Azure Storage

• Storage Account is globally unique name and supports four types:
• Blob container: object store
  • Anonymous(global) Permissions: Private (no access), Blob (only if the exact URL is known), Container(scan to find out object URLs)
  • Supports VHD
• Table: key-value store, cheaper than DBMS, but not transactional
• Queue: messaging
• File: SMB network share
  • ROT: use for sharing data between applications running on different VMs, but not for 1 application that scales out to different servers
• Data Lake Storage Gen2: store files and objects. ideal for analytical workloads
• Immutable Blobs can't be deleted or modified. Good for legal or compliance
• Time-based retention: container creation time is used instead of when the policy was applied
• Legal Hold: Data is deleted after the hold is cleared
• Access can be restricted to specific VNet
• Encryption types:
• Storage Service Encryption (SSE) is transparent to the user
• Client-side Encryption handled by the client library
• Managed disks are placed in different storage fault-domains
• File share: smb 3.0 protocol, supports on-prem or VM mounting
• Storage Sync service: syncs contents at least once in 24hr,
• Sync group: consists of one cloud endpoint and one or more server endpoints
  • cloud tiering: only hot files are cached
• for on-prem, TCP 445 port must be open
• blobs types: Block blob (entire blob is a unit of IO), Page blob (eg. .vhd files), Append blob (binary logs)
• storage accounts are flat within containers, folders within them are virtual

Storage Access

• Access keys: key1 and key2, act as master signing keys
• Shared Access Signatures SAS:
• allow access to storage, signed by access keys
• Two types: Service SAS (access to one storage service), Account SAS
• conditional access using: duration, ip, storage type (blob, table, file etc), access level (RO, RW, create etc)
• RBAC using IAM: Assign an AD user using one of the Storage roles

Storage Account attributes

• Performance:
• Standard: HDD
• Premium: SSD (supported by VMs only)
• Account Kind:
• Storage (General Purpose v1): can support tables, queues, files or container (blob), slightly cheaper reads than v2
• StorageV2 (General Purpose v2): like v1, but offers more options like redundancy
• Blob: supports only object store (this can be public by default)
• Storage replication:
• Locally-redundant storage LRS: 3 Copies. Tolerate Node failure (11 9's)
• Geo Redundant Storage GRS: 6 copies, data copied to secondary region, Tolerate Node, Data Center (DC) failures
  • Each region is paired with another region
• Read Access Geo Redundant Storage RA-GRS: Like GRS, a secondary endpoint to read data without failover process
• Zone-redundant storage ZRS: data replicated to 3 storage clusters in different AZ, tolerates Node and DC failures
  • not available for blobs
  • available only through powershell(udemy video 55?)
• Geo-zone-redundant storage GZRS (16 9's)
  • pay for the bandwidth to transfer data between Geos
• Read-access geo-zone-redundant storage RA-GZRS
• Access Tier:
• Hot: default, active data
• Cool: min 30 days
• Archive: min 180 days
• Can be restricted to allow access only from a specific Virtual Network, and/or subnet, and/or IP
• still need the access key
• other virtual networks can still be peered to allow access
• can be changed after creation

Import/Export

• Offline using Azure Data Box: for moving large amount of data
• Data Box Disk: up to 40 TB
• Data Box: up to 500 TB
• Data Box Heavy: over 500 TB
• online: Data Box Gateway and Data Box Edge
• WAImportExport.exe:
• Import: v1 for blobs, v2 for files, Export: only Blobs can be exported
• Tool needs BitLocker key: use window command manage-bde -protectors -get E:
• Creates a Journal file that must be uploaded into a Azure Import/Export job

Content Delivery Network CDN

• Providers: Premium Verizon, Standard Verizon, Akamai, Microsoft
• large files and media delivery via general web are supported only by Microsoft and Verizon
• TTL: 7 days default or as specified on HTTP header

Recovery Service Vaults

• Backup config: Geo-Redundant or Locally-Redundant, can't be changed once set up
• Backup policies: VM, File Share, SQL Server in VM
• VM Recovery options: Create new VM, Replace disks, overwrite disks

Diagnostics Logs

• Tenant logs for recording activity outside Azure subscription (requires an agent)
• Resource logs resource activity with a subscription
• Windows VM logs:
• Performance counters: CPU, Memory, Disk, Network etc
• Logs: levels: Critical/Error/Warning etc for System or Application, Security Audits
• Crash Dumps: on application failure
• Sinks: Send the logs to an application
• Agent: Customize the agent by using Storage account, disk quota and Severity level,
• Available via Resource or Azure Monitor

Disks

• OS: contains OS as C:, max 2TB
• Temporary: Pagefile.sys or other temporary file as D: or /dev/sdb and mounted as /mnt
• Data may not be retained
• Data disk: Max 4TB
• Managed disks
  • Premium SSD
  • Standard SSD
  • Standard HDD
  • Ultra SSD (preview)
• Unmanaged disks
  • Legacy, only HDD, can't exceed 20000 IOPS for the entire storage account
• Disk Caching for Data Disks
• None: For write heavy data
• ReadOnly Host Caching: For RO and RW, but low latency reads and high read IOPS
• ReadWrite Host Caching: For RO and RW, used for C:\ (OS disk) or applications that support writing cached data
• Notes:
• VM are assigned to Availability Set at the time of creation

Container

• Azure Container Instances ACI is PaaS without the need to manage VM or other services
• Azure Kubernetes Service AKS is an orchestration service to run containers
• Containers are mainly used for implementing microservice architecture

App Service

• Web Apps, API Apps, Mobile Apps, WebJobs
• Web App
• Deployment slots: are staging environments before releasing to prod
• WebJobs run in the same context as Web Apps, API Apps or Mobile Apps
• used for running background tasks