Managing Azure File Shares

Managing Azure File Shares

Welcome to another blog article in my AZ-104 training series. This time round we are going to focus on Azure File Shares. This will cover the following Exam Objective Points:

  • Create an Azure file Share

  • Configure access to Azure file Shares

What is Azure file Share

Last time we took a look at Azure File Sync, where we could link our on-premise file-server shares with Azure using the file sync agent. What if we want a central storage for our file-shares and files in a cloud only environment but give access where required direct to our end users or to our cloud applications? Azure File Shares has you covered.

Deployment Process

Storage Account

Firstly we will need to create a Storage account, Search Storage on the Azure search bar and select "Storage Accounts > Create New"

EXAM TIP: Azure files works only with:

  • General purpose V2 - Standard File shares only

  • Filestorage storage account - Allows premium SSD tiering

Here's a basic Storage Account I created earlier (V2 General with locally redundant storage(LRS)) Remember if you want higher availability of files during outages you might want to consider another type of availability such as GRS.

storageaccount.jpg

Once you have your Storage Account created we can create a file share:

createafileshare.jpg

Before we move on lets focus a minute at the tier options as you may be tested on these:

tiers.jpg

Tiering is important as it can effect the cost and availability of your data. The following image is from Microsoft Ignite 2019 so take pricing with a pinch of salt but it shows the general idea. The higher (hotter) the tier the more cost to store data. However on the flip side in the cooler tiers you pay less but more for your transactions on the data. This makes sense really, if i'm archiving data that isn't accessed frequently or at all I pay minimal amount to store it but I pay more to then move that data to another tier involving "transactions". In archival there is usually a penalty to move data that is under 30 days of age.

Can I move tiers? Yes, however if you have gen purpose v2 account you cant move to premium. For this you need to create a new Storage account and migrate the data.

tieringandpricing.jpg

Provide Access to the File Share

shares.jpg

Clicking "connect" will bring up the connection menu, this will generate a script you can use in powershell to create a connection to the fileshare from windows file explorer. You also have options for MAC/Linux and can state what drive letter you want the connection to appear as. Changing the drive will change the script accordingly

connect.jpg

IMPORTANT! Notice it says run the script in a NON-ELEVATED PowerShell session. This has caught myself and colleagues out before!

runscript.jpg

Once run we can verify the connection exists in file explorer:

fileexplorerverification.jpg

Testing

As a test I am going to create a "test.txt" file in the S drive

endusertestdoc.jpg

Go over to my share in Azure and we can see it's uploaded and available!

azuretestdoc.jpg

Identity

It's important to note that connecting using storage account key gives full access to the share so only provide the access to individuals that need it. To further lock down you can integrate your shares with Active Directory Domain Services/Azure Active Directory Domain Services.

identiity access.jpg

Encryption

Is my data secure? You have encryption at rest and in transit by default. In transit encryption uses SMB 3.0 via HTTPS. If your end user doesn't support SMB 3.0 you need to disable this at the storage account level which will then enable older SMB protocols. Encryption at rest works similarly to a bitlockered drive.

Data protection Features

You can protect Azure files with Azure Backup where you can run daily backups that create snapshots of your shares. Here you can restore entire shares or restore at file level for individual files.

snapshots.jpg

You can also enable soft delete on your storage account where you will be able to restore a share thats been accidently deleted before permanently purged.

softdelete.jpg

Summary

This concludes the lesson on Azure Files. Remember your storage account types that are compatible with Azure files and your storage tiers available. And remember port 445, if this is not open in your firewall you will not be able to make a connection to your Azure File Share.

Did you find this article valuable?

Support Ash Roberts by becoming a sponsor. Any amount is appreciated!