Microsoft has built up the Microsoft Azure ecosystem to offer scale and performance as and when needed; this gives customers the ability to not only remain competitive by lead and disrupt their industries without having to worry about on-premises datacentre capacity, redundancy, and manual processes, this, however, comes at a cost, where engineers may have in the past not cared or been responsible for cost – the Cloud has enabled us not only to consume valuable resources but also drive the cost up which has now shifted left to System Administrators or DevOps Engineers to keep things running and keeping cost low.

Microsoft has built (and continuously improving) some great tools to help customers not only be aware of their cost but make data driven decisions; this blog post is intended to help you gain an understanding of various cost management functions in the Microsoft Azure environment to help you drive productivity up but keep costs low.

Microsoft Azure and other Cloud/Software as a Service product operate in the Opex (or Operational Expenditure) model, meaning that you are essentially paying for subscription-based services and resources on a Monthly or as consumed basis – versus the traditional Capex (or Capital Expenditure) model where you may pay for something up-front whether you use it or not and usually leads to waste in the capital due to oversizing machines or purchasing more than is needed, using Opex gives greater flexibility in terms of what you are currently (and not) consuming and what you want to consume, one thing to remember is that if something is scaled up, it can always be scaled down again with little (or none in some cases) downtime or risk.

• TOC {:toc}

Roles & Responsibilities & Azure Governance​

Before I start through some of the Products that can help you on your managing cost journey – I need to cover off the People aspect first; what I mean by this are Roles & Responsibilities; you need to have some clear clarity in your organisations around who is responsible for what costs are not only created but anything running, whether you have a Product Owner approving and managing the financials or entire Agile Squads dedicated to keeping their resources lean and responsibly for any costs incurred you need to be transparent around Responsibility and Accountability of your costs to help manage (and pay for) the costs and avoid waste. Microsoft Azure has a ‘Billing Administrator’ role which may be helpful to give someone visibility of costs in Microsoft Azure, also be aware of what roles users have, and what they can do with it, you don’t want to give someone Contributor rights over a subscription and have them create a ton of resources when all they needed was Reader rights to view someone else work or skip internal processes for deploying resources.

If you haven’t already – I highly recommend getting an Azure Scaffold or Governance model in place to help determine how you not only use Azure, but how you manage the costs – whether it’s per subscription-based or Resource Groups, the use of Tags to tag Azure resources based on cost center or department etc is invaluable.

Pricing Calculator​

The first place to start in the journey of managing technical costs in Azure is the Pricing Calculator

https://azure.microsoft.com/en-us/pricing/calculator/

The Pricing Calculator allows you to select various Azure services (Virtual Machines, App Services Plans, IoT Hubs) and work out estimated pricing vs criteria which may be service-specific such as runtime, geo-redundancy, the amount of storage required etc. You need to know whether a service is costing money if it is running, how many read/writes is allowed, etc. I recommend spending some time looking through the Pricing Calculator and various services that Microsoft Azure offers to get a feel of cost – if you are in NZ (make sure to select ‘New Zealand Dollar’), the default is US.

Cost Visibility across Subscriptions & Resource Groups​

The Microsoft Azure Portal offers a lot of visibility into the cost of running resources in Azure, whether you want to look at the costs per subscription or in this example the Resource Group.

You can find the cost information under the ‘Resource Costs’ blade in the Resource Group or ‘Cost Analysis’ at a Resource Group level.

Using the built-in Azure Portal tools you filter costs based on Time/Date and Tags.

On the Overview Blade of an Azure Subscription, you can see the highest costs by Resource type and estimated cost based on current consumption.

Invoices & Consumption Insights​

For those of you who pay by Credit Card or want to know the Pre-tax costs of your Azure resources, you can go to your subscription and click on the Invoices blade to review current and previous invoices, if not set up already I recommend you configure the Email Invoice to send the invoice to your Billing Administrator automatically.

If you are on an Enterprise Agreement, you can setup Microsoft Azure Consumption Insights PowerBI pack to help give visibility of Azure costs through the use of the API key from your enrolment portal.

Azure Policies​

Along with your Cloud Scaffold or Governance framework, you need to be able to force or guide your environment, Azure Policies can be used to not only keep your Azure ecosystem in alignment but stop the creation of unapproved resources, high costing Virtual Machines, or resources in specific regions, you can use Azure Policies to Audit resources or completely prevent them from being created. Azure Policy samples can be at the azure-policy git repository.

Hybrid Use Benefit​

If you already own on-premises Windows Server/SQL server licenses – you may be eligible for HUB (Hybrid Use Benefit) which allows you to run certain machines, based on licensed cores in Azure under the same Windows Server licensing for no additional cost, this can be enabled in the Azure Portal on a Virtual Machine with no downtime.

Azure Advisor & Reserved Instances​

Microsoft has built an Advisor into Azure, this Advisor not only gives Security & Performance recommendations, it also includes Cost Recommendations

These Cost recommendations, are based on CPU usage of workloads (and can be adjusted) – such as workloads running at 5% CPU utilization for the past 14 days and recommends Cost Savings by resizing down the Virtual Machine.

The Azure Advisor also recommends Reserved Instances, instead of ‘Pay As You Go’ or ‘Pay As You Consume’ Opex model, you pay for the Virtual Machines up-front (think capital expenditure) for 1 or 3-year terms, in some cases, you can get 72% savings and if you have machines you know will be on 24/7 and won’t need resizing – think Infrastructure servers, such as Domain Controllers then Reserved Instances are a good idea.

Last Considerations​

You need to be aware that pricing in the Azure Portal or Pricing Calculator, may not show all costs. These price indications are only based on the service or size of a resource, they do not take into consideration Network dependencies such as data egress (data leaving Azure), storage replication, etc – the reality is, is sometimes the only way to know how much something will cost is to provision it, use it and monitor the costs.

A side bit of information also is that although a service might cost x in AustraliaEast it may be a lot cheaper to run it in the US for example. Hence, if you need to spin something up quickly or test it and not concerned about latency or data sovereignty then check out Azure Price, this website lists the cost of the Virtual Machines, their costs, and recommended regions to get in some cases 30-40% cost savings.

Distributed File System (DFS) has some service dependencies - so if those don't start the DFS Namespace service will also not start.

The dependencies are:

• Remote Registry
• Security Accounts Manager
• Server
• Workstation

I have seen the Remote Registry service become the culprit of the DFS-N service not starting.

In my experience, this had been caused by antivirus software changing the Remote Registry service to Disabled start-up type so when the DFS-N server restarts, one of the dependency services:

Remote Registry does not start so if you have issues with the DFS-N service not starting – check the Remote Registry Start-up type is configured to Automatic and click Start to confirm there are no errors and try starting the DFS-N service again.

Note: RemoteRegistry – although it is Automatic, will only Start when it is being used so don't be alarmed if it is in a 'Stopped' state.

I have also created a PowerShell script to do some general checking for the DFS namespace service – which sets the Remote Registry service to Automatic startup then gets the other DFS dependency services and changes the startup type to Automatic and starts them and finally tries to start the DFS Namespace service.

#requires -Version 2.0

<#
.SYNOPSIS
  Starts the DFS service

.DESCRIPTION
  Changes the Remote Registry service to Automatic start-up and Start the DFS NameSpace service dependencies, then start the DFS namespace service. 
  If the service does not start, it will retrieve the last 10 event log items from the DFS log.

.NOTES
  Version:        1.0
  Author:         Luke Murray (Luke.Geek.NZ)
  Creation Date:  20/03/17
  Purpose/Change: 
  20/03/17 - Initial script development
  11/06/18 - Updated script formatting

.EXAMPLE
  ./Start-DFS-Service.ps1
  
#>

#---------------------------------------------------------[Script Parameters]------------------------------------------------------

$ServiceName = 'DFS'
$ErrorActionPreference = 'Stop'

#-----------------------------------------------------------[Execution]------------------------------------------------------------

Try 
{
  Get-Service -Name RemoteRegistry | Set-Service -StartupType Automatic
}
Catch 
{
  Write-Verbose -Message 'There is an issue changing the Remote Registry Service to Automatic Startup Type' -Verbose
}
Try
{
  $ServiceDependency = Get-Service -Name $ServiceName -DependentServices
  $ServiceDependency | Set-Service -StartupType Automatic | Start-Service
  Write-Verbose -Message "$ServiceName dependencies have started. Will now try starting the $ServiceName service.." -Verbose
}
catch [Microsoft.PowerShell.Commands.ServiceCommandException]
{
  [Management.Automation.ErrorRecord]$e = $_

  $info = New-Object -TypeName PSObject -Property @{
    Exception = $e.Exception.Message
    Reason    = $e.CategoryInfo.Reason
    Target    = $e.CategoryInfo.TargetName
    Line      = $e.InvocationInfo.ScriptLineNumber
    Column    = $e.InvocationInfo.OffsetInLine
  }
  Write-Verbose -Message 'Opps! There was an error:' -Verbose
  $info
}
Catch 
{
  Write-Verbose -Message "There was an issue starting $ServiceName dependencies" -Verbose
}

try
{
  Try
  {
    Start-Service -Name $ServiceName
    Write-Verbose -Message "The $ServiceName service has started." -Verbose
  }
  Catch 
  {
    Get-WinEvent -LogName Microsoft-Windows-DFSN-Server/Operational | Select-Object -Last 10
  }
}

catch
{
  [Management.Automation.ErrorRecord]$e = $_

  $info = New-Object -TypeName PSObject -Property @{
    Exception = $e.Exception.Message
    Reason    = $e.CategoryInfo.Reason
    Target    = $e.CategoryInfo.TargetName
    Line      = $e.InvocationInfo.ScriptLineNumber
    Column    = $e.InvocationInfo.OffsetInLine
  }
  Write-Verbose -Message 'Opps! There was an error:' -Verbose
  $info
}

Note: Script is also hosted on my Github repository. Feel free to clone/recommend improvements or fork.

Microsoft Azure has a good user portal where you can do most things, however when it comes to automation, gathering a lot of information at once and more in-depth scenarios that the Portal doesn’t quite offer – PowerShell is used.

Before you can use PowerShell to connect to Microsoft Azure, you need to install the Azure Resource Manager modules first – follow the guide below:

• Install and configure Azure PowerShell

Once the Az modules has been installed – you can now connect to Azure.

Usually you would have to go through the process of logging in to Azure, finding what subscription you need to connect to and then selecting that manually, however I have created a little function that will connect to Azure and automatically populate a list of the subscriptions that your account has access to in a window which you can then select to connect to which makes the process easier without having to remember different Azure subscription names or ids. This function can easily be used in any environment. I have it loaded as part of my PowerShell profile script so the function can be run from the second I open up a new PowerShell prompt.

Note: Script is also hosted on my Github repository. Feel free to clone/recommend improvements or fork.

On a computer running Windows 7 x64 SP1 Enterprise running Internet Explorer 11 browser, I had issues connecting to the console of Virtual Machines hosted by VMWare vCloud.

This was resolved by completing the following:

1. Adding the website to the Trusted Site list
2. Adding the website to Internet Explorer’s compatibility list
3. Updating Java on the workstation to the newest

The Windows Performance Toolkit, developed by Microsoft has 3 separate tools and are key to solving a lot of boot and general performance issues:

•    Windows Performance Recorder

•    Windows Performance Analyzer

•    Xperf

Download Windows Performance Toolkit​

This can be downloaded by going to the Microsoft website and looking for the latest Windows Assessment and Deployment Toolkit for the operating system you want to analyze – for example: Windows 10

https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit

Download and run, we only need the Windows Performance Toolkit portion of the ADK:

Once installed navigate to: C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit

Tip: You can copy the Redistributables folder if you need to install the Windows Performance Toolkit only on another computer.

Run Windows Performance Recorder​

We only need too: WPRUI.EXE – Windows Performance Recorder & WPA.EXE – Windows Performance Analyzer.

Run WPRUI to launch Windows Performance Recorder

Change the Performance Scenario to Boot, and File

Select Resource Analysis and click CPU usage

Tip: You can add more: File I/O, Networking I/O, GPU usage etc if you know what in particular may be causing your boot slowness, the more you add the more data and complexity is added. I would recommend to only add additional resource analytics when required.

Click Start to select where your boot traces will go and click Ok to start your boot traces, this will restart your computer 3 times.

Tip: If you need to login, please make sure you login quickly during each trace as the longer you leave it unattended the more data and delay it will collect.

Run Windows Performance Analyzer​

Once the computer has been restarted 3 times and your traces have been complete navigate back to: C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit and click on WPR.EXE to open the Windows Performance Analyzer or click Open in WPA from the Windows Performance Recorder dialog.

The Windows Performance Analyzer will be our canvas in analyzing issues, you can expand areas like System Activity to dig into Processes, Services. Just drag the data onto the Analysis screen to go through it

From here you can drill down into the data to find the cause or improvements for your login time, from here I can see one of the delays of my system is the CortanaUI.

I am running this on a 16GB i7 4GHZ machine running on an SSD so it isn’t really a good example, but have used this in the past to work out that my login was slow because Lync had logging turned on.

Hopefully this gets you through the first steps in diagnosis and resolving your performance issues.

Useful resources​

Troubleshooting Windows Internals when unexpected events happen – https://channel9.msdn.com/events/Ignite/New-Zealand-2016/M405

Investigating website performance with Windows Performance Toolkit – https://github.com/MicrosoftEdge/MicrosoftEdge-Documentation/tree/master/performance-analysis/windows-performance-toolkit

Slow Boot Slow Logon (SBSL), A Tool Called XPerf and Links You Need To Read – https://blogs.technet.microsoft.com/askpfeplat/2012/06/09/slow-boot-slow-logon-sbsl-a-tool-called-xperf-and-links-you-need-to-read/