All extramural NIH STRIDES environments are required to report their utilization and cost to NIH monthly so that NIH may audit discounts and report to congress. This document provides instructions on automating the reporting to ensure your NIH STRIDES environment remains compliant.
- All STRIDES Azure Subscriptions must be isolated within their own Management Group
- A reporting Azure subscription
- Permissions
- Enrollment Number
- Naming Convention
A Management Group isolating STRIDES workloads from all other institutional workloads is required so that STRIDES workloads do not co-mingle with unrelated workloads. This will enforce an isolation of cost, policy, permissions, and reduce complexity for reporting and maintenance.
Below is an example of a potential management group hierarchy. Your management group hierarchy does not need to align exactly with the example, its intent is merely to illustrate the separation of all STRIDES-related workloads within the STRIDES enrollment into its own Management Group:
Creating a management group is a simple and well documented process:
A single reporting subscription within your STRIDES enrollment & management group is required in order to host the resources and logic to report cost and utilizations to NIH.
> Note: Like all STRIDES subscriptions, you must first seek NIH approval by filling out the Subscription Provisioning Form.
Note: NIH Approval is no longer required.
Once you have received approval from NIH, creating the reporting subscription is no different than creating any other Azure subscription. Documentation on creating a new EA subscription can be found here.
Requirements for the Reporting Subscription:
- Must reside within your STRIDES enrollment
- Must reside within your STRIDES Management Group
- Must follow NIH's strict naming convention (i.e.,"NIH-Awd.STRIDES-Institution-Name.CIT.Reporting")
To successfully set up STRIDES reporting, you will need the Owner role in the Reporting Subscription and the Cost Management Contributor role for the STRIDES Management Group.
The Azure STRIDES initiative requires an Azure Enterprise Agreement Enrollment. It is likely that your institution may have more than one Azure Enterprise Agreement Enrollment. NIH mandates that you use the STRIDES Enrollment number for reporting. If you are unsure which Enrollment Number is associated with your STRIDES environment, please reach out to your institution's Azure administrator, or your Microsoft account team.
NIH requires strict naming conventions for all reporting objects and subscriptions so that they may reliably identify cost by institution & grant.
For references to STRIDES-Institution-Name below, please substitute it with your Azure STRIDES Enrollment follolwed by your institution's domain name, replacing all instances of periods (".") with hyphens ("-".)
Example:
STRIDES Enrollment Number | Domain Name | STRIDES-Institution-Name |
---|---|---|
00000000 | azure.edu | 0000000-azure-edu |
00000000 | department.azure.edu | 0000000-department-azure-edu |
For references to STRIDES-Share-Name below, please append "-share" to your STRIDES-Institution-Name.
Example:
STRIDES-Institution-Name | STRIDES-Share-Name |
---|---|
0000000-azure-edu | 0000000-azure-edu-share |
0000000-department-azure-edu | 0000000-department-azure-edu-share |
Azure Cost Management provides the ability to automatically schedule an export of your STRIDES environment's cost and utilization into an Azure Storage Account within your STRIDES Reporting Subscription.
-
From the Azure Portal, click on Cost Management + Billing, then Cost Management.
-
Ensure your scope is set to your STRIDES Management group. If not, click Change next to your current scope, drill down until you see your STRIDES management group and select it.
-
Click on Exports from the middle blade and follow the detailed instructions in the following link with these parameters.
Link: Tutorial: Create and manage exported data
Field Name Recommended Value Name STRIDESMonthly Export Type Monthly export of last month's cost Start Date Default Storage Create new Subscription Your STRIDES Reporting Subscription Resource group Create new Resource Group called "STRIDES-exports-rg" Account Name Globally unique and meaningful alphanumeric name Location Azure Region closest to your institution Container STRIDES-Institution-Name Directory exports
Azure Data Share is a fully-managed, zero overhead service that enables organizations to simply and securely share data between Azure environments.
It uses an invitation system to connect a data provider to data consumer and allows for the movement of data from provider to consumer without the need for developing complex pipelines, sharing secrets, or granting access.
More information on Azure Data Share can be found here.
-
Create an Azure Data Share Account in your STRIDES-exports-rg resource group.
-
Create a Share within the Data Share Account with the parameters as defined below.
Details
Field Name Recommended Value Share name STRIDES-Share-Name Share type Snapshot Description STRIDES Monthly Export
Enrollment Number: 00000000
Institution: institutionNameDatasets
Choose the storage account and container that was created to store your monthly cost management exports.
Recipients
Leave recipients blank
Settings
Enable Snapshot schedule with Recurrence set to Daily
-
Invite the NIH to consume your data by executing the following PowerShell command in Azure Cloud Shell:
New-AzDataShareInvitation -ResourceGroupName STRIDES-exports-rg -AccountName <Your Share Account Name> -ShareName <Your STRIDES-Share-Name> -Name <Your STRIDES-Share-Name> -TargetObjectId <Provided by Microsoft NIH STRIDES Team> -TargetTenantId <Provided by Microsoft NIH STRIDES Team>
To receive the TargetObjectId & TargetTenantId above, please reach out to the Microsoft STRIDES Team.