There are different types of Azure storage accounts that can be used depending on the type of data to store. Azure Blob Storage allows storing block, page, and append objects for unstructured data like files, images, and videos. Azure Table Storage stores structured non-relational data in tables. Azure Queue Storage stores messages in queues. Azure File Share provides file shares using SMB and NFS. Storage accounts offer security features like access control, encryption, and integration with Azure services for backup and monitoring.
1. There are Azure Blob Storage, Azure
File Share, Azure Table Storage and
finally Azure Queue Storage.
I think for an application with
simple needs it's a good
compromise.
Let's go, I suggest you, to decrypt Azure
Storage Account (SA) which is one of the 1st
services released Azure.
Azure Queue Storage is a queue service
directly integrated into Azure Storage
Account.
There are other Queue services in Azure, but
this one allows you to store as many
messages as you have space in your storage
account, and since a message is limited to
64KB, you can have millions of them.
Azure
Storage Account #1
next
If today we were talking about a storage
service in Azure?
There must be a lot to say!
Stay focus because the program is huge.
Absolutely.
I am ready.
In fact, there are different types of storage accounts,
depending on the data you want to store in them.
2. It's great for sharing data
between users.
And I guess there are data protection
mechanisms?
Let's continue with Azure Table Storage.
Indeed it's great, and it demonstrates the
stability and performance that Azure Table
Storage can offer.
Yes, it should be noted that the limits and the
performances are not the same according to the defined
protocol, but we can share files with people outside his
company on the other side of the world.
Yes of course, we have the Soft Delete option, which allows you
to restore data that has been recently deleted, but also
Snapshot options with Azure File Snapshots, or backups with
Azure File share backup via Azure Recovery Services Vault.
Like Cosmos DB for example?!
Yes, by the way, when you create an Azure
table on Cosmos DB, it is hosted directly in a
Storage Account, but in a Microsoft-managed
mode.
It is a service for storing non-relational key/
value pair data.
It is not the only service to offer this, but it is
integrated directly into Azure Storage Account.
Then there is Azure File Share service which is a service offering
file sharing with NFS or SMB protocols as a traditional file server
can propose.
Azure
Storage Account #2
next
Exactly
3. We actually have the
choice to store what
we want.
The 2nd, Page type objects which are used to
store the files of the hard disks of the VMs.
A Blob Storage can store different
types of data:
Great, but what is a
Blob?
And finally,Azure Blob Storage!
And finally the 3rd, Append type objects
which host files optimized by addition
operations such as logs.
The 1st one, Block type objects, these are unstructured
files such as texts, images or videos.
Azure
Storage Account #3
These data are stored in
containers that could be
compared to directories.
The Premium tier for extremely low latency
access time requirements.
The Hot tier used for
frequently accessed or
changed data.
The Archive tier as its name suggests, is dedicated to
archiving data. The recovery of this data can take up to several
hours to be effective, this process is called rehydration.
In addition, it is possible to define
rules that allow switching data from
one access level to another to reduce
storage costs.
The Cold tier used for data that is rarely accessed or changed.
In terms of price, the further down one goes in the access modes, the
more the price decreases. If we take the 2 extremes, the Premium tier is
more expensive than the Archive tier.
next
Blob is the acronym for
Binary Large Object.
4. So here we are, well
protected from hackers!
Geo Zone Redundant Storage (GZRS) replication,
copies data synchronously 3 times in one region in
ZRS mode, and then asynchronously to a second
region in LRS mode.
One very important thing, for GRS and GZRS
replications, the data in the 2nd region, is only
accessible if the 1st region fails.
Azure
Storage Account #4
I heard that there are different
types of replication?
In fact, I was on the
wrong way.
Locally Redundant Storage (LRS) replication, copies data
in a synchronous mode in 3 different racks in the same
datacenter.
Zone Redundant Storage (ZRS) replication, copies data
synchronously across 3 Availability Zones in a region.
Geo Redundant Storage (GRS)
replication, copies data synchronously 3
times in one region in LRS mode, and then
copies data asynchronously to a second
region in LRS mode.
If for specific reasons, you need to access the data on the 2nd
region, it is possible but only in Read Access (RA) mode, with the
RA-GRS or RA-GZRS options.
Indeed, depending on the type of storage account, as
well as the service tier.
Moreover, the more you choose an extended
replication mode, the higher the SLA will be.
The goal is to protect against maintenance,
hardware/network failures or major natural
disasters.
next
5. Effectively there is a choice
between the different tools and
Azure services.
And Robocopy or Azure File Sync
for Azure File Storage.
For Azure File Storage, these are the
ones seen previously, Soft Delete
option, but also Azure File Snapshot and
Azure File Share Backup?!
I feel reassured
Great. Earlier, we discussed the native replications offered by Microsoft, but
are there tools to make copies or transfers of data?
There are common tools for Azure Blob Storage and Azure File Storage
like azcopy which is a command line tool, but also Azure Storage
Explorer which is an installable utility that also supports Azure Table
Storage and Azure Queue Storage.
The Soft Delete option for blobs or
containers is a kind of trash before
final deletion.
And finally, Point In Time Restore
for containers which allows you to
restore easily containers.
And then, we have more specific solutions depending on the
type of storage, for example Azure Import/Export or Azure
Databox for Azure Blob Storage.
Yes, indeed, you have a good memory.
Yes, and fortunately.
But don't worry, Microsoft has thought of
everything and still offers data protection
mechanisms.
For Azure Blob Storage, Microsoft offers Azure
Backup for Azure which is a mechanism for
performing backups.
Azure
Storage Account #5
next
6. We can therefore limit access to files in
different ways, which is always a plus in
terms of security.
It's a very ingenious mechanism.
What is a Private Enpoint?
A private endpoint is a network interface that uses a private
IP address from your virtual network.
I suppose it is also possible to restrict
access to this data?
But it is also possible to define the access directly at the container
level, with the different options Private, Blob or Container limitation.
Note that it is possible to share a file with outside persons
with the Shared Access Signature option, which allows you
to generate a URL that you can send directly to them.
Depending on the use case, it is
possible to expose the Storage
Account publicly and/or partially by
specifying specific IPs.
Of course, you can also limit access only
to private resources by authorizing
specific VNETs, or by creating a Private
Endpoint.
Access to internal people can also be done via
RBAC, but also via integration with Azure AD or
Active Directory.
Yes, I was waiting for the question.
Azure
Storage Account #6
next
7. Great point!
But also the encryption of data at rest.
It's cool to leave the choice
of the type of keys to use.
Concerning the security, Azure Storage
Account also offers encryption of data in
transit with the use of the HTTPS
protocol.
With everything you told us, we now understand
why this service is so popular.
Or with Azure Monitor and Azure Monitor
Insight for Storage option which gives you
different metrics like number of transactions,
performance, availability, used space and
others...
since in addition to encrypting the data in your storage account,
you can activate double encryption with the encryption at the
infrastructure level, so you have belt, suspenders to avoid
compromising an algorithm or an encryption key.
Microsoft offers either to use
encryption keys managed by Microsoft,
or users can provide their own
encryption keys which will be stored in
an Azure Key Vault.
Effectively,
And finally, we could finish by mentioning the integration with
other services such as Microsoft Defender for Storage for the
detection of threats related to data access.
Azure
Storage Account #7
8. ... Feel free to subscribe at:
https://aka.ms/grow-una
https://tinyurl.com/youtube-growuna
If you want to continue learning in a
fun way about the Azure ecosystem,
and not miss any of our illustrations
...
See you soon!
If you like our work, please share it ;o)
GROW UNA