Az 104 session 4: azure storage

https://azureezy.com
© 2020 AzureEzy and AzureTalk. All rights reserved!
Session 4
AZ-104: Microsoft Azure
Administrator
1

AzureTalk Core Team
2

Today’s Session Speaker
Niraj Kumar
AzureTalk Founder
Enterprise Architect, MCT
3
Kirtika Gupta
AzureTalk Core Team
Member, Cloud Engineer
Vipin Jha
AzureTalk Core Team
Member, Consultant, MCT

AZ-104 Skills Measured
• Manage Azure identities and governance (15-20%)
• Deploy and manage Azure compute resources (25-30%)
• Implement and manage storage (10-15%)
• Configure and manage virtual networking (30-35%)
• Monitor and back up Azure resources (10-15%)
4

AZ-104 Prerequisites
5
Understanding of
• Operating systems
• Virtualization
• Network configuration
• Active Directory
• Resilience and disaster recovery

Agenda
6
• Storage Accounts
• Blob Storage
• Storage Security
• Azure Files and File Sync
• Managing Storage

Storage Accounts
7

Storage Account
8
• Azure Storage
• Storage account
• Storage account settings
• Number of storage accounts you need

Azure Storage
9
Reference : Microsoft Docs

Azure Storage Account
10
• Set of Azure Storage services
• Only Blobs, Files, Queues & Tables included in a storage
account
• Lets you manage them as a group
• Deleting the storage account deletes all of the data stored
inside
• Storage account is an Azure resource and is included in a
resource group

Storage Account Settings
11
• Subscription
• Location
• Performance: Standard or Premium
• Replication: LRS, ZRS, GRS
• Access tier: Hot, Cool, Archive
• Secure transfer required: HTTPs or HTTP
• Virtual networks

How Many Storage Accounts
12
• Collection of settings like location,
replication strategy, & subscription
owner
• One storage account for every
group of settings
• Determined by Data diversity, Cost
sensitivity, & Management
overhead

Disk Type & Performance Measures
13
Disk Performance Measures
• Input/output operations per second (IOPS)
• Throughput - Data transfer rate
Disk Types for virtual machines
• Ultra SSD
• Premium SSD
• Standard SSD
• Standard HDD

Managed Disk
14
• Azure manage Storage
account/container/Page
blob for VHD
• Scalability
• High availability 99.999%
• Integration with
availability sets and zones
• Support for Azure Backup.
• Granular access control
Using RBAC
• Storage Service
Encryption (SSE), or
• Azure Disk Encryption
(ADE) BitLocker for
Windows and DM-Crypt
for Linux.

Unmanaged Disk
15
• Create, maintain storage account manually
• keep track of IOPS limits & ensures don't overprovision
throughput of storage account
• Security & RBAC at storage account level, instead of disk
• Don't support all of the scalability and management features

Ephemeral OS disks
16
• OS disk on local VM storage
• Faster read-and-write latency
• Faster to reset image
• VM failure might destroy data on an ephemeral disk & leave VM
unable to boot
• Reside locally & no storage costs
• Work well for stateless workload

Disk Roles
17
• OS Disk
• Data Disk
• Temporary disk

Account kind
18
Account Kind Supported services Performance
tiers
Replication
options
General-
purpose V2
Blob, File, Queue, Table,
Disk
Standard,
Premium
LRS, GRS, RA-
GRS, ZRS
General-
purpose V1
Blob, File, Queue, Table,
and Disk
Standard,
Premium
LRS, GRS, RA-
GRS
Block Blob
Storage
Blob (block blobs and
append blobs only)
Premium LRS, ZRS
File Storage File only Premium LRS, ZRS
Blob Storage Blob (block blobs and
append blobs only)
Standard LRS, GRS, RA-
GRS

Account Creation Tool
19
• Azure Portal
• Azure CLI
• Azure PowerShell
• Management client libraries

Question 1
Azure Storage account include below services?
a) Blob, Files, Tables & Queue
b) Blob, Files, Tables, Queue & Cosmos DB
c) Blob, Files, Tables, Queue, Cosmos DB & SQL Database
d) None
21
https://q.azureezy.com/1

Question 1
Azure Storage account include below services?
a) Blob, Files, Tables & Queue
b) Blob, Files, Tables, Queue & Cosmos DB
c) Blob, Files, Tables, Queue, Cosmos DB & SQL Database
d) None
22

Blob Storage

Blob Storage
24
• Optimized for storing massive
amounts of unstructured data
Designed for
• Images or documents directly to a
browser
• Files for distributed access
• Streaming video and audio
• Writing log files
• Backup, restore, DR & archiving Reference : Microsoft Docs

Blob Types
25
• Block blobs
• Append Blob
• Page Blob

Blob Access Tiers
26
• Hot – For Data accessed frequently
• Cool - For data infrequently accessed, stored for at least
30 days.
• Archive - For rarely accessed data and stored for at least
180 days

Storage Security

Azure Storage security
28
• Protect the data at rest
• Protect the data in transit
• Support browser cross-domain access
• Control who can access data
• Audit storage access

Encryption At Rest
29
• Storage Service Encryption
(SSE) 256-bit Advanced
Encryption Standard (AES)
• Decrypts before returning
• No additional charges
• Doesn't degrade
performance
• Can't be disabled
• Encrypt VHDs by using Azure
Disk Encryption
• BitLocker for Windows
images &
• dm-crypt for Linux
• Azure Key Vault stores the
keys automatically

Encryption In Transit
30
• Transport-level security between Azure and the client
• Use HTTPS to secure communication
• Can enforce HTTPS by secure transfer
• HTTP connection will be refused if Secure transfer is enabled

Cross-Origin Resource Sharing
31
• Uses HTTP headers so application at one domain can
access resources from different domain
• Ensure loading of only authorized content from
authorized sources
• Optional flag on Storage Account
• Adds headers in HTTP GET requests

Role Based Access Control
32
• Azure Storage supports Azure AD and RBAC for both
resource management and data operations
• Use Azure AD to authorize resource management
operations
• Azure AD is supported for data operations on Blob and
Queue storage

Auditing Access
33
• Using built-in Storage Analytics service
• logs every operation in real time
• Search the Storage Analytics logs for specific requests
• Filter based on
• Authentication mechanism
• Success operation or
• Resource accessed

Storage Account keys
34
• Shared keys or shared secret or storage account
keys
• Easiest to use
• Supports blobs, files, queues, and tables
• Client embeds shared key in
HTTP Authorization header of every request, and
Storage account validates the key
• Has two keys & provide full access to account

Protecting Shared keys
35
• Regenerate keys periodically
• Any client that use old key will be refused
• Identify all clients & update them to keep them
operational

Shared Access Signatures
36
• String contains a security token can be attached to URI
• Use a SAS to delegate access to storage objects
• Specify permissions and time range of access
Types of shared access signatures
• Service-level shared access signature
• Account-level shared access signature

SAS Token
37
• Resource URI
• Storage services version,
• Services
• Resource, Resource Types & permissions
• Start time & expiry time
• IP range, protocol, signature

Network Access to Storage Account
38
• Default accept all connections
• Restrict to specific IP addresses
or Vnet
• Changing network rules can
affect your application's ability to
connect to Azure Storage
• If Deny Network Rule is default,
it block all access
• Use network rules to grant
access to any allowed networks

Question 2
Azure Storage Encryption At Rest can be disabled
a) True
b) False
39

Question 2
Azure Storage Encryption At Rest can be disabled
a) True
b) False
40

Azure Files and File Sync

Azure Files
42
• Fully managed file shares
• Accessible via Server Message Block (SMB)
• Mount on Windows, Linux, and macOS
• Azure file shares can be cached on Windows
Servers with Azure File Sync
• Don’t need to buy expensive hardware

Azure File Sync
43
• Extend on-premises file shares
• Expand storage capacity and provide
redundancy in the cloud
• Requires Windows Server 2012 R2 or later
• Access on-premises file share with SMB, NFS,
or FTPS.

Extend Storage Capacity
44
• On-premises file server as local cache for
Azure file share
• Cloud tiering: Cache locally on file server

Azure File Sync Component
45
• Storage Sync Service
• Sync group
• Azure File Sync agent
• Registered server relationship with on-premises server
• Server endpoint Folder location
• Cloud endpoint Azure File Shares
• Cloud tiering Optional cache feature

Managing Storage

Azure Storage Explorer
47
• Manage multiple storage accounts
• Access any data Blob, Tables, Files, Queue
• Connect Azure Cosmos DB & Data Lake
• Update & view entities in storage accounts
• Free
• Operation edit, download, copy, and delete
• Runs on Windows, Mac & Linux

Local Emulators
48
Storage Explorer supports two emulators
• Azure Storage Emulator Local instance of Microsoft SQL
Server 2012 Express Local DB
• Azurite based on Node.js, supports most Azure Storage
commands through an API
• Storage Explorer requires emulator to be running before
open it

Azure Storage Explorer Connection
49
• Azure Active Directory (Azure AD)
• Connection string
• Shared access signature URI
• Use a name and key
• Local emulator
• Azure Cosmos DB through a connection string
• Azure Data Lake by using a URI
Two Permission required management & data

Azure Import/Export
50
• Import data to Azure Storage
• Export data from Azure Storage
• Import/Export service create and
track data import/export
• WAImportExport tool Facilitates
copying your data

Azure Data Box
51
• Offline data transfer
• Data Box Disk - one 35-TB, Connect over USB
• Data Box – 80 TB, Connect over network SMB, NFS
• Data Box Heavy – 800 TB - like two Data Boxes, each
with an independent node
• Online data transfer
• Data Box Edge – 12 TB as Local SSD
• Data Box Gateway - Virtual appliance

Azure Data Box
52

Question 3
Azure Storage Explorer is available only for windows.
a) True
b) False
53

Question 3
Azure Storage Explorer is available only for windows.
a) True
b) False
54

Break
55

Demo
1. Create of Azure Storage Account using Portal
2. Create a container in blob storage and upload objects in
that
3. Create Azure File Shares and connect that file share as SMB
from Windows VM
4. Create Azure file Sync and extend capacity of On-Prem File
Server to Azure Files
5. Connect and manage Azure storage account from Azure
Storage Explorer

Q & A
57

58
https://bharatguru.in
Thanks!https://azureezy.com/az-104
https://t.me/AzureTalk
https://youtube.com/c/AzureTalk
https://www.linkedin.com/in/nirajkum/
https://www.linkedin.com/in/vipinkumarjha/
https://www.linkedin.com/in/kirtikagupta

Az 104 session 4: azure storage

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Az 104 session 4: azure storage

Similar to Az 104 session 4: azure storage (20)

Recently uploaded

Recently uploaded (20)

Az 104 session 4: azure storage