Azure Files Cheat Sheet

• Offers fully managed cloud-based file storage that can be accessed through the industry-standard server message block (SMB) protocol.

Features

• Mount your Azure File share from Windows, Linux, or macOS.
• Azure File Sync enables you to access your data from SMB, REST, or even on-premises.
• Encrypt data at rest and in transit using SMB 3.0 and HTTPS.
• Lift and shift applications to the cloud, where the application data is moved to Azure Files, and the application continues to run on-premises.
• Store configuration files in a centralized location where they can be accessed from many application instances.
• Azure Files provides the capability of taking share snapshots of file shares.

Storage Tiers

• Premium file shares (SSD)
  • High performance & low latency, within single-digit milliseconds for most IO operations.
  • For IO-intensive workloads.
• Standard file shares (HDD)
  • Reliable performance for IO workloads which are less latency-sensitive.
• If you created either a premium or a standard file share, you cannot automatically convert it to the other tier.

Supported Devices

• To use an Azure file share outside of the Azure region the OS must support SMB 3.0
• To mount an Azure file sharing on Windows, you must have access to port 445.

• Linux clients can also access the file storage through the SMB protocol.

Encryption

• By default, encrypted with Microsoft-managed keys and responsible for rotating them on a regular basis.
• Using Microsoft-managed keys, you can also choose to manage your own keys, which gives you control over the rotation process.
• With customer-managed keys, Azure file storage is authorized to access your keys to fulfill read and write requests from your clients.

Networking

• SMB uses port 445.
• Accessible from anywhere, via the public endpoint of the storage account.
• Azure file shares over an ExpressRoute or VPN connection:
  • Tunneling into a virtual network, even if port 445 is blocked.
  • Private endpoints give you a dedicated IP address from within the address space of the virtual network.
  • Allows you to configure DNS forwarding.
• The UNC path format of an Azure File Share is: \\<storageAccountName>.file.core.windows.net\

Azure File Sync

• Transform an on-premises (or cloud) Windows Server into a quick cache of your Azure file share.
• Use Azure File Sync agent to synchronize files from a server to an Azure file share. 
• To create sync groups, you need to deploy a Storage Sync Service.
• A sync group defines the sync relationship between a cloud endpoint and a server endpoint.
  • Cloud endpoint – represents an Azure file share and multiple server endpoints. 
  • Server endpoint – a path registered on the Windows Server.
  • When you make changes to your cloud endpoint or server endpoint, your files are automatically synced to your sync group’s remaining endpoints.
  • When you make a change directly to the cloud endpoint, Azure files must first detect it via a change detection job, which only happens once every 24 hours.
  • A change detection job enumerates all the files in the file share and compares it to the sync version of that file. When the change detection job determines that there are changes, Azure File sync will initiate a sync session.
• The sync group you created should only have one cloud endpoint.
• A sync group may have server endpoints with different Active Directory memberships, even if they are not domain-joined.
• The storage accounts used for Azure Files deployments are:
  • General purpose version 2 (GPv2) storage accounts
  • FileStorage storage accounts
• You can use cloud tiering to cache frequently accessed files locally on the server.
• Only NTFS volumes are supported; ReFS, FAT, FAT32, and other file systems are not supported.
• The service supports interop with DFS Namespaces (DFS-N) and DFS Replication (DFS-R).
  • DFS-N allows you to group shared folders located on multiple servers into one or more logically structured namespaces.
  • DFS-R enables you to replicate folders across multiple servers and sites.
• Azure File Sync has three layers of encryption:
  • Encryption at rest (Windows Server)
  • Encryption in transit
  • Encryption at rest (Azure file share)

Azure Blob vs Disk vs File Storage:

https://tutorialsdojo.com/azure-blob-vs-disk-vs-file-storage/

Validate Your Knowledge

Question 1

Question Type: Matrix Sorting Choice

You have an on-premises data center that contains a file server named TDFileServer1 which has 20 TB of data.

You created an Azure subscription and an Azure file share named TDFile1.

There is a requirement to transfer 20 TB of data to TDFile1 using the Azure Import/Export service.

In which order should you perform the actions?

Instructions: To answer, drag the appropriate item from the column on the left to its description on the right. Each correct match is worth one point.

Show me the answer!

Correct Answer:

(1) You prepare the external disks by attaching it to TDFileServer1 and run the WAImportExport.exe tool.

(2) You create an import job in the Azure portal.

(3) You ship the external disks to the Azure Datacenter.

(4) You update the import job in the Azure portal.

Azure Import/Export service is used to securely import large amounts of data to Azure Blob storage and Azure Files by shipping disk drives to an Azure datacenter. This service can also be used to transfer data from Azure Blob storage to disk drives and ship to your on-premises sites. Data from one or more disk drives can be imported either to Azure Blob storage or Azure Files.

Consider using Azure Import/Export service when uploading or downloading data over the network is too slow, or getting additional network bandwidth is cost-prohibitive. Use this service in the following scenarios:

– Data migration to the cloud: Move large amounts of data to Azure quickly and cost effectively.

– Content distribution: Quickly send data to your customer sites.

– Backup: Take backups of your on-premises data to store in Azure Storage.

– Data recovery: Recover large amounts of data stored in storage and have it delivered to your on-premises location.

To import data, the service requires you to ship supported disk drives containing your data to an Azure datacenter.

Microsoft Azure WAImportExport.exe tool is the drive preparation and repair tool that you can use with the Microsoft Azure Import/Export Service. This tool can be used in several different ways:

– Before you create an Import job, you can use this tool to copy data to the hard drives you are going to ship to a Microsoft Azure data center.

– After an import job has finished, you can use this tool to repair any blobs that were corrupted, missing, or conflicted with other blobs.

– After you receive the drives from an export job, you can use this tool to repair any files that were corrupted or missing on the drives.

The journal file stores basic information such as drive serial number, encryption key, and storage account details.

You can import the contents of FileServer1 using the following steps in order:

1. Prepare the drives and run the WAImportExport.exe tool.

– Attach the external disk to FileServer1 and run WAImportExport.exe. Each time you run the WAImportExport tool to copy files to the hard drive, the tool creates a copy session. The state of the copy session is written to the journal file.

2. You create an import job in the Azure portal.

– You must specify the following for an import job: name of the import job, type of job (import from azure or export from azure) subscription, resource group, journal file, the storage account for import destination, and the return shipping info.

3. You ship the external disks to the Azure Datacenter.

– FedEx, UPS, or DHL can be used to ship the package to Azure datacenter. You must ensure that you properly package your disks to avoid potential damage and delays in processing.

4. You update the import job in the Azure portal.

– You need to update job status and tracking info once drives are shipped and mark the checkbox against Mark as Shipped. You then provide the carrier and tracking number. If the tracking number is not updated within 2 weeks of creating the job, the job expires.

Hence, the correct order of deployment are:

1. You prepare the external disks by attaching it to FileServer1 and run the WAImportExport.exe tool.

2. You create an import job in the Azure portal.

3. You ship the external disks to the Azure Datacenter.

4. You update the import job in the Azure portal.

References: 
https://docs.microsoft.com/en-us/azure/import-export/storage-import-export-service
https://docs.microsoft.com/en-us/azure/import-export/storage-import-export-data-to-files

Note: This question was extracted from our AZ-104 Microsoft Azure Administrator Practice Exams.

For more Azure practice exam questions with detailed explanations, check out the Tutorials Dojo Portal:

Azure Files Cheat Sheet Resources:

https://azure.microsoft.com/en-us/services/storage/files/
https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-linux