Cloud Architecture Framework:
Cost optimization — Possibilities and problems
Adopt and implement FinOps: Any employee who creates and uses cloud resources affects the usage and the cost of those resources.
- If your organization distributes permissions to create GCP resources to many employers, you can ask them to generate price calculations: https://cloud.google.com/products/calculator/. In this way, a creator can predict the cost of cloud resources, and a link to the estimated price can be sent to the manager for analysis and acceptance
- Give each one of your staff who uses GCP resources the possibility to check the cost of his resources
Problem — Unfortunately, the GCP IAM system does not give you good granulation from billing monitoring — you can very simply give viewer permissions to your billing account, but the person will see all your organization’s spending, and structure (projects, folders, used resources). From another site, each project viewer, editor, or owner can see the project spending, but only one by one and only until the project will be deleted. It means if some department of your company uses tens or thousands of projects and periodically creates and deletes them — you can’t see it centralized in the GCP console.
Solution — You can export your billing data to Big Query and build your proprietary report board with Looker Studio. This way only SQL knowledge and your own patience will limit the presentation level and quality
- Teach your staff the cloud billing model — Pay As You Go. If your workers will stop and delete the resources as soon as possible, your organization can save 10’s % of cloud cost
- Knowledge is Power — periodically organize the courses for your staff. It can help you to use GCP resources more effectively and give the knowledge to each one to find potential cost-reduced positions, etc.
Monitor and control cost: Cost Visibility, Billing access control, Resource, and rate optimization
Cost Visibility
Allocate: Assign an owner for every cost item.
- You can do it in many ways: Separate folders, projects, or use labels. Separate billing account (but I can’t recommend it)
- Separate folders or projects — probably the most simple and organic method is to label the spends of departments or products in your organization.
Pluses — any standard billing tools will present the project or folder name. All resources created in the project will be connected from the billing site to the spend. Project users (Basic IAM roles) can see the spending information in the GCP Billing console
Problem — probably some small overhead in IAM user management. If you use really small resources like one bucket or server — making for it a separate project can be not so useful
- Use labels — a really good way to monitor resources cost add labels to all needed resources. The best practice adds some special label names (like bill for example) to all of your resources and variable label values — depending on department, product, or customer name. You can use several different labels, but if the same resource has two or more labels, you can see the cost twice or more in your reports.
Problem — you can forget to add the label to the resource or add some wrong value
Solution — if you build your resources automatically (like terraform, Jenkins scripts, etc.) You can add it to the delivery process. You can add a label on a project level, but it’s more like using a project name in billing, but when you have many projects not organized in folders, this method can be very useful. The assets inventory system can help you to find not labeled resources.
- Separate billing account — can be useful if you want to use a number of other payment methods, but GCP discounts like SUD, CUD, and EDP will be less effective
Report: Make cost data available, consumable, and actionable.
- The GCP console billing page gives you pretty good tools for searching, filtering, and presenting billing data. We will discuss below some problems with access granularity, additionally, the system cannot send reports to an email or other channels. The budget system can send alerts based on active or forecasted spend.
Problem — The budget system can create budgets for some projects or services, but not folders or labels, as a result, if you create a project after the budget, you can see the cost in the global billing account budget only. This makes department budgets less effective. The other problem is — the budget limit can be based on a fixed sum or the previous month’s (quarter, year, but not day or week) spending. For example, if the first day of the month used 50% of the budget, you will get a message about the problem too late.
Solution — You can create your own analytics system based on a billing big query table, or use some third-party solutions.
https://cloud.google.com/billing/docs/how-to/reports
Forecast: Estimate and track future spend.
- GCP billing console makes cost forecasts, you can see it separately for needed projects or services. You can use it as a base for budget alerts.
Billing access control
SET Permissions - The IAM system gives you 6 standard roles:
- Billing Account Creator — Use this role for initial billing setup or to allow the creation of additional billing accounts.
- Billing Account Administrator — This role is an owner role for a billing account. Use it to manage payment instruments, configure billing exports, view cost information, link and unlink projects and manage other user roles on the billing account
- Billing Account Costs Manager — Create, edit, and delete budgets, view billing account cost information and transactions, and manage the export of billing cost data to BigQuery. Does not allow the linking or unlinking of projects or otherwise managing the properties of the billing account.
- Billing Account Viewer — Billing Account Viewer access would usually be granted to finance teams, it provides access to spending information but does not confer the right to link or unlink projects or otherwise manage the properties of the billing account.
- Billing Account User — This role has very restricted permissions, so you can grant it broadly. When granted in combination with Project Creator, the two roles allow a user to create new projects linked to the billing account.
- Project Billing Manager — When granted in combination with the Billing Account User role, the Project Billing Manager role allows a user to attach the project to the billing account
Here you can find more information: https://cloud.google.com/billing/docs/how-to/billing-access
https://cloud.google.com/billing/docs/how-to/grant-access-to-billing
Resource and rate optimization
Resource optimization — Align the number and size of your cloud resources to the requirements of your workload. Where feasible, consider using managed services or re-architecting your applications.
- FinOps and Engineering connection — Usually number, size, and usage of resources are under the control of the CEO department. Spend controlled by the CFO group. Technical Staff doesn’t care about the price of resources, and unfortunately, many times IT engineers don’t know anything about cost optimization solutions in the cloud. CapEx vs OpEx - technical staff, many times, do not see the real difference between on-premise and cloud infrastructure — when you buy a server for your physical DC you pay once, and after that not important if the server is up, down, or use 50% of resources. Otherwise, in the cloud infrastructure you use the PAYG scheme: if the VM is down — you will pay disks price only (sometimes IP, reservation, etc.); if UP — full price; if utilized 50% of resources — you can reduce the server size, and make it cheaper.
- Resource management — monitoring of resource utilization, scheduled UP/DOWN of the resources (working hours, weekend, usage picks), good HA and DR technology, automated resource lifetime, and search lost resources can help you significantly reduce the cost of the cloud infrastructure.
- Recommendations system — GCP developed a good recommendation system and improved it all the time. In each project, you can see recommendations about underutilized resources, stopped or not used devices, possible CUD, etc. https://cloud.google.com/compute/docs/instances/apply-machine-type-recommendations-for-instances
Problem — Standard GCP recommendation system connected to each project separately, if your organization has 100’s or 1000’s projects you must to check them manually one by one, it can do it practically impossible
Solution — You can write your automation based on recommendation API or use external products
Rate optimization — The FinOps team often makes rate optimization decisions centrally. We recommend that the individual engineering teams work with the central FinOps team to take advantage of deep discounts for reservations, committed usage, flat-rate pricing, and volume and contract discounting.
- SUD — Sustained use discounts, on some type of resources (like N1, N2 VM types, GPU) that are used for more than 25% of a billing month and are not receiving any other discounts. It’s automatically calculated for all instances with the same type per region https://cloud.google.com/compute/docs/sustained-use-discounts
- CUD — Resource-based commitments are ideal for predictable and steady-state usage.
Hardware commitments — You can purchase hardware commitments for resources like vCPUs, memory, GPUs, local SSDs, and sole tenant nodes. You purchase Compute Engine resources — such as vCPUs, memory, GPUs, local SSDs, and sole-tenant nodes — at a discounted price in return for committing to paying for those resources for 1 year or 3 years. The discount is up to 57% for most resources like machine types or GPUs. The discount is up to 70% for memory-optimized machine types.
Software license commitments — You can purchase license commitments for applicable premium operating system (OS) licenses (SUSE Linux Enterprise Server, SLES for SAP)
https://cloud.google.com/compute/docs/instances/signing-up-committed-use-discounts
- EDP — Enterprise Discount Program. In other types of commitment, big GCP customers can create special price agreements with GCP for some period (usually 1–3 years)
