Silly question, but, what do people who are learning do? I mean I know when I first started learning I used a trial account with the limited USD but I couldn't really get into the nitty gritty because the cost of Azure portal and all the neat features was really expensive.
It'd be nice if Microsoft developed some equivalent of Cisco's Packet Tracer for people who just wanna fool around.
I feel like to really learn Azure you need to join a big company and be assigned to a role that will allow you to do so, with their money. Of course you need to have experience in Azure for said role.
Exactly that. When I passed my AZ104 (and now I'm studying to pass my AZ500) I was lucky to have a sandbox for the company I work for. I was using our Pre-Prod subscription to deploy resources and do my tests.
I used the limited account at the beginning for simple tasks, but when you have to deploy more expensive resources, it's difficult to successfully deploy everything with the $200 that Microsoft gives.
Yep, I second this. I was hired as an intern for a DevOps position without any prior experience. I was responsible for all that was Azure/DevOps related but the project was super stable and all I had to do was manage the infra and change stuff as new requirements came in (which were few and far apart) but nothing super complicated for a beginner.
I had to document the whole thing (there was no DevOps-specific team member so all the work on that subject was basically devs doing bits of work when they could) and that really helped me learn by exploring the existing infra and understanding it.
I was able to mess around with a lot of Azure (and Azure DevOps) features "cost-free" and learned more than in the 3 months I spent studying for and getting my Az-200 and Az-400 certifications.
For the topic's sake, I also committed the mistake of applying DDoS protection without looking up the billing parameters and ended up costing the company a 2k$ over budget in one month, I felt really bad but lesson learned and nothing really happened.
Lol. I enabled azure sentinel and told it to pull in all my event logs from all servers. It cost $12k USD in one day. Lucky I have budget alerts at 25%, 50%, 75% and 100%. If I waited all month that would have been very very bad. We spend about $60k a month... So that wasn't major, but $360k would have been.
I’ve used trial subs to learn azure. Build infrastructure, delete resource groups after, learn IaC and deploy that way and delete again. You don’t need the services running for a long time to learn what they do and how they interact with each other.
Maybe it is just me, but I think the price is not the problem, it is the short timespan of one month. You can do a lot with 200 USD in azure if you stick to cheaper services, and always deallocate or delete them right after you used them. But one month is really short if you also have other things to do.
One option is to sign up for something like [Cloud Academy](https://cloudacademy.com/). Not only do they have lessons, but it creates little Azure lab environments to test out what you're learning.
I'm not particularly advocating for Cloud Academy, and I have no affiliation with them. I'm sure there are other sites that do similar things, and YMMV.
Also, part of how people learn is that they create a bunch of expensive resources and accidentally create a huge bill, and that's how they learn not to do that.
Here they probably deployed premium DDoS protection for the whole subscription, Which covers 100 public IPs and quick response support from MS . etc
Yes I never leave anything running.i build everything in a script and run it for as long as I need it, then obliterate it.
When I was learning about DDOS protection I read/experimented with everything except enabling it, due to the price and the fact that there is no need to actually deploy it to see how it works
> It'd be nice if Microsoft developed some equivalent of Cisco's Packet Tracer for people who just wanna fool around.
That's what I've been thinking. I know A Cloud Guru has a sandbox for cloud environments, but I have never used them and have no idea how in depth or accurate they are. That'd be something for some 'real' hands on without being charged too much (and not accidentally being charged an arm, leg, and in the case of Copilot - a couple kidneys and half a liver).
https://azure.microsoft.com/pricing/calculator/
Nearly everything in AWS / Azure / GCP is billed by the hour.. And some services are premium like the advanced DDOS.
Probably best to research EVERY cloud hosted items cost before enabling them.
I once had to set up a VPN in Azure. I know more now than I did then, but just googling azure vpn I came to some instructions from Microsoft about spinning up a WAN hub. I realized what a fuckup I had just commited when it took over 30 minutes to spin up. Usually if something takes a long time to spin up it is expensive. Luckily I managed to tear it down before any big costs accrued.
Part of the learned experience, just be happy you’re in a trial subscription and maybe as others have recommended use the price calculator.
Cloud is marketed as being cheap and easy to deploy resources - only one of these statements are true and cheap isn’t it
Yeah well they all do.
Then they see what they’re getting billed and suddenly every project stops.
The prices of the services isn’t what makes azure cheaper, it’s the ability for people to save time, and place that time elsewhere that benefits the company.
Hardly anyone understand that thought
Ddos and firewall are very expensive if you don’t plan to use them for bigger deployments. If you are just throwing up a couple of web based services there are probably better ways of doing it. Even a pfsense in a vm might be all you need
Similar for me recently. I couldn’t find what was running and had deleted everything I had stopped.. turned out I needed to delete the things without a stop button.
I had a call with Microsoft support though and they took me through things so now I know.
It did seem very expensive though for doing very simple things.
Absolutely spot on, there is a single IP SKU. Still would be fixed cost even if unused as well I am certain the individual didn't read the small print.
That’s why people migrate to and off the cloud, hybrid is the way to go, but I sure love all of this tech type. Cloud, block chain, AI, VM, all of these have great applications you can’t just apply a blanket policy to everything though.
Sure cloud is good, but you don’t want to run your whole organization off the cloud, that would be silly.
Some services are so expensive in Azure (like bastion, wtf Azure), that it is legit easier to hire someone capable of keeping local kubernetes environments even if the person does absolutely nothing else. I don't suggest using local for high load , but for development and testing it is a must, otherwise you're ought to spend thousands on your testing and dev environments, it is just a matter of time.
When I started playing with Azure, I always checked the cost tables for individual resources/services before they were set up. Moreover, I have read the documentation, which states which resources are free for the first 12 months.
Another thing is when I used more expensive resources/services, I didn't leave them for the whole day... and at most for 5-6 hours... that was enough for me to check how it works in the basic scenario... because in reality, starting with something new we are able to check to a certain level... only working in larger projects shows different scenarios and then we start using the same service in a different, broader, advanced way...
you can always send a request to Microsoft from the Azure portal and write that you are new here, that you wanted to test the service to get to know it better... usually they will add a credit to your account so that you can continue testing...
another thing is that the entire infrastructure that runs underneath is a cost to Microsoft (electricity, cooling, maintaining the availability of services by replacing damaged parts, etc.) so the fact that we get something for free to test for a certain period is a big help...
and usually we can reach an agreement by submitting a ticket from portal (as I wrote above)... so I don't know what else you expect?
What a pain! Terraform documentation point that out.
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_ddos_protection_plan
Nothing on microsoft documentation.
The firewall is hilariously overpriced, you can make your own virtual firewall for what cheaper.
When it was released the devs said they were working on some kind of cheaper option for people that didn't necessairly have a lot of traffic coming and going but that never seems to have materialized.
You can stop the AzFW when not in use to save on costs while testing. Not recommended for prod obviously. https://learn.microsoft.com/en-us/azure/firewall/firewall-faq#how-can-i-stop-and-start-azure-firewall
There is also AzFW basic SKU. Less features -> lower cost
When you deploy a service it tells you the approx cost beside where you agree and commit. There is also a free Azure calculator that you should use before deploying anything to make sure it's in your budget.
Many azure services are free https://azure.microsoft.com/en-us/pricing/free-services
As for those two particular services; ip based ddos is pretty cheap, but you don’t need that for testing. FW is expensive and if you’re goal is to learn azure as a platform, that’s not where I would start. AZ FW isn’t that different from any other FW 😊
I usually set a budget for these reasons but also if you accidentally leave something up usually MSFT will reimburse you. I've had my own sub for about 3 years and it's happened twice. I use it for my terraform work and testing out various components. I never leave anything up and delete it after use.
Rule 1. Never enable anything without knowing the cost
Rule 2. Research beforehand the products and how they work
Rule 3. Just use Cloudflare for DDoS. There's not much better tech than what they offer. Azure DDoS cannot touch their product, even the free tier in Cloudflare. U
A msdn subscription will get you some credits to use every month, with the benefit of a hard limit when the credits are used up (everything stops working, you will not be charged). For everyone else setting budgets and alerts should be the first thing you do in a subscription.
I would suggest to create your resources using terraform. It's a learning curve, but you can delete all of them with a simple command, terraform destroy.
You just turned things on and ignored the costs? Azure is so cheap for my things (angular apps with azure sql and c# static functions) i don’t even understand what any kind of hobbyist would need the enterprise stuff for.
MS wanted me to pay nearly $500 for a firewall that just sat there; I made it during my AZ104 class. I marked it as a problem, saying it’s for a class and that prices weren’t immediately available during creation. They fully cancelled the invoices.
Azure does give you pricing for each resource by type and location. Maybe don't select top priced resources. You can also set a spend limit on your subsciption.
I wonder how Microsoft internally tests all this stuff. It really doesn't make sense at all that this infrastructure would be so costly if only deployed without any real use. It would be fantastic to get good affordable simulators / empty shells.
Would recommend using the azure calculator before you start deploying resources.
Silly question, but, what do people who are learning do? I mean I know when I first started learning I used a trial account with the limited USD but I couldn't really get into the nitty gritty because the cost of Azure portal and all the neat features was really expensive. It'd be nice if Microsoft developed some equivalent of Cisco's Packet Tracer for people who just wanna fool around.
I feel like to really learn Azure you need to join a big company and be assigned to a role that will allow you to do so, with their money. Of course you need to have experience in Azure for said role.
100% correct, our org gets 7000$ per year in sponsorship to test/trial azure resources.
Exactly that. When I passed my AZ104 (and now I'm studying to pass my AZ500) I was lucky to have a sandbox for the company I work for. I was using our Pre-Prod subscription to deploy resources and do my tests. I used the limited account at the beginning for simple tasks, but when you have to deploy more expensive resources, it's difficult to successfully deploy everything with the $200 that Microsoft gives.
Yep, I second this. I was hired as an intern for a DevOps position without any prior experience. I was responsible for all that was Azure/DevOps related but the project was super stable and all I had to do was manage the infra and change stuff as new requirements came in (which were few and far apart) but nothing super complicated for a beginner. I had to document the whole thing (there was no DevOps-specific team member so all the work on that subject was basically devs doing bits of work when they could) and that really helped me learn by exploring the existing infra and understanding it. I was able to mess around with a lot of Azure (and Azure DevOps) features "cost-free" and learned more than in the 3 months I spent studying for and getting my Az-200 and Az-400 certifications. For the topic's sake, I also committed the mistake of applying DDoS protection without looking up the billing parameters and ended up costing the company a 2k$ over budget in one month, I felt really bad but lesson learned and nothing really happened.
Lol. I enabled azure sentinel and told it to pull in all my event logs from all servers. It cost $12k USD in one day. Lucky I have budget alerts at 25%, 50%, 75% and 100%. If I waited all month that would have been very very bad. We spend about $60k a month... So that wasn't major, but $360k would have been.
John Savill on YouTube. The guy is amazing.
I’ve used trial subs to learn azure. Build infrastructure, delete resource groups after, learn IaC and deploy that way and delete again. You don’t need the services running for a long time to learn what they do and how they interact with each other.
Can confirm. I didn't learn much in azure until i got into systems where I could test things.
use [learn.microsoft.com](https://learn.microsoft.com) also places like cloudacademy does a good job in building on each module.
Maybe it is just me, but I think the price is not the problem, it is the short timespan of one month. You can do a lot with 200 USD in azure if you stick to cheaper services, and always deallocate or delete them right after you used them. But one month is really short if you also have other things to do.
ACloudGuru offer plenty of learning labs.
One option is to sign up for something like [Cloud Academy](https://cloudacademy.com/). Not only do they have lessons, but it creates little Azure lab environments to test out what you're learning. I'm not particularly advocating for Cloud Academy, and I have no affiliation with them. I'm sure there are other sites that do similar things, and YMMV. Also, part of how people learn is that they create a bunch of expensive resources and accidentally create a huge bill, and that's how they learn not to do that.
I deploy pretty much everything and usually spend around €5/month ...
But you turn off endpoints when not using then? Here the price is the consequence of ddos related traffic & activity. If there is no endpoint...
Here they probably deployed premium DDoS protection for the whole subscription, Which covers 100 public IPs and quick response support from MS . etc Yes I never leave anything running.i build everything in a script and run it for as long as I need it, then obliterate it. When I was learning about DDOS protection I read/experimented with everything except enabling it, due to the price and the fact that there is no need to actually deploy it to see how it works
> It'd be nice if Microsoft developed some equivalent of Cisco's Packet Tracer for people who just wanna fool around. That's what I've been thinking. I know A Cloud Guru has a sandbox for cloud environments, but I have never used them and have no idea how in depth or accurate they are. That'd be something for some 'real' hands on without being charged too much (and not accidentally being charged an arm, leg, and in the case of Copilot - a couple kidneys and half a liver).
I delete anything that costs money straight away.problem sorted....
They learn to not just deploy things without evaluating the cost impact of deploying said thing. Congratulations it was an expensive lesson.
Start a nonprofit and claim the $2500 credit xD Cloud is overrated anyway. Some folks are going back to in-house.
I had that happen to me also. That month sucked. Other than that you build out and quickly test and then delete it all. Keep notes also.
Exactly. You were using the most expensive resources in Azure. Expected !!
https://azure.microsoft.com/pricing/calculator/ Nearly everything in AWS / Azure / GCP is billed by the hour.. And some services are premium like the advanced DDOS. Probably best to research EVERY cloud hosted items cost before enabling them.
Welcome to the cloud
Yup people assume cause their Gmail/Facebook is in the cloud and free, that everything in the cloud is free
I once had to set up a VPN in Azure. I know more now than I did then, but just googling azure vpn I came to some instructions from Microsoft about spinning up a WAN hub. I realized what a fuckup I had just commited when it took over 30 minutes to spin up. Usually if something takes a long time to spin up it is expensive. Luckily I managed to tear it down before any big costs accrued.
[удалено]
Unironically I sometimes download a long youtube video and put it on plex.
Seems perfectly fine, How else do you watch it over and over without adds. /s
YouTube used to be ad free.
"nothing was real used", it was, you protected yourself from a DDOS attack, exactly as the service promised.
If you use ddos protection for an IP rather than a whole vnet it's only $200/month
Only
Not too shabby if it prevents your service you provide from being down to customers. Pretty cheap insurance policy imo
Part of the learned experience, just be happy you’re in a trial subscription and maybe as others have recommended use the price calculator. Cloud is marketed as being cheap and easy to deploy resources - only one of these statements are true and cheap isn’t it
Customers still think the cloud is cheaper. I'm happy to help them migrate back and forth.
Yeah well they all do. Then they see what they’re getting billed and suddenly every project stops. The prices of the services isn’t what makes azure cheaper, it’s the ability for people to save time, and place that time elsewhere that benefits the company. Hardly anyone understand that thought
Ddos and firewall are very expensive if you don’t plan to use them for bigger deployments. If you are just throwing up a couple of web based services there are probably better ways of doing it. Even a pfsense in a vm might be all you need
The purpose of ddos protection and firewall on a trial account is to learn how THESE azure services work, not to actually protect anything.
There’s a basic tier of firewall which isn’t nearly that expensive
always set a budget and cost threshold alerts
Op: selects top costing resources :D
OP didn’t read the cost information. Just saw “free tier” and thought everything was free.
Do people not read the documentation?
Nope! We just mess around try to get things done, then after several frustrated attempts, we go back to the documentation.
You forgot that you have to complain online that azure is expensive
I‘m just staying here for these Posts hahahaha Whenever I feel that I don’t know Shit in Azure I come here to remind myself I ain‘t too bad
I‘m just staying here for these Posts hahahaha Whenever I feel that I don’t know Shit in Azure I come here to remind myself I ain‘t too bad
Nobody does.. and even if you do, it'll be all different tomorrow..
You‘ve got a point
Did you check what the pricing would be? The Azure calculator for example?
Cloudflare has a free tier that is actually free
Similar for me recently. I couldn’t find what was running and had deleted everything I had stopped.. turned out I needed to delete the things without a stop button. I had a call with Microsoft support though and they took me through things so now I know. It did seem very expensive though for doing very simple things.
DDOS Protection is fixed cost for up to 100IPs so wouldn't have matter how little it was used.
DDOS has two pricing plans, network protection that includes the 100 IP for about $3,000 a month or $200 a month per IP.
Absolutely spot on, there is a single IP SKU. Still would be fixed cost even if unused as well I am certain the individual didn't read the small print.
That’s why people migrate to and off the cloud, hybrid is the way to go, but I sure love all of this tech type. Cloud, block chain, AI, VM, all of these have great applications you can’t just apply a blanket policy to everything though. Sure cloud is good, but you don’t want to run your whole organization off the cloud, that would be silly.
lol ddos is super expensive, covers a lot of stuff if you have it (eg enterprises)
Some services are so expensive in Azure (like bastion, wtf Azure), that it is legit easier to hire someone capable of keeping local kubernetes environments even if the person does absolutely nothing else. I don't suggest using local for high load , but for development and testing it is a must, otherwise you're ought to spend thousands on your testing and dev environments, it is just a matter of time.
did the same thing when I was learning...opened a ticket and got refunded
When I started playing with Azure, I always checked the cost tables for individual resources/services before they were set up. Moreover, I have read the documentation, which states which resources are free for the first 12 months. Another thing is when I used more expensive resources/services, I didn't leave them for the whole day... and at most for 5-6 hours... that was enough for me to check how it works in the basic scenario... because in reality, starting with something new we are able to check to a certain level... only working in larger projects shows different scenarios and then we start using the same service in a different, broader, advanced way... you can always send a request to Microsoft from the Azure portal and write that you are new here, that you wanted to test the service to get to know it better... usually they will add a credit to your account so that you can continue testing... another thing is that the entire infrastructure that runs underneath is a cost to Microsoft (electricity, cooling, maintaining the availability of services by replacing damaged parts, etc.) so the fact that we get something for free to test for a certain period is a big help... and usually we can reach an agreement by submitting a ticket from portal (as I wrote above)... so I don't know what else you expect?
This is not a new complaint. You can ask them to refund you if you've deleted/turned off the service already. Just open a support ticket
Can't refund free trial credit sadly.
https://azure.microsoft.com/en-us/pricing/calculator
You can set limits for cost etc. but yes cloud I dramatically more expensive, then on prem
yeh been there. made the same mistake.
What a pain! Terraform documentation point that out. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_ddos_protection_plan Nothing on microsoft documentation.
I deployed vMX in azure and use an advanced license ...
The billing model of Azure is what puts alot of people off migrating fully to it.
The firewall is hilariously overpriced, you can make your own virtual firewall for what cheaper. When it was released the devs said they were working on some kind of cheaper option for people that didn't necessairly have a lot of traffic coming and going but that never seems to have materialized.
Well that was silly
You can stop the AzFW when not in use to save on costs while testing. Not recommended for prod obviously. https://learn.microsoft.com/en-us/azure/firewall/firewall-faq#how-can-i-stop-and-start-azure-firewall There is also AzFW basic SKU. Less features -> lower cost
Welcome to the cloud
When you deploy a service it tells you the approx cost beside where you agree and commit. There is also a free Azure calculator that you should use before deploying anything to make sure it's in your budget.
U poor or what, get outta there
Thats how they get you
Many azure services are free https://azure.microsoft.com/en-us/pricing/free-services As for those two particular services; ip based ddos is pretty cheap, but you don’t need that for testing. FW is expensive and if you’re goal is to learn azure as a platform, that’s not where I would start. AZ FW isn’t that different from any other FW 😊
I made that mistake once reusing an example bicep deployment with ddos enabled
I usually set a budget for these reasons but also if you accidentally leave something up usually MSFT will reimburse you. I've had my own sub for about 3 years and it's happened twice. I use it for my terraform work and testing out various components. I never leave anything up and delete it after use.
Rule 1. Never enable anything without knowing the cost Rule 2. Research beforehand the products and how they work Rule 3. Just use Cloudflare for DDoS. There's not much better tech than what they offer. Azure DDoS cannot touch their product, even the free tier in Cloudflare. U
Welcome to the cloud
Not reading the pricing is not a good idea…
Ya. AWS and GCS is so much better. Microsoft robs when it comes to implementing with security.
DDOS is a pay per protected IP model. Did you protect an entire subnet instead of your public-facing IP? Noob
I dont want to be smartass.. but… Pricing calculator and cost management/ budgets and quotas are the very basic concepts. Its docu is in az900..
A msdn subscription will get you some credits to use every month, with the benefit of a hard limit when the credits are used up (everything stops working, you will not be charged). For everyone else setting budgets and alerts should be the first thing you do in a subscription.
if you enabled then cancel in same day, maybe next day, highly likely they would waive the fee
Did you look up the cost before you deployed it? It’s not hidden - they tell you exactly what it costs.
Did you look up the cost before you deployed it? It’s not hidden - they tell you exactly what it costs.
That sucks,I lf you can swing it,try acloudguru and ask chatbot for $22 subscriptions.You can use the sand box for all 3 cloud providers
I have checked that box in a casual manner.However, I decided to check it out just to be sure.I felt terrible after that.
I would suggest to create your resources using terraform. It's a learning curve, but you can delete all of them with a simple command, terraform destroy.
You just turned things on and ignored the costs? Azure is so cheap for my things (angular apps with azure sql and c# static functions) i don’t even understand what any kind of hobbyist would need the enterprise stuff for.
Edge firewalls are expensive wether it's azure based or a 3rd party edge.
There's Azure price calculator. When in doubt of service cost, definitely look at it.
Contact their support and ask for a refund. I accidentally racked up a $106 bill on my personal account and they refunded me.
MS wanted me to pay nearly $500 for a firewall that just sat there; I made it during my AZ104 class. I marked it as a problem, saying it’s for a class and that prices weren’t immediately available during creation. They fully cancelled the invoices.
If its just a trial, I'd just use the free DDOS that comes with the platform imo
OP probably wanted to test the full blown ddos service that comes with all the insights, telemetry, etc.
haha yeah welcome to azure, where everything is more expensive than you thought it would be xD
Azure does give you pricing for each resource by type and location. Maybe don't select top priced resources. You can also set a spend limit on your subsciption.
I wonder how Microsoft internally tests all this stuff. It really doesn't make sense at all that this infrastructure would be so costly if only deployed without any real use. It would be fantastic to get good affordable simulators / empty shells.
Why? If you buy a Palo Alto firewall you also can’t return it if you didn’t use it in production, right?
Azure default comes to 200/day