Implement and Manage Storage

Question 1

Why should you name a storage account well and uniquely?

Answer 1

The storage account name is included in the URL for any storage, and must be globally unique because of this.

Question 2

What are the three(fourish) storage redundancy options?

Answer 2

GRS = geo-redundant storage -> Puts data in another region
LRS = Locally redundant storage -> 3 copies in the same region
ZRS = Zone redundant -> distributed into different datacenters in the same region
RA-GRS = GRS + another endpoint to read data from

Question 3

What are the four storage tiers?

Answer 3

Hot tier - Acessed or modified frequently. highest storage costs, but the lowest access costs.

Cool tier - Infrequently accessed or modified. Should be stored for a minimum of 30 days. Lower storage costs and higher access costs compared to the hot tier.

Cold tier - Rarely accessed or modified, but still requires fast retrieval. Should be stored for a minimum of 90 days. The cold tier has lower storage costs and higher access costs compared to the cool tier.

Archive tier - Rarely accessed, and that has flexible latency requirements, on the order of hours. Stored for a minimum of 180 days.

Question 4

By default, what networks are storage accounts accessible from?

Answer 4

All networks!

Question 5

What are is the routing preference setting in Storage accounts?

Answer 5

MS network Routing = Take path which stays in MS network for as long as possible

Question 6

In data protection, what does recovery mean?

Answer 6

Protecting from accidental or erroneous deletions, e.g. enabling soft delete.

Question 7

What is soft delete? and what does it apply to?

Answer 7

Blob soft delete protects an individual blob, snapshot, or version from accidental deletes or overwrites by maintaining the deleted data in the system for a specified period of time. During the retention period, you can restore a soft-deleted object to its state at the time it was deleted. After the retention period has expired, the object is permanently deleted.

Question 8

In data protection, what does tracking mean?

Answer 8

Versions to track versions of blobs. See changes via a change feed.

Question 9

Does tracking cost money?

Answer 9

Yes, it accumulates costs via storage as you have multiple versions of the data

Question 10

In data protection, what concepts are there for access control?

Answer 10

Version level immutability = = ensures a file cannot be modified/deleted for things like log files / security related logs, etc.

Question 11

Is data in storage accounts encrypted?

Answer 11

Yes, all harddrives storing data are encrypted by default.
You or Microsoft can manage encryption keys.

Question 12

What are the four core kinds of storage in Azure?

Answer 12

Blob storage = Containers -> Just a box you can put files into.

File Shares = traditional File storage option (eg U/H Drive) -> Capacity of 5TB default limit

Queues = Like a messaging service -> One PC can put a message in the queue, another can read it

Tables=Semi-structured data, the structure is not rigid, but it is structured.

Question 13

What are storage account access keys?

Answer 13

When you create a storage account, Azure generates two 512-bit storage account access keys for that account. These keys can be used to authorize access to data in your storage account via Shared Key authorization.

Question 14

What are Shared Access Signature (SAS) tokens? How can they become invalidated?

Answer 14

They are tokens which can be used to fine grained access to individual folders/files.

They can be set to expire.

These tokens are signed by the Storage access keys, and become invalid if those are invalidated.

Question 15

What should you use instead of access keys and SAS tokens?

Answer 15

Turn off the “allow storage account key access” setting, revoking permissions of the
access keys.

Turn on the “Default to Microsoft Entra authorization in the Azure portal” setting.

Then in the storage account in the “access control (IAM)” you can assign roles to people for access to the
storage account.

Assign people/groups access to the blob with particular conditions like can give read access so long a the container doesn’t have “private” in the name.

Question 16

What is the difference between standard and premium storage accounts?

Answer 16

Premium only supports block/page blobs and file shares.
□ This is basically as SSD storage account

Standard has option for Hot/Cold access tier.

Question 17

In a file share, what is a backup policy?

Answer 17

Indicates how often to backup data and how long to store said backup.

Question 18

In a file share, what is a snapshot? Do they expire?

Answer 18

It is a snapshot of a file, not a backup. Simply the version of a file at a given time.

Snapshots never expire, unlike backups. it must be manually deleted.

Makes restoring a particular version of a file possible, and that version even has a unique URL.

Question 19

What is blob storage versioning? How does it differ from soft delete?

Answer 19

A data protection mechanism to preserver historical versions of a file/blob.

Enables you to make a new version for every change.
You can limit how many versions you want to store (ie delete old versions after a certain number of days).
This doesn’t protect from a deletion of the container, that is the soft delete approach.

Question 21

What should you do if you need to move a lot of data in/out of azure?

Answer 21

Consult their import/export service.
This service available in Azure portal helps the user create and track data import (upload) and export (download) jobs.

Question 22

What are common use cases for import/export services?

Answer 22

Data migration to the cloud: Move large amounts of data to Azure quickly and cost effectively.

Content distribution: Quickly send data to your customer sites.

Backup: Take backups of your on-premises data to store in Azure Storage.

Data recovery: Recover large amount of data stored in storage and have it delivered to your on-premises location.

Question 23

Why would you use AzCopy, and what way can you provide it access to what you need?

Answer 23

CLI tool to move data in/out of azure on your local machine

You cannot use storage account access keys, you must you shared access signatures (SAS) or MS Entra ID for authentication

Question 24

What is lifecycle management when it comes to data in storage accounts?

Answer 24

It is the moving of data between different tiers (eg. cold -> archive) throughout the life of data

Question 25

What is object replication? What are replication rules?

Answer 25

Object replication asynchronously copies block blobs between a source storage account and a destination account.

A rule could be to replicate any new file to another storage account.

Question 26

When copying files from on prem to a storage account AzCopy, what services are you able to copy data for?

Answer 26

Blob & File

Table and Queue are not supported services by AzCopy.

Question 27

Do you know all azure storage type migrations? For example, switching from LRS to ZRS?

Answer 27

https://media.tutorialsdojo.com/azure_storage_live_migration.png

LRS->ZRS = perform a manual migration or request a live migration

Question 28

What is Azure File Sync?

Answer 28

Transform an on-premises (or cloud) Windows Server into a quick cache of your Azure file share

Question 29

What does the azure file sync agent do?

Answer 29

It make it possible to turn a machine into an agent to synchronize files from a server to an Azure file share

Question 30

What is a sync group within azure file sync?

Answer 30

Defines the sync relationship between a cloud endpoint and a server endpoint and contains

Cloud endpoint – represents an Azure file share, and acts as the hub for all sever endpoints, thus there can only be one.

Server endpoint – a specific location on a regiestere server such as a folder on a server volume.

Question 31

What are the different types of supported storage options and redundancy options for each storage account type?

Answer 31

https://media.tutorialsdojo.com/azure-storage-account-types.png

Std GP v2 - all services & all redundancy options!

Question 32

What is azure files? How does it relate to sync groups?

Answer 32

https://media.tutorialsdojo.com/azure-files-hybrid.png

It is a network file share that can share files across many machines using SMB protocol. Allows multiple VMs to access the same set of files.

A sync group defines the sync topology for a set of files.

Question 33

Can you have more than one server endpoints from the same server in a sync group?

Answer 33

No, a sync group server endpoint can only be listed once. If you need another folder from that server, you must create another sync group.

Question 34

How do Blob, disk, and file storage in azure differ?

Answer 34

https://tutorialsdojo.com/azure-blob-vs-disk-vs-file-storage/

Question 35

How can you authenticate to AzCopy?

Answer 35

You can authenticate to Microsoft Entra ID or you can use a shared access signature (SAS) token to the destination path for every command