SalesBuy
1-855-856-7678
Technical SupportSupport
Manage Subscriptions and Storage Accounts in the Windows Azure Management Portal
Updated: October 26, 2011
This topic explains the basics of Windows Azure subscriptions and describes how technical staff can manage co-administrators, storage accounts, affinity groups, and management certificates for their own subscriptions in the Windows Azure Management Portal.
 Note |
|---|
| This topic does not explain how to sign up for a Windows Azure subscription or how an organization creates an enrollment for Windows Azure Services. For information about Windows Azure purchase options, see Purchase Options, Free Trial, and Member Offers (for members of MSDN, Microsoft Partner Network, and BizSpark, and other Microsoft programs). |
A Windows Azure subscription grants you access to Windows Azure services and to the Windows Azure Management Portal. The terms of the Windows Azure account, which is acquired through the Windows Azure Account Portal, determine the scope of activities that you can perform in the Management Portal and describe limits on available storage, network, and compute resources.
In the Management Portal, you only see the services that are created by using a subscription for which you are an administrator. The billing account sets the number of compute units (virtual machines), hosted services, and storage that can be used. You can view usage information for a service, by clicking the service in the Management Portal.
A Windows Azure subscription has two aspects:
-
The Windows Azure account, through which resource usage is reported and services are billed. Each account is identified by a Microsoft account (formerly Windows Live ID) or corporate email account, and is associated with at least one subscription. The account owner monitors usage and manages billings through the Windows Azure Account Center.
-
The subscription itself, which governs access to and use of Windows Azure subscribed service. The subscription holder uses the Management Portal to manage services.
The account and the subscription can be managed by the same individual or by different individuals or groups. In a corporate enrollment, an account owner might create multiple subscriptions to give members of the technical staff access to services. Because resource usage within an account billing is reported for each subscription, an organization can use subscriptions to track expenses for projects, departments, regional offices, and so forth. In this scenario, the account owner uses the Microsoft account associated with the Windows Azure account to log into the Windows Azure Account Center, but does not have access to the Management Portal unless they create a subscription for themselves.
Subscriptions that are created through a corporate enrollment are based on credentials that the organization provides. In this scenario, the subscription holder, who uses the services but is not responsible for billings, has access to the Management Portal but not to the Windows Azure Account Center. By contrast, the personal account holder, who performs both duties, can log into either portal by using the Microsoft account that is associated with the account.
|
Note |
|---|
| When you create a Windows Azure subscription, you should change the default subscription name to a more descriptive name - for example, ContosoFINANCE. In all views of the Windows Azure Management Portal, objects are grouped by subscription. If you do not change the subscription name, the Management Portal displays multiple Subscription 1 groupings, which can be distinguished only by their randomly generated subscription IDs. The Windows Azure account owner can edit the subscription name from by accessing the Subscriptions page in the Windows Azure Account Center. To open the Windows Azure Account Center from the Management Portal, click the pull-down menu next to Windows Azure in the portal title bar, and then click Home. This opens the Windows Azure Web Site Home page. On the Home page, click Account. |
|
Note |
|---|
| To return to the Management Portal, click Portal in the title bar. |
When a Windows Azure subscription is created, a service administrator is assigned. The default service administrator is the contact person for the subscription. For an individual subscription, that is the person who holds the Microsoft account that identifies the subscription. The Windows Azure account owner can assign a different service administrator by editing the subscription in the Windows Azure Account Center.
The service administrator for a subscription has full Administrator rights and permissions for all Windows Azure services that are subscribed to and to all hosted services that are deployed under the subscription. The service administrator also can perform some administrative tasks for the subscription itself in the Management Portal. For example, the service administrator can manage storage accounts, affinity groups, and management certificates for the subscription.
To share management of hosted services, the service administrator can add co-administrators to their subscription. To be added as a co-administrator, a person need only have a Microsoft account.
|
Note |
|---|
| The service administrator, not the Windows Azure account holder, adds co-administrators for subscriptions. This task is performed in the Management Portal, not the Windows Azure Account Center. For more information, see Add and Remove Co-Administrators for Your Windows Azure Subscriptions. |
Subscription co-administrators share the same Administrator rights and permissions that the service administrator has, with one exception: a co-administrator cannot remove the service administrator from a subscription. Only the Windows Azure account owner can change the service administrator for a subscription, by editing the subscription in the Windows Azure Account Center.
 Important |
|---|
| Because service administrators and co-administrators in Windows Azure have broad Administrator rights for Windows Azure services, you should assign strong passwords for the Microsoft accounts that identify the subscribers and ensure that the credentials are not shared with unauthorized users. |
Note that in the Management Portal, the enterprise account owner only has the rights granted to any subscription holder. To sign in to the Management Portal, the account owner must be an administrator for a subscription. Once signed in to the Management Portal, the account owner can only see and manage hosted services created under subscriptions for which he or she is an administrator. An enterprise account owner cannot see hosted services for subscriptions that they create for other people. To gain visibility into service management under subscriptions that they create, enterprise account owners can ask the subscription holders to add them as a co-administrator.
In the Management Portal, service administrators and co-administrators can perform the following management tasks on their subscriptions:
-
Add Co-Administrators to Share Service Management to help manage hosted services.
-
Manage Storage Accounts for Your Subscription that provide access to Windows Azure storage services.
-
Create Affinity Groups to Use with Storage Accounts and Hosted Services to co-locate hosted services and storage within the same datacenter.
-
Add Management Certificates to a Windows Azure Subscription to provide client access to Windows Azure resources when working outside the Management Portal.
As mentioned earlier, to share the management of hosted services, storage accounts, affinity groups, and certificates created under a subscription, the service administrator can add co-administrators, who have the same Administrator rights and permissions for the hosted services. In the Management Portal, use actions in the Administrators section of Settings to v add, edit, or remove co-administrators for your subscriptions. For more information, see Add and Remove Co-Administrators for Your Windows Azure Subscriptions.
Add storage accounts to a Windows Azure subscription to provide access to Windows Azure storage services. The storage account represents the highest level of the namespace for accessing each of the storage service components: Blob services, Queue services, and Table services. Each storage account provides access to storage in a specific geographic region or affinity group.
Using the Management Portal or the Windows Azure Service Management REST API, you can create and manage storage accounts, and you can view and regenerate storage access keys. You also can configure a custom subdomain for your customers to use to access public blob containers for a storage account.
In the Management Portal, use actions in the Storage section to manage access keys, and to add or delete storage services. For information about managing storage accounts by using the Windows Azure Service Management REST API, see Operations on Storage Accounts.
By using affinity groups, you can co-locate storage and hosted services within the same datacenter. To use an affinity group with a hosted service, assign an affinity group instead of a geographic region when you create the service. The same option is available when you create a storage account. You cannot change the affinity group for an existing hosted service or storage account.
To create an affinity group, you can use the Create action in the Affinity Groups page of the Networks view in the Management Portal. You can also create an affinity group when you create a new hosted service or a new storage account that will use the affinity group. For more information, see About Affinity Groups for Virtual Network.
For information about creating affinity groups by using the Windows Azure Service Management REST API, see Operations on Affinity Groups.
Management certificates enable client access to Windows Azure resources when using the Windows Azure SDK tools, the Windows Azure Tools for Microsoft Visual Studio, or the Windows Azure Service Management REST API. For example, a management certificate is used to authenticate the user when creating and managing hosted services by using Visual Studio tools or when deploying VM role images by using the CSUpload command-line tool.
Management certificates are not required when you work in the Management Portal. In the Management Portal, authentication is performed using the credentials of the administrator who is performing the operation.
Use the Upload action in the Management Certificates page of Settings to add a management certificate for a selected subscription.
|
Note |
|---|
| Management certificates can only be added to a Windows Azure subscription in the Management Portal. You can add as many as 100 management certificates to a subscription. |
For more information about creating and using management certificates in Windows Azure, see Manage Certificates in Windows Azure.
See Also
