Azure – The ultimative Service Guide

Microsoft is delivers day by day new, improved and updated services in the Microsoft Azure Cloud. For new customers and even for experienced Azure engineers it’s sometimes hard to find the right service for a problem. It’s possible to solve the same problem with different services and often it depends on the expected customer base.

Over the years the Microsoft Azure Poster team developed a very useful view on the Azure infrastructure which helps to understand better when to use which service.

Microsoft Azure Infographic 2015 2.4_UNSEC 2017-07-25 07-34-07.png

This cool and helpful poster should be available in every team working with the Microsoft Azure Cloud. It’s available for free here.

In addition I had a helping hand during the last weeks and months from Ricardo Niepel , an evangelist for Microsoft Azure. He is also the author of the new interactive Azure Platform overview here. This makes the decision which service to use much easier and it helps everybody to not loose track when Microsoft delivers new services regularly.

Azure Costs: Public Preview CSP Support

Today we’re very excited to announce the start of the public preview for Cloud Solution Providers.  After several weeks and months of continous improvements in the azure costs platform, we now start the public preview phase of the CSP support.  

b3e5c00e-e4e6-4ecd-b764-746bcbb2de1c

The great new CSP portal gives you access to the spendings your customers are generating. There are a couple of use cases we would like to point out:  

Enroll into the CSP program:
When visiting our new CSP portal the system will require enrolling into the CSP program. You can do this with an existing Azure Costs account or in case you would like to differentiate between internal spendings and customer spendings, just use an additional account!

 59ee1668-64eb-4bfb-b135-f68f3ff3975c
Register Accounts:
Microsoft requires every CSP to sign into the CSP program for every geographical region separately. As an internal reseller you will have accounts for USD, EUR or AUD and several more. Azure Costs allows you to register every single CSP account, to track costs in different currencies and countries separately.
7b12c995-0c67-4b6c-b20c-a2c19cae071e
Activate Customers:
During the registration process Azure Costs imports all existing customers. This does not mean Azure Costs tracks spendings. If you would like to track spendings for a specific customer, activate this customer in the “New/Not-Activated Customers” widget. The spending information of every activated customer will be imported automatically.
2e47b12a-fbbc-4cad-bcab-3cd2b70fb138

Interested in the new feature?
Getting started with Azure Costs for CSPs is very easy, just visit our new portal for Cloud Solution providers and enroll into the CSP program as described above. To become part of the public preview of the CSP support an existing enterprise plan is required.

Any questions, wishes or ideas? Try our feedback portal or drop a mail to help@azure-costs.com.

 

Azure Costs: Exporting data via API

Azure Costs now offers direct API access to integrate the processed and aggregated data directly in 3rd party applications like Qlik or Tableau. This option allows customers on an enterprise plan or higher to render or analyse the Azure Costs data in existing BI solutions.

Exporting data via API is very simple. Just follow the steps below:

  1. Register an application as trustee to control which data can be access from the 3rd party application in the team management view.

    ApiCredentials

  2. The application contains a client_id and a client_secret which can be used for the oAuth2 client credentials flow. Just issue a new security token at least every hour from the Azure Costs STS. We recommend to issue a token whenever you start a new transaction to ensure that permission changes are affective.

    curl -X POST -d “client_id={{YOUR CLIENT ID}}&client_secret={{YOUR CLIENT SECERT}}&grant_type=client_credentials” https://azure-costs.com/sts/issue/oauth/token

  3. Export the required report from the export api which returns the data in JSON format. Every single object describes one service including the quantity, costs and other meta information. The required teamId, contract number can be extracted from the URL of the Azure Costs dashboard

    curl -H “Authorization: Bearer {{ISSUED TOKEN}}” https:/api.azure-costs.com/api/v1/teams/{{teamId}}/contracts/{{contractId}}/reports/{{Year}}-{{Month}}/export?cache={{DATE-OF-THE-DAY}}

Interested in the new feature?
Try the new feature today by simply logging into your Azure Costs account. The feature is part of any enterprise plan.

Any questions, wishes or ideas? Try our feedback portal or drop a mail to help@azure-costs.com.

Hey ISVs, build your own oAuth2 service :-)

Are you a SaaS Software Vendor? Do you have the idea of providing your customers an API first approach? Do you want to offer a scalable solution in the cloud? Why the h… do you need an oAuth2 server?

Many successful SaaS vendors offer an identity infrastructure based on oAuth2. Good examples are Digital Oceans, Microsoft, Amazon or Matrix42 with MyWorkspace. This article intends to explain the reasons why you should offer your own oAuth2 infrastructure when you publish a SaaS application to the world.

Five reasons to offer an oAuth2 service

  • Adapt the Micro-Service-Architecture
    SaaS applications today are different to Web applications 10 years ago. The most vendors are following the micro services architecture pattern. Let’s re-cap what Micro-Services intend to be. At the end this architecture pattern means that a vendor offers many different web services independent from each other for a specific offering. Have a look on the big ones like Microsoft Azure: They offer the Azure Resource Manager, the Storage API or the Office 365 Graph API as independent services. Compared to that public ones, Matrix42 with MyWorkspace offers services for handling identity, files, workflows and BI dashboards. Azure Costs, the service the author is also working on, is divided in separate small services for processing spending information, handling trend analytics or managing teams. All these are good examples for Micro Service and they have something together.jwt
    A session cookie based approach would not work, because this means every web service needs to take care of the session. A token based approach for authorization is a better option and the best option to provide a token is the JWT (LINK to Blog) token.

    How to get the JWT:
    Just use an oAuth2 service you provide for your micro service infrastructure. Check out different offerings in the IDaaS market or write your own.

  • State of the art Single Sign On (SSO) and federated security
    Today customers expect single sign on for their workforce. This means every SaaS application needs to support various flavours of federated security and single sign on. A better approach is to totally rely on JWT tokens and delegate the complex identity work to your oAuth2 service. The oAuth2 service should talk to the different company directories like Active Directory, Azure Active Directory or SAML2. This keeps your micro service infrastructure simple, clean and scalable again and you can drive them with just one concept and not multiple.

    How to connect to other directories:
    There are solutions in the market like Matrix42 MyWorkspace acting as identity bridge. Integrating these solutions reduces the work in your oAuth2 service to mitigate between the different identity providers.

  • Customer requires API First approach
    When talking with customers and the customer likes your solution often the second or third question is “How can I integrate …”. Translated into the language of developers this means “Do you have an API we can easily adapt?”.

    { REST }

    Because of that API first is an approach every SaaS vendor should follow. Remind the first bullet point in this article and assume your API relies totally on JWT tokens. You need to deliver a special JWT token to your customers for integration. Normally this tokens are called app-only tokens and can be used with a client credentials against an oAuth2 service. Azure Costs, as a simple example, explains how to deal with app-only tokens in the this article.

    How to issue customer integration API tokens:
    Provide a separate oAuth2 service that supports the client credentials flow incl. app-only tokens.

  • Support for mobile, web and fat clients required
    Today’s market is not focused on a special operating system or platform anymore. Even Microsoft changed their mind dramatically and now they offer with Azure one of the best cloud platforms for all kind of devices including IOT devices. Mostly every SaaS application has sooner or later the requirement to integrate different clients. The compelling event for this is normally the requirement for a mobile app but also the requirement to support a browser extension or just the integration in an embedded device. oAuth2 delivers different permission grant flows to support any kind of device and use case. This means offering an oAuth2 service gives you the freedom to support any new device because your identity infrastructure is decoupled from your micro services infrastructure.

    How to connect a mobile app to my service:
    Provide a separate oAuth2 service which support, the so called indirect flow. Normally you should not use the code flow but you need to provide some kind of device management.

  • Stay scalable for your access
    Last but not least, scalability or better the option to be ready for growing your company is a key success criteria every SaaS vendor should have an eye on. The micro-service architecture and the decoupled identity infrastructure gives you the freedom the split and combine services on different services in different clouds and in different locations.

    How to stay scalable:
    Decouple identity from resource services and enjoy the freedom to let the infrastructure grow by business needs.

Yes we can! Get your own oAuth2 service

When you think about building an oAuth2 service for your application you can start by building your own stuff. This is a great option when you need to stay under control of everything. There are also IDaaS providers on the market like Matrix42 with MyWorkspace, Auth0 or Azure Active Directory. These providers are a good starting point for your identity management project.

A hybrid approach is often the most practical. This means your engineers will provide a home grown oAuth2 service to support existing user accounts. This service should act as identity proxy to an IDaaS provider to open up the world of federated security and Single Sign On for your enterprise customers. Never waste time and budget on building an infrastructure for federated security by your own.

This article covered many technical topics on a very high level perspective. If you like it, let me know, as I think about creating a series out of it, to cover topics in more technical depth. Feel free to follow this blog to never miss an update about the upcoming series.

A more powerful azure costs portal

After several months of constant improvements in the new azure costs spending portal it now becomes the standard user interface for all of your spendings.

compare-final

The new portal offers a lot of new features and improvements to make your day by day work much easier. In this article we would like to highlight only the most important ones, to make your start with the new azure costs spending dashboard as easy and fast as possible:

Overall Spendings
The new overall spendings widget allows you to stay informed instantly. The widget always contains all spendings accumulated over the last 12 months.

azure costs - azure cloud cost optimization made easy 2016-08-28 15-40-35

azure costs - azure cloud cost optimization made easy 2016-08-28 15-47-31

Daily Burn Rate
An important indicator especially in cost optimization projects but also when you observe your costs on a regular basis is the daily burn rate. It’s easy to oversee what the short and mid term trend is.

Responsible Persons for Subscriptions
With this new functionality you are able to assign responsible persons to one or more subscriptions. This helps team administrators to oversee who is the single point of contact (SPOC) in case of unusual spendings.

resp-person

azure costs - azure cloud cost optimization made easy 2016-08-28 15-53-42

Switch Team – Multi Team Support
For service providers and administrators who would like to oversee the spendings of several teams, the Multi Team support makes it super easy to handle spendings over different organisations in a single portal.

Smart Compare
Smart Compare allows you to conveniently compare monthly cloud costs with the costs of any previous month. azure costs highlights cost spikes & deflections, so that you can focus on the costs you are really interested in.

compare-final.png (2880×1471) 2016-08-28 16-29-04

azure costs - azure cloud cost optimization made easy 2016-08-28 16-15-23

Full Screen Mode
Every widget can be used in the full screen mode as well. This gives you enough space to work on more complex spending optimization projects without scrolling and moving around. The full screen mode is optimized for working with a huge amount of different data.

Interested in the new feature?
Try the new feature today by simply logging into your azure costs account. The feature is part of any plan.

Any questions, wishes or ideas? Try our feedback portal or drop a mail to help@azure-costs.com.

Assign responsible persons to subscriptions

We feel very lucky to have  engaged users who tell us about their cloud data management challenges and the functionality that they’d like to see added to azure costs. And we listen.

We’re continually deploying additional features that our users have been asking for to azure costs and here’s a great new functionality.

Assign responsible persons to subscriptions:
With the new functionality our users are able to assign responsible persons to one or more subscriptions. This helps team administrators to oversee who is the single point of contact (SPOC) in case of unusual spendings.

resp-person.png

This enables every team administrator to act instantly on cost spikes what keeps cloud costs under control.

Interested in the new feature?
Try the new feature today by simply logging into your azure costs account. The feature is part of any Enterprise plan in our dashboards.

Any questions, wishes or ideas? Try our feedback portal or drop a mail to help@azure-costs.com.

Feature Announcement: Smart Compare

We’re very excited today, to announce the release of a game-changing new feature for azure costs: Smart Compare.

Smart Compare allows our customers to conveniently compare their monthly cloud costs with the costs of any previous month. By simply choosing the relevant months, azure costs now highlights cost spikes and deflections, so that our customers can focus on the costs they are really interested in – and ignore those they’re not.

compare-final.png
These results can then be sorted and powerful filters allow our customers to limit what they see, to only what they’re interested in.

filter-demo.png

We are sure that this great feature will help our costumers to identify the real cost drivers and make informed decisions on cost optimization strategies.

How to get started?
Comparing cloud costs is this simple: The Smart Compare and sorting functionality can be used right now as part of our Preview UI. Just select multiple months as shown above, to identify cost drivers, spikes and deflections.

Interested in the SmartCompare feature?
Try the new feature today by simply logging into your azure costs portal. Smart Compare is part of every paid plan, starting with the Professional subscription.

Any questions, wishes or ideas? Try our feedback portal or drop a mail to help@azure-costs.com.