Storage services in Azure
Managing storage efficiently has been one of the technical challenges faced by most of the businesses. As it is rightly said that data is the new currency but managing the flow of data nowadays in exabytes and zettabytes becomes a difficult task. As storing this tremendous amount of data requires an infrastructure that is highly resilient which also contributes to the maintenance cost of such infrastructure.
Another aspect that affects the growth of a business is the security of the storage infrastructure implemented along with appropriate access control for the authorized users.
Azure storage services overcome these shortcomings by providing
- High availability across geographies
- Massive scalability.
- Encryption along with other security features for the storage account
- Multiple services for different use cases
This article would be focusing on the following topics of the storage account
- Introduction to Storage account
- Provisioning
- Types of Storage accounts
- Configuration
- Security
- Management
3. Different services offered under the storage account
What is Azure Storage Account ?
Azure storage account contains all of your Azure Storage data objects, including blobs, file shares, queues, tables, and disks. The storage account also provides a unique namespace for your Azure Storage data that’s accessible from anywhere in the world over HTTP or HTTPS.
Provisioning a storage account
There are various details needed as per the final requirement while creating a storage account
Step-1
Choose whether to go with legacy or classic deployment of the storage account. Legacy type of deployment allows to create a general-purpose v1 account which are the most economical choice for applications which are transaction-intensive or use significant geo-replication bandwidth, but don’t require large capacity.
Wherein the classic deployment provides with latest features available along with general-purpose v2 account. Also general-purpose v2 accounts are more expensive than general-purpose v1 accounts, offering more features.
Step-2
This name must be unique across all existing storage account names in Azure. It must be 3 to 24 characters long, and can contain only lowercase letters and numbers.
Step-3
A proper location needs to be selected considering the location from where the the service would be accessed from thereby reducing the latency
Step-4
Choose the performance of the storage account from the two available categories Standard and Premium.
The Standard performance version of the storage account offers gen purpose v2 account where in there are 3 sub categories for the Premium performance types of storage account which are as follows.
Premium block blobs which supports Blob Storage (including Data Lake Storage) it is a premium storage account type for block blobs and append blobs and is recommended for scenarios with high transaction rates or that use smaller objects or require consistently low storage latency.
The other type of storage account are Premium file shares they are also categorize into premium storage account type for file shares only and are recommended for enterprise or high-performance scale applications. This account type is used when we want a storage account that supports both Server Message Block (SMB) and NFS file shares.
Premium page blobs is yet another Premium storage account type for page blobs only.
Reference for understanding the types of blobs -
Step -5
This step includes choosing the redundancy options which includes LRS,GRS,ZRS & GZRS
Note: For Premium performance storage account the redundancy option available is only LRS
Step-6
This step includes security along with configurations
- Enabling the secure transfer option enhances the security of your storage account by only allowing REST API operations on the storage account using HTTPs.
- When blob public access is enabled, one is permitted to configure container ACLs to allow anonymous access to blobs within the storage account.
- When the option to set default to Azure AD authorization is enabled, the Azure portal authorizes requests to blobs, queues, and tables with Azure Active Directory by default.
The Data Lake Gen 2 storage should be enabled for if requirements such as big data analytics workloads as it is designed for enterprise big data analytics. It also makes Azure Storage the foundation for building enterprise data lakes on Azure.
This option can be used if the hierarchical namespace is enabled. The SFTP option allows SSH File Transfer Protocol for your storage account. The second option enables the Network File System Protocol for your storage account that allows users to share files across a network.
Azure storage offers various access tiers, which allows storing the blob object data in a very cost-effective manner. The available access tiers include:
- Hot– Augmented for storing frequently accessed data.
- Cool– Optimized for storing less frequently accessed data, and the storage period lasts for at least 30 days.
- Archive– Enhanced for storing rarely accessed data and the storage period lasts for at least 180 days with flexible latency requirements
Large file shared provides file share support up to a maximum of 100 TiB.
Step -7
This step includes the configuration with respect to network
The access to the storage account from public network can be allowed or restricted depending upon the requirement for organizations storing sensitive data in storage account are recommended to use private access by creating a private endpoint which ensures only certain services are able to access the storage account.
For more details on Private endpoint
https://docs.microsoft.com/en-us/azure/storage/common/storage-private-endpoints
Step -8
This tab while provisioning the storage account helps us to have a kind of backup in case of any mishaps by enabling soft delete unlike the other delete method where the files gets deleted permanently. Enabling this options retains the files for 7 days even after deleted by the user & this can be implemented for File shares , Containers and Blobs as well.
Step -9
Encryption helps to protect private information, sensitive data, and can enhance the security of communication between client apps and servers. In essence, when your data is encrypted, even if an unauthorized person or entity gains access to it, they will not be able to read it.
There are 2 types of encryption methods
Microsoft managed keys where in the encryption keys that are generated, stored, and managed entirely by Azure. Customers do not interact with them wherein if the encryption is done using customer-managed key, that key is configured/setup by the customer in the keyvault.
Step 10
This is the final step for the provision .In this step the resources are tagged with various name value pairs which may include details of the environment or the team working on that resource or any other information.
For reference
Different services
There are 4 services offered by the Azure storage account which are as follows
- Azure Files
- Azure Blobs
- Azure Queue
- Azure Table
Azure Files are organized file shares for cloud or on-premises deployments.
It provides fully managed File shares in the cloud that are approachable via the industry-standard SMB. Azure File shares can be attached parallelly by cloud or on-premises deployments of Windows, Linux, and macOS. It can be cached on Windows servers with Azure File Sync for quicker access. It permits the user to set up highly obtainable network file shares that can be accessed by using the standard Server Message Block (SMB) protocol. Multiple VMs can share similar files with both read and write permissions.
Azure Blobs are an immensely scalable object store for text and binary data.
It is an object storage solution designed for the cloud. Blob storage gets augmented for storing a massive amount of unstructured data. Unstructured data is data that does not stick to a specific data model or definition, like text or binary data. Blob storage objects can be accessed by the user or client application via HTTP/HTTPS from any part of the world. Azure Storage Rest API, Azure PowerShell, Azure CLI, or an Azure Storage client library is used to access Blob Storage objects. The flow and resources of a Blob Storage is pictured below,
Azure Queue is a messaging store for consistent messaging between application components.
This is an Azure service that implements cloud-based queues. Each queue maintains an inventory of messages. Application components access a queue employing a REST API or an Azure-supplied client library. Typically, you’ll have one or more sender components and one or more receiver components. Sender components add messages to the queue. Messages are retrieved from the front of the queue for processing by receiver components. The subsequent illustration shows multiple sender applications adding messages to the Azure Queue and one receiver application retrieving the messages. Storage Queues are part of the Azure Storage infrastructure, feature a simple REST-based GET/PUT/PEEK interface, providing reliable, persistent messaging within and between services.
Azure Tables are NoSQL store for schema-less storage of structured data.
This storage behaves as a service that stores structured NoSQL data inside the cloud, producing an attribute store with a schema less design. Because Table storage is schema less, it is easy to adapt your data because the needs of your application evolve. Access to Table storage data is fast and cost-effective for several sorts of applications and is usually lower in cost than traditional SQL for similar volumes of knowledge.
References
Thanks for reading !
You can connect with me at https://www.linkedin.com/in/mubingirach/
