Azure Subscriptions Best Practices – Part 1

Frequently when I’m working on an Azure Foundation project, one of the topic that I like to explore is the Azure Subscriptions. These series of blog post will detail all the information that is required to know to architect a very good foundation for your Azure Infrastructure.

Initially a subscription was the administrative security boundary of Microsoft Azure. With the advent of Azure Resource Management (ARM) environment, a subscription now has two administrative models. Azure Service Management (ASM or classic) and Azure Resource Management.

With ARM, the subscription is no longer needed as an administrative boundary.  ARM provides a more granular Roles Based Access Control (RBAC) model for assigning administrative rights at the resource level. RBAC is currently being released in stages, 32 new roles have been released and user defined roles is coming in a future release. There will be some complexity during the coexistence of the service management and resource management environments and will need to be carefully considered.

A subscription additionally forms the billing unit. Services charges are accrued to the subscription currently, as part of the new Azure Resource Management model it will be possible to roll up costs to a resource group.

A standard naming convention for Azure resource object types can be used to manage billing across projects teams, business units, or other desired view.

A logical limit of scale by which resources can be allocated, these limits include both hard and soft caps of various resource types (like 10,000 compute cores /subscription) and are changing as capacity and capabilities are updated within Azure.

Scalability will continue to be a function of subscriptions and therefore is a key element to understand how the Subscription strategy will account for growth as consumption increases.

So, Subscriptions are…

  • Administrative security boundary
  • Support RBAC delegation
  • A billing unit
  • Logical limit of scale
  • The First BIg container that you create

Although, there are some considerations that we might have to take into account:

  • Subscriptions do not cost anything
  • Each subscription has its own admins, although a single account can be an admin in multiple subscriptions
  • Are global

Marcos Nogueira

With more than 18 years experience in Datacenter Architectures, Marcos Nogueira is currently working as a Principal Cloud Solution Architect. He is an expert in Private and Hybrid Cloud, with a focus on Microsoft Azure, Virtualization and System Center. He has worked in several industries, including Aerospace, Transportation, Energy, Manufacturing, Financial Services, Government, Health Care, Telecoms, IT Services, and Gas & Oil in different countries and continents. Marcos was a Canadian MVP in System Center Cloud & Datacenter Managenment and he has +14 years as Microsoft Certified, with more than 100+ certifications (MCT, MCSE, and MCITP, among others). Marcos is also certified in VMware, CompTIA and ITIL v3. He assisted Microsoft in the development of workshops and special events on Private & Hybrid Cloud, Azure, System Center, Windows Server, Hyper-V and as a speaker at several Microsoft TechEd/Ignite and communities events around the world.

One Reply to “Azure Subscriptions Best Practices – Part 1”

Leave a Reply

Your email address will not be published. Required fields are marked *