Azure Automation DSC Pricing Flexibility

Michael

November 14th, 2017

Today we would like to share a new flexible pricing strategy for managing server nodes using Azure Automation to deliver PowerShell Desired State Configuration, giving you greater control over costs of managing on-premises nodes.

As you might already know, Azure Automation DSC (Azure DSC) is a managed service that is free when used to manage virtual machines running in Microsoft Azure. This provides the functionality of the in-box DSC Pull server without needing to maintain a server to host the capability, plus a lot of additional features. Some of the goodies that you get with Azure DSC are as follows:

Features include

Configuration as Code hosted service (no infrastructure for you to manage)

Highly Scalable with no database maintenance tasks or tuning required

Complete management experience including GUI, ARM API, and command line tools

All configuration data is encrypted in transit and at rest

Encryption and certificate management is automated across clients

Central store for maintaining environment variables and secrets such as credentials

Detailed node status reporting to the per-resource level

Centrally manage client settings such as intervals, automatic reboots, and automatic drift correction

Centrally diagnose configuration errors from a browser

Highly extensible to custom scenarios through integration with Automation Runbooks

Fast release cycle so you get new features and fixes faster

Integration with the Log Analytics service in OMS for detailed reporting and alerting, including notifications to a mobile app

And the most recent feature announced at Ignite 2017 – Canary releases to groups of server nodes

Now, Azure DSC will only charge you when a node communicates with the service (and keep in mind, there is no charge to use the DSC Pull Service for nodes running in Azure). Ok, so what counts as a node communicating with the service? Pulling configurations, pulling resources, and sending reports. Since DSC gives you the ability to control how often a node communicates with the service, you can control how much you pay per node per month.

The pricing breakdown for Azure DSC is $.0083 / node / hr with a maximum of $6 / node / month.

Let’s look at a couple of example scenarios and what it will mean in terms of how much you will pay per node per month.

Example scenarios

Starting with your on-premises business-critical servers, you might wish to have the maximum level of visibility in to the state of the machine, which is to say, has the machine drifted from the configuration you assigned. By default, the node will report every 15 minutes which would reach the maximum cost during months with 31 days, meaning you would pay a total of $6 for managing the configuration of that server during that month. The same would be true for business critical servers running in other cloud environments, such as Amazon AWS or Google Cloud.

Now let’s envision a node where 15-minute reporting interval is unnecessary. Consider a file server at a remote office location where changes rarely occur to the system configuration and a daily report that verifies the machine follows the configuration you assigned is sufficient.

To set up DSC this way, you will change the following properties in the meta-configuration, assuming the node is already configured to communicate with AA DSC:

ConfigurationModeFrequencyMins = 1440 RefreshFrequencyMins = 1440

With DSC configured this way, your normal charge would be for 1 hr per day of usage per node.On a monthly basis, one hour per day would be $0.25 per node per month.

Similarly, let’s say your requirements are to confirm only once per week that the server has not changed and is still in compliance with the assigned configuration. This would mean setting the meta-configuration with the following values:

ConfigurationModeFrequencyMins = 10080 RefreshFrequencyMins = 10080

With DSC configured this way, your normal charge would be for 1 hr per week of usage per node.On a monthly basis, one hour per week would be $0.036 per node per month.

The billing granularity is for one hour, so the machine can reconnect within that same hour without incurring additional charges (such as if a new configuration has been published). Outside of the scheduled cycle, the other triggers to connect with the service would be a reboot, or any invocation of “Set” which would include AutoCorrect and manually via the DSC PowerShell cmdlet. These variations would impact the predicted costs per month.

If you decide to add additional management services such as Inventory or Change Tracking, the cost returns to $6 per month plus the storage of data in your OMS workspace.

Multiple Options

As you can see from the above examples, without any additional automation or processes, you can make use of AA DSC and all its features and benefits while giving you greater control over how much you pay per month.

We do recognize that some customers require their network to operate in isolation so we will continue to support the in-box pull server that shipped in Windows Server 2012R2 and 2016. There are also community maintained Pull Service solutions such as Tug. For customers that can utilize a whitelisted IP range for network traffic but where concerned about the cost of a cloud service to manage configuration of on-premises nodes, hopefully this greater degree of control will allow more organizations to reap the benefits of AA DSC.

For more on setting up and using Azure Automation DSC see our documentation.

Michael Greene Principle Program Manager Microsoft PowerShell Desired State Configuration