Spending Limit or Maximum Cost CAP for Azure
As a customer, I really care about Spending Limit or Spending CAP feature of Azure.
How does Azure prevent some evil attack to my Azure sites causing charge a large billing of Credit Card?
For example, it should automatically shut off or temporary disable my site when a certain dollar amount has been reached.
Is this feature in the RoadMap of Azure?
Or is there anyway to control my maximum Spending Limit of Azure?
We have been considering all of the risks and investigating the steps required to ensure we implement this feature with high positive impact and low to no negative impact.
After this investigation we have decided we will enable Pay-As-You-Go customers the option to configure a spending limit on a Pay-As-You-Go subscription, with appropriate safeguards and measures to prevent both service abuse and production service failure.
We have not yet finished determining the details of what this feature will look like, nor do we have a timeline for release, but we have heard your voices and have added this feature to our backlog.
Thanks for your continued feedback,
-Adam (Azure Billing Team)
Jesper R commented
Hard limits are absolutely required. Not having that option makes customers worried to the point of blocking adoption. I have seen this several times.
Valid production use cases for this very much exist, and it should be high on your teams list.
Feel free to reach out to me via the billing advisors group for more detail.
Oh, I forgot, you also asked how we would use a hard-limit:
we are working on a startup company that shows art oriented 360-degree videos. We need to deliver the videos ourselves through a custom 360-degree video player. That's our only option on iPad Safari as Youtube 360 doesn't work on iPad Safari. Actually nothing works on iPad Safari expect this custom player.
Each video is 100-600Mb. As we do our marketing, we can predict the usage and the popularity of our project, hence we know the approx. cost. But we just cannot afford an attack when these videos are downloaded 1 million times in a day. It would make us go bankrupt, and who can guarantee that nobody will attack the project..? So.. who has a break for us..?
Currently we are with Amazon, but actively looking for someone who is offering this feature as Amazon only has some useless alert, and we don't have 24/7 monitoring yet. I just cannot sleep well due to this, and I am even considering going for a dedicated server with Hostgator. It may not be fast enough as a CDN but at least I know my monthly budget.
Well, I guess it depends on the nature / size of the business. In my opinion, this safety feature would be 100% attractive for up-and-coming businesses, startups and even non-profit projects. (while established business may just not use this option) But a startup simply cannot afford making a mistake at the beginning. Of course they may not be your biggest cash-cow now, but be forward thinking: they will eventually grow, so if they come to Azure due to this safety feature, rather than Amazon, then they are likely to stay with you even when they become more established - since they have a workflow setup. And Amazon really doesn't care.
And here are some real arguments:
1) An established, bigger business can afford more and better qualified IT experts to prepare for Ddos attack, and create several layers of protection. A small business may not be able to set up a similar protection, yet it's the small business who could go bankrupt if there is a sudden Ddos attack generating a sudden $30.000 bill.
2) who can guarantee that a bigger company, who sees potential in the "revolutionary" product idea of a startup, will not hire someone to generate a Ddos attack to bring them down?
3) An established business can afford 24/7 monitoring through 3rd party expensive apps, a budget sensitive up-and-coming or startup business may not be able to afford this.
4) You mention better billing alert system: but again, for a startup, they may not have somebody 24/7 who can respond to a sudden ultra-high spike. Or, even worse: they may not even know what to do for a few days... can you imagine what that means?!
I tell you a customer's example. He reported his case on Amazon forum. He was working on a small business. Everything was ok for months. And one weekend he was away, and during that 48hours, there was an attack generating +$2-3000 bill. He was lucky that he could stop the service manually, and the spike lasted for "only" 48hours. Imagine another 2-3 days.. Another user reported a $10.000 unexpected bill and there are so many stories out there. So try to put yourself into the position of a startup owner and you can see why he can afford ZERO such financial mistake / risk during the first 1-3 years. Later, maybe it's less critical, but not at the beginning.
INSURANCE: (!!) so for small businesses, it's is a bit like driving a Ferrari car without any insurance. And on top of that, without the experience of a race-driver, who at least knows how the car will react in some extreme situations. And if there is an accident, you pay the medical bill forever.
If you use this INSURANCE example, you can treat a Ddos attack as an illness. In "real life" we have medical insurances if a nasty illness brings you down. (at least in the EU) If it attacks you, the insurance will pay. Here, we cannot do that, and proper IT security might be inaccessible for smaller businesses, so we must have some optional breaks.
From this point of you, it's not even a must-have feature, but it's the ONLY ethical way towards smaller businesses.
And I think it's healthier from a competition point of view as well, as a startups will have more confidence in building new ideas. So in an indirect way, it's better for the economy as well. I am idealist, and I would love if bigger companies like yours would grasp the idea of "mutual responsibility". Let's build a better web. Let's build a better world.
And a very last word: you mentioned mission critical applications. In this case, there are three things: 1) either the business will opt-out for a hard limit 2) or they will do better estimations and adjust their hard-limit above the estimation 3) they can raise it if needed By the way, the limit should be adjustable on the fly. So if I am expecting a natural spike due to CNN.com coverage, I adjust my estimation. But in either case, if my estimation is let's say $500 usage a month, I would set up a hard limit probably at $1500. I can deal with an extra $1000 loss, but I cannot deal with $20.000 due to a nasty competition directing an attack against my service.
Everybody will be winner:
1) you will gain more confidence from us
2) therefore more startups will choose you
3) AND A BIG ONE: it may discourage some Ddos attackers. Not all, but at least those whose only motivation is to make a smaller competition bankrupt, may not be able to do it. So it will be better for the industry. Yes, they could still cause harm, but way less harm.
That's what I think:
It's a responsibility, not a feature.
Question: are hard spending limits really what's desired here or would improved cost management/controls via billing alerts and similar serve a better purpose? Depending on how limits are implemented, the risk of bringing down production services is a very real danger. We're actively discussing/evaluating this feature (no timeline yet, sorry) and are really curious to get opinions and/or example use cases from our customers who are asking for this.
-Nick (Azure Billing Team)
I will move my business from Amazon AWS to AZUR within a minute if spending limit for Pay-as-you-go is implemented. It's THAT important. I won't even hesitate for a micro second.
Amazon doesn't give a ****, and I am happy to make a switch, but only if this is implemented.
Very roughly, WHEN is it going to be happen?
Anytime this year (2016)?
Please provide some quick update, so we can have more clarity.
Tim Scott commented
Yup, big deal, I'll be paying personally for any initial investigation, but if I like what I see it would lead to a considerably larger investment by my company, at the moment I don't dare experiment as it's a very complex environment and fairly difficult to understand what costs and what doesn't, unlike AWS it doesn't seem to be very forthcoming about what services you consume in the free period actually would have cost.
I am working as a senior executive running FB and GG ads for SMEs company in Vietnam which is an advertising company.
- Our job is running ads CPI, CPC, KPI ... via FB and GG.
- We also lease GG and FB account. Our customers can spend a lot of money and not worry about being locked.
- We have been running ads for a number of national and international companies.
- After providing advertising accounts for a lot of customers, we do have a lot of experience in running the ads. We can assist you with the experience we had and we hope to share and learn more from you guys.
Prodcut Team: I'm curious if there is any further update on this spend-cap feature being made available to Pay-as-you-Go subscriptions, or in fact other types of subscriptions such as EA?
More and more customers are becoming concerned with this lack of spending control within their Azure tenants.
The limit you linked only applies to trial and member accounts so is useless for independent developers on Pay as You Go and other subscriptions.
Marius Zaharia commented
As far as it seems, the item was not updated by the team, but the feature is already on : https://azure.microsoft.com/en-us/pricing/spending-limits/
@Anonymous & others: please check generally the Azure documentation and follow the published updates. This way you will get the information of the needed feature.
I work in a large financial institution and we are considering to out-source our risk calculations to Azure or similar services to take advantage of the scaling provided by such service. Scaling to the magnitude of 1000+ cores in a calculation is not really feasible to do in-house as the infrastructure would be idling too often. However, there is no way that the senior management would consider signing up for a service with no explicitly defined spending limit. Even the the prepaid service is automatically converted into a pay-as-you-go when the prepaid amount is spend. We will need as predefined ultimate hard spending limit in order to consider Azure. Indirectly defining such a limit in terms of maximum number of cores is not sufficient and is also impractical.
Jonathan Toolan commented
I want to make sure I don't overspend, and that is more important to me than perpetual uptime. I want to be able to apply a monetary quota per month over which I will be unable to spend any more money.
This will protect me from misconfiguration on my part, bad-actors getting a storage key and downloading ridiculous amounts of data, and other chargeable situations ruining me financially.
FACEBOOK AD AGENCY ACCOUNT FOR RENT
You run traffic, replica ads and locked accounts?
You are need for facebook ad account running advertisement?
You want to increase sales, but your ad account is limited?
Your ad account can’t spend money?
Your advesting account trust is limited?
You meet account problems or need technical supports but you don’t know who or how to contact with ?
I can help you on the FB acc problem
Let’s talk me on Skype: namhoang1302
So in your "backlog" - not just for billing - but for Azure in general, this one should be among the top5 priorities for next "sprint".
Since this one is probably, if not the most important, among the top 5 important life-shortening issues for Azure. Directly preventing growth.
Ex. As already stated a similar problem not getting the priorities right killed off Sharepoints future as the CMS for all in 2002 (where basic editorial CMS components only made it into the Enterprise release - what a weirdo non-compliant CMS packaging for all others than Enterprise by MS product management)
Thus this the most important feature to complete in context with business value.
Put the Cap in now. The sooner, the faster the adoptation rate will start to evolve. The later, the faster approach to EOL for Azure, especially Pay-As-You-Go - except for some Enterprises.
BTW What a nice execution on that target ... updated status to planned 8 months ago.
Cuttig edge or "just" state-of-the-art IT is competition, not the public sector :o) In that sense a status of planned is purely an internal matter, externally that still just translates into not executed for some reason. I.e. internal resistance, super slow etc.
In Microsoft a new release of Windows can be completed in shorter time than this - unless MS is now a bureaucracy like the public sector.
This is without any doubt in my mind the basic main showstopper preventing Axure from growing.
A similar thing prevented Sharepoint around 2002 to grow into what could have been Wordpress (i.e. leaving important features for non-enterprise interests, i.e. removing basic CMS components)
This must be the 20th time I take a concrete look of where Microsoft is since 2009.
The lacking cap on pay-as-go ... has been an issue since incubation of Azure. This is a basic show stopper for adopting Azure. Since most will continue with Pay-As-You-Go after trial or free.
This is the main showstopper preventing Axure from growing.
Only a few will allow for a theorectical risks where Microsoft can claim serious big money if something goes wrong.
skander guetari commented
idea is not to be charged more than a certain amount if we miss use azure and not to activate billable options if the purpose is just for testing for instance.
We provide Agents Facebook account.
Accounts unlimited spending.
Bart Bories commented
Any updates on this? Even a timeframe when this will be release would be helpful.
I am starting a new (hobby)project now and I would like to use Azure, but not if I'm not sure if this will get implemented.
This is a must have option. Right now our accounts are exposed to potentially high billings. What if my account is hacked? Hacker could easily cause thousands of euros in damage.