Overview of Azure storage services
In this article we will understand and learn about the Azure Storage platform and the various core storage services.
There are various services that Azure core storage offers to provide scalable object storage for data objects, disk storage for Azure virtual machines (VMs), a file system service for the cloud and a NoSQL store. The services include:
- Firstly, Durable and highly available. The redundancy ensures that your data is safe in the event of transient hardware failures. Moreover, you can also opt for replicating data across data centers or geographical regions for additional protection from local catastrophe or natural disaster.
- Secondly, Secure. This explains that all data written to an Azure storage account has gone through encryption by the service. Azure Storage provides you control over who has access to your data.
- Thirdly, Scalable. Azure Storage provides scalability for meeting the data storage and performance needs of today’s applications.
- Then, Managed. As Azure handles hardware maintenance, updates, and critical issues for you.
- Lastly, Accessibility. This defines that data in Azure Storage is accessible from anywhere in the world. However, Microsoft provides client libraries for Azure Storage in a variety of languages such as .NET, Java, Node.js, Python, PHP, Ruby, and Go.
Data Services in Azure Storage
Further, the Azure Storage platform includes the data services:
- Azure Blobs that provides scalable object storage for text and binary data. Moreover, it also offers support for big data analytics through Data Lake Storage Gen2.
- Then, Azure Files for managing file shares for cloud or on-premises deployments.
- Azure Queues that refers to a messaging store for reliable messaging between application components.
- After that, Azure Tables that includes a NoSQL store for schemaless storage of structured data.
- Azure Disks that provides Block-level storage volumes for Azure VMs.
Blob storage
Azure Blob storage refers to the object storage solution for the cloud that is for storing massive amounts of unstructured data like text or binary data.
Blob storage is ideal for:
- Firstly, serving images or documents directly to a browser.
- Secondly, storing files for distributed access.
- Thirdly, streaming video and audio.
- For storing data for backup and restore, disaster recovery, and archiving.
- Lastly, for storing data for analysis by an on-premises or Azure-hosted service.
Azure Files
Azure Files enables you to set up highly available network file shares that can be accessed using the standard Server Message Block (SMB) protocol. That is to say, multiple VMs can share the same files with both read and write access. However, one thing that distinguishes Azure Files from files on a corporate file share is that you can access the files from anywhere in the world using a URL. Moreover, you can generate SAS tokens as they allow specific access to a private asset for a specific amount of time.
Azure Files sharing scenarios
There are various scenarios for file sharing:
- Firstly, many on-premises applications use file shares as this feature makes it easier for migrating those applications that share data to Azure.
- Secondly, configuration files can be stored on a file share and accessed from multiple VMs. However, the tools and utilities used by multiple developers in a group can be stored on a file share, ensuring that everybody can find them, and that they use the same version.
- Lastly, resource logs, metrics, and crash dumps are three examples of data that can be written to a file share and processed or analyzed later.
Secure access to storage accounts
Every request to Azure Storage must be authorized. Azure Storage supports the following authorization methods:
- Firstly, Azure Active Directory (Azure AD) integration for blob and queue data. Azure Storage offers both authentication and authorization with Azure AD for the Blob and Queue services with role-based access control (RBAC). However, authorizing requests with Azure AD is recommended for superior security and ease of use.
- Secondly, Azure AD authorization over SMB for Azure Files. Azure Files supports identity-based authorization over SMB through either Azure Active Directory Domain Services or on-premises Active Directory Domain Services.
- Thirdly, Authorization with Shared Key. In this, the Azure Storage Blob, Files, Queue, and Table services support authorization with Shared Key. However, a client passes a header with every request using Shared Key authorization that is signed using the storage account access key.
- Then, Authorization using shared access signatures (SAS). SAS here means a string containing a security token that can be attached to the URI for a storage resource.
- Lastly, Anonymous access to containers and blobs. Container and its blobs are available publicly. When you specify that a container or blob is public, anyone can read it anonymously and no authentication is required.
Encryption at rest
Azure Storage encryption protects and safeguards your data for meeting your organizational security and compliance commitments. Moreover, Azure Storage automatically encrypts all data prior to persisting to the storage account and decrypts it prior to retrieval. The encryption, decryption, and key management processes are transparent to users.
Client-side encryption
The Azure Storage client libraries provide various ways for encrypting data from the client library before sending it across the wire and decrypting the response. However, Azure storage also encrypts the data encryption via client-side encryption at rest.
Storage APIs, libraries, and tools
You can have access to resources in a storage account by any language that makes HTTP/HTTPS requests. Moreover, the core Azure Storage services offer programming libraries for several languages. These libraries simplify many aspects of working with Azure Storage by handling details such as synchronous and asynchronous invocation, batching of operations, exception management,etc. Libraries are currently available for the following languages and platforms, with others in the pipeline:
- Firstly, Azure Storage data API and library references
- Secondly, Azure Storage management API and library references
- Thirdly, Azure Storage data movement API and library references
Reference: Microsoft Documentation