Blog

Understanding the Microsoft Azure Enterprise Agreement

Microsoft Azure

Before getting caught up in a Microsoft Azure Enterprise Agreement, proper planning in necessary so you can determine what you actually need versus what you will be getting with your agreement.  You must not only plan for your needs today, but also for your needs tomorrow.  For enterprise level prospects, the first questions we get are:

Q1. How many subscriptions can I create?

Q2. How many subscriptions should I create?

The answer to Q1 is that technically, you can create as many subscriptions as you want in the Enterprise Portal [EP].

The answer to Q2 is that it “depends”…

A subscription is like an account or a container with following properties:

1. One service administrator

2. One or more co-administrators.

3. Now you also have subscription ‘owner’, ‘contributor’, ‘reader’ and roughly seventeen other roles as part of the Azure RBAC release.

4. It provides an isolation boundary for IaaS assets like network/subnets. Virtual machines in a subscription when they are created can readily choose the network/subnet.

5. By virtue of point 4, other assets like databases (IaaS VM), Windows Server based Active Directories can be readily shared by VMs in that subscription unless you configure explicit NSG rules to avoid that.

Subscription Billing:

In a Microsoft Azure Enterprise Agreement, a subscription is basically a rolled up unit of billing. As of late March, 2015, the concept of ‘Tagging’ is introduced in Azure, but not all PaaS services have enabled it yet. So you still cannot get billing information based on lower elements like- how much do bunch of these VMs cost unless you do the excel math. This is a roadmap feature and should be coming soon, where you will be able to get usage and pricing and calculate the billing based on those two data points, as well as group it by tags.

So, today the answer to how many subscriptions should you create would depend on billing requirements like chargeback that you are looking for and the network assets that you need to readily share. Please note that you can of course have multiple VPN connections between two networks belonging to two different subscriptions. That way you can mitigate the network sharing problems as long as VPN speeds can meet your requirements.





Azure Managed Services