I have a simple Azure VM that holds client accounting/tax files. Between my Reserved Instance (B2ms) which costs about $60/mo CDN and my actual PAYG portion (~$160/mo CDN) that seems like a LOT.
Looking at my costs, I have a “basic gateway”, no public IP, and my bookkeeper and I connect to the VM via point-to-site VPNs, provisioned 24/7/365. This costs $36/mo and averages 750 “somethings” (MB? GB? some arbitrary measurement?).
I also have 127 GiB OS disk and a 100 GiB (whatever GiB is?) Premium SSD LRS…and these cost $55/mo or so (P10 LRS disks). Seems expensive to me, so could switch to HDDs?
Also Azure Protected Instance (I assume this is the Azure-managed OS updates etc.) which is inexpensive and fine, if so.
I thought I’d try to figure out what the Virtual Network Gateway usage was…but I’m…lost.
(For the record, although I’m quite technical, Azure management is WAY beyond me…but my practice needs it, so I have to figure it out, but would like to cut the cost which seems excessive at >$220 CDN for a single machine each month.)
What do you mean writing CDN? Can you name the service/resource type from the billing?
Assuming you need a VM. Why not go with Azure Virtual Desktop? You could get rid of the VPN and still have secure access to it. Throw in a scale plan to automatically deallocate the system when it isn’t being used. Just those two changes could easily cut your bill in half, maybe more.
I checked the calculator, and with 750GB of VPN data and 1yr reserved it checks out. CA$215 estimated costs a month.
Also, the machine does not cost you $220, it costs you CA$112 and your VPN with 750GB is CA$103.
But it sounds like you are just using that VM to host files, and not any software? Which means you are paying VM prices for a file share instead of using Azure files. With azure files the price will go down to total of CA$137 since you no longer pay for VM, OS disk nor Windows server license. But these files sounds like something you schould have backed up, and you can slap azure backup on top for only CA$10-13 (depending on retention) for a grand total of CA$150. You just saved >CA$70 a month, or CA$840 a year, or 30% of your azure spend.
EDIT: Added percentage to the calculated savings
Virtual Machines are an expensive resource in Azure - because of the level of flexibility they bring (I.e. OS access) and the things that Azure manage for you.
So my first question would be: Do you need the VM? Is there another service you could use?
Not sure you need a VPN Gateway. Why not use a load balancer in front of the VM so you can remote desktop in?
Have you looked at windows 365? It’s an easier way to create a cloud PC that doesn’t require any of the technical setup in Azure - it’s around CAD $50 a month for a single user https://www.microsoft.com/en-ca/windows-365/business/compare-plans-pricing
The big thing I tell customers is question what you’ve actually got deployed versus their cheaper options. Secondly what uptimedo you realistically need?
VNG cost is as low as it gets. Don’t waste your time looking there. However, your vm. Does it need to be online 24/7/365? Does it need a premium SDD over a standard SDD? Do you really need a VM at all or can this be hosted on AppService?
While I get you’re coming here for advice on this, we can’t really tell you if you need X IOPs or Y read write speeds. We also don’t know if your business use case will allow for you to power down the VM at night.
That said, best thing I can recommend is define what is required for the workflow versus what is optional. Meet the requirements at minimum and add additional features or sku increases as needed.
I would also look at other options for hosting whatever is on that VM.
GPT is really good at taking these requirements as well as your current configuration and suggesting alternative solutions.
You might find Windows 365 easier and cheaper! Meet Windows 365 | Windows 365
Does your book keeping software offer any cloud integration? For example Sage 50 has a cloud option available.
If it’s files only for software data storage, then you could configure an Azure File Share and require access using an Entra identity. This could also be restricted for access over the internet by locking down to WAN IPs (if possible).
This way the software is locally installed on laptop/pc and uses the file share to read/write data over the internet using SMB 3.0 (encrypted).
Just to note, your ISP would need to not block TCP 445 port. Otherwise you would still need the VPN gateway but then not need to expose on the internet.
I’m guessing that they mean Canadian.
Without knowing your requirements it’s hard to suggest improvements, but you’re already scraping the bottom of the barrel here.
Yes - the VM is just an application device: one drive for OS, one drive for applications, one drive for data. Two of us share access to all regions and can use all simultaneously. But ALL are disk-based programs and data - no cloud files other than some SharePoint stuff where clients can up/download materials.
I have a GCE version as a backup…sort of a “warm site” to which I can drop files from my offsite backup location if the Azure one craps out for any reason. And yes, I test it. But I have local VPN to it as well (that was NO fun to set up).
AWS VM was a thought, but seemed even more complicated than Azure when I looked.
And there don’t seem to be any decent Canadian hosts that aren’t crazy pricy.
I don’t want RDP exposed to the 'net. The only way I could find was P2S VPN.
This is interesting, but I have to be able to share accounting and tax files (both local folder disk-based) with my bookkeeper…and it doesn’t appear that this will be possible using W365. Obviously easy on the VM as one particular drive is all data and the desktop programs access the drives as needed.
Yes $CDN (roughly $ .75 US).
Yah…I know, although there’s lower-use ones, but I do have to maintain some vague semblance of usability LOL.
I find it VERY frustrating that I can’t figure out what MS is actually charging me for…except for the Reserved Instance. I consider myself lucky that I managed to get the VPNs working properly…given the lousy documentation for non-IT pros.
Requirements: don’t need speed, don’t need RAM. Simple business operations. 90% Excel, Word, Sage Accounting and a Tax program. Those are the basic tools and there’s nothing high-power needs from any.
Hehehe I totally didn’t take it into consideration as a currency 
Now it’s obvious
Ok, now it looks a little bit more normal. 750 in gateway is probably hours. You can do it cheaper deploying OpenVPN Access Server on B1 instance and shutting it down off business hours. It will be ok for max 2 connections.
Disks: 127GB is telling me that it is Windows. Standard SSD is worth testing. HDD could be ok if your app does not require performance. You are using B2 VM so it is highly possible that HDD will be enough but SLA will drop a little.
Think if you need Windows Server you are probably using. Maybe Windows 10/11 is enough? Then maybe AVD will be better choice - you don’t need vpn then.
You say yes, then proceed to say that you are running applications on the server, so there are 3 alternatives to reduce cost.
- You could just run the applications locally and use Azure files and mount that as a network drive through VPN.
- You could reduce disks and use Azure files for the shared storage and still keep the VM.
- Use AVD/Windows365 to host the applications (Save on licensing costs for Win10/11 if you have M365 subs) and Azure files for the shared files. (Also eliminates VPN costs)
I see you commented that the files needs to be on a local drive. That is no issue with both sharepoint or Azure files. You can sync Sharepoint files to local drive, and file shares can be drive mounted and work as a local drive.
EDIT: Sharepoint sync can be troublesome on some applications
I see. As others suggested, AVD may be an option. Why this works without a VPN is because of reverse connect: Understanding Azure Virtual Desktop network connectivity - Azure | Microsoft Learn
There are about 100 different ways to share files. Windows 365 is going to give you the easiest, non-technical setup for this. You can use OneDrive to share files.
Now it’s obvious