How to Organize Cloud-Based Resources in Azure

Organizing cloud-based resources is a crucial task for IT, unless all deployments are simple. For complicated or complex deployments, use naming and tagging standards to organize your resources for the following reasons:

  • Resource management: Your IT teams need to quickly locate resources that are associated with specific workloads, environments, ownership groups, or other important information. Organizing resources is critical to assigning organizational roles and access permissions for resource management.
  • Cost management and optimization: Making business groups aware of the consumption of cloud resources requires IT to understand the resources and workloads that each team uses. Cost-related tags support the following types of information:
  • Operations management: Visibility on business commitments and SLAs is an important aspect of ongoing operations for the operations management team. Managing operations well requires tagging for mission criticality.
  • Security: Classification of data and determining the security impact are vital when breaches or other security issues arise. Operating securely requires tagging for data classification.
  • Governance and regulatory compliance: Maintaining consistency across resources helps with identifying divergence from policies. Prescriptive guidance for resource tagging demonstrates how one of the tagging patterns that are described in Resource tagging patterns, later in this article, can help with deployment of governance practices. Similar patterns are available to evaluate regulatory compliance by using tags.
  • Automation: A proper organizational scheme enables you to take advantage of automation as part of creating resources, monitoring operations, and creating DevOps processes. Automation also makes resources easier for IT to manage.
  • Workload optimization: Tagging can help with identifying patterns and resolving broad issues. Tagging can also help with identifying the assets that a single workload requires. Tagging all assets that are associated with each workload enables deeper analysis of your mission-critical workloads, which helps you to make sound architectural decisions.

Tagging decision guide

Your approach to tagging can be simple or complex. It can support IT teams who manage cloud workloads or integrate information that’s related to all aspects of the business.

Diagram that shows plotting tagging options from least complex to most complex.

The following table describes the qualities and alignments that are shown in the diagram.

Description
Primary design considerationsBaseline operations requirements, supplemented by additive business requirements.
Baseline naming conventionsResource naming is required for deployment. A standardized naming schema is the minimum tag.
FunctionalTags that describe the function of the virtual machine for easy identification.
Example: workload; function in the workload (app, data, and so on); environment (such as development, staging, production).
ClassificationTags that classify the value of an asset can aid in making decisions.
Example: data classification (public, private, confidential, and so on); criticality; SLA.
AccountingTags that help to track costs that are associated with asset operations.
Example: department, project, region, and so on.
PartnershipTags that align partners that count on this asset, outside of IT.
Example: owner, owner alias, stakeholder, power user, executive.
PurposeTags that align an asset to a business function can be valuable in making investment decisions.
Example: business process, business criticality, revenue impact.

A tagging scheme that aligns with IT, such as tagging based on workload, application, or environment, reduces the complexity of monitoring assets. With less complexity, you can simplify the process of making management decisions that are based on operational requirements.

Tagging schemes that align with business, like accounting, business ownership, or business criticality, might require a larger investment of time. You need to invest more time to create tagging standards that reflect business interests and maintain those standards in the future. This investment yields a tagging system that provides improved accounting for costs and value of IT assets to the overall business. Linking an asset’s business value to its operational cost can change the view of IT as a cost center within your wider organization.

Baseline naming conventions

A standardized naming convention is the starting point for organizing your cloud-hosted resources. A properly structured naming system enables you to quickly identify resources for both management and accounting purposes. You might have existing IT-aligned naming conventions in other parts of your organization. If so, consider whether your cloud naming conventions should align with them, or if you should establish separate cloud-based standards.

 Note

Naming rules and restrictions vary by Azure resource. Your naming conventions must comply with these rules.

Resource tagging patterns

For more sophisticated organization than a consistent naming convention alone provides, cloud platforms support the ability to tag resources.

Tags are metadata elements that are attached to resources. Tags consist of pairs of key-value strings. The values that you include in these pairs are up to you. However, the application of a consistent set of global tags, as part of a comprehensive naming and tagging policy, is a critical part of an overall governance policy.

As part of your planning process, use the following questions to determine the kind of information that your resource tags must support:

  • Do your naming and tagging policies need to integrate with existing policies within your company?
  • Will you implement a chargeback or showback accounting system? Do you need to associate resources with accounting information for departments, business groups, and teams in more detail than a simple subscription-level breakdown provides?
  • Should tags represent details for a resource, such as regulatory compliance requirements? What about operational details such as uptime requirements, patching schedules, or security requirements?
  • What tags are required for all resources based on centralized IT policy? What tags are optional? Are individual teams allowed to implement their own custom tagging schemes?

The following tagging patterns are examples of how you can use tagging to organize cloud assets. These patterns aren’t meant to be exclusive, and you can use them in parallel. They provide multiple ways of organizing assets based on your company’s needs.

Tag typeExamplesDescription
Functionalapp = catalogsearch1
tier = web
webserver = apache
env = prod
env = staging
env = dev
Categorizes resources by their purposes within a workload, the environment they’ve been deployed to, or other functionality and operational details.
Classificationconfidentiality = private
SLA = 24hours
Classifies a resource by how it’s used and the policies that apply to it.
Accountingdepartment = finance
program = business-initiative
region = northamerica
Associates a resource with specific groups within an organization for billing purposes.
Partnershipowner = jsmith
contactalias = catsearchowners
stakeholders = user1;user2;user3
Provides information about who (outside of IT) is related to or otherwise affected by the resource.
Purposebusinessprocess = support
businessimpact = moderate
revenueimpact = high
Aligns resources to business functions to better support investment decisions.

Learn more

For more information about naming and tagging in Azure, see:

Ref: Resource naming and tagging decision guide – Cloud Adoption Framework | Microsoft Learn