In this tutorial, we will learn how to leverage Azure services, in this case Azure Files, to create an SMB file share in the cloud. This share will be accessible from remote machines, whether on Windows, Linux, or macOS.
A share in Azure Files can be used to replace a local file server, or act as an add-on to store certain data (or redundant certain data), but also allow an application to store its data in the cloud directly. Microsoft has posted several customer case studies on its site: Azure Files.
If you want to know more about the costs, I invite you to consult the link that I have integrated at the end of the article.
Note : this article talks about a share accessible by SMB but Azure also supports access via the NFS protocol.
II. Create an Azure storage account
To access the “File sharing“from Azure, it is necessary to have a storage account. From the Azure portal, it is necessary to find the service”Storage accounts” to create an account.
The button “Create” is used to launch the storage account creation wizard.
Then, you have to name this storage account (without spaces or special characters, with lowercase letters and numbers), choose the region, as well as options related to performance. Note that it is possible to create a share with a maximum capacity of 5 TB or 100 TB. To be able to choose 100 TB, the share must be locally redundant only (LRS), because if the we take the geo-redundant option, we are limited to 5 TB per share, which is already interesting.
Network-related options allow you to limit access to this share: should it be publicly accessible (with authentication, of course), or only from certain networks.
You can also browse the other options of the different tabs, before arriving at the final step: the click on the “Create“. Sometimes, this button remains grayed out for one or two minutes, while the configuration is validated (this is indicated at the top of the page).
III. Create an Azure Files share
As soon as the Azure resource is created, we can access it to continue with the configuration. Once in the resource, click on the left on “File shares” then on the button “File sharing” to create a new share.
This share must be configured. This consists of assigning a name, as here “share“simply. The field”Level” is important because it determines the level of performance of the storage space, which will impact the cost directly. Here, we are clearly on the notion of hot / cold storage. Depending on what you want to do with this sharing, it may make financial sense to start on one level and change it later.
Here is what Microsoft says:Transaction costs are higher on cooler tiers. It is often more economical to start your share at the Optimized Transaction level if you plan to migrate a larger number of files. Once migrated, you can set the share to a cooler tier.“
The mode “Optimized transaction” is a balanced mode, which is not the most efficient (there is the mode “Premium“), but which may be sufficient for storing data for an application. For more intensive use or synchronization with Azure File Sync, you must start in “Hot“.
Once the various fields have been filled in, click on “Create“.
The new share is added to the list of shares associated with this storage account. You will notice the option “Security: Maximum compatibility” which allows you to choose the authorized SMB versions, the types of authentication, etc… The mode “Maximum security” uses only the most secure versions and algorithms: I recommend it if your environment supports it. You can also create a custom mode: these options can be modified at any time.
Other options are available for shares, including authentication based on Active Directory (on-premise) or Azure Active Directory Domain Services. This allows to have a authentication per user on the share.
In addition, the option “Soft delete” set to 7 days indicates that one can recover a file up to 7 days after deletion. This option can be disabled or the value can be changed: from 1 to 365 days. Again, it is also a matter of cost.
IV. Mount Azure Files share on Windows
Our share is ready, we can mount on a client machine under Windows, or even under Linux or macOS using the procedure adapted to each system. As I said before, one can rely on Active Directory authentication if it is configured (for on-premises AD, this means using Azure AD Connect) or on Azure integrated authentication via the “Storage account key“.
In fact, you have to choose the drive letter to map to the network drive, the authentication method and copy the piece of PowerShell code indicated in the window. This piece of code integrates the address of the share, but also the username (localhost\azurefilesshare) and the password – very long – associated with this account.
After pasting this piece of code into a PowerShell console, I get the following result which suggests the share has mounted correctly.
We can check it from Windows File Explorer, like this:
It should be noted that if you create folders or drop files in this share, they are sent directly to Azure. This data is visible on the Azure interface. In fact, you can create or delete a folder from Azure to structure the share, or do it directly from the client station, but also upload files.
This introduction to Azure Files and the concept of SMB sharing in the Cloud is over! To go further and find out about the rates, I invite you to consult the following links:
#create #SMB #share #Azure