Government Park & Reservation Management

Overview

A government-backed Canadian platform serving multiple provincial clients for park reservations and campsite management was running a sprawling Azure infrastructure with limited cost governance. As the lead Cloud Architect and FinOps specialist, I conducted a thorough discovery & assessment across every Azure service tier — SQL Databases, App Service Plans, Redis Caches, Azure Front Door, and Virtual Machines — and delivered a structured optimization roadmap to systematically reduce cloud waste while improving security posture.

Billing Breakdown

The assessment began with a full audit of the current monthly Azure spend, revealing major cost concentration in just two service categories:

The remaining spend was distributed across Azure Front Door, Virtual Machines, Cognitive Search, Storage, Log Analytics, Redis Cache, Event Hubs, and other services.

Key FinOps Interventions

• SQL Reservation Planning: A significant number of SQL vCores were running at full pay-as-you-go rates with zero committed reservations. I identified the right tier mix across Business Critical and General Purpose vCores in both Canada Central and East US 2 and recommended a strategic 1-year and 3-year reservation plan — resulting in substantial SQL database cost reductions.
• App Service Plan Reservations: Hundreds of App Service Plan instances were running with no commitment discounts. A targeted 3-year reservation plan across multiple SKUs in both Canada Central and East US 2 was recommended, achieving major reductions on the single largest cost driver.
• Redis Cache Right-Sizing: Multiple Redis Cache instances were found running on over-provisioned Premium tiers with data persistence disabled and actual memory usage far below capacity. Downgrading to Standard tier configurations aligned to real usage brought significant per-instance cost reductions.
• Non-Production VM Auto-Shutdown: Multiple non-production Virtual Machines were running 24/7. Configuring auto-shutdown policies to limit operation to business hours alone reduced their annual compute cost by approximately 40%.
• Storage Account Optimization: Recommended converting multiple storage accounts from geo-redundant (RA-GRS) to locally redundant (LRS) replication for non-critical diagnostic data, and implementing blob lifecycle policies to auto-tier data through Hot → Cool → Archive tiers over time.
• Stale Resource Cleanup: Discovered several entirely unutilized App Service Plans with no deployed websites, plus orphaned virtual machines generating charges with no active workloads — eliminating pure infrastructure waste.
• Azure Hybrid Benefit Activation: Recommended activating Azure Hybrid Benefit for all Windows Server and SQL Server workloads using existing on-premises Software Assurance licenses, reducing applicable compute costs by up to 80% when combined with reserved instances.

Security Hardening Recommendations

Alongside cost optimizations, the assessment surfaced critical security gaps:

• Enable Private Endpoints on all SQL Servers and Storage Accounts handling sensitive data
• Enforce Managed Identities in App Services instead of embedded connection strings
• Force HTTPS-only access for all public-facing web applications
• Enable full Diagnostic Logging across App Services, SQL DBs, and Redis Caches
• Apply Redis Firewall rules to allow only authorized sources
• Enforce virtual network integration for App Service outbound traffic