The new RightSizing feature for our Cloud Management Portal (CMP) provides an analysis of your Azure VMs and determines if the VMs are sized appropriately based on the historical performance metrics that are collected for the VMs.
We support both v1 “classic” Azure Service Manager VMs and newer Azure Resource Manager VMs.
This is an example of the initial view of our RightSizing Service:
We provide a Spending chart with the potential monthly savings if the sizing recommendations are implemented:
The Usage chart shows how much CPU, Disk, and RAM capacity across all VMs is being utilized on average:
The Sizing Recommendations summarize which VMs are under-sized, over-sized, and right-sized based on our analysis of the VMs performance, configuration, and VM SKU:
The Sizing Recommendations can then be filtered by Subscription, Recommendation, and VM Tier:
A specific VM can then be selected to view the performance metrics — historical graph, analysis, and recommendation:
RightSizing Implementation and Authorization
Everything that you do in Microsoft Azure is already in, or will be moving at some point, to the new resource management model called Azure Resource Manager (ARM). ARM exposes a landscape of various APIs that can be used to obtain performance metrics, rate card data, usage data, subscription information, etc. CMP relies on this information to evaluate current VM usage and potential savings that may be realized in the event of a resizing operation. For CMP to be able to obtain this data, its access needs to be properly configured.
CMP portal uses OAuth2 to obtain the required authentication tokens from Microsoft. CMP is known to Microsoft since it has been registered as an Application with Microsoft’s Azure Active Directory (AAD).
When the RightSizing Service is accessed for the first time, a configuration wizard will ask for the following information:
The Default Azure Directory (also called the Azure Tenant ID), the Azure Offer ID, and the Azure Region are required for the RightSizing configuration and authorization. The onboarding document provides specific details on how to obtain these values.
Next, you will be prompted to grant consent to CMP to access your information for specific purposes (eg. read-only access to query your Azure AD and to access Service Management APIs, which enables ARM access):
Once this consent is granted, our CMP Application will be added to your Azure AD tenant, which still does not grant us the required access to your subscriptions. Next we perform a series of OAuth2 requests and obtain a token that allows us to access the same subscriptions that you have access to, on your behalf, and add the CMP App from your Azure AD tenant as a member of the Reader RBAC role on those subscriptions. At that point, we present a confirmation screen and dispose of all tokens. The CMP Application can now authenticate to Azure ARM directly and without any interaction from the user.