Unified Billing Overview
This topic describes how you can unify billing across multiple tenancies by sharing your subscription. You should consider sharing your subscription if you want to have multiple tenancies to isolate your cloud workloads, but you want to have a single Universal Credits commitment. For example, you have a subscription with a $150,000 commitment, but you want to have three tenancies, because the credits are going to be used by three distinct groups that require strictly isolated environments.
- The parent tenancy (the one that is associated with the primary funded subscription).
- Child tenancies (those that are consuming from a subscription that is not their own).
Notable benefits of sharing a subscription includes:
- Sharing a single commitment helps to avoid cost overages and allows consolidating your billing.
- Enabling multi-tenancy cost management. You can analyze, report, and monitor across all linked tenancies. The parent tenancy has the ability to analyze and report across each of your tenancies through Cost Analysis and Cost and usage reports, and you can receive alerts through Budgets.
- Isolation of data. Customers with strict data isolation requirements can use a multi-tenancy strategy to continue restricting resources across their tenancies.
The remainder of this topic provides an overview of how to share your subscription between tenancies, and provides best practices on how to isolate workloads, in order to help you determine if you should use a single-tenancy or multi-tenancy strategy.
Before you get additional tenancies you should evaluate your needs to make sure that a multi-tenancy approach is best for your workloads. The main reason to have multiple tenancies is for strong isolation. By default, each parent and child tenancy comes with:
- A distinct set of IAM users (which can be federated to another identity system).
- A distinct set of IAM policies (permissions).
- Its own service limits.
- Isolated Virtual Cloud Networks (VCNs).
- Separate security and governance settings.
The main point to be aware of is that multiple tenancies make it easier to isolate workloads, but that comes at the cost of needing to manage multiple tenancies. Additional tenancies, however, do create additional management overhead, so you need to ensure that the isolation is worth it. If you don't require a strong level of isolation, you should consider using compartments to separate workloads.
Required IAM Policy
To use Oracle Cloud Infrastructure, you must be granted security access in a policy by an administrator. This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don’t have permission or are unauthorized, verify with your administrator what type of access you have and which compartment to work in.
To use subscription sharing, the following policy statements are required:
Allow group linkUsers to use organizations-family in tenancy Allow group linkAdmins to manage organizations-family in tenancy
To accept an invitation but not create one use the following:
allow group linkAccepters to manage organizations-recipient-invitations in tenancy
To view the current linked tenancies but not the invitations:
allow group linkViewers to read organizations-links in tenancy
Subscription Sharing Overview
Depending on whether or not you already have multiple tenancies, there are two approaches:
There are two paths you can take:
Using the API
For information about using the API and signing requests, see REST APIs and Security Credentials. For information about SDKs, see Software Development Kits and Command Line Interface.
Once a subscription is shared, the behavior of cost reporting tools changes. All spending against the subscription (in the parent and all child tenancies) is included in cost reporting in the parent tenancy, and child tenancies are limited to seeing spending in their own tenancy. Cost and usage reports are generated only in the parent tenancy, and include all usage for the parent and all of its children. Budgets are only supported in the parent tenancy. The following table describes the impact of subscription sharing on cost reporting.
|Parent Tenancy||Child Tenancies|
|Cost Analysis||Reports on all usage and cost in the parent, and all children with the ability to group and filter by tenancy.||Reports on all usage and cost in the child tenancy.
If a child tenancy wants to use Cost Analysis from the Console, you must subscribe to the parent’s home region.
|Cost and usage reports (CSVs)||Includes all usage and costs in the parent and all children.||Not available.|
|Budgets||Budgets can be created against compartments or tags in the primary tenancy but not against child tenancies.||Not supported.|
Depending on how you created your tenancy, you will either have separate CSI (Customer Support Identifier) numbers, and support accounts for each tenancy, or they will be combined. If you want to make sure that you get multiple CSI numbers, ensure that you work with your account team to create tenancies in a way that will create new CSIs.