Session 4 AZ-104: Microsoft Azure Administrator
AzureTalk Core Team
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Today’s Session Speaker Niraj Kumar AzureTalk Fou...
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! AZ-104 Skills Measured • Manage Azure identities ...
AZ-104 Prerequisites Understanding of • Operating systems • Virtualization • Network configuration • Active Directory • Resilience and disaster recovery
Agenda • Storage Accounts • Blob Storage • Storage Security • Azure Files and File Sync • Managing Storage
Storage Accounts
Storage Account • Azure Storage • Storage account • Storage account settings • Number of storage accounts you need
Azure Storage Reference : Microsoft Docs
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Azure Storage Account 10 • Set of Azure Storage s...
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Storage Account Settings 11 • Subscription • Loca...
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! How Many Storage Accounts 12 • Collection of sett...
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Disk Type & Performance Measures 13 Disk Performa...
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Managed Disk 14 • Azure manage Storage account/co...
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Unmanaged Disk 15 • Create, maintain storage acco...
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Ephemeral OS disks 16 • OS disk on local VM stora...
Disk Roles • OS Disk • Data Disk • Temporary disk
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Account kind 18 Account Kind Supported services P...
Account Creation Tool • Azure Portal • Azure CLI • Azure PowerShell • Management client libraries
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Question 1 Azure Storage account include below se...
Blob Storage
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Blob Storage 24 • Optimized for storing massive a...
Blob Types • Block blobs • Append Blob • Page Blob
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Blob Access Tiers 26 • Hot – For Data accessed fr...
Storage Security
Azure Storage security • Protect the data at rest • Protect the data in transit • Support browser cross-domain access • Control who can access data • Audit storage access
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Encryption At Rest 29 • Storage Service Encryptio...
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Encryption In Transit 30 • Transport-level securi...
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Cross-Origin Resource Sharing 31 • Uses HTTP head...
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Role Based Access Control 32 • Azure Storage supp...
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Auditing Access 33 • Using built-in Storage Analy...
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Storage Account keys 34 • Shared keys or shared s...
Protecting Shared keys • Regenerate keys periodically • Any client that use old key will be refused • Identify all clients & update them to keep them operational
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Shared Access Signatures 36 • String contains a s...
SAS Token • Resource URI • Storage services version, • Services • Resource, Resource Types & permissions • Start time & expiry time • IP range, protocol, signature
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Network Access to Storage Account 38 • Default ac...
Question 2 Azure Storage Encryption At Rest can be disabled a) True b) False https://q.azureezy.com/2
Azure Files and File Sync
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Azure Files 42 • Fully managed file shares • Acce...
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Azure File Sync 43 • Extend on-premises file shar...
Extend Storage Capacity • On-premises file server as local cache for Azure file share • Cloud tiering: Cache locally on file server
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Azure File Sync Component 45 • Storage Sync Servi...
Managing Storage
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Azure Storage Explorer 47 • Manage multiple stora...
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Local Emulators 48 Storage Explorer supports two ...
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Azure Storage Explorer Connection 49 • Azure Acti...
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Azure Import/Export 50 • Import data to Azure Sto...
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Azure Data Box 51 • Offline data transfer • Data ...
Azure Data Box Reference : Microsoft Docs
Question 3 Azure Storage Explorer is available only for windows. a) True b) False https://q.azureezy.com/3
Break
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Demo 1. Create of Azure Storage Account using Por...
Q & A
https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! 58 https://bharatguru.in https://azureezy.com Tha...
Az 104 session 4: azure storage

29 views

Published on

Speakers:
1. Niraj Kumar, https://www.linkedin.com/in/nirajkum/
2. Vipin Jha, https://www.linkedin.com/in/vipinkumarjha/
3. Kirtika Gupta, https://www.linkedin.com/in/kirtikagupta

Topics Covered:
1. Storage Accounts
2. Blob Storage
3. Storage Security
4. Azure Files and File Sync
5. Managing Storage

AzureTalk community references:
1. AzureTalk Telegram Group: https://t.me/azuretalk
2. AzureEzy Website: https://azureezy.com
3. Youtube Channel: https://youtube.com/azuretalk
Azure Reference Links
1. Popular Microsoft Azure training: https://www.microsoft.com/en-us/learning/azure-training.aspx
2. Azure Docs: https://docs.microsoft.com/en-us/azure/
3. Get started with Azure: https://docs.microsoft.com/en-us/azure/#pivot=get-started&panel=get-started1
4. Self-paced Labs: https://www.microsoft.com/handsonlabs/SelfPacedLabs
5. Azure-quickstart-templates GitHub: https://github.com/Azure/azure-quickstart-templates

Published in: Technology
Az 104 session 4: azure storage

  Session 4 AZ-104: Microsoft Azure Administrator
  AzureTalk Core Team
  Today's Session Speaker Niraj Kumar AzureTalk Founder Enterprise Architect, MCT Kirtika Gupta AzureTalk Core Team Member, Cloud Engineer Vipin Jha AzureTalk Core Team Member, Consultant, MCT
  AZ-104 Skills Measured • Manage Azure identities and governance (15-20%) • Deploy and manage Azure compute resources (25-30%) • Implement and manage storage (10-15%) • Configure and manage virtual networking (30-35%) • Monitor and back up Azure resources (10-15%)
  AZ-104 Prerequisites Understanding of • Operating systems • Virtualization • Network configuration • Active Directory • Resilience and disaster recovery
  Agenda • Storage Accounts • Blob Storage • Storage Security • Azure Files and File Sync • Managing Storage
  7. 7. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Storage Accounts 7
  8. 8. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Storage Account 8 • Azure Storage • Storage account • Storage account settings • Number of storage accounts you need
  9. 9. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Azure Storage 9 Reference : Microsoft Docs
  10. 10. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Azure Storage Account 10 • Set of Azure Storage services • Only Blobs, Files, Queues & Tables included in a storage account • Lets you manage them as a group • Deleting the storage account deletes all of the data stored inside • Storage account is an Azure resource and is included in a resource group
  11. 11. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Storage Account Settings 11 • Subscription • Location • Performance: Standard or Premium • Replication: LRS, ZRS, GRS • Access tier: Hot, Cool, Archive • Secure transfer required: HTTPs or HTTP • Virtual networks
  12. 12. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! How Many Storage Accounts 12 • Collection of settings like location, replication strategy, & subscription owner • One storage account for every group of settings • Determined by Data diversity, Cost sensitivity, & Management overhead Reference : Microsoft Docs
  13. 13. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Disk Type & Performance Measures 13 Disk Performance Measures • Input/output operations per second (IOPS) • Throughput - Data transfer rate Disk Types for virtual machines • Ultra SSD • Premium SSD • Standard SSD • Standard HDD
  14. 14. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Managed Disk 14 • Azure manage Storage account/container/Page blob for VHD • Scalability • High availability 99.999% • Integration with availability sets and zones • Support for Azure Backup. • Granular access control Using RBAC • Storage Service Encryption (SSE), or • Azure Disk Encryption (ADE) BitLocker for Windows and DM-Crypt for Linux.
  15. 15. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Unmanaged Disk 15 • Create, maintain storage account manually • keep track of IOPS limits & ensures don't overprovision throughput of storage account • Security & RBAC at storage account level, instead of disk • Don't support all of the scalability and management features
  16. 16. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Ephemeral OS disks 16 • OS disk on local VM storage • Faster read-and-write latency • Faster to reset image • VM failure might destroy data on an ephemeral disk & leave VM unable to boot • Reside locally & no storage costs • Work well for stateless workload
  17. 17. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Disk Roles 17 • OS Disk • Data Disk • Temporary disk
  18. 18. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Account kind 18 Account Kind Supported services Performance tiers Replication options General- purpose V2 Blob, File, Queue, Table, Disk Standard, Premium LRS, GRS, RA- GRS, ZRS General- purpose V1 Blob, File, Queue, Table, and Disk Standard, Premium LRS, GRS, RA- GRS Block Blob Storage Blob (block blobs and append blobs only) Premium LRS, ZRS File Storage File only Premium LRS, ZRS Blob Storage Blob (block blobs and append blobs only) Standard LRS, GRS, RA- GRS
  19. 19. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Account Creation Tool 19 • Azure Portal • Azure CLI • Azure PowerShell • Management client libraries
  20. 20. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Question 1 Azure Storage account include below services? a) Blob, Files, Tables & Queue b) Blob, Files, Tables, Queue & Cosmos DB c) Blob, Files, Tables, Queue, Cosmos DB & SQL Database d) None 21 https://q.azureezy.com/1
  22. 22. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Blob Storage
  23. 23. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Blob Storage 24 • Optimized for storing massive amounts of unstructured data Designed for • Images or documents directly to a browser • Files for distributed access • Streaming video and audio • Writing log files • Backup, restore, DR & archiving Reference : Microsoft Docs
  24. 24. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Blob Types 25 • Block blobs • Append Blob • Page Blob
  25. 25. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Blob Access Tiers 26 • Hot – For Data accessed frequently • Cool - For data infrequently accessed, stored for at least 30 days. • Archive - For rarely accessed data and stored for at least 180 days
  26. 26. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Storage Security
  27. 27. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Azure Storage security 28 • Protect the data at rest • Protect the data in transit • Support browser cross-domain access • Control who can access data • Audit storage access
  28. 28. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Encryption At Rest 29 • Storage Service Encryption (SSE) 256-bit Advanced Encryption Standard (AES) • Decrypts before returning • No additional charges • Doesn't degrade performance • Can't be disabled • Encrypt VHDs by using Azure Disk Encryption • BitLocker for Windows images & • dm-crypt for Linux • Azure Key Vault stores the keys automatically
  29. 29. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Encryption In Transit 30 • Transport-level security between Azure and the client • Use HTTPS to secure communication • Can enforce HTTPS by secure transfer • HTTP connection will be refused if Secure transfer is enabled
  30. 30. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Cross-Origin Resource Sharing 31 • Uses HTTP headers so application at one domain can access resources from different domain • Ensure loading of only authorized content from authorized sources • Optional flag on Storage Account • Adds headers in HTTP GET requests
  31. 31. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Role Based Access Control 32 • Azure Storage supports Azure AD and RBAC for both resource management and data operations • Use Azure AD to authorize resource management operations • Azure AD is supported for data operations on Blob and Queue storage
  32. 32. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Auditing Access 33 • Using built-in Storage Analytics service • logs every operation in real time • Search the Storage Analytics logs for specific requests • Filter based on • Authentication mechanism • Success operation or • Resource accessed
  33. 33. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Storage Account keys 34 • Shared keys or shared secret or storage account keys • Easiest to use • Supports blobs, files, queues, and tables • Client embeds shared key in HTTP Authorization header of every request, and Storage account validates the key • Has two keys & provide full access to account
  34. 34. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Protecting Shared keys 35 • Regenerate keys periodically • Any client that use old key will be refused • Identify all clients & update them to keep them operational
  35. 35. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Shared Access Signatures 36 • String contains a security token can be attached to URI • Use a SAS to delegate access to storage objects • Specify permissions and time range of access Types of shared access signatures • Service-level shared access signature • Account-level shared access signature
  36. 36. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! SAS Token 37 • Resource URI • Storage services version, • Services • Resource, Resource Types & permissions • Start time & expiry time • IP range, protocol, signature
  37. 37. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Network Access to Storage Account 38 • Default accept all connections • Restrict to specific IP addresses or Vnet • Changing network rules can affect your application's ability to connect to Azure Storage • If Deny Network Rule is default, it block all access • Use network rules to grant access to any allowed networks
  38. 38. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Question 2 Azure Storage Encryption At Rest can be disabled a) True b) False 39 https://q.azureezy.com/2
  40. 40. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Azure Files and File Sync
  41. 41. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Azure Files 42 • Fully managed file shares • Accessible via Server Message Block (SMB) • Mount on Windows, Linux, and macOS • Azure file shares can be cached on Windows Servers with Azure File Sync • Don’t need to buy expensive hardware
  42. 42. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Azure File Sync 43 • Extend on-premises file shares • Expand storage capacity and provide redundancy in the cloud • Requires Windows Server 2012 R2 or later • Access on-premises file share with SMB, NFS, or FTPS.
  43. 43. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Extend Storage Capacity 44 • On-premises file server as local cache for Azure file share • Cloud tiering: Cache locally on file server
  44. 44. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Azure File Sync Component 45 • Storage Sync Service • Sync group • Azure File Sync agent • Registered server relationship with on-premises server • Server endpoint Folder location • Cloud endpoint Azure File Shares • Cloud tiering Optional cache feature
  45. 45. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Managing Storage
  46. 46. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Azure Storage Explorer 47 • Manage multiple storage accounts • Access any data Blob, Tables, Files, Queue • Connect Azure Cosmos DB & Data Lake • Update & view entities in storage accounts • Free • Operation edit, download, copy, and delete • Runs on Windows, Mac & Linux
  47. 47. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Local Emulators 48 Storage Explorer supports two emulators • Azure Storage Emulator Local instance of Microsoft SQL Server 2012 Express Local DB • Azurite based on Node.js, supports most Azure Storage commands through an API • Storage Explorer requires emulator to be running before open it
  48. 48. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Azure Storage Explorer Connection 49 • Azure Active Directory (Azure AD) • Connection string • Shared access signature URI • Use a name and key • Local emulator • Azure Cosmos DB through a connection string • Azure Data Lake by using a URI Two Permission required management & data
  49. 49. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Azure Import/Export 50 • Import data to Azure Storage • Export data from Azure Storage • Import/Export service create and track data import/export • WAImportExport tool Facilitates copying your data Reference : Microsoft Docs
  50. 50. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Azure Data Box 51 • Offline data transfer • Data Box Disk - one 35-TB, Connect over USB • Data Box – 80 TB, Connect over network SMB, NFS • Data Box Heavy – 800 TB - like two Data Boxes, each with an independent node • Online data transfer • Data Box Edge – 12 TB as Local SSD • Data Box Gateway - Virtual appliance
  51. 51. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Azure Data Box 52 Reference : Microsoft Docs
  52. 52. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Question 3 Azure Storage Explorer is available only for windows. a) True b) False 53 https://q.azureezy.com/3
  54. 54. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Break 55
  55. 55. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Demo 1. Create of Azure Storage Account using Portal 2. Create a container in blob storage and upload objects in that 3. Create Azure File Shares and connect that file share as SMB from Windows VM 4. Create Azure file Sync and extend capacity of On-Prem File Server to Azure Files 5. Connect and manage Azure storage account from Azure Storage Explorer
  56. 56. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! Q & A 57
  57. 57. https://azureezy.com © 2020 AzureEzy and AzureTalk. All rights reserved! 58 https://bharatguru.in https://azureezy.com Thanks!https://azureezy.com/az-104 https://t.me/AzureTalk https://youtube.com/c/AzureTalk https://www.linkedin.com/in/nirajkum/ https://www.linkedin.com/in/vipinkumarjha/ https://www.linkedin.com/in/kirtikagupta

