Get introduced to Azure storage files, or network file shares, available over both SMB and REST APIs. Learn how clients can continue to use the net use command to map drives, without the need to deploy Windows servers as file servers. Explore the Azure storage files service, which is highly available and redundant and offers an instant deployment for workloads dependent on file shares.
- [Instructor] With Azure Storage accounts, we can very easily create files or file shares, you might know them as a network share, and so this allows us to migrate applications into Azure really easily if all they need is a file share. So, what do I mean with a file share? You might be used to the net use command or the cifs shares that we can mount from Linux, or maybe with the notation backslash backslash, a server name, followed by backslash and a share name. So, if this looks familiar, you are familiar with network shares or network file shares and on a Azure Storage account, we can create one really easily.
Now, remember in Azure Storage, things are triple replicated, at least in local datacenter, so when you create a file share, our data will already be redone and restored, and so, we get a highly available redundant file server from any general purpose storage account. So, practically, what does this mean? Well, you're not getting a Windows Server, so there are some limitations. For example, you cannot use Active Directory and its Access Controllers to create, for example, user folders. We access the network share with that key that we've previously seen and so, there is basically one username and password to get into a network share using the SMB protocol.
Speaking of SMB, if you're connecting from a network-connected PC, there are some version limits. So, for example, you cannot use Windows XP or 2008, you need at least SMB 2.1 or 3.0. The Azure Storage file shares are implemented as an API that looks like SMB to us, so there is only a subset of the protocol implemented. So, SMB 2.1 and 3 partly support it, but the actual implementation is using blobs and tables behind the scenes. So, we get an SMB interface and a REST API, so this means even though there are some limitations, like not having Active Directory, some other things being left out of the protocol like short file names and alternative data streams, we do get two different ways to get to the same share.
SMB, so the net use command, or our custom clients can use the REST API. So, using the REST API, we can have a very familiar experience, kind of similar to the Blob API, in that, we can talk to a REST API to access files. And so, the real magic here is that when we migrate applications to Azure, applications that require file shares, we can use a Legacy application that currently uses file shares and build new features and new applications cloud-native by using the REST API to get to the same underlying data, and the best part is that the REST API and SMB does work concurrently.
They work at the same time. They even respect each other's locks, so when you have a write lock on a file using SMB, the REST API will actually respect that. Now, there is a catch. Originally, the network shares were not encrypted, so when we connect to a network share in the old days, the traffic was essentially in clear text. With SMB 3, we do get encryption, so encryption between a client and a network share, even if you don't have IPsec implemented. With a client that supports SMB 3, you can connect to an Azure Share pretty much from anywhere, as long as the network ports are open and authentication is successful.
However, if you have a slightly older client, you can actually use SMB 2.1 Clients, so that's older Windows Clients and Linux Clients, and such, from inside the Azure environment. So, if you have a virtual machine, you could connect to an Azure Share, even if that client does not yet support a full SMB 3 encrypted scenario, but the boundary of Azure is where that limitation is then enforced, in that, you cannot send clear text SMB traffic from outside of Azure to a file share implemented by Azure Storage.
So, for your migration scenarios, just consider that those are for troubleshooting. Now, often people are on Windows XP Clients or Server 2008 machines, trying to connect to an Azure Storage Share and they don't realize they're on too old a version of SMB, not supporting encryption. So, let's go take a look at how to actually do this.
- Azure Storage overview
- Azure Storage security
- Deploying Azure Storage
- Accessing Azure Storage files
- Passing messages with Azure Storage queues
- Storing unstructured data with Azure Storage blobs
- Storing structured data in Azure Storage tables (Cosmos DB)