Microsoft Azure (AZ-104) (In Production)

In this episode, Cherokee and Aubri explain what an Azure Subscription is. They weigh in on the pros and cons for using a single subscription versus multiple subscription model. They also discuss built-in and explain the associated duties and limitations.

Welcome to ITProTV. I'm your host Don Pezet. >> [CROSSTALK] [MUSIC] >> You're watching ITProTV. >> Hello, and welcome to another empowering episode here at ITProTV. I'm your host Aubri Spurgin. And this is the beginning of our Azure journey here. And we're gonna be talking about managing subscriptions. And with us today, and every day, is Miss Cherokee Boose. >> [LAUGH] >> How's it going, Cherokee? >> Don't sound so excited, Aubri. >> [LAUGH] Every day. >> Every day. >> [LAUGH] >> No, it is exciting, we are beginning our journey. So we're gonna embark on that together with you. So we wanna start, I guess, at the beginning, right? And we'll start by looking at really just what Azure is, how we can work inside the Portal. There are some things that are important to know and understand, especially with terms and trying to keep up with Azure. So I think that's where we'll go ahead and start today, subscriptions, at the beginning of the objective list. If you're sitting the exam, you'll wanna follow those objectives closely. And that's what we're gonna aim to do here for the duration of this particular show. So understanding and managing subscriptions, right? So I think the easiest way, and this is just a kind of on-the-fly analogy here. It may work, it may not. So Aubri, be prepared, okay? >> Okay. >> [LAUGH] Let's take a step back and look at it from a really high level here. So Aubri, if I'm a tenant and I'm renting a place, you could potentially be my- >> Landlord. >> Landlord. >> Land lady, or whatever. >> Land lady? >> Yeah [LAUGH]. >> Land queen? >> Land queen, I like that better. >> That goes with the sea queen. >> [LAUGH] >> Okay, gotta stop. So, all right, tenant, landlord. And let's say I start ordering some kind of something widgit. And it's delivered monthly by monthly, or whatever. That could potentially be defined as a? >> Subscription. >> Subscription. >> Yeah. >> Right, so as a tenant, I have a subscription, right? So in terms of, well, Microsoft or Azure terms, that's what we're looking at here. When you create an account within Azure Portal, you are getting a subscription. But you can be an Azure tenant. Now, an Azure tenant can have multiple subscriptions, or they may only decide to have one. That's totally up to you. And we'll talk about the pros and cons as to why you may choose one subscription model over the other. So as the land queen, am I Azure, in a way? >> You are. >> Okay, all right, yeah. >> So that's all you need to know. >> Perfect. >> You can go take the exam, and [LAUGH]. >> I am Azure. >> [LAUGH] >> Okay. >> Okay. >> But seriously, we'll take a look at the actual definition that Microsoft has here. I have it up on my screen. An Azure subscription is a logical container used to provision resources in Microsoft Azure. It holds the details of all your resources like virtual machines, databases, etc. So, and it's kind of strange because the word container is also used in another context. So I'm kind of leery of using that word. But just know of it as an organizational space, there, all right? >> Okay. >> As a way we can segregate different components within our Azure space. All right, common subscription types, there are a lot of different subscription types. You might look at this bulleted list here and say, Cherokee, you forgot some. Yes, I know, there are quite a few. But these are the most common types of subscriptions that you will come across. The first one, my favorite, Free. Free is for me. >> [LAUGH] >> But there is a limitation there. You only have free credits for up to $200, currently that. And again, Azure's a very fast evolving machine here. So we may see that information change over time. There is a limitation to spend your $200 credit within 30 days. So I think that'll give you a really good idea if you're getting serious about studying for the exam. You can use that $200 credit wisely to help study in a lab environment, so to speak. We also have labs at ITProTV, and Microsoft has Microsoft Learning Labs for Azure. So really, there's no excuse, you guys. You've gotta get in the portal and play around there. So that's the Free account. There's also a Pay-As-You-Go subscription type. And it charges you monthly for the services that you use within that billing period. It's pretty straightforward, nothing crazy there, right? >> Yeah, it's a kinda keep yourself in check one? >> Yes. >> Yeah, yeah. >> And we're gonna be talking about that. There are certain things that you can do to help prevent overspending. Because, boy, that's never happened to me. >> [LAUGH] >> Learn from others, let's just say that. No, it's actually a lot. We have a lot of different tools that will help us to keep our Azure subscriptions in check there. We'll talk about those in lengthy detail, just in a few moments. The third type of subscription that I wanna take a look at here is something called an Enterprise Agreement. Enterprise Agreements allow organizations flexibility to buy cloud services and software licenses under one agreement. So you may already be familiar with Microsoft's Volume Licensing program. So it's kinda like when you buy at Sam's Club. You're buying in bulk, when you're buying a lot of licences. Well, what better way than to bundle, right? So you can get your subscription services as well as your licencing together, to help reduce the costs. And with Enterprise Agreement, so they're a little bit different. You do need some form of a credit card to go ahead and sign up for an account and to obtain the subscriptions. But Free, they will just have this card on file. And actually if you go over your $200 limitation there, your resources will be deprovisioned and deallocated, and basically shut off, until you allow them to charge your card to maintain continuity, right? So this is not a good option if you're planning on setting up a production environment for business, because you could have some disruption of service if you exceed that $200 limitation. So looking at these different types of accounts, it'll make sense as we get more into it. But with Enterprise Agreements, you will need to have something called a monetary commit. And if you kinda go back to that analogy we were using, Aubri, about the tenant and the landlords. >> Right. >> I wanted to, maybe we were just communicating in passing or I saw an ad in the, I was gonna say newspaper. But I don't even know if those exist anymore. [LAUGH] >> Of course they do. >> I know. [LAUGH] But who reads them, right? So okay, I see an ad. >> Right. >> Maybe Craigslist or something like that, and there's a space for rent. But you don't know if I'm really going to be a serious potential buyer, so you ask me for a? >> Deposit. >> There you go. It's a deposit, down payment, whatever you wanna call it. You're giving some form of monetary commit. So in terms of that Enterprise Agreement, you can think about it in that way. And you'll be able to spend up until you have maxed out that monetary commit. But you can also lift those quotas to exceed monetary commit amount, and then be billed as well. So like I said, there are a lot of subscriptions. We'll just talk about them as common ones here. And then, of course, students, hello. You get an extra $100 in Azure credits to be used within the first 12 months, so that's great. You get free services without requiring a credit card at sign up. So maybe you're a student, you haven't entered the lovely world of debt, so there you go [LAUGH]. >> Do you also get the $200 of credit? >> Unfortunately, no. >> [CROSSTALK] >> That would be great, but [LAUGH] >> Okay, well, 100 is pretty good [LAUGH]. >> Yeah, and also like I said, there are plenty of resources just with Microsoft Learning, you can actually log into Azure subscriptions and work, and poke around in there. And I highly encourage you to do so. Any extra practice is just gonna help make you that much stronger here. So, if you're not sure which subscription model is right for you. Well, let's take a look at some of the really key components here. Why would I chose one model over the other? On the left hand column, let's take a look at our single Subscriptions. At first, we wanna take a look at the Azure limitations and constraints. Azure does impose some limitations and constraints on a per subscription level, meaning you can only have x number of this type of virtual machine or x number of this type of disk. So, while some of those are hard limitations and they can't be modified. A lot of them are and you just simply need to reach out to Microsoft to request those limitations you lifted to a higher number there. You also have the ability to reuse a lot of your shared infrastructure within your environment. So you won't have to do as much even network configuration, you can kind of keep it more simplistic, right? Also, talking about simplistic, you've centralized operations, everything in a clear area, you don't have to click on multiple tabs and aggregate information. Which really goes hand in hand with that easier cost control, you're getting a one shot picture of everything at the very high level. Instead of kind of having to get all the information, adding up the numbers there. Getting your sum knowing how much you're spending, just kind of things like that, right? We will take a look at of different ways that we can easily identify I mentioned that before, but this could be a pro or con for you. You have less agility for development and project teams and it requires a more granular permission model. Because if we have just one subscription, I can't assign everyone at that subscription scope and we'll talk about scopes and access in the future. But assigning everyone full access to every resource within my subscription just would be crazy. You wanna have some kind of think back to the principle of least privilege. You wanna have control over your environment there. So instead of having a subscription that was solely used for testing purposes and I maybe it's from my development team, I gave them full access to their test subscription. I wouldn't have to worry about that so much. But, with a single model, you do have to keep that in mind. Now, let's take a look at the multiple subscription option. You are able to overcome Azure limitations and constraints. So I can create some sort of logical compartmentalization with multiple subscriptions, I don't have to try to fit everything into one box as I would with a single subscription. Does that make sense? There is additional complexity in increased management, because you have more moving pieces, you have multiple subscriptions, and just a lot of things to kind of keep your eye on. >> Okay. >> At the same time. It's not impossible and we'll walk through the steps of how we can manage that. >> Cherokee, does the size of your business matter is that gonna be important for a deciding which one you choose. >> I would say it's very important here. >> Yeah. >> Because if you think about having a single subscription you could easily maxed out the limitations for let's say a particular virtual machine. So even in my little tiny lab environment here, I'm already at 20% utilization of a specific VM. So yeah, if you're taking a look at a large organization, I will definitely recommend the multiple subscription model and well, don't take my word for it. Microsoft has a really nice link. Let me find that and share it with you. It's right here. As your learning, and you'll notice as you're changing and evolving quickly here, some of the links or URLs may change. Gonna put them in different places or whatever. But the concept here is the Azure enterprise scaffold, and that's kind of the main model, what they recommend, so their best practice. This is like a guidance document here. So giving prescriptive subscription governance. Sounds so official, right? [LAUGH] So let's take a look at, they have an interesting little image diagram here, right? And what this is showing is just really explaining the core components and the fundamental components that really hold up. So if you think about a scaffold like a scaffolding in construction or something, we have these pillars on the left and right hand side. On the left hand side, it's your Azure resource manager policy. So policies can control and define who has access and so forth. And on the right hand side, you have naming standards. So, I worked in an environment one time, Aubri, where I inherited and environment and a lot of the machines in that environment, the servers, had dragon names. And [LAUGH] I can't make this up, okay. >> Okay, yeah [LAUGH] >> This is real life stuff. So you don't wanna do that in real life, you wanna have a standardized naming conviction that is meaningful to others within your organization. I had no clue what these name were, but I was like what is this and this and this, like those are types of dragons from. To be honest, I don't even know where. >> Game of Thrones or something. >> I don't even watch Game of Thrones, so who knows. >> This was pre Game of Thrones, but still [LAUGH]. >> Okay. >> I can't even think of the name of a dragon [LAUGH]. >> So there are certain fundamental concepts here that are defined, I'm not gonna read this entire document to you. Definitely take the time to do that, if you're worried about hubbing. Implementing Azure in a large enterprise environment. There's even a white paper, I'll find the link, and put it in the show notes. Aubri, you gotta help me remember that. >> Okay. >> It's a little bit dated but Microsoft did release a large PDF or white paper to help further define enterprise environments, but we won't worry about that too much. I do like this link, because it does show some nice visual components, to just kind of represent or maybe give you ideas about how you would structure. Or organize your multiple subscriptions here, right? So they give examples by departments and accounts which is very common in the business environment, because it just makes logical sense. And especially, if we're doing any kind of charge pacts with certain departments. It's a great way to keep this finances and this resource utilization costs separate. So you can see here, you have your enterprise tier broken down into optional, sub tiers here, finance IT. And then you have accounts, account owners which we'll see in a few moments. Actually probably in a part two here how we can have our subscription administrators assign them the owner role, so that they are able to perform. And take care of technical resources within our subscriptions. They give other examples here, but I think you guys get the point. Maybe using geographic sites, if you have a lot of sites throughout the world or through a particular continent, something like that, you can use those sites to define your different areas. Let's go back here and let's talk about some of those roles. The first one I'd like to talk about is an account administrator. There's one account administrator for each Azure account. Your account administrator can access the web portal, which is referred to as the Azure Account Center. Don't get that confused with the Azure resource manager portal, two separate things. The Azure Account Center is really used for billing purposes. Okay, so the person who is the Account Administrator maybe someone in the accounting team. Maybe someone who handles finance, it may not be someone who is extremely technical, right? We can create subscriptions, cancel subscriptions, change the billing method for subscription or change the designated subscription level administrative account, which is known as the Service Administrator. If you are the account administrator, if that makes sense, right? Only the person with the Account Administrator role can access the corresponding account in the Account Center. However, the Account Administrator does not have access to resources in any subscriptions in the account. What does that mean? >> Yeah. >> [LAUGH] It's a lot of words. [LAUGH] All right, so what that means is, like I said, this doesn't necessarily have to be a very technically inclined individual. In some situations, you may be wearing all that hats and you have to manage the billing and the management side of things, the administrative side of things, as well as the technical side of things. In large environments, that generally isn't the case. So this person, your account administrator is more in charge of those administrative tasks, so hopefully, that makes a little more sense. Now your service administrator, there's one service administrator for each Azure subscription. Initially, the service administrator is the only account that can create and manage resources within the subscription. By default, the user account associated with this role is the same as the Account Administrator if you create a subscription using a Microsoft account. We'll take a look at service administrators and what they can do inside the Azure portal in a few. Now there's one other role that's a built-in role that I'd like to talk about here, this is going to be the Service Administrator. You can create up to 200 co-administrators for each Azure subscription, but only if you're the Azure administrator. So you kinda see that hierarchical methodology here as well. And so again, when you start seeing these numbers, like that 200 limitation for having co-administrators, you may be working in a very large environment that requires more than 200 people managing a particular area or something like that. So that's why multiple subscriptions would be obviously >> Okay. >> An idea there. So co-administrators have full permission to create and manage Azure resources in the same subscription. They cannot revoke or take away service administrative privileges or grant additional co-administrative privileges. They cannot change the association of the current subscription to it's Azure Active Directory tenant, such as changes that require your service administrative privileges. So all of this is really going back to that principle of least privilege. We wanna make sure we have control over our environments and still are able to give some delegation for our co-administrators to provide certain management tasks. Only service administrator or co-administrator can access the Azure classic portal, which is called the Azure server management portal. So just to make things a little more confusing, Aubri, [LAUGH] I already said we had our Azure account portal. So that's where you could go in and handle those administrative things, right? Well, where do you go to actually perform the technical functions? That's going to be in one of the two other portals here. So we have the Azure classic portal, which I noted here, or the most up to date, current portal, which is the Azure Resource Manager portal. You'll hear this acronym ARM, A-R-M, used frequently. And that's referring to different ways that we can use the Azure Resource Manager portal. If you hear the term ARM template, you'll know that's the newer template and not something that can be used inside of the older portal. Microsoft recommends to use the new portal, that's what it's for, right? >> Right. >> So, newer, better, that's the idea. But, you may be in a position where you are not able to perform that migration or something to that nature. But moving forward for the rest of this show, we'll be looking at and demonstrating components inside of the newer portal, the Azure Resource Manager portal, so just to clarify a few things there. >> Taking a look at the clock, it looks like we're just about out of time. You wanna go ahead and end it here and then we'll go back for a part two to actually show everybody what we've been talking about? >> Yeah, I think that will make more sense. We'll come back with the part two, like Aubri said, perform some demonstrations and really get our toes wet inside of the Azure portal. >> All right, this has been managed subscriptions, be sure to come back for that part two to get your toes wet, just like Cherokee said. So thank you so much for guiding us through that and thank you all there for watching. Signing off for ITProTV, I've been your host Aubri Spurgin. >> And I'm Cherokee Boose. >> And we'll catch you later. [MUSIC] >> Thank you for watching ITProTV.