In Part-1 we talked about the geographical coverage of the three largest hyperscalars (excl. Alibaba).
Here, in Part-2, let’s see how
you can organize your cloud resource for better management and administration.
In general, all three hyperscalars provide a hierarchical way to structure your
cloud workloads. This structure covers 3 aspects:
- Centralized policy enforcement at an appropriate level
- Billing administration aligned with the organizational structure and strategy
- Reporting and monitoring of cloud resources driving accountability
Reflecting their organizational philosophy, google cloud’s structure is very simple and intuitive without losing the flexibility you may need to structure your cloud workloads.
Azure’s way of organizing cloud resources may seem a little confusing to starters, however, its concept of “Resource Group” is extremely useful as it enables one-click administration of many of your cloud resources. Even though you may be able to achieve the same thing in GCP and AWS with other options, they are not as easy as the "Resource Group" is in Azure.
At the top level, both AWS and
GCP provide a way to create an “Organization” that represents your real-world
organization. Azure uses the Azure Active Directory (tenant) as a top-level entity.
For billing, all three provide a way to consolidate billing independently of how the workloads are structured across different sub-units. In AWS, a management billing account can be used to manage billing across multiple member accounts. In Azure, one billing account can be used to manage multiple subscriptions, which is the lowest level of billing separation in Azure. In Google Cloud, you may have multiple cloud billing accounts to group workloads in different projects.
For logical groups and a hierarchical structure, AWS provides “Organizational Unit (OU)” under “Organization”. You may govern multiple member accounts within an OU. Similarly, using Azure’s “Management Group”, we can create 5 levels of hierarchies under the Top-level management group. In this hierarchy, leaf nodes would be resource groups under specific subscriptions.
In GCP, the structure is simple. Within the “Organization” node,
we may have zero to many folders, and within that, we can have one-to-many
projects which provide the lowest management and billing separation. Here,
folders are optional, so, projects can be placed directly under the
organization node.
At the lowest level of management
boundary and billing Separation, AWS uses “Member accounts” to organize all the
cloud resources. In Azure, this feature is provided by “Subscriptions”. In GCP,
“Projects” take care of the same capability.
For one-click resource
administration, Azure provides a most helpful feature – “Resource Group”. In
GCP and AWS, it can be achieved partially using Tags and Labels. In AWS, if the
resources were created using cloud formation, we can do one-click resource
administration in cloud formation as well.
The last one is Dynamic Grouping
which can help in cost-allocation to different departments of cost-heads for
billing, managing varying levels of security for different workloads, and other
monitoring needs. AWS tags, Azure tags, and GCP labels can be used to automate
events & workflows, and management, and Attribute-based Access Control
(ABAC).
Overall, while Azure’s “Resource
group” is a unique feature, all other features are comparable.
For more details, please see:
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html
https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy
#CompareCloud #Tip 2 #AWS #Azure
#GCP #Digital #Cloud #Strategy
No comments:
Post a Comment