Microsoft has long believed that the future of the cloud is hybrid, extending on-premises systems to its hyperscale Azure. It can perhaps best be seen as an evolutionary process, using the cloud first to add to your existing resources, on-premises first and the cloud as backup and failover. Over time, you will begin to use the cloud first and foremost, bringing cloud resources to your data center when required for legal or privacy reasons.
The hybrid cloud is an attractive idea, but it takes ways to migrate legacy services to Azure and deeply integrate them into existing systems and processes. That includes providing support for commonly used services, including the old favorites: File and Print.
TO SEE: Windows, Linux, and Mac Commands Everyone Should Know (Free PDF) (TechRepublic)
Data in the cloud
When it comes to files, Azure has had several solutions over the years, with technologies such as StorSimple, Azure Data Box, and Azure Stack providing on-premises file shares extending into the cloud, using hardware-based devices to deliver the necessary endpoints in your data center. But now that Azure supports VPN connections, making the virtual networks part of your network, you should be able to connect to Azure storage without intervention, except for an appropriate secure network connection.
That’s where Azure Files and its closely related Azure File Sync come in handy. Azure Files takes the storage service from Azure and puts a trusted file protocol on it, either SMB or NFS. Wherever you have a network connection to Azure, you can work against those new shares directly from your PC. Alternatively, with Azure File Sync, you can continue to use a local share as a cache with a Windows Server transferring data to and from Azure.
Using Azure for storage makes a lot of sense. The underlying Azure storage tools are designed to work in a distributed, global service, replicating your data across data centers and regions. Unlike on-premises file servers, this approach can help protect data without the need for additional hardware. That approach allows it to act as a central hub for data to be shared across many sites around the world, taking advantage of Azure’s global scale to ensure data is replicated across regions. At the same time, built-in data protection tools allow you to avoid accidental deletion, where all user deletes can be a “soft delete” with a defined retention time. Snapshots back up your data and can be stored for up to 10 years, while Microsoft Defender for Storage protects data from malware and monitors it for potential attacks.
Working with Azure Files
Azure Files gives you an easy way to take and move applications to the cloud, so they have the same shared folders everywhere. There is no need to update code and moves can be handled in stages, moving data ahead of applications. There’s no need to even change your authentication methods, with existing Active Directory permissions managed through Azure Files AD authentication in addition to Azure’s support for modern authentication through Azure Active Directory.
Once data is stored in Azure Files, you have the option to use Azure’s proprietary storage APIs for native cloud applications, in addition to the familiar SMB block-based access for on-premises or virtual infrastructures. Azure Files can be used with Microsoft’s new virtual desktop cloud PCs, ensuring access to data from users’ normal PCs and virtual desktops so they can work safely from home without corporate data touching their personal PCs. All data is encrypted in transit by default, but you can disable this. When stored in Azure, it is encrypted using a process similar to Windows’ BitLocker. Microsoft owns the default keys and manages their rotation. If you prefer to bring your own regulated data keys, you can, but that means you have to manage them yourself and also restrict the access of some protocols.
With Azure Files, you don’t have to manage the underlying operating system to keep your file servers up-to-date and secure. Because they are part of Azure, they are automatically patched and updated as needed, using only compute power when files are written or read. Azure will work around hardware failures by using replicas to populate new disks as needed. As an added bonus, your files are protected by Azure’s data center resilience, with multiple power supplies and network connections.
Yes, it costs more to use than on-premises storage, but any time savings should allow you to work on new projects and services. Azure hosted storage can scale automatically, so you no longer have to wait for new hardware to increase quotas, but you do have the option to set pool size limits to control budgets by preventing users from suddenly terabytes of personal data in your company stocks store.
Manage and use Azure Files in your network
On the administration side, you can continue to use your existing Windows storage management tools with Azure Files, while moving to native Azure APIs with PowerShell or the Azure CLI. You also need to be able to manage your Azure virtual networks to ensure you have the right endpoints, for remote and in Azure access (the latter is important if you’re using Azure Files with Windows 365 cloud PCs). Modern Windows clients can take advantage of this from SMB over QUICgiving you a file-only VPN for approved users.
Getting started with Azure Files is easy enough. You should start by choosing the file sharing protocol you want to use. SMB is best for Windows systems, with support for SMB 2.1 and above, while NFS is used by UNIX systems. You must choose the type of child storage account you use: Microsoft recommends that you use general-purpose Azure V2 accounts with hard drive-based storage or FileStorage accounts with SSDs. FileStorage accounts can only be used by Azure Files and cannot be used to host other types of Azure storage. There are other Azure storage options, some of which can host Azure Files data, but they don’t support all the features of Azure Files.
Getting the right performance for your storage is important, with four tiers that help manage how data is accessed. Premium is fast and uses SSD for minimal latency, while transaction-optimized is best for centrally storing application data that doesn’t require low-latency access. Hot data is general purpose for most file shares, while cool data is a cheaper, slower option best used for archives.
As Microsoft’s family of StorSimple storage devices reach the end of their life in December 2022, it’s a good time to think about using Azure Files. The platform is more flexible than StorSimple, but if you prefer to use Azure to extend on-premises shares, you can use Azure File Sync to provide a local share that acts as a read-write cache for Azure Files.
Microsoft’s hybrid cloud vision is a lot bigger than for your applications and data; it’s about bringing the cloud and on-premises together so they’re part of one bigger platform that works the way you want to work, not the way Microsoft thinks you should. Azure Files is part of that vision, helping to bridge the gap between personal, work, and cloud data. With Windows 365 cloud PCs planned to be just another virtual desktop in Windows 11, having a file system like Azure Files shared between your PC and those cloud PCs is essential.
