Our organization contains many different projects, each containing users. I'd like to be able to set a cap which prevents each project from exceeding their respective monetary budget for vms or storage resources.
So far I see that I can create a budget with a specific scope for resource groups, and assign a dollar value.
I'm wondering if in order to manage our projects like this they each need their own subscription to be used as scope?
Also, do I understand correctly that resource groups will allow me to select storage and compute resources so these do not exceed the set dollar limit? Is there a mechanism for setting quotas in vm counts or storage amount?
Thank you.
You can use Azure Policy for better control of the number / SKU:
https://learn.microsoft.com/en-us/azure/governance/policy/overview#policy-definition
Related
This is a two part question.
What is the maximum number of Azure AD groups you can create?
Is there a best practice? We have over 3000 groups, and I’m wondering if it’s slowing things down.
What is the maximum number of Azure AD groups you can create?
There is no specific limit about the number of groups. But there are limits about objects(include groups). A maximum of 50,000 objects can be created in a single directory by users of the Free edition of Azure Active Directory by default. See more details here.
Is there a best practice? We have over 3000 groups, and I’m wondering
if it’s slowing things down.
The official documentation does not say that this number will affect performance. And I haven't seen any feedback about this.
Recently I started to use Microsoft Azure Free Trial and I have gone through the link
I created a VM with the help of references. Also I read about Resource Group, Storage Account and Availability Set but I couldn’t understand the requirement and differences among all.
Please be kind to explain the requirement and differences among Resource Group, Storage Account and Availability Set.
In my opinion, these three resources are the logic resources, solutions for some requirement.
The Resource Group is the basic solution for you to manage other resources in the ARM module. As the definition shows:
A container that holds related resources for an Azure solution. The
resource group includes those resources that you want to manage as a
group. You decide how to allocate resources to resource groups based
on what makes the most sense for your organization
The Storage Account, you can also think it as a logic group for storage, a storage solution. It defines some types for different data requirement. And finally, the data still will be stored in the physical disk.
Azure Storage offers a massively scalable object store for data
objects, a file system service for the cloud, a messaging store for
reliable messaging, and a NoSQL store.
The Availability Set, it's a solution for the high availability. Create resources in the
Availability Set. It will help you avoid some accidents without downtime. Also, it can Prevent some erroneous operations from expanding with the update domain and fault domain. In one word, it provides redundancy to your application.
update
As you ask in the comment, first, when you create the VM, the resource group is necessary. But the Availability Set is not necessary, it just created for the high availability. You can create it or not, all dependant on your requirement.
For the storage account, there are two points I think you should pay attention to.
One is that the storage account is just for the unmanaged VM, to store the OS disk as a VHD file that you can manage it yourself. If you create a managed VM, the storage account is not needed to you.
Another is that the storage account also can store the logs, such as the diagnostic log. If you do not want to store the logs, the storage account is also not needed to you.
Note: If needed, you could just create one storage account to store the unmanaged VM OS disk and the logs as you want.
A group of friends and I are working on an private project and are considering hosting it on Azure.
I have an account on Azure and will be the one controlling the costs.
Is it possible to assign a pool of resources (e.g. Functions + database) to another user(s), preferably also assigning a cost limit for it to avoid things exploding?
You can give them access to a subscription / resource group / resource by going to e.g. the subscription and clicking on Access Control (IAM).
There you can enter their email address, and give them the role needed. Reader for read-only, Contributor for Read/Write, and Owner for Read/Write + access management. There are a bunch of others too. More about Role-based access control
I am not aware of a way to limit cost for individual users, though you can for example setup Billing alerts.
You can use ARM policies to limit the types of resources that can be used. As an example, you can deny the use of certain very expensive VMs to a group of users. Some samples of these policy templates can be found here
As stated in other answers, you can assign access to others on various levels. You can assign to "live" accounts (Hotmail,outlook,live.com etc) but as part of your subscription you can also create an Azure Active Directory instance on which you can create users. You would also want to use this AAD to create service accounts in the future, register applications for authentication, etc.
We have three developers in my startup and we are members of Microsoft Bizpark.
I am the only back-end developer so i create and control all the resources in our azure portal.
Even though i made the other members as owners of our resources (settings->users) i am still the only one losing credits. I always reach the limit and they always have 150$ left.
Is it possible to transfer the cost of a resource to another member or do i have to create it again from theirs accounts?
Thank you in advance for any response!
I've been using bizspark also, and there is no way to transfer elements between accounts. Depending on the objects you are planning to move, some of them, you will have to create a backup and restore them in the new account.
Basically, you have to create them again. It's a pain, but if you order your components you can get the most out of the 5 accounts wiht 150 usd.
I'm new to Azure architecture and am trying to understand why Azure Resource Groups, which are logical deployment buckets for applications built on Azure, are associated with a region when they are defined.
At first I thought it was to provide global distribution for disaster recovery or geographic redundancy, but then I realized that a single Resource Group can contain web apps in different regions, which can provide those features via Traffic Manager. I suppose that using separate Resource Groups would help better identify which resources are in which region, but other than for organizational purposes, I can't understand what the region definition for Resource Groups implies.
(edit: removed general advice query to be more focused)
The main reason for specifying the location of a resource group is to specify a location for data/metadata for the deployment to be stored in... It also makes the API consistent (think of the paths in REST API calls) but the primary reason is storage during deployment.
The location of the resources in the group is independent/not related to the location of the group itself.
When creating a resource group, you need to provide a location for that resource group. You may be wondering, "Why does a resource group need a location? And, if the resources can have different locations than the resource group, why does the resource group location matter at all?" The resource group stores metadata about the resources. Therefore, when you specify a location for the resource group, you are specifying where that metadata is stored. For compliance reasons, you may need to ensure that your data is stored in a particular region.
https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-group-overview
The meta data (definition) of the Azure resource group needs to be stored somewhere. hence the location. However, resources inside a resource group are location independent and can be placed in a different region\location.
Do note that dependencies between resources can exist. A Virtual machine in West Europe obviously needs a storage account in West Europe as well, but a SQL database in the same resource group can exist in West US.
Resource groups are basically for you to decide which resources in your application you want to manage together and by manage I mean you want to deploy, manage, and monitor them as a group so at a high level you do not see them as separate components.
In general in a big ecosystem, Azure resource groups are the ones that you do not see those components(resources) in them as separate entities, instead you see them as related and interdependent parts of a single entity so you put them in one Resource Group so that using the Azure Resource Group Manager tool You can deploy, update or delete all of the resources for your application in a single, coordinated operation.
You use a template for deployment and that template can work for different environments such as testing, staging and production. You can clarify billing for your organization by viewing the rolled-up costs for the entire group.
You can find more details on Azure Resource Manager here which I believe will help you better understand the idea behind the Azure Resource Groups:
https://azure.microsoft.com/en-us/documentation/articles/resource-group-overview/
Everything in Azure relates to a physical location/Datacenter, and ARM is no different. A little while ago, not every Datacenter supported ARM, so the reason for choosing made even more sense. Now, like any other Azure resource, the decision is for the user to make, often based on their required proximity to the end user and/or legal geographic requirements.
It appears there is no obvious way to determine what region a resource group is in after it has been created. This has caused me grief per the discussion here, when I ran into problems with CDN metadata conflicts. I had to start over. Now I name my resource groups with the region. e.g.: my-resourcegroup-westus