Configure Azure Files and Azure Blob storage Flashcards
What is file share storage?
https://learn.microsoft.com/en-us/azure/storage/files/storage-files-introduction
Azure file shares offers shared storage for apps by using SMB and NFS protocols.
*Azure file stores data as true directory objects in file shares
*Azure files provides shared access to files across multiple VM’s. Any number of vm or roles can mount and access the file share at the same time.
- Can mount both on prem and cloud systems
File shares uses SMB protocol. SMB communicates over TCP port 445.
- ISP providers and firewalls often block this port due to the security risk associated with it , thus you need to use VPN in order to access your Azure file share such as azure Point to point(P2S) , Site to site(S2S) or ExspressRoute to tunnel SMB traffic.
Scenarios File share is used;
1. Replace on prem file servers or NAS devices bu using azure files
- Global access is possible as it supports windows , linux , macOS and can be accessed from any where.
- Lift and shift applications to the cloud that require a file share to store file apps or user data.
- Replicate azure file shares to windows server by using Azure file sync. You can replicate on prem or cloud for performance and distributed caching o the data.
File shares have 4 different storage tiers:
1. Premium
- Backed up by SSD and provide high performance and low latency.
- You need to select 1 of the premium storage accounts in order to use.
- Transaction optimized
- Transaction heavy workloads that don’t need the latency offered by premium file shares
-Backed up by Hdd - Hot
- For general purpose file sharing
backed up by hdd - Cool
- Data that is not accessed very often such as archive storage scenarios
- Backed up by HDD
Soft delete is defaulted to 7 days
Create and configure a file share in Azure Storage
https://learn.microsoft.com/en-us/fslogix/troubleshooting-old-temp-local-profiles
https://www.parallels.com/blogs/ras/fslogix-temporary-profile/
https://learn.microsoft.com/en-us/azure/storage/files/storage-files-planning
Only SAS is supported for file storage authorization. When copying from multiple source URLs , you needs to append a SAS token to each source URL
*When a user does not have read/write permissions to azure file share the user will be logged in with a local profile and Will not be able to save changes
!It recommended to use azure files shares with windows server 2019 and above as per Microsoft best practices. You will need to upgrade any server older than windows server 2019!.
What is azure blob storage?
https://learn.microsoft.com/en-us/azure/storage/blobs/security-recommendations
is a service that stores unstructured data in the cloud as objects or blobs.
- Stands for Binary Large Object.
-Also known as container storage
!Does not support SMB protocol! that file shares.
- Blob storage can store any type of binary data such as audio files , documents , images video files , applications installers.
2.Blob storage uses 3 resources to store and manage your data:
- Azure account
-Containers
- Blobs in a container
- Implement blob storage you can configure several settings:
-Blob containers options
- Blob types and upload options
- Blob storage access tiers
- Blob Lifecyle rules
- Blob object replication
Use cases for blob storage:
1. Use blob storage to serve images or docs directly to a browser
- can store files for distributed access , such as during an installation process.
- Stream video and audio by using blob storage
- blob storage is good for storing data for backup and restore , disaster recovery and archiving
- You can store data for analysis by an on prem or azure hosted service
Create and configure a container in Blob Storage
Uses a container resource to group a set of blobs.
A blob cant exist by itself in blob storage as it must be stored in a container resource
Configuration characteristics:
1. All blobs must be in a container
2. A container can store unlimited number of blobs
3. Azure storage account can contain unlimited number of containers
4. you upload blobs into a container
Configure a container:
*Name:
can only contain lowercase letters , numbers and hyphens
*Public access level:
Specifies whether the container and its blobs can be accesses publicly , by default it is set to private meaning its only visible to the owner.
- private: Default prohibits anonymous access to the container and blobs
- Blob: Allow anonymous public read access for the blobs only
- Container: allow anonymous public read access and list access to the entire container , including the blobs.
- Only Azure AD and shared access signatures authorizations are supported with blob storage to copy the data.
Configure blob storage tiers ( All about cost optimization)
https://learn.microsoft.com/en-us/azure/storage/blobs/archive-rehydrate-overview?tabs=azure-portal
https://learn.microsoft.com/en-us/azure/storage/blobs/access-tiers-overview
Azure storage supports several access tiers such as hot , cool , cold , archive.
- Hot tier
- Optimized for frequent reads and writes of objects and actively being processed.
- Has the lowest access costs but higher storage costs. - Cool tier
- Optimized for storing large amounts of data that not accessed a lot.
- Intended for data to remain for at least 30 days
- Used for short term backup and disaster recovery datasets and older media content
- Cost effective when being stored but Can be expensive to access the data. - Cold tier
- Optimized for storing large amounts of data that not access very often.
- Data needs to remain for at least 90 days - Archive
- is offline tier that optimized for data that can tolerate several hours of latency.
- Data must remain in for at least 180 days or subject to early deletion charge
-Most cost effective for storing the data but is the most expensive for accessing the data
Compare access tiers:
- Hot tier
*Availability - 99.9%
*Availability ( RA GRS reads) - 99.99%
*Latency (time to first byte) - milliseconds
*Minimum storage duration - none
*Usage costs - Higher storage costs, Lower access & transaction costs - Cool tier
*Availability - 99.9%
*Availability ( RA GRS reads) - 99.99%
*Latency (time to first byte) - milliseconds
*Minimum storage duration - 30 days
*Usage costs - Lower storage costs, Higher access & transaction costs - Archive tier
*Availability - offline
*Availability ( RA GRS reads) - offline
*Latency (time to first byte) - hours
*Minimum storage duration - 180 days
*Usage costs - Lowest storage costs, Highest access & transaction costs
*Data stored in the archive tier is not immediately available and cannot be accessed until rehydrated.
- Archive tier Rehydration Priority:
1.Standard(Default): May take up to 15 hours for that data to be available with storage under 10 GB- High: May complete in under an hour for objects under 10 GB in size.
Configure snapshots and soft delete for Azure Files
https://learn.microsoft.com/en-us/azure/storage/files/storage-files-enable-soft-delete?tabs=azure-portal
File share snapshots provides the capabilities to take snapshots of file shares.
- The snapshots captures a point in time , read only copy of your data
- Azure file share snapshot provided at the share level
- The snapshots are incremental meaning only data changed since the most recent share snapshot is saved.
- You only need to retain the most recent file share to restore the share.
- You can retrieve a share snapshot for an individual file.
- If you want to delete a share that has a share snapshots , you have to delete all the snapshots.
- To permanently delete a file share that has been soft deleted , you have to undelete it and then delete it again.
Configure blob lifecycle management
https://learn.microsoft.com/en-us/azure/storage/blobs/lifecycle-management-policy-configure?tabs=azure-portal
- It is a rule based policy which allows you to move blob data into the chosen access tier once it hits a certain threshold:
- hot to cold
- hot to archive
-cool to archive
Thresholds such as:
1. The number of days since the blob was created
2. The number of days since the blob was last modified
3. The number of days since the blob was last accessed - Azure blob supports life cycle management for data sets. Rule based policy to transition your data to the appropriate access tiers and set expiration times for the end of a data sets life cycle.
- Transition blobs to cooler storage tier such as hot to cold , hot to archive, cool to archive to optimize performance and cost
- Delete blobs at the end of life cycle
- Define rile based conditions to run once per day at storage account level
- Apply rule based conditions to containers or blobs
Configure Life cycle policy rules:
1. If
- Sets the evaluation clause for the policy rule. If the IF clause is true , the THEN clause is executed.
- The IF clause is used to set the time period of when it has been accessed/modified.
*More than(days ago): The number of days to use in the evaluation condition
- Then
-Sets the action clause for the policy rule
- Used to set the transition action for blob storage
*Move to cool storage
*Move to archive storage
*Delete the blob
Configure blob versioning
https://learn.microsoft.com/en-us/azure/storage/blobs/versioning-overview
*Maintains previous versions of a blob. When it is enabled you can restore an earlier version of a blob to recover data if modified or deleted. This does come at additional costs because every write operation to a blob account results in a creation of a new version.
as it writes a new version every time a change is made.
When enabled it captures the state of a blob at a given point in time. Each version is identified with a version ID.
- If you go back to a previous version/modify older version it will then become the newest version.
Blob snapshot vs blob versioning
1.Blob snapshot:
-is a read only copy of a blob that taken in a specific point in time and is created manually by a person or application
2.Blob versioning:
- is created automatically on a write operation or delete operation when it is enabled.