Azure Storage is Microsoft’s cloud platform for scalable, modern data storage. If the number of options overwhelms you, then keep reading. Each Azure storage offering will be broken down into simple terms, while also addressing other things to consider when choosing a solution.
To make things easier for users, Azure Storage offerings are:
However, there’s not just one storage solution that fits all workflows. First, we’ll review the primary services in Azure Storage.
Azure Storage offers five core services: Blobs, Files, Queues, Tables, and Disks. Let’s explore each and establish some common use cases.
Azure Blobs is Microsoft’s cloud object storage service for BLOBs (Binary Large Objects), which excels in random access scenarios. This storage type is typically used for unstructured data, such as documents, images, logs, audio, and video, including all associated metadata and organized into containers (think of this as a pseudo folder structure for the flat object namespace).
Common use cases include:
There are several ways to access Azure Blobs for file upload/download, application connections, and more, such as the Azure Storage REST API, as well as a PowerShell module.
Azure Files is Microsoft’s SMB implementation in the cloud. Think of it like Network Attached Storage (NAS). These shares are highly available from anywhere in the world and can be mounted directly on Windows, macOS, and Linux clients via SMB. This is traditional file storage in a folder hierarchy like you’d expect when using the SMB protocol.
Microsoft advertises this offering as a cloud NAS solution for end-user data, although the most common use I’ve found is “lifting and shifting” on-premises applications to the cloud that already use native APIs and SMB. Azure Files certainly can be used as a cloud replacement for on-premises NAS, but there are other solutions out there that do a better job.
For application development, if you have VMs running in Azure that need access to centralized dev/debug tools or logging then Azure Files is a quick solution that’s already in the same cloud as those VMs.
However, there are some SMB features not currently supported by Azure Files (listed here), which should be considered when deciding if Azure Files is the right storage solution for your workflow.
Azure Queues are used for asynchronous messaging between application components, which is especially useful when decoupling those components (ex. microservices) while retaining communication between them. Another benefit is that these messages are easily accessible via HTTP and HTTPS.
In addition to Azure Storage Queues, Microsoft also offers Service Bus Queues for more advanced messaging integration patterns. The differences between Azure Storage Queues and Service Bus Queues are explained in more detail here.
Azure Tables are structured, schema-less NoSQL data stores in the cloud. Tables are commonly used to store flexible datasets such as user data for a web application and other kinds of metadata.
In addition to Tables, Microsoft has other database offerings such as their premium NoSQL Cosmos DB as well as many other SQL and NoSQL solutions. The differences between Azure Tables and Azure Cosmos DB are outlined here.
Azure Disks are used as persistent block-level storage attached to VMs in Azure. If you run any VMs in Azure, then you’re probably already using Azure Disks. Outside of VMs you probably won’t find yourself using Azure Disks, but it’s technically part of the Azure Storage family so it’s worth mentioning.
The three data tiers that Azure offers for storage products are designed to help you save money, especially if all data doesn’t need to be readily available for on-demand retrieval:
With Cool and Archive tiers, there are early deletion charges if data doesn’t reside in Azure for the required number of days (30 and 180, respectively). Per Microsoft, “This charge is prorated. For example, if a blob is moved to archive and then deleted or moved to the hot tier after 45 days, you’ll be charged an early deletion fee equivalent to 135 (180 minus 45) days of storing that blob in archive.”
The Hot tier is the most expensive, but useful for data that always needs to be available and will frequently be updated, deleted, etc.
Data stored in a Cool tier can still be accessed at any time, but the early deletion charge will come into play if data is deleted before it has been in the Cool tier for 30-days. Cool tier data is typically short-term archive or disaster recovery, and this tier costs less than the Hot tier.
Data stored in the Archive tier cannot be accessed at any time, and retrieval can take up to 14 hours before data is even available for egress. Archive tier data is typically long-term archive or compliance data that cannot be deleted for legal reasons, and this tier costs less than the Cool tier.
Each account type for Azure Storage has different properties and pricing. For the most part, you’ll use the General-purpose v2 account type, however, there are some legacy account types as well as blob and file-specific storage accounts. More details about each account type are available here.
Azure always has multiple copies of your data on hand in the event of disaster, hardware failure, outages, etc. While these redundancy techniques and tiers are out of the scope of this blog, Microsoft provides more detail here.
All Azure storage offerings are protected by various authorization mechanisms that are available depending on the storage type. REST APIs, client libraries, and PowerShell are common workflows for accessing Azure Storage, although Microsoft also offers an easy-to-use UI for browsing data, upload, and download via the Azure Storage Explorer.
Let’s also review the various forms of authentication and authorization available for Azure Storage:
All data stored in an Azure Storage offering is automatically encrypted on upload and decrypted on retrieval. Azure handles this encryption/decryption (more details available here), but also offers methods for client-side encryption before data is sent over the wire to Azure.
Azure Storage is a powerful and flexible way to store your data in the cloud and especially useful if you’re already integrated with Microsoft’s ecosystem. If you’re still reading, then hopefully this blog was able to simplify the different options for storage types, access, security, and more.
Stealthbits Technologies is a data security software company focused on protecting an organization’s credentials and data. By removing inappropriate data access, enforcing security policy, and detecting advanced threats, we reduce security risk, fulfill compliance requirements, and decrease operations expense. Learn more by clicking here.
Dan Piazza is a Technical Product Manager at Stealthbits, now part of Netwrix, responsible for PAM, file systems auditing and sensitive data auditing solutions. He has worked in technical roles since 2013, with a passion for cybersecurity, data protection, automation, and code. Prior to his current role he worked as a Product Manager and Systems Engineer for a data storage software company, managing and implementing both software and hardware B2B solutions.
Adopting a Data Access Governance strategy will help any organization achieve stronger security and control over their unstructured data. Use this free guide to help choose the best available solution available today!
Read more© 2022 Stealthbits Technologies, Inc.
Leave a Reply