Hello Friends,

Hope you all are doing good !!! 🙂 .

In our previous article we have discussed, how to configure and use AzCopy tool. Today in this article we will start with a new Azure storage service, that is Azure File Service.

Previous Azure series :

1. Learn Basics Of Azure Networking In 60 Hours
2. Learn Basic Of Azure Active Directory And Azure Identity And Access Management
3. Azure DevOps – Learn at one place

If you have missed our previous articles on Azure Storage and Database Series, please check it in following links.

Part 1 – Overview Of Azure Storage and Database

Part 2 – Azure Storage Account

Part 3 – Azure Blob Storage

Part 4 – Work With Azure Blob Storage

Part 5 – Storage Explorer For Azure Storage

• .
• .
• .
• .

Part 11 – Get Shared Access Signature (SAS) Using PowerShell

Part 12 – Azure Blob Storage – Host Static Website In Azure Storage Account

Part 13 – Azure Blob Storage – Work With AzCopy Tool

Next Article : Part 15 – Azure File Service – Mount File Share On Window Server Using PowerShell

Azure File Storage Service :

Azure Files service is a shared storage service that allow us to access files via the  Server Message Block (SMB) protocol or Network File System (NFS) protocol , and mount file shares on Windows, Linux or Mac machines in the Azure cloud. We can also cache file shares in on Windows Servers using the Azure File Sync agent.

Benefits Of Azure File Share :

1. Azure file share can shared accesses
   • Support the industry standard SMB and NFS protocols
   • seamlessly replace our on-premises file shares with Azure file shares without application break.
   • share a file system across multiple machines, applications/instances
2. Azure file share is fully managed
   • No hardware or OS required to create.
   • No Extra cost or labor required for maintain OS, Security or hard drive.
3. Azure file Share supports scripting and tooling
   • PowerShell cmdlets and Azure CLI can be used to manage Azure file share
   • Azure file explorer tool can be used to manage Azure file share
4. Resiliency
   • Azure files is designed to be always available.
   • No worry for local power outages or network issues.
5. Familiar programmability
   •  Azure Storage Client Libraries or  Azure Storage REST API can be used to manage File share
   • System I/O APIs can be used by applications to access data.

Scenarios To Use Azure File Share :

1. Replace or supplement on-premises file servers
   • On-premises file servers can be replaced or extended by Azure file share
   • Windows, macOS, and Linux OS can directly mount Azure file shares whenever and from wherever required
   • Azure Files AD Authentication, Azure File SMB file shares can continue to work with AD hosted on-premises for access control.
2. “Lift and shift” applications
   • Azure file share allow for a smooth “Lift and shift” applications migration by storing application or user data.
   • Azure Files supports both classic and hybrid application migrations using “Lift and shift” method.
3. Containerization
   • Azure file shares can be used as persistent volumes for stateful containers.
4. Simplify cloud development
   • Shared application settings
     • File share can be used as centralized location for configuration file for multiple application instances.
   • Diagnostic share:
     • File share can be used to store application’s logs, metrics, and crash dumps.
     • Developer can mount the file share on their local machine.
   • Dev/Test/Debug
     •  Azure File share can store set of tools or utilities, which can be shared by multiple VMs.

Deployment Of Azure Files

Azure Files can be deployed in following two ways.

1. Direct mount of an Azure file share
   • However Azure file shares are server-less, it does not require managing a file server or NAS device. We can mount Azure file shares on-premises or in the cloud using the standard SMB or NFS clients as per the OS.
2. Cache Azure file Share On-Premise with Azure File Sync
   • Azure File Sync enables you to centralize your organization’s file shares in Azure Files.

Management Concepts

When we are creating a storage account, there are different options available to chose the storage account type. But there are following two main types of storage accounts, which can be used for Azure Files deployments.

1. General purpose version 2 (GPv2) storage accounts
   • GPv2 allows to deploy Azure file shares on standard/hard disk-based (HDD-based) hardware.
   • GPv2 allows to store other storage resources such as blob containers, queues, or tables.
2. File Storage storage accounts
   • File Storage allows to deploy Azure file shares on premium/solid-state disk-based (SSD-based) hardware
   • File Storage allows to store only Azure file shares.

User Authentication

As we know that, Azure is providing it’s best to secure it’s user’s data. The user must be authenticated and have authorization to access an Azure file share. Based on the identity, the user can have different access level. Azure Files integrates with following three main identity providers :

1. On-premises Active Directory Domain Services (AD DS, or on-premises AD DS)
   • Domain joining our storage account to On-Premise AD DS provides
2. Azure Active Directory Domain Services (Azure AD DS)
   • Domain joining our storage account to Azure AD DS provides
3. Azure storage account key
   • To mount a file share using Azure storage account key, the storage account name is used as the username and the storage account key is used as a password.

Networking

Azure file shares are accessible from anywhere via the storage account’s public endpoint. Some time customer block 445 port which is used by SMB so it fails to mount. To unblock access to your Azure file share, you have two main options:

1. Unblock port 445 for your organization’s on-premises network
2. Access Azure file shares over an ExpressRoute or VPN connection

Mounting with these above options is possible with both SMB and NFS shares. To do this, you will need to configure the following for your environment:

• Network tunneling using ExpressRoute, Site-to-Site, or Point-to-Site VPN: Tunneling into a virtual network allows accessing Azure file shares from on-premises, even if port 445 is blocked.
• Private endpoints: Private endpoints give your storage account a dedicated IP address from within the address space of the virtual network. This enables network tunneling without needing to open on-premises networks up to all the of the IP address ranges owned by the Azure storage clusters.
• DNS forwarding: Configure your on-premises DNS to resolve the name of your storage account (storageaccount.file.core.windows.net for the public cloud regions) to resolve to the IP address of your private endpoints.

Data Encryption

Azure Files supports following two different types of encryption

• Encryption in transit
  • protects our data while data moves between two services/parties.
  • This protection is achieved by encrypting the data ; authenticating the endpoints; and decrypting and verifying the data on arrival.
• Encryption at rest
  • prevent the attacker from accessing the unencrypted data by ensuring the data is encrypted when on disk. 
  •  Encryption keys is required to decrypt the data.
  • Encryption Key can be manage by Microsoft or customer.

Data Protection :

• Soft delete : It is an easy way to keep deleted data for a specific period of time on disk. It allows us to recover our file share when it is accidentally deleted.
• Backup : Using  share snapshots we can back up our Azure file share, which are read-only, point-in-time copies of our share. Snapshots are incremental, meaning they only contain as much data as has changed since the previous snapshot. 

Azure Defender For Azure Files

Azure Defender for Azure Storage (formerly Advanced Threat Protection for Azure Storage) provides an additional layer of security intelligence that provides alerts when it detects anomalous activity on your storage account.

Storage Tiers

When selecting a storage tier for your workload, consider your performance and usage requirements. File shares deployed within GPv2 storage accounts can be moved between the standard tiers (transaction optimized, hot, and cool). Azure Files offers following four different tiers of storage

• Premium
  • Premium file shares are backed by solid-state drives (SSDs) and provide consistent high performance and low latency, within single-digit milliseconds for most IO operations
  • Premium file shares are deployed in the FileStorage storage account
• Transaction optimized/ Standard
  • Standard storage hardware backed by hard disk drives (HDDs)
  • It is best in scenario, where heavy workloads and low latency isn’t as much of a concern.
• Hot
  • Standard storage hardware backed by hard disk drives (HDDs)
  • Where low latency is very important.
• Cool
  • Standard storage hardware backed by hard disk drives (HDDs)
  • Cool file shares offer cost-efficient storage, where low latency isn’t as much of a concern

Redundancy

All Azure file shares store multiple copies of each file as they are written to protect the data in our Azure file shares against data loss or corruption. As per the requirement we can choose one of the following Azure supported data redundancy options.

1. Locally redundant
   •  Locally redundant storage, known as LRS
   • Every file is stored three times within an Azure storage cluster. 
2. Zone redundant
   •  Zone redundant storage, know as ZRS
   • Every file is stored three times across three distinct Azure storage clusters.
3. Geo-redundant
   • Geo-redundant storage, know as GRS
   • A file is stored three times within an Azure storage cluster in the primary region. 
4. Geo-zone redundant
   • Geo-zone redundant storage, know as GZRS
   • A file is stored three times across three distinct storage clusters in the primary region. 

Pricing

We can find pricing details for Azure File Storage here.

I hope this is informative to you. Please let me know if I missed anything important or if my understanding is not up to the mark.

Next Article : Part 15 – Azure File Service – Mount File Share On Window Server Using PowerShell

Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more.

If you have any suggestion / feedback / doubt, you are most welcome. Stay tuned on Knowledge-Junction, will come up with more such articles.

Thanks for reading 🙂 .