This is part 1 of a blog series on Azure governance. The blog series starts here with an overview prior to diving into implementation using Azure Policy Manager.
Why should we care about Azure Governance?
I am a big fan of always starting with why. In this blog series on Azure Policy Manager, I would like to share the “why” before the “what” and then move on to the fun stuff of “how” to use technology to address the why.
The use of Azure, a public cloud platform, provides you with the ability to be agile, elastic and flexible whilst simultaneous managing how much you spend. This applies to individuals as well as all organisation sizes (small, medium and large enterprises).
Cloud attributes and capabilities do not remove the need for the 3 core parts that come together to ensure that technology is used to address business needs. These core parts that have always worked together in a well managed organisations are people , process and technology platforms.
So why should we care about governance? well it is very simple, “Agility and flexibility without governance is anarchy ” . We saw this happen with the introduction of virtualisation. Many early adopters of virtualisation soon found that without well governed processes, people simply went wild and virtual machine sprawl was born. This led to uncontrolled organisational cost and a resource auditing nightmare. Refer to this article to get a short background on VM sprawl. This quote from the article sums up the issue;
“Ironically, virtualization sprawl can undo the consolidation benefits that make virtualization attractive and cost-effective in the first place.”
The challenges we faced in the virtualization era have reappeared but at a much larger scale of complexity to match the attributes and capabilities of the cloud. To quote from Joseph Chan we now are in a ” Cloud Sprawl era”.
Microsoft are very much aware of this challenge and have a number of capabilities to address these. Azure Policy falls under the governance offerings available to you on the Azure cloud platform. Microsoft have extensive documentation on this topic and you will find the links to recommended reading in the resources section of this blog. It is important to distinguish between the cloud providers governance and consumers (your) governance when you leverage the providers platform. The governance we discuss here is focused on the consumers responsibility.
Before diving into the how let us level set on the basic fundamentals of Azure and the core layers you must be familiar prior to diving into the technical configurations.
The first place to start your governance journey is understanding the Azure layers. Let me unpack the illustration above
Azure Tenant Layer: when you sign up for any Azure service for the first time, a tenant is created for you. The tenant is unique and is the representation of your organisation. It is the equivalent of creating your Active Directory forest.
Azure Subscription Layer: A tenant by itself will only provide basic limited functionality. It is in effect your organisational layer. A subscription in Azure is what allows you to light up and use the functionality of the cloud. Continuing with the Active Directory Analogy, we are now at the child domain level.
Azure Resource Layer: The solutions you use in Azure are what fall broadly under the category of the resource layer. This can range from a full Software As a Service (SaaS – Office 365), through to Platform as a Service (PaaS – SQL and Web Services) and Infrastructure as a Service (IaaS – Virtual Machines)
To my super Azure gurus the above may be an over simplification but bear with me, let us crawl, walk and then get up to running pace.
Governance in Azure is now firmly in the hands of the consumer through the use of Azure Policy. Using policies that represent the organisation goals, you can define the rules at the tenant layer and apply to the subscription and resource layers. Examples include ensuring that all resources created within every subscription has a cost center tag. At the resource layer you can define policies that ensure that resources are created within specific Azure geographic locations.
In part 2 we dive into “Planning your first Policy Assignments” using Azure Policy.
Here are some useful links to resources to get you ready for part 2 as well as expand on the brief introduction in this blog. This also includes an in-depth blog series by MVP and Azure Stack guru Steve Buchanan