Login
    Contents x
    Determine Cloud Subscription(s) to Use
    • 09 Sep 2024
    • 3 Minutes to read
    • Print
    Contents

    Determine Cloud Subscription(s) to Use

    • Updated on 09 Sep 2024
    • 3 Minutes to read
    • Print
    Article summary

    When utilizing Cloud Slice with Skillable Studio, you have the ability to use subscriptions owned by Skillable or bring your own cloud subscriptions/accounts. When deciding whether to use your own or use Skillableā€™s subscriptions/accounts, there are a numerous aspects to think through. Much of what can be done with Skillable labs can be accomplished with either your own or Skillableā€™s labs, but each of these choices come with their own sets of pros and cons that you must evaluate based on what you would like to achieve in labs and take on as operational duties/considerations as an organization.

    Similarities between your subscriptions & Skillableā€™s subscriptions

    When using cloud subscriptions in Skillable Studio, there are a number of consistent truths regardless of if you are using your own or Skillableā€™s subscriptions. When using cloud subscriptions with Skillable, the following is always applicable regardless of who owns the subscriptions:

    • They can be enabled for Full Cloud Slice (Azure, AWS, GCP) or just Virtualization (Azure & AWS only).

    • Built-in cloud marketplace VM Images can be utilized for VMs/EC2 instances.

    • Look & feel the same to a lab user.

    • Require an annual management fee.

    Differences between your subscriptions & Skillableā€™s subscriptions

    Pros

    Cons

    Your Subscriptions

    • Receives your businessā€™ cloud discounts (if applicable)

    • Use Custom Virtual Machine/EC2 Images

    • Ability to approve higher risk cloud labs (not recommended)

    • Can support custom domain names for user accounts
      (e.g. yourorg.com instead of misc.onmicrosoft.com)

    • Direct access to subscription backends:

      • Create shared read-only resources for users

      • Self-service access to logs for troubleshooting

      • Self-service access to cloud native cost reporting

    • Requires deep internal finance & security approvals

    • May not allow all cloud services

    • You must monitor subscriptions for active abusers & orphaned resources

    • You must negotiate with cloud provider directly to recover any abuse costs

    Skillableā€™s Subscriptions

    • Can often avoid internal finance & security approvals

    • May allow additional services not permitted by your businessā€™ cloud administrators

    • Skillable creates and manages subscriptions on your behalf

      • Monitor for potential abusers & orphans

      • Negotiate with cloud provider to recover any abuse costs

      • Submit support tickets & quota increase requests

    • Pay Skillableā€™s cloud pricing + 20% management fee

    • No access to subscription backends

    • Limited to cloud marketplace VM/EC2 images

    Security considerations when using your own subscriptions

    Best Practice: Use Dedicated Cloud Accounts

    It is highly recommended to heavily segregate the cloud tenants/accounts used for labs from the cloud tenants/accounts used for general business purposes.

    When using your own subscriptions, the biggest considerations to account for are around security & in turn possible business impact. It is highly recommended to use a tenant/account that is completely dedicated to labs and does not overlap with cloud tenants/accounts used in the day to day of the business. While Skillable designs their Cloud Slice capabilities with security at the top of mind, they are still integrating with live cloud platforms that can change at any moment.

    Due to this, there is always some level of risk that an individual with ill intentions finds a way to commit abuse or fraud. By keeping your lab tenant/accounts completely isolated it ensures that even if a bad actor determines a way to breach any established security measures, they do not have access to critical business resources or infrastructure.

    Additionally, Skillable requires a level of full and complete access across the entire tenant/accounts for Cloud Slice to properly function. In many cases security teams are uncomfortable with this level of access as it opens the possibility that Skillable has the ability to impact ongoing business operations outside of labs. When the only business purpose for the tenant/accounts are labs/Cloud Slice, this is no longer a risk.

    Skillable Cloud Access

    When enabling a tenant/account for Cloud Slice access. Skillable is granted the highest level of access (Global Administrator in Azure, Full Access in AWS) within the cloud platform, this provides Skillable the ability and permission to view and/or modify any configurations within the Cloud Slice tenant/account.


    Due to this level of access, it is not recommended to share a tenant/account for both labs and vital business operations.

    Summary

    When deciding to bring your own or use Skillableā€™s subscriptions, consider if any of the below are hard requirements for your organization:

    • Utilizing custom VM images

    • Having direct backend access into the subscriptions

    • A customized domain

    If all of these items are more nice to have than must have, we recommend using Skillableā€™s subscriptions for enhanced organization security and reduced operational overhead.

    Next Steps

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout