Tag, You’re Not It: Why Tagging Kills Cloud Cost Management
Tagging is a major part of pretty much any cloud deployment. It’s commonly used to assign some piece of useful information to a cloud resource. Most IT teams rely on tagging for cost control. They tag servers, storage volumes, databases and load balancers with the name of the provisioning user and the team or department they belong to. Some companies also try to do project- or even application-based tags.
But tagging can lead to a world of trouble. Why?
Tagging poses a classic “garbage-in-garbage-out” problem. To power a successful tag-based access or cost control plan, IT needs to ensure that all tags are perfect, all of the time. This, of course, is nearly impossible as provisioned resources span multiple cloud platforms and business units.
But still, everyone uses tags, so there has to be some merit to it, right? There is. Tags are incredibly useful as informational signals. And there are a lot of ways to automate tags. For example, tag every server with the LDAP username of whoever provisioned it. But the problems with relying on tags for your cloud cost control strategy start when things scale and change.
What Happens When Things Move Around?
At large enterprises, or even rapidly growing SMBs, teams and the resources they own shift and change all the time. A new company is acquired, two teams are consolidated, a project is moved from one department to another. And then what happens to your carefully planned tagging structure?
At this point, central IT will need to track down the existing tags and change them to reflect the new situation (and let’s face it, this rarely actually happens), or they need to come up with a new strategy. This is where the mess usually begins. At the end of the day, if central IT has control over the provisioning process things are bit easier, since then they could put some policies in place that will help keep things in order. If they don’t, all they can do is try to train the people instead of training the system, which usually doesn’t scale well. On the other hand, if all provisioning has to go through central IT, things slow down significantly.
Here’s an example of what happens once the business has been through some changes. It only takes a small misspelling to throw off a tagging strategy. See if this looks familiar:
Original tag: platform-security
Tags found in the system:
Platform:security
Platform-sec
Platfomr-security
Platformsec
platform-SE
When IT professionals at startups hear about how it can take up to a few weeks to provision a VM at an enterprise, their jaws drop. But for many years, the ITSM process that causes these lengthy provisioning times was the only way to make sure that all the boxes were checked. For an enterprise that wants to facilitate agility through self-service, there has to be a method for tag automation in place, but even then the issues with relying on tags for large-scale cost management remain.
To make matters worse, tags often behave differently and have varying limitations on different platforms, making it difficult to enforce a consistent tagging strategy across AWS, Azure, GCP, OpenStack and VMware environments.
How Do We Fix It?
If you decide to use tagging for cost reporting, there are several things IT can do to make things easier.
- Centralize: As much as possible, centralize the provisioning process. When IT owns the process, it’s able to mandate the usage of correct tags, as opposed to asking users to check the right boxes at time of provisioning.
- Automate: Most configuration management tools can be used to automate the tagging process. Standardize around the core tags that must be present on any workload – such as Owner, Cost Center, Project and Application – and include those in the base policies of your automation tools of choice. Make sure you create a policy that defines consistent naming conventions, including spacing, spelling and uppercase/lowercase.
- Consolidate: Use as few AWS accounts, Azure subscriptions or other cloud account equivalents as possible. Once a re-org or any kind of restructuring happens, it’s very hard or impossible to move things between accounts to make reporting and tracking easier.
- Project Grouping: Tagging was not designed to be the basis of a mission-critical system, such as cost management. Consider using tags as a safety net for cost control reporting purposes or, better yet, decoupling cost tracking and tags. Instead, logically group applications or operations environments into “projects” and assign those projects with budgets. Using project-based cost allocation and reporting eliminates the need to rely on tags and gives your finance team the flexibility to adapt to changes without losing context. This enables users to use the cloud via self-service while keeping them associated with projects and cost centers.
Change is a constant in large and growing companies. Make sure your cloud cost management strategy supports the dynamic nature of your business and that tagging, when you do use it, can keep up.
Sebastian Stadil is CEO and founder of cloud management platform provider Scalr.