Azure Storage Overview Cheat Sheet

• An Azure storage account contains blobs, files, queues, tables, and disks.
• Types of Storage Accounts: General-purpose (v2 and v1), BlockBlobStorage, FileStorage, and BlobStorage
• All storage accounts are encrypted using Storage Service Encryption (SSE) for data at rest
• Storage accounts endpoints:
  • Blob storage: https://tutorialsdojo.blob.core.windows.net
  • Table storage: https://tutorialsdojo.table.core.windows.net
  • Queue storage: https://tutorialsdojo.queue.core.windows.net
  • Azure Files: https://tutorialsdojo.file.core.windows.net
  • Azure Data Lake Storage Gen2: https://tutorialsdojo.dfs.core.windows.net

• Access tiers are: Hot, Cool, Cold, and Archive
  • Hot
    • Highest storage costs, but lowest access costs
    • Store data that is accessed frequently
    • By default, new storage accounts are created in the hot tier
  • Cool
    • Lower storage costs, but higher access costs
    • Store data that is infrequently accessed (at least 30 days)
    • You can use a cool access tier for short-term backup.
  • Cold
    • Lower storage costs and higher access costs compared to the cool tier.
    • Store data that is rarely accessed (at least 90 days).
    • You can use a cold access tier for storing large data sets in a cost-effective manner.

• • Archive
    • Lowest storage costs, but the highest retrieval costs
    • Store data that is rarely accessed (at least 180 days)
    • Data needs to be stored for a long time.
• Storage redundancy includes: Locally redundant storage (LRS), Zone-redundant storage (ZRS), Geo-redundant storage (GRS), Geo-zone-redundant storage (GZRS)
  • Locally redundant storage (LRS) 
    • A low-cost redundancy strategy
    • Your data is copied synchronously three times within the primary region
  • Zone-redundant storage (ZRS)
    • Redundancy for high availability
    • The data is copied synchronously across three Azure availability zones in the primary region
  • Geo-redundant storage (GRS)
    • Cross-regional redundancy
    • In the primary region, data is synchronously copied three times, and then asynchronously copied to the secondary region.
    • Enable read-only geo-redundant storage (RA-GRS) to access data in the secondary region.
      •  
  • Geo-zone-redundant storage (GZRS)
    • Redundancy for both high availability and maximum durability
    • Data is copied synchronously across three Azure availability zones in the primary region, then copied asynchronously to the secondary region.
    • You can also enable RA-GZRS for read access data in the secondary region

• Moving of data into different storage account can be done automatically or manually
• You can migrate data manually using:
  • AzCopy uses a command-line utility
  • Data Movement Library is designed for high-performance, reliable, and easy data transfer operations similar to AzCopy
  • REST API or client library lets you create a custom application to migrate your data

Types of Storage Accounts

• General-purpose v2 accounts
  • Supports Data Lake Gen2, Blobs, Files Disks Queues Tables
  • Delivers the lowest per-gigabyte capacity prices for Azure Storage

• General-purpose v1 accounts

• • Supports Blobs, Files, Disks, Queues, Tables
  • You can upgrade a general-purpose v1 account to a general-purpose v2 account with no downtime and without copying the data.
  • You can use general-purpose v1 accounts since the General-purpose v2 accounts and Blob storage accounts only support the Azure Resource Manager deployment model.
  • If you don’t need a large capacity for transaction-intensive or significant geo-replication bandwidth, GPv1 is a suitable choice

• BlockBlobStorage accounts
  • Provides low, consistent latency, and higher transaction rates.
  • Upgrading a Blob storage account to a general-purpose v2 account has no downtime and you don’t need to copy the data
  • It doesn’t support hot, cool, cold, and archive access tiers
  • You can use BlockBlobStorage for storing unstructured object data as block blobs or append blobs. 

• FileStorage accounts
  • Only supports file shares
  • Offers IOPS bursting

• BlobStorage accounts
  • Only supports block and append blobs.
  • BlobStorage account offers standard performance. While the BlockBlobStorage account supports premium performance.

Security

• To grant access in your storage account, the request must include a valid Authorization header
• If authentication of identity is successful, then Azure Active Directory returns a token to use in authorizing the request to Azure Storage Services.
• You can use shared key authorization to construct a connection string
• Shared access signature allows you to have granular control on who can access your data
• When you copy a file without the metadata for encryption, the blob content cannot be retrieved again.

Azure Storage Overview Pricing

• You are charged based on your Region, Account type, Access Tier, and Storage Capacity
• The replication and reads/write operations also incur costs.
• If your data isn’t running in the same region, you’re charged for data egress.

Locally Redundant Storage (LRS) vs Zone-Redundant Storage (ZRS):
https://tutorialsdojo.com/locally-redundant-storage-lrs-vs-zone-redundant-storage-zrs/

Validate Your Knowledge

Question 1

Question Type: Single choice

You have an existing Azure subscription that has the following Azure Storage accounts.

There is a requirement to identify the storage accounts that can be converted to zone-redundant storage (ZRS) replication. This must be done only through a live migration from Azure Support.

Which of the following accounts can you convert to ZRS?

1. tdaccount1
2. tdaccount2
3. tdaccount3
4. tdaccount4

Show me the answer!

Correct Answer: 1

Azure Storage always stores multiple copies of your data so that it is protected from planned and unplanned events, including transient hardware failures, network or power outages, and massive natural disasters. Redundancy ensures that your storage account meets its availability and durability targets even in the face of failures.

When deciding which redundancy option is best for your scenario, consider the tradeoffs between lower costs and higher availability. The factors that help determine which redundancy option you should choose to include are:

– How your data is replicated in the primary region.

– Whether your data is replicated to a second region that is geographically distant to the primary region, to protect against regional disasters.

– Whether your application requires read access to the replicated data in the secondary region if the primary region becomes unavailable for any reason.

Data in an Azure Storage account is always replicated three times in the primary region. Azure Storage offers four options for how your data is replicated:

1. Locally redundant storage (LRS) copies your data synchronously three times within a single physical location in the primary region. LRS is the least expensive replication option but is not recommended for applications requiring high availability.
2. Zone-redundant storage (ZRS) copies your data synchronously across three Azure availability zones in the primary region. For applications requiring high availability.
3. Geo-redundant storage (GRS) copies your data synchronously three times within a single physical location in the primary region using LRS. It then copies your data asynchronously to a single physical location in a secondary region that is hundreds of miles away from the primary region.
4. Geo-zone-redundant storage (GZRS) copies your data synchronously across three Azure availability zones in the primary region using ZRS. It then copies your data asynchronously to a single physical location in the secondary region.

You can switch a storage account from one type of replication to any other type, but some scenarios are more straightforward than others. If you want to add or remove geo-replication or read access to the secondary region, you can use the Azure portal, PowerShell, or Azure CLI to update the replication setting. However, if you want to change how data is replicated in the primary region, by moving from LRS to ZRS or vice versa, then you must perform a manual migration.

The following table provides an overview of how to switch from each type of replication to another:

To request a live migration to ZRS, GZRS, or RA-GZRS, you need to migrate your storage account from LRS to ZRS in the primary region with no application downtime. To migrate from LRS to GZRS or RA-GZRS, first switch to GRS or RA-GRS and then request a live migration. Similarly, you can request a live migration from GRS or RA-GRS to GZRS or RA-GZRS. To migrate from GRS or RA-GRS to ZRS, first switch to LRS, then request a live migration.

Live migration is supported only for storage accounts that use LRS or GRS replication. If your account uses RA-GRS then you need to first change your account’s replication type to either LRS or GRS before proceeding. This intermediary step removes the secondary read-only endpoint provided by RA-GRS before migration.

Hence, the correct answer is: tdaccount1.

tdaccount2 is incorrect because you need to first change your account’s replication type to either LRS or GRS before you change to zone-redundant storage (ZRS). The requirement states that you must only request live migration.

tdaccount3 is incorrect because a general-purpose V1 storage account type does not support zone-redundant storage (ZRS) as its replication option. Only General-purpose V2, FileStorage, and BlockBlobStorage support ZRS.

tdaccount4 is incorrect because a BlobStorage account type does not support zone-redundant storage (ZRS) as its replication option. Only General-purpose V2, FileStorage, and BlockBlobStorage support ZRS.

References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy
https://docs.microsoft.com/en-us/azure/storage/common/redundancy-migration

Note: This question was extracted from our AZ-104 Microsoft Azure Administrator Practice Exams.

For more Azure practice exam questions with detailed explanations, check out the Tutorials Dojo Portal:

Azure Storage Overview Cheat Sheet Resources:

https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview?toc=/azure/storage/blobs/toc.json
https://docs.microsoft.com/en-us/azure/storage/common/storage-account-create?tabs=azure-portal