The fundamental building block of Azure storage service is the Azure storage account. The Storage account is more like an administrative container for most of the Azure storage services. All the storage services are explained below.

Azure Blob: We can have Azure Blob storage within the storage account, which is used to store the unstructured data such as media files, documents, etc.

Azure file: Azure file can be used in case if we want to share files between two virtual machines, then we can create an Azure file share and access it on both of the virtual machines. We can share the data between two or more VMs.
Archive: Archive is recently introduced, and it is in preview. We can use the archive for cost optimization. So, we can move any infrequently accessed blobs or files into the archive to optimize the cost. However, once you move the data into an archive, it will take some time for the recovery of that data.
Azure Queues: It can be used to store messages.
Azure Table: It can be used to store entities. The Azure Table is a bit different from the SQL table. This is a NoSQL datastore where the schema within the table is not enforced.

And apart from all these services, there is one other key service which is:

Azure Disk Storage: Any OS disk associated with the virtual machine in Azure will get stored in a disk storage account. And also, any OS image from which this OS disk is generated will get stored as a .vhd file within the disk storage.
Azure Storsimple: In a hybrid cloud storage solution, Azure offers Storsimple. Storsimple is a hybrid storage solution that works at a SAN(Storage Area Network) level. It was used to be a separate company, but Microsoft brought it with them and is now offering the same services as a part of Azure and from DR (Disaster Recovery) perspective.
Azure Site Recovery: In case if we want to use Azure as a DR data-center, then we can use Azure site recovery to replicate the workloads from our on-premises data-center into Azure. Replicated workloads will be stored as images within a storage account. Whenever our on-premises data-center is down, we can run some automated scripts which will consider that recent image and build a virtual machine.
Azure Data Box: If we have terabytes of data which we want to transfer from the on-premises data center into Azure and we don’t want to choose a network as an option because transferring the data over the network in terms of terabytes is not feasible. So, in that case, we can use the Azure data box. By using Azure Data Box, we can load the data into the data box and give that data box to Microsoft. Microsoft will load that data into Azure
Azure Backup: We can use Azure backup to backup the disks of our virtual machine into a recovery service vault and restore the same using that image. We have to be aware that Azure backup doesn’t utilize storage to store the disk image. They are stored in the recovery services vault.
Azure Monitor: It can be used for the monitoring of all these services. We can use Azure Monitor for simple monitoring, and we can use log analytics for advance monitoring and analysis. We can also use alerts in case if we want to get alerted on certain things, for example, if the file share capacity is reaching its limit, then we configure it in such a way that we will get alert about the same.
CDN (Content Delivery Network): It is used for the delivery of the contents stored in the storage account. We can use a content delivery network to reduce the latency of the delivery. We’ll create a CDN endpoint near to the users to reduce the latency.

Finally, the storage account will be connected to Virtual Network. The storage account will have a storage firewall where we can configure that from which virtual network you want to accept connections. So, we can specify a particular IP address from where we want to allow connections or a specific subnet within a virtual network.

Azure Storage Account

An Azure Storage Account is a secure account, which provides you access to services in Azure Storage. The storage account is like an administrative container, and within that, we can have several services like blobs, files, queues, tables, disks, etc. And when we create a storage account in Azure, we will get the unique namespace for our storage resources. That unique namespace forms the part of the URL. The storage account name should be unique across all existing storage account name in Azure.

Note: If you want to use all storage services, we recommend you to go with general-purpose version-2, and in case if you need storage account for blobs only, then you can go with the blob storage account type.

Types of performance tiers

Standard performance: This tier is backed by magnetic drives and provides low cost/GB. They are best for applications that are best for bulk storage or infrequently accessed data.

Premium storage performance: This tier is backed by solid-state drives and offers consistency and low latency performance. They can only be used with Azure virtual machine disks, and are best for I/O intensive workload such as the database.

(So every virtual machine disk will be stored on a storage account. So, if we are associating a disk, then we will go for the premium storage. But if we are using storage account specifically to store blobs, then we will go for standard performance.)

Access Tiers

There are four types of access tiers available:

Premium Storage (preview): It provides high-performance hardware for data that is accessed frequently.

Hot storage: It is optimized for storing data that is accessed frequently.

Cool Storage: It is optimized for storing data that is infrequently accessed and stored for at least 30 days.

Archive Storage: It is optimized for storing files that are rarely accessed and stored for a minimum of 180 days with flexible latency needs (on the order of hours).

Advantage of Access Tiers:

When a user uploads the document into the storage, the document will initially be frequently accessed. During that time, we put the document in the hot Storage tier.

But after some time, once the work on the document is completed. Nobody generally accesses it. So, it will become infrequently accessed document. Then we can move the document from Hot storage to Cool storage to save the cost because cool storage is built based on the number of times the document is accessed. Once the document is matured, i.e., once we stopped working on that document, the document becomes old. We rarely refer to that document. In that case, we put it in cool storage.

But for six months or one year, we don’t want the document to be referred to in the future. In that case, we will move that document to archive storage.

So hot storage is costlier than cool storage in terms of storage. But cool storage is more expensive in terms of access. Archive storage is used for archiving the documents into storage, which is not accessed.

Azure Storage Replication

Azure Storage Replication is used for the durability of the data. It copies our data to stay protected from planned and unplanned events, ranging from transient hardware failure, network or power outages, and massive natural disasters to man-made vulnerabilities.

Azure creates some copies of our data and stores it at different places. Based on the replication strategy.

LRS (Local Redundant Storage): So, if we go with the local-redundant storage, the data will be stored within the data center. If the data center or the region goes down, the data will be lost.

ZRS (Zone-Redundant Storage): The data will be replicated across data centers but within the region. In that case, the data is always available within the data center, even if one node is not available. OR we can say that the data will be available also if the entire data center goes down because the data is already copied in another data center within the region. However, if the region itself is gone, then you will not get the data access.

GRS (global-redundant storage): To protect our data against region-wide failures. We can go for global-redundant storage. In this case, the data will be replicated in the paired region within the geography. And in case if we want to have read-only access to the data that is copied to another region, then, in that case, we can go for RA-GRS (Read Access global-redundant storage). We can get different things in terms of durability, as we can see in this table below.

blu

Storage account endpoints

Whenever we create a storage account, we will get an endpoint to access the data within the storage account. So, each object that we stored in Azurestorage has an address, which includes your unique account name and the combination of an account name, and service endpoint, which forms the endpoint for your storage account.

For example, if your general-purpose account name is mystorageaccount then generally the default endpoints for different services looks like:

Azure Blob storage: http://mystorageaccount.blob.core.windows.net.

Azure Table storage: http://mystorageaccount.table.core.windows.net

Azure Queues storage: http://mystorageaccount.queue.core.windows.net

Azure files: http://mystorageaccount.file.core.windows.net

In case if we want to map our custom domain for these, we can still do that. We can use our custom domain in reference to these storage service endpoints.

Creating and configuring Azure Storage Account

Let’s see how to create a storage account in Azure portal and discuss some of the important settings associated with the storage account:

Step 1: Login to your Azure portal home screen and click on “Create a resource”. Then type-in storage account in the search box and then click on “Storage account”.

Step 2: Click on create, you will be redirected to Create a storage account window.

Step 3: First, you need to select the subscription whenever you are creating any resource in Azure, and secondly, you need to choose a Resource Group. In our case, the subscription is “Free Trail”.

Use your existing resource group or create a new one. Here we are going to create a new resource group.

Step 4: Then, fill the storage account name, and it should be all lowercase and should be unique across all over Azure. Then select your location, performance tier, Account kind, Replication strategy, Access Tier, and then click on next.

Step 5: You are now on the Networking window. Here, you need to select the connectivity method, then click next.

Step 6: You are now on the Advanced window were you need to enable or disable security, Azure files, Data Protection, Data lake Storage and then click next.

Step 7: Now, you are redirected to the Tags window, where you can provide tags to classify your resources into specific buckets. Put the name and value of the tag and click next.

Step 8: This is the final step where the validation has been passed, and you can review all the elements that you have provided. Click on create finally.

Now our storage account has been successfully created, and a window will appear with the message “Your deployment is complete”.

Click on “goto resource”, then the following window will appear.

You can see all the values that you have selected for different configuration setting when creating the storage account.

Let’s see some key configuration settings and key functionality of the storage account

Activity Log: We can view an activity log for every resource in Azure. It provides the record of activities that have been carried out on that particular resource. It is common for all the resources in Azure.

Access Control: Here, we can delegate access for the storage account to different users.

Tags: We can assign new tags or modify the existing tags here. We can also diagnose and solve the problems in case if we have any problems.

Events: We can subscribe to some of the events that are happening within this storage account, it can be either logic app or function. For example, a blob is created in a storage account. That event will trigger a logic app with some metadata of that blob.

Storage explorer: This is where you can explore the data that is residing in your storage account in terms of blobs, files, queues, and tables. Again there is a desktop version of this storage Explorer which you can download and connect also, but this is more of a web version of it.

Access Keys: We can use it to develop applications that will access the data within the storage account. However, we might not want to give access to this access key directly. We may wish to create SAS keys. Here, we can generate specific SAS keys for a limited period, with limited access. Then provide that SAS signature to our developers. Another way is the access keys. Access key gives blanket access. So, we recommend not to give access of the access keys to anyone other than the one who created that storage account.

CORS (Cross-Origin Resource Sharing): Here, we can mention the domain name and what operations are allowed.

Configuration: If we want to change any configuration values, then there are certain things that we can’t change once the storage account is created – for example, performance type. But we can change the access tier, and secure transport required or not, the replication strategy, etc.

Encryption: Here, we can specify our own key if we want to encrypt the data within the storage account. We need to click on the check box, and we can select a key vault URI where the key is located.

(SAS) Shared access signature: Here, we can generate the SAS keys with the limited access and for the limited period, and provide that information to developers who are developing applications using the storage account. SAS is used to access data that is stored in the storage account.

Firewalls and Virtual network: Here, we can configure the network in such a way that the connections from certain virtual networks or certain IP address ranges are allowed to connect to this storage account.

And we can configure advanced threat protection and can make the storage account compatible to host a static website

Properties: Here we can see the properties related to the storage account

Locks: Here, we can apply locks on the services.

So these are the different settings we can configure, and the rest of the settings are related to different services within the storage account – for example, blob, file, table, and queue.

So, this brings us to the end of blog. This Tecklearn ‘Azure Storage Building Blocks and Storage Account’ blog helps you with commonly asked questions if you are looking out for a job in Azure and Cloud Computing. If you wish to learn Microsoft Azure and build a career in Cloud Computing domain, then check out our interactive, Microsoft Azure Developer and Administrator Training, that comes with 24*7 support to guide you throughout your learning period. Please find the link for course details:

https://www.tecklearn.com/course/microsoft-azure-developer-associate-az-203-and-microsoft-azure-administrator-associate-az-103/

Microsoft Azure Developer Associate: AZ-203 and Microsoft Azure Administrator Associate AZ-103 Training

About the Course

This Course provides training for Microsoft Azure Administrator and Azure Developer. Tecklearn’s Azure Administrator training provides you with a deep understanding of the entire administrative lifecycle in Azure environments. This Azure course shows you how to maintain services related to computing, storage, network, and security. Enhance your Azure Administrator skills and prepare to ace the AZ-103 Azure Administrator exam. The Azure Developer certification course prepares you for Microsoft’s Azure Developer certification exam AZ-203. It covers Azure architecture, Azure technology development solutions, Azure storage services, and solutions, Cognitive Services such as Computer Vision, Q&A Maker, Azure service solutions, and API management services.

Why Should you take Azure Developer and Administrator Training?

Microsoft certified Azure Associate developer earns salary ranging from $95,000 to $135,000
Average salary of Microsoft Certified Azure Administrator is $90,000 – Indeed.com
Apple, eBay, Samsung, Citrix, UST Global, Mindtree, TCS, Wipro, Infosys & many other MNC’s worldwide use Azure across industries
According to Microsoft, more than 1,000 new sign-ups for Azure occur each day, which equates to approximately 365,000 new sign-ups each year
By 2022, 90% of enterprises will use both the IaaS and PaaS capabilities from cloud provider – Gartner

What you will Learn in this Course?

Introduction to Azure Compute Solutions and Cloud Computing

Introduction to Microsoft Azure
About Azure Certification

Overview of Azure Storage Services

Azure Storage
Azure File Use Case
Azure DNS
Azure Site Recovery

Secure and Manage Azure Storage

Security Issue
Azure Regions
Azure Services

Implementing Secure Data Solutions and Integrating Caching & CDN

Azure CDN
Azure Traffic Manager
Azure Load Balancer
Azure Scale Set

Implementing Azure App Service Web Apps and Mobile Apps

Design and Implement Azure Service Apps
Web Apps
Pricing Calculator – Azure

Managing Azure Subscriptions and Resource Groups

Create Resource Group
Create App Service Plan
Create Web App and Deploy Angular Application using SCM
Deploy .NET Application using SCM
Deploy App using Visual Studio
Web Job Types
Sendgrid

Develop Event-based and Message-based Solutions in Azure

Messaging Strategy
Design and implement Messaging Strategy
Azure Notifications
Microsoft Azure Service Bus
Queues
Topics
Create Topic
Create Subscription
Azure Relay
Using EventHubs

Implementing Azure App Service API Apps & Azure Functions

Azure PAAS Services
API Management
Function Apps
Logic Apps

Overview of Azure Virtual Machines and Configure Virtual Machines for High Availability

Virtual Machines
Create VM
PowerShell DSC and Custom Script Extension
Scale ARM VMS
VMSS
Monitoring VMs
Dev Test Labs
VM Storage

Design and implement Azure DevOps

CI/CD Pipelines
VSTS
Deployment in pass and VM’s
Scheduled deployments

Manage Azure Active Directory (AD)

Manage Identity, Application and Network Services
Overview of Azure Active Directory
Azure Active Directory B2C
Azure Active Directory B2B
Key Vault
Azure Graph API

Azure Virtual Networks and Network Security

Redis Caching
Azure search
Virtual Networks
Configure Virtual Network
Hybrid Network Connectivity
ARM VM Networking
Azure security and recovery services

Developing Solutions That Use Relational Database and Azure Blob Storage

Azure DB Services – SQL DB
Azure Notifications
Backup and Restore
Enabling Geo-Replication
Export source Database
Scale Azure SQL Databases

Developing Solutions That Use Azure Table Storage & Cosmos DB

COSMOS DB
Azure Key Vault
Azure App Insights

Azure Command Line Interface (CLI) and PowerShell

Resource management and deployments using PowerShell and CLI
ARM templates
Implement ARM templates
Control Access
PowerShell runbooks
Azure Automation
Real Time Examples

Got a question for us? Please mention it in the comments section and we will get back to you.

472