Creating Azure Storage Account
Azure Storage account is a resource in Azure. Storage Account will give your group of services like Blob Service, File Service, Table Service, Queue Service. In this article I will walk you through the steps of creating your first Azure storage account.
IntroductionPermalink
- Azure Storage Account provides a unique namespace through which the contained storage objects are accessed.
- It is located in a specific region
- Have a certain replication types.
- Different account types and performance tiers.
Creating Azure Storage Account Basics 🧮Permalink
Login to https://portal.azure.com/ and create resource and search for Storage Account and then create new storage account for you.
NamePermalink
Name of the storage account should be unique in Azure.
- For each of the services will be like below.
Pattern:
<YourName><Service>.core.windows.netExamples:- https://rupesh.blob.core.windows.net
- https://rupesh.file.core.windows.net
LocationPermalink
Location of the data center is important like USA data centers may have large numbers of replication data centers. However, Brazil datacenter location will have 2-3 replication datacenter locations.
PerformancePermalink
- Performance tiers are of Standard or Premium type.
- With premium only locally-redundant storage is supported.
- Files or Blobs or any resource can not automatically move between Standard and Premium Accounts.
- You must do file copy in order to move them between Standard and Premium Accounts.
- This setting can’t be changed after the storage account is created. It is just like a type of account. Either you create standard or premium performance account.
Account KindsPermalink
Normally you should select the general-purpose v2 (GPv2) storage kind. Because this is the recommended type from Microsoft which has both blob storage and other features.
In Standard Performance AccountPermalink
You have 3 options to choose your account kinds:
- general-purpose v2 (StorageV2)
- general-purpose v1 (Storage)
- BlobStorage
- A general-purpose v2 (GPv2) (👈 recommended) has all latest features is the default.
- A general-purpose v2 (GPv2) storage account provides access to all of the Azure Storage services: blobs, files, queues, tables, and disks.
- GPV1 v1 is when u want to integrate with VMs or older network using classic Azure Model
- Blob Storage: only has the blob services this is the legacy account type.
In Premium Performance AccountPermalink
You have 4 options to choose your account kinds:
- general-purpose v2 (StorageV2)
- general-purpose v2 (Storage)
- BlockBlobStorage
- FileStorage
- general-purpose v2 : stored in SSD drive
- general-purpose v2: stored in SSD drive
- Block Blob Storage: has lower latency and high transaction rates. It can only store blob and has no hot cold tiers so no support for blob access tiers.
- File Storage: only for files + SSD and additional performance.
ReplicationPermalink
Replication will make sure the data redundancy is happening. The default one is Read-access geo-redundant storage (RA-GRS).
Replication options depends on:
- location of the storage account
- performance type of the storage account.
Example: If you select (Asia Pacific) Korea South location & Standard performance account then you will only get LRS, GRS and RA-GRS.
In Standard Performance AccountPermalink
In standard performance account, If you select the location which has all replication options available then generally you will see 6 replications strategy options.
Example: for (Canada) Canada Central you get all 6 replication strategies: LRS, ZRS, GRS, RA-GRS, GZRS,RA-GZRS.
In Premium Performance AccountPermalink
In Premium performance account, regardless of location you select. At this time only LRS replication strategy is supported.
Networking 🥅Permalink
Connectivity methodPermalink
Public endpointPermalink
Your endpoint will be visible over the internet. So you can publicly access your account. You can enforce security.
Selected Network Public endpointPermalink
Restrict access to only selected network. Like only Certain vNet or Subnets can only access like VMs. It will not allow over the internet access. You can also white list certain IP addresses that allows them to connect to the storage account.
Private endpointPermalink
This creates the private IP address for the storage account on your own Azure vNet which blocks all connection to the public internet. Only allows accessing storage account from On-Premises if you connected your on-premise network to Azure using VPN or ExpressRoute.
Network RoutingPermalink
You can decide how traffic will be routed to the azure endpoint by default.
Microsoft network routing (default 👍recommended)Permalink
Client should enter the Microsoft Network at the point closest to the user location called point of present.
Internet RoutingPermalink
Client should enter the Microsoft Network at the point closest to the storage account.
Data Protection 👮Permalink
RecoveryPermalink
Turn on point-in-time restore for containersPermalink
Let’s you to restore the blob container into previous state.
⚠️When point-in-time restore is enabled, versioning, blob change feed and blob soft delete are also enabled. The retention periods for each of these features must be greater than that of point-in-time restore.
Turn on soft delete for blobsPermalink
It creates a sort of recycle bin ♻️ for your blobs. In case if you deleted some blob you can restore them within the time limit that you set.
Turn on soft delete for containersPermalink
It creates a sort of recycle bin ♻️ for your storage container. In case if you deleted container you can restore them within the time limit that you set.
⚠️Sign up is required on a per-subscription basis to use container soft delete.
Turn on soft delete for File SharesPermalink
It creates a sort of recycle bin ♻️ for your file shares. In case if you deleted some files you can restore them within the time limit that you set.
TrackingPermalink
Tracking changes of the blobs.
Turn on versioning for blobsPermalink
Auto maintain previous versions when they modified or deleted.
Turn on blob change feedPermalink
It stores all the transactional logs for all of the changes happened to the blob in the storage account.
Advanced 🅰️Permalink
SecurityPermalink
Secure transfer requiredPermalink
Enabled: Accessing endpoint over https 👍 recommended.
Allow shared key accessPermalink
If disabled then client can only use roles in Azure AD to authenticate in to the storage account. And any request with shared key access will be denied.
Minimal TLS versionPermalink
Set the TLS for all the apps under this storage account
Infrastructure encryptionPermalink
By default at rest all data is encrypted in azure storage account. However, you can add one more layer of encryption. ⚠️Signup is required.
Blob storagePermalink
Allow Blob public accessPermalink
if you disabled public access at the storage account level you can still allow at container level. If you enabled at storage account level then still you can restrict public access at the container level.
Blob access tierPermalink
Archive tier is not available for Blob storage. Only hot and cold is available.
NFS v3Permalink
Network File System(NFS) enables Windows or Linux clients to mount a container in Blob Storage from a Azure Virtual Machine(VM) . This is in preview and only available for few region as of now. ⚠️Signup is required.
Data Lake Storage Gen2Permalink
Hierarchical namespacePermalink
If disabled then Blob storage uses virtual file system by default that creates URL for a blob with no real folder structures. Each blob can be located by this URL format: https://rupesh.blob.core.windows.net/container2/myimages/image.png That contains container name and sub folders name and file name. However they are not really folders they are just **part of the URL**.
If enabled then below benefits will happen:
-
Blob storage will use actual file systems. So you get actual folder structures and that helps to setup security and other atomic operations at folder level.
-
Data Lake Storage Gen2 is built on top of the Blob Storage Service. So it can be used by other Azure services like Azure HDInsight, Azure DataBricks and Azure Synapse Analytics
Azure FilesPermalink
Large file sharesPermalink
It is for Azure Files Services so that you can allow file share upto 100TB of size. Only Local and Zone redundant storage and it can not be turned off when enabled.
Tables and QueuesPermalink
You can add your own encryption keys for Tables and Queues and it can not be turned off when enabled.
Tags 🏳️Permalink
This is common feature for all Azure resources where you can create tags.
DemoPermalink
Finally you can review your account and create them. Enjoy your Azure Storage Account 😄
Thanks for reading my article till end. I hope you learned something special today. If you enjoyed this article then please share to your friends and if you have suggestions or thoughts to share with me then please write in the comment box.
Become full stack developer 💻Permalink
I teach at Fullstack Master. If you want to become Software Developer and grow your carrier as new Software Engineer or Lead Developer/Architect. Consider subscribing to our full stack development training programs. You will learn Angular, RxJS, JavaScript, System Architecture and much more with lots of hands on coding. We have All-Access Monthly membership plans and you will get unlimited access to all of our video courses, slides, download source code & Monthly video calls.
- Please subscribe to All-Access Membership PRO plan to access current and future angular, node.js and related courses.
- Please subscribe to All-Access Membership ELITE plan to get everything from PRO plan. Additionally, you will get access to a monthly live Q&A video call with
Rupeshand you can ask doubts/questions and get more help, tips and tricks.
Your bright future is awaiting for you so visit today FullstackMaster and allow me to help you to board on your dream software company as a new Software Developer, Architect or Lead Engineer role.
💖 Say 👋 to me!
Rupesh Tiwari
Founder of Fullstack Master
Email: rupesh.tiwari.info@gmail.com
Website: www.rupeshtiwari.com | www.fullstackmaster.net
