At Ignite, Microsoft announced many news about OMS, including an new way to purchase OMS Log analytics. This created a lot of frustration since it’s not straight forward to understand the new licensing model, and which model is suitable for the customer.
In this post, I will try to explain the new licensing model, including recommendation and simulation tool (Excel sheet) to simulate and compare Log Analytics costs for each model. I will in addition, explain the new OMS offers
NB : All pictures are Microsoft Credit
1- OMS services categories
The first change is a sort of classification of the services offered via OMS into 4 categories, depicted via the following picture. Microsoft calls them service offerings
The 4 categories or service offering are:
- Insight and analytics
- Automation & Control
- Security & Compliance
- Protection & Recovery
Each category includes a set of services and features. The thing that we can notice from the first look is that :
- Log Analytics is now a service from the services provided via Insight and analytics, and is not including all the solutions as we can see
- Automation minutes, Azure backup and ASR instances can be purchased via a service offering
2- How can I purchase Log Analytics
When creating an OMS Log Analytics workspace, you have the choice between 3 tiers :
2.1- Free tier
Microsoft provides a free tier in order to test some OMS features. The free tier provides up to 500MB per day ingestion, storing data for 7 days. Automation offers up to 500 minutes per month for free, and up to 5 nodes of Desired State Configuration per day.
2.2- Standalone tier
The standalone tier provides only the Log Analytics services, which are depicted on the following picture. The pricing follows the old model, which is volume based. The more you upload and retain data, the more you pay.
NB : Note that services like Network Performance monitor and Security and Audit are not included, and cannot be used under this tier
2.3- OMS tier
The OMS tier will allow you to choose which Service Offering or Service Offerings to include on your workspace, which allows you to enable the benefits of each Service Offering.
With the OMS tier, you can choose to include from a single to 4 Service Offerings, depending on the needs and on the budget (We will see more information later on this post)
Note that the OMS tier licensing and cost is different from the Standard one since it’s a mix of included capacity (Included on the price) and Pay-As-You-Go capacity.
2- Logs retention period
As you can see, OMS is no longer a Log collector/Analyzer exclusive service, but can include other services like Automation minutes, Backup and Replication.
For the ‘Log’ service, you may wonder about the the retention period that OMS provides today. Today, OMS can provide a retention period up to 2 years, with 1 day granularity. Which means that you can configure your workspace (Standalone and OMS, not the free which provides a 7 day fixed retention period) to retain data on a range between 30 and 732 days.
The following points are very important when deciding about the retention period value:
- The retention period is Workspace wide, which means that it’s applied on all logs within the workspace. You cannot choose a retention period per log type or per solution
- The OMS and Standalone tiers includes a default retention period of 30 days. If you change this value to another value (which is greater), charges will apply consequently.
- When you change the retention period from a greater value to a lesser value (for 732 to 356 for example), OMS will drop all the logs and collected information beyond the 356 days, and you will pay less for the next months.
- The previous Log Analytics tiers (Standard and Premium) are no longer available for purchase. Their retention period are fixed and cannot be changed.
3- OMS Licensing and cost
The new Licensing model is different form the previous one when you multiply the uploaded Gigabytes by the PerGB cost. With this model, a smart calculation should be done to finally estimate or get the final cost.
3.1- Explaining the licensing model
In this section, I will explain the licensing of the today provided OMS tiers:
3.1.1- Standalone Tier
The Standalone tier, as discussed earlier in this post, will allow you to benefit from the ‘Log Analytics’ services only. The ‘Log Analytics’ includes the following services :
The Standalone tier follows the next cost model:
- The default retention period is 31 days. You will pay what you upload at a fixed PerGB cost (2.3 $ per GB). For example, at the end of the month (If we started uploading at the beginning of the month), you will pay to data stored on the workspace multiplied per the PerGB cost. Example : At the end of the month, you have uploaded 30 GB of data –> Total cost = 30 * 2.3 $ = 69 $
- If you change the retention period to a greater value, you will be charged an additional 0.1$ per GB for each additional month. Because the retention is a ‘Per Day’ increment, it’s more precise to say that you will be charged an additional (0.1/31) per GB for each additional retention day.
This lead to a formula to be applied (Note that an Excel Spread Sheet is attached to this post, which allow you to make a cost estimation): Note that the formula I’m exposing here shows what you will totally pay at the end of the retention period ie the total cost of sending logs under the Standalone Workspace over a retention Period
Total Cost = UploadedGBperMonth * RetentionPeriodinMonths * BaseCostPerGB + UploadedGBperMonth * (RetentionPeriodinMonths-1) * AdditionalRetentionCostperGBperMonth
= UploadedGBperMonth * [RetentionPeriodinMonths * BaseCostPerGB + (RetentionPeriodinMonths-1) * AdditionalRetentionCostperGBperMonth ]
- UploadedGBperMonth : Is the total uploaded data in GB per month
- RetentionPeriodinMonths : Is the configured retention period for this workspace (Example : 1 month, 12 months or 8.2 for 250 days)
- BaseCostPerGB : Is the cost per uploaded GB during the first month
- AdditionalRetentionCostperGBperMonth : Is the cost per GB for the additional retention month
– Consider you have 200 reporting entities (Network equipment, servers)
– Each entity generates an average of 300 MB per day sent to OMS
– The retention period is fixed to 10 months
– The base cost per GB is : 2.3 $ per GB
– The additional cost per GB for an additional retention period of 1 month : 0.1 $ per GB
Total cost = 200*(300/1024)*31 * [10 * 2.3 + (10-1)*0.1] = 43412 $
3.1.2- OMS Tier
The OMS tier licensing is quiet different from the Standalone tier, it works like the following :
- The licensing is Node based, which means that you pay per reporting node.
- Each node license includes a ‘default usage’ which depends on the provided services
- When the usage crosses the ‘default usage’ limit, you will pay the additional usage
- The OMS tier includes more than the ‘Log Analytics’ services. Services like Automation and Backup.
- The services where ‘data is stored’ has a default retention of 30 day. The retention period can be changed up to 2 years with additional cost
- A license is exclusive to the node, which means that you cannot for example use the same license to ‘collect logs from 1 node’ and backup another node
A- Licenses count
One can ask how much license do I need to cover my needs. And the answer is : It depends on which category (Service offering) your node will benefit.
For example : If you link 10 nodes to a workspace, and you configure this workspace to collect some Windows event logs, you deploy the ‘Security and Audit’ Solution and the ‘Network Performance monitor’. If you look to the services provided by the categories (First picture on this post), you can deduce the following :
- The Windows event logs are under the ‘Log and Analytics’ sub category of the category Insights & Analytics –> 10 Insights & Analytics licenses
- The ‘Security and Audit’ solution is under the Security & Compliance category –> 10 Security & Compliance licenses
- The ‘Network Performance monitor’ solution is under the Insights & Analytics category –> 10 Insights & Analytics licenses (Already acquired)
——> You will need to acquire 10 Insights & Analytics and 10 Security & Compliance licenses
B- E1 and E2 licenses
You can reduce the cost of acquiring licenses, by acquiring E1 or E2 licenses when possible:
- A E1 license = Insights & Analytics + Security & Compliance + System Center 2016
- A E2 license = All categories + System Center 2016
On the example given on A- Licenses count, we could acquire 10 E1 licenses instead of 10 Insights & Analytics and 10 Security & Compliance licenses
C- Included advantages
When you license a node under OMS, you will benefit from the following included advantages:
- Insights & Analytics
- 500 MB per day of uploaded data (logs)
- 31 days of retention
—> When you cross these limits, you will be charged like the following:
- For each additional GB beyond the 500 MB per day, you will pay a PerGB cost (~2.3 $ per GB)
- For each additional retention period (beyond the 1 included month), you will pay a PerGBperMonth cost (~ 0.1 $ per GB per Month)
- Automation & Control
- Unlimited automation minutes for out of the box solutions
- 10 minutes per day per node for custom runbooks
- A DSC node for each license (A DSC node means a node managed by DSC)
—> For each additional minute beyond the included time, a PerMinute cost is charged (~0.002 $ per minute)
- Security & Compliance
- The same Insights&Analytics principle for ingested Security and Audit data
- An Azure Security Center managed node per license
- Protection & Recovery
- A license includes the right to Backup a node using Azure Backup (With 500 GB of storage) and to be protected via ASR. Additional storage will be charged (for Backup beyond 500 GB and for ASR)
4- Purchasing services without OMS
Like I showed how we can acquire ‘Log Analytics’ not via OMS but via the standalone mode, here the modes you can acquire the other services, in a Standalone mode too.
NB : This section is a copy/paste from the OMS Licensing Microsoft public document, to avoid paraphrasing something already clear
Automation is available in Free and Basic tiers. Automation offers a subset of the features offered in Control & Automation. It will not include Change tracking or Update Management. Billing is based on the
number of job run time minutes used in the month. Charges for process automation are incurred whenever a job runs. Job minutes are aggregated across geographies.
The price of Azure Backup is dependent on the size of each protected instance. Azure Storage is a separate charge. Customers have the flexibility to choose between LRS or GRS Block Blob Storage, and benefit from cool storage
4.3- Site Recovery
Azure Site Recovery is billed based on number of instances protected. Every instance that is protected with Azure Site Recovery is free for the first 31 days, as noted below
4.4- Desired Stage Configuration
DSC is available in Free and Basic tiers. DSC offers a subset of the features offered in Control &Automation. It will not include Automation, Change tracking or Update Management. Billing is based on
the number of nodes that are registered with the service. Charges for Automation DSC start when a node is registered with the service and stop when the node is unregistered from the service. A node is any machine whose configuration is managed by DSC.
5- System Center and OMS
Microsoft released the possibility of joining the OMS and the System Center licensing under a same plan. We already seen that in “B- E1 and E2 licenses”, where E1 and E2 pans include System Center 2016.
And, if you are already a customer of System Center, covered by Software Assurance, you have two other options:
– If you are on the middle of a multi-year System Center agreement, you can purchase an E1 or E2 add-on which allows you to extend the node to use OMS services, and which is naturally cheaper than purchasing E1 and E2 licenses separately.
– If you are planning to renew your System Center agreement , then you can acquire an OMS subscription for System Center subscriptions, which are also cheaper than acquiring licenses separately.
6- Do I purchase a service via OMS or on a Standalone mode ?
This is the question all of you, and my customers are asking : If I decide to use a service, is it better to acquire it via an OMS plan or a Standalone plan ?
The answer is : This is mathematics ! You can calculate the total cost via a standalone purchase or a standalone purchase, and then you you can compare.
Here is some points that are generally applicable :
- If you are aiming to use more than one service, then it’s cheaper to acquire these services via OMS
- If you are aiming to use some services which are not provided on a Standalone mode (like Service MAP, Security and Audit…), then you need to quire this or these services via OMS
- If the OMS license includes initial quota (Like Log Analytics, Automation, Security and Audit), then starting from a consumption rate, it’s is more interesting and cheaper to acquire the services via OMS
7- Log Analytics Standalone vs OMS Insights and Analytics
In this post i’m sharing an excel sheet which allows you to compare the cost of acquiring Log Analytics via the Standalone mode or via Insight and Analytics service offering : Download it here : Log-Analytics-Cost-Calculator
8- Useful links
Many useful links are available today, you will find here the more interesting :
1- OMS Licensing official material
2- Understanding OMS