Mittwoch, 31. August 2022

Your file server in the cloud - What is Azure Files?

Azure Files provides fully managed file shares in the cloud, accessible via SMB as well as via NFS.

Azure Files offers all the features expected by a modern file server: Encryption in transit / Encryption at rest, Soft delete, Backup & Recovery as well as monitoring by Microsoft Defender for Storage. A search capability can also be implemented via Azure Cognitive Search and Azure File Indexer. This makes this solution an interesting alternative to the classic file server, which is located in a data center.
SMB file shares in Azure Files can be accessed from Windows, Linux, and macOS clients. NFS shares are available for access from Linux or macOS clients. SMB file shares in Azure Files can also be cached on Windows servers in your own data center, using Azure File Sync. This can ensure fast access for large files.

Key benefits

  • Shared access: Azure Files support both SMB and NFS standard protocols. This makes it easy to replace local file servers with Azure Files without worrying about application compatibility. 
  • Complete management: Azure Files can be set up without having to worry about the hardware or operating systems. Security upgrades or hardware failures are no longer an ongoing issue to worry about.
  • Scripts and Tools: PowerShell cmdlets and the Azure CLI can be used to manage Azure Files. The Azure Portal or Azure Storage Explorer can also be used for management.
  • Resilience: Azure Files is designed from the ground up as a highly available solution. Unlike on-premises file servers, failsafe power or networks are not an issue here.
  • Access via code: Applications running in Azure can access data in Azure Files via file system I/O APIs. Developers can therefore use their existing code and previously learned skills to migrate existing applications. In addition to system I/O APIs, Azure Storage client libraries or the Azure Storage REST API can also be used.

Typical use cases of Azure Files

  • Replace or extend local file servers: Azure Files can replace or extend local file servers or NAS system. Common operating systems such as Windows, macOS, and Linux can directly integrate Azure Files. SMB file shares in Azure can be replicated to Windows servers (either on-premises or in the cloud) via Azure File Sync to provide high performance and distributed caching for large files at the point of use. With the current release of Azure Files AD authentication, SMB file shares in Azure can still be used with the locally hosted AD instance for access control.
  • Lift & Shift Applications: Azure Files simplifies Lift & Shift projects to the cloud for applications where file shares are expected to store data. Azure Files enables not only the classic Lift & Shift scenario, where both the application and its associated data are moved to Azure, but also the Lift & Shift hybrid scenario, where the application data is moved to Azure Files and the application continues to run locally.

Indexer in Azure - Cognitive Search for Azure Files

An indexer in Azure Cognitive Search is a crawler that extracts content from cloud data sources and creates a search index using field-to-field mappings between source data and a search index. This approach is also known as the "pull model" because the search service retrieves data without writing any code. Indexers can be run on demand or on a schedule for regular data updates.

Besides the common file formats such as Microsoft Office formats and PDF, the following formats are also supported by the indexer: CSV, EML, EPUB, GZ, HTML, JSON, KML, , ODT, ODS, ODP, TXT, RTF, XML, ZIP.

Microsoft Defender for Storage & Azure Files

Protection for Azure Storage to support Azure Files and Azure Data Lake Storage Gen2 API was introduced by Microsoft in the year 2020. Advanced Threat Protection for Azure Storage provides an additional layer of security intelligence that pushes alerts when unusual and potentially malicious activity is detected.
These security alerts are integrated with Azure Security Center and are also emailed to subscription administrators. Details about the suspicious activity and recommendations on how to investigate and remediate threats are integrated.