Configure and manage storage accounts

Question 1

What is a storage account?

https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview

https://learn.microsoft.com/en-us/azure/storage/common/storage-account-upgrade?tabs=azure-portal

Answer 1

*Azure storage accounts provides storage services and unique namespace for data that is accessible from anywhere over http/https.

*Data in the storage account is durable , high available , secure and scalable.

Storage account tiers:
1. Standard
-Storage accounts are backed by HDD
-Provides the lowest cost per GB
- Often used when you got bulk storage and when data is accessed infrequently

2. Premium
   - backed by SSD
   -Offer low latency performance

*If you already have a general purpose v1 or v2 storage account you cannot convert into a premium account and you will need to create a new storage account and select premium

• You can upgrade a general v1 or a blob storage account to general v2 but it is permanent and cannot be undone

Question 2

Storage account types?

Answer 2

Storage account types:
1. Standard general purpose V2
*Supported storage service :Blob storage (Including data lake storage) , queue , table and azure files
* Redundancy options : LRS , GRS , RA-GRS
*Usage: Standard storage account types for blob , file shares , queues and tables.
Note: if you want support for NFS you have to use premium file share account type

2. Premium block blobs
   *Supported storage services: blob storage (including data lake)
   * Redundancy options: LRS , ZRS
   *Usage: For scenarios with high transaction rates or that use smaller objects or require consistent low latency
3. Premium file shares
   *Azure files
   * Redundancy options: LRS and ZRS
   Usage: For high performance scale applications. Used when you required SMB and NFS
4. Premium page blobs
   *Page blobs only
   * LRS

Question 3

What are the different storage types?

Answer 3

*An azure storage account contains all your azure storage objects such as:
1.Blobs
A scalable object store for text and binary data

2.file shares
Managed file shares for cloud or on prem deployments

3.queues
a messaging store for reliable messaging between app components

4.tables
Stores non relational structured data ( Also known as structured noSQL)

5.Disks

Question 4

Create and configure storage accounts

Question 5

Configure Azure Storage redundancy - Primary region

https://learn.microsoft.com/en-us/azure/storage/common/storage-redundancy

Answer 5

REDUNDANCY IN A PRIMARY REGION
*The data in azure storage account is always replicated three times in the primary region and offers 2 ways you can replicate your data:

1. Locally redundant storage (LRS)
   - Copies data synchronously three times within a single physical location in the primary region
   - Provides 99.9999999% durability
   - Least expensive option but not recommenced for apps that require high availability and durability
   - Protects data from server rack failure and drive failure but nit disasters such as fire or flooding occurs within the entire data center
2. Zone redundant Storage(ZRS)
   - Copies data synchronously across three azure availability zones in the primary region.
   - Offers high availability

*There are three ways to change the replication settings:
1. Use the Azure portal, Azure PowerShell, or the Azure CLI to add or remove geo-replication or read access to the secondary region.

2. Perform a conversion to add or remove zone-redundancy.
3. Perform a manual migration in scenarios where the first two options aren’t supported, or to ensure the change completes within a specific time.

Question 6

Configure Azure Storage redundancy - Secondary region

https://learn.microsoft.com/en-us/azure/storage/common/storage-redundancy

Answer 6

REDUNDANCY IN A SECONDARY REGION:
*For applications that require high durability , you can copy your data to a secondary region in a sperate location from your primary region. Data is durable even if there is a complete regional outage or disaster in which the primary region is nor recoverable.
Azure offers 2 storage replications to a secondary region:

1. GRS

GZRS

Question 7

Configure blob object replication

https://learn.microsoft.com/en-us/azure/storage/blobs/object-replication-configure?tabs=portal

https://learn.microsoft.com/en-us/azure/storage/blobs/object-replication-overview

https://learn.microsoft.com/en-us/azure/storage/blobs/object-replication-prevent-cross-tenant-policies?tabs=portal

Answer 7

Object replication copies blobs in a container Asynchronous between regions. During replication the following contents is copied over to destination container:
- The blob contents
-The blob metadata and properties
- Any versions of data associated with the blob

Things to know about Blob object replication:
1. Blob versioning needs to be enabled on both source and destination accounts

2. does not support blob snapshots. Any snapshots that are available does not get replicated.
3. Supports hot , cool or cols tiers. The source and destination can be in different tiers.
4. A replication policy is created that specifies the source account and destination account.

*Latency minimization for read requests
*cost optimization
*Efficiency improvement for compute workloads
*Data distribution optimization
*Asynchronous between regions

Question 8

Configure storage account encryption

Answer 8

Things to know about azure storage encryption:
1. Data is encrypted automatically before its persisted to azure storage services.

2. Data is automatically decrypted before retrieved
3. Azure storage encryption , encryption at rest , decryption and key management are transparent to users
4. all data written to azure storage is encrypted through 256 bit advanced encryption standard(AES). AES is one of the strongest block cypher available
5. Azure storage encryption is enabled and cannot be disabled

Configure azure storage encryption:

There are 2 encryption types
1. Microsoft managed keys

2. Customer Managed keys
   -You can use azure key vault to manage your encryption keys and can be used to generate encryption keys.

Things to know about Customer managed keys;
1. You can create , disable , audit , rotate and define access control for your encryption keys

2. The azure storage account and key vault must be in the same region but can be in a different subscription.

Question 9

Manage data by using Azure Storage Explorer and AzCopy

https://learn.microsoft.com/en-us/azure/vs-azure-tools-storage-manage-with-storage-explorer?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&tabs=windows

https://learn.microsoft.com/en-us/azure/storage/blobs/quickstart-storage-explorer

https://azure.microsoft.com/en-us/products/storage/storage-explorer/

https://learn.microsoft.com/en-us/azure/storage/common/storage-use-azcopy

https://learn.microsoft.com/en-us/azure/storage/common/storage-ref-azcopy

Answer 9

1.Azure storage explorer:
is a standalone application that makes it easy to work with azure storage data on windows ,Linux and macOS.
- You can access multiple subscriptions and accounts and manage all storage content
- Allows you to attach external storage accounts

• Storage explorer is used to manage your storage account as well as allow you to upload and download blobs , files and other resources. After you open azure storage explorer , you can connect to your storage account

2.AzCopy:
- Command line utility for copying data to and from azure blob storage and azure files