Editor’s note: This post continues our series about Getting Started with Azure. Previous posts in the series include:
This is the tenth and final post in our series about getting started with Azure without falling victim to common pitfalls.
The last mistake to avoid when getting started with Azure is failing to establish solid cost-management and tagging strategies. Without these, your IT costs can quickly get out of control, and the finance department will start knocking on your door looking for explanations.
To do it right, start on a basic level. In the provisioning process, build in tagging for items that need tracking, then assign the associated costs to the appropriate business unit. The business is the entity that needs the services—that’s where the costs belong. You should think of operationalizing costs as a basic part of spinning up any new Azure services.
(At an absolute minimum, show the business unit leaders what you’re tracking. Even if you don’t allocate costs now, you may do so later. Avoiding unpleasant surprises benefits everyone.)
If you don’t get tagging right from the start, you’ll find it’s extremely hard to go back and fix it later. It won’t be clear who the owner is or should be. You’ll be left having to ask the person who originally provisioned the service what he or she remembers about it—but perhaps that person doesn’t even work at the organization anymore. This sleuthing process can be easily avoided if you start on the right foot.
Here are the critical tags every environment should include:
- Business unit (or application group if you don’t have business units)
- Cost center (even if it’s an IT cost center, break it out)
- Decommission date. Use this for anything that will eventually be decommissioned. When you’re paying for it and it costs a fixed rate per month, you want to know that you will get rid of it at some point, especially if it’s something you will stop using.
- Production, non-production, QA and stage. These identify where the service lives in the environment and what its purpose is.
Another tag for consideration is classification. This can be used for what level of security is applied or necessary for this particular role. It also could be used for when a particular application has a certain security classification that requires the application of different policies.
More broadly, proper tagging makes implementing policies easy. For example, if a resource needs a certain level of compliance or security, use policies so it’s treated correctly in Azure Security Center. Additional examples include applying different patching rights, rules, or automations and giving management rights to certain people based on how the resource group is classified.
Bottom line—save yourself from headaches down the line. Make tagging and cost-management part of operationalization from the beginning.
If you have questions about how to get started or continue with planning for your organization, we welcome you to contact us.
Also, watch for another series to get you started on the right track—this time with a focus on securing your Azure environment.