It remains critical to have the right governance framework and processes in place to get the maximum value from the Microsoft Azure Cloud and make the environment more robust, secure, efficient and effective. Businesses IT need to ensure that data and systems are adequately protected while being able to quickly meet the needs of customers (internal and external).
A move to Azure would only yield results if done right. Once the strengths and weaknesses of the cloud are diagnosed, IT governance can be adjusted accordingly. Moreover, properly planned governance and security foundations create a protected and controlled environment.
The proven way is to understand the features and concepts of Azure governance. While Microsoft provides tools and resources to help organisations with their governance needs, deciding where to start and how best to implement them can often be difficult.
The following article is part 1 of a four-part article series on common mistakes organisations make when it comes to Azure governance and the best recommendations to fix them. The article also addresses some critical considerations to help organisations align their IT strategy with business strategy and achieve measurable results with authority.
Subscription Planning
An effective subscription design helps organisations create a structure to organise assets when migrating to Azure. Every resource in Azure, such as VMs and databases, is associated with a subscription. Azure adoption starts with creating an Azure subscription associated with an account and provisioning resources to the subscription.
Review the basic concepts of Azure to gain a better understanding of the concepts and terms used in Azure.
As the digital estate grows in Azure, organisations often need more than one Azure subscription to meet their needs. Subscription resource limitations and other governance considerations often require additional subscriptions. A solid strategy for scaling your subscriptions is very important.
Microsoft describes several best practices for subscriptions when deploying your production and pre-production workloads. Microsoft recommends that when you deploy your first production workload in Azure, you should start with at least two subscriptions: one for your production environment and one for your pre-production (development/test) environment. If you only have a few subscriptions, it's relatively easy to manage them independently. However, if you have many subscriptions, you should create a management group hierarchy to make it easier to manage your subscriptions and resources.
Management groups allow you to efficiently manage access, policy, and compliance for an organisation's subscriptions. Each management group is a container for one or more subscriptions.
Resource Group Planning
The key to success in Azure is learning how to optimist management and performance and minimise costs. Resource groups (RG) remain critical when it comes to grouping a collection of assets into logical groups for easy or even automatic provisioning, monitoring, and access control, as well as more effective management of their costs. While RGs also have some limitations, some recommended best practices for Azure resource management are:
Use Azure Resource Manager (ARM) and its templates to easily and flexibly replicate Azure resource groups. Use either an API call or the Azure portal to run templates and create workflows continuously. The architecture of ARM also enables role-based access control (RBAC) at the resource group level, making it much easier to manage user access to resources in the group.
To minimise cloud bill, enterprises must consider using Azure Reserved VM Instances (RIs) - a type of discounted Azure VMs compared to on-demand VMs. With Microsoft's flexibility feature for RIs, users can now apply the discount to VM instances of different sizes within the same VM family.
Naming Conventions
Using naming conventions for your resources is not new and is an age-old best practice. However, in on-premise environments, resource types were very limited (virtual machine, server, or storage) and naming was done in a controlled manner. In the cloud, you have several different resource types. For example, for a simple virtual machine, you can create different resources such as resource group, resource name, multiple storage accounts, vnet, nsgs, public IP, and more.
Azure has its own naming rules and restrictions for resources, as well as a set of recommendations for naming conventions. Choosing a name for a resource in Microsoft Azure is important because: It is difficult to change a name later.
