides two tiers for API Management at the time of this writing and one of them is already in a deprecated path (Classic Tier) but the v2 Tier is the latest one. The v2 tier then divided into 3 plans (Basic, Standard and Premium) each with their set of features and costs. If you are using Premium, chances are high that you may be receiving very high cost for a single unit. At the time of this writing, the single-unit cost for Premium is $2801/month and if you apply scaling and bring another unit, double this cost. On top of that, if you have any VNET Injection or Integration enabled, there are additional costs for those features.
However, there are ways to control the cost in API Management servies and the very first option is to decide thoughtfullt with your application team the purpose of your APIs and then select your tier (Consumption, Basic, Premium). Use the pricing calculator to estimate your cost based on requirements. Next option is to have autoscale based on metrics or rule. This is a good option if you intend to stay on Premium but you are aware about your utilization that fluctuates with time.
Be First to Comment