07-Azure Storage Flashcards
Two tiers of Azure Storage
Premium and Standard
Azure Storage Services
Azure Containers
Azure Tables
Azure Queues
Azure Files
Azure Containers
Scalable object store for text and binary data
Think of it as folders
Azure Tables
Store structured, non-relational data
Azure Queues
Messaging store for reliable messaging between application components
Azure Files
Managed files shares for cloud or on-prem deployments
Storage Account Kinds
Standard general-purpose v2
Premium block blobs
Premium file shares
Premium page blobs
Standard general-purpose v2
Most scenarios include Blob, File, Queue, Table, and Data Lake Storage
Premium block blobs
High transaction rates, or scenarios that use smaller objects or require consistently low storage latency
Premium file shares
Enterprise or high-performance file share applications
Premium page blobs
Premium high-performance page blob scenarios
Replication strategies
LRS ZRS GRS RA-GRS GZRS RA-GZRS
LRS
Single region
Three replicas, one region
Protect against disk, node, rack failures
Write is acknowledged when ALL replicas are committed
Superior to dual-parity RAID
ZRS
Single region
Three replicas, three zones, one region
Protects against disk, node, rack, and zone failures
Synchronizes writes to all three zones
GRS
Multiple regions
Six replicas, two regions (three per region)
Protects against major regional disasters
Asynchronous copy to secondary
RA-GRS
GRS + read access to secondary
Separate secondary endpoint
Recovery point objective (RPO) delay to secondary can be queried
GZRS
Multiple regions
Six replicas, 3+1 zones, two regions
Protects against disk, node, rack, zone and region failures
Synchronous writes to all three zones and asynchronous copy to secondary
RA-GZRS
Multiple regions
GZRS + read access to secondary
Separate secondary endpoint
RPO delay to secondary can be queries
What is Storage’s URL based on
Account name and storage type
blobs.contoso.com has name contosoblobs.blob.core.windows.net
How to secure storage accounts
Firewalls and Virtual networks restrict access to the Storage Account from specific subnets on Virtual Networks or public IPs
Subnets and Virtual Networks must exist in the same Azure Region or Region Pair as the Storage Account
Binary Large Object (Blob) Storage
Stores unstructured data in the cloud
Store text or binary data
AKA object storage
BLOB common usage
Serve images or documents directly to browser
Store files for distributed access
Stream video and audio
fill
Blob Container
Store BLOB in this
Accounts have unlimited containers
Containers have unlimited blobs
Three type of BLOB containers
Private blobs
Blob access
Container access
Private blobs
No anonymous access
Blob access
Anonymous public read access for blobs only
Container access
Anonymous …. fill in
Blob Access Tiers
Hot Tier
Cool Tier
Archive
What is Hot tier
fill in
What is Cool tier
fill in
What is Archive
fill in
Blob Lifecycle Management
Transition blobs to cooler storage tier to optimize for performance and cost
Delete blobs at the end of their lifecycle
Apply rules to filtered paths in the Storage Account
Blob Object Replication
Asynchronous to any other Region
Minimizes latency for read requests
Increases efficiency for compute workloads
Optimizes data distribution
Optimizes costs
Uploading Blobs - what to specify
Authentication type - Azure AD account or Account key
Block blobs
Page blobs
Append blobs
Cannot change blob type once it has been created
What are Shared Access Signatures
Provide delegated access to resources
Grants access to clients w/o sharing your storage a/c keys
Account SAS delegates access to resources in one or more of the storage services
Service SAS delegates access to a resource in just one of the storage services
What is Storage Service Encryption
Protects your data for security and compliance
Automatically encrypts and decrypts your data
Encrypted through 2556-bit AES encryption
Is enabled for all new and existing storage accounts and cannot be disabled
Is transparent to users
Customer Managed Keys
Use Azure Key Vault to manage your encrypted keys
Create your own encryption keys and store them in a key vault
Use Azure Key Vault’s APIs to generate encryption keys
Custom keys give you more flexibility and control
Azure Files Description
SMB interface, client libraries, and a REST interface that allows access from
Managing File Shares
File share quotas
Windows - ensure port 445 is open
Linux - mount the drive
MacOS - mount the drive
File Share Snapshots
Incremental snapshot that captures the share state at a point in time
Azure File Sync
Centralize your organization’s file shares in Azure files, while keeping the flexibility, performance, and compatibility of an on-prem file server
File Sync Components
Storage Sync Service
Registered server
Azure File Sync agent
Server endpoint
Cloud endpoint
Sync group
File Sync Steps
Deploys the Storage Sync Service
Prepare Win
fill in
What is Storage Explorer
Access multiple accounts and subscriptions
Create, delete, view, edit storage resources
View and edit Blob, Queue, Table, File, Cosmos DB storage and Data Lake Storage
Obtain shared access signature (SAS) keys
Available for Windows, Mac, and Linux
Import and Export Service
Import Jobs - move large amounts of data to Azure blob storage or files
Export Jobs - move large amounts of data from Azure Storage (not files)
What is AzCopy
Copy data to and from Azure Blob, File, and Table storage
What is AzCopy
Copy data to and from Azure Blob, File, and Table storage
Command line utility
For all OS
