Tula Russia 16.01.20 Microsoft Azure on the tablet computer screen isolated.
Image: burdun/Adobe Stock

Microsoft has long put forward the view that the future of the cloud is hybrid, extending on-premises systems into its hyperscale Microsoft Azure. It’s perhaps best thought of as a process of evolution, first using the cloud to add to your existing resources, on-premises first and cloud as a back-up and failover. Over time you’ll move to using the cloud first and foremost, bringing cloud resources into your data center when needed for regulatory or privacy reasons.

The hybrid cloud is an attractive idea, but it needs ways of migrating older services to Azure and of deeply integrating it into existing systems and processes. That includes offering support for common services, including the old favorites: File and print.

SEE: Windows, Linux, and Mac commands everyone needs to know (free PDF) (TechRepublic)

Data in the cloud

When it comes to files Azure has had various solutions over the years, with technologies like StorSimple, Azure Data Box and Azure Stack offering on-premises file shares that extend into the cloud, using hardware-based appliances to provide the necessary endpoints in your data center. But with Azure now supporting VPN connections, making its virtual networks part of your network, you should be able to connect to Azure storage without needing any intermediary, beyond an appropriate secure network connection.

That’s where Azure Files and the closely related Azure File Sync come in. Azure Files takes Azure’s storage service and puts a familiar file protocol on it, either SMB or NFS. You can work directly against those new shares from your PC anywhere you have a network connection to Azure. Alternatively, Azure File Sync lets you carry on using a local share as a cache with a Windows Server transferring data to and from Azure.

Using Azure for storage makes a lot of sense. The underlying Azure storage tools are designed to work across a distributed, global-scale service, so your data is replicated across data centers and regions. Unlike on-premises file servers this approach can help protect data without requiring additional hardware. That approach lets it act as a central hub for data that needs to be shared across many sites around the world, taking advantage of Azure’s global scale to ensure data is replicated across regions. At the same time, built-in data protection tools allow you to prevent accidental deletion, with all user deletes able to be a “soft delete” with a defined retention time. Snapshots will back up your data, and can be kept for up to 10 years, while Microsoft Defender for Storage will protect data from malware and monitor it for possible attacks.

Working with Azure Files

Azure Files gives you an easy way of lifting and shifting applications to the cloud, offering them the same shares wherever they’re running. Code doesn’t need to be updated, and moves can be handled in stages, moving data before applications. There’s even no need to change your authentication methods, with existing Active Directory permissions managed through Azure Files AD Authentication alongside Azure’s support for modern authentication via Azure Active Directory.

Once data is stored in Azure Files you have the option of using Azure’s own storage APIs for cloud native applications, alongside the familiar SMB block-based access for on-premises or virtual infrastructures. Azure Files can be used with Microsoft’s new virtual desktop cloud PCs, ensuring access to data from users’ normal PCs as well as virtual desktops so they can work securely from home without corporate data touching their personal PCs. All data is encrypted in transit by default, though you can turn this off. When stored in Azure it’s encrypted using a similar process to Windows’ BitLocker. Microsoft owns the default keys and manages their rotation. If you prefer to bring your own keys for regulated data, you can, but that means managing them yourself and does also limit access from some protocols.

With Azure Files there’s no need to manage the underlying operating system to keep your file servers up to date and secure. As they’re part of Azure, they’re automatically patched and updated as necessary, only using compute power when files are being written or read. Azure will work around hardware failures, using replicas to populate new disks as necessary. As an added bonus, your files will be protected by Azure’s datacenter resilience, with multiple power supplies and network connections.

Yes, it’ll cost more to run than on-premises storage, but any savings in time should allow you to work on new projects and services. Azure-hosted storage can auto-scale, so you’re no longer waiting for new hardware to increase quotas, though you have the option of setting pool-size limits to help control budgets by avoiding users suddenly storing terabytes of personal data on your company shares.

Managing and using Azure Files in your network

On the management side you can carry on using your existing Windows storage management tools with Azure Files, while transitioning to Azure native APIs using PowerShell or the Azure CLI. You’ll also need to be able to manage your Azure virtual networks to ensure that you have the right endpoints in place, for remote access and in Azure access (the last is important if you’re using Azure Files with Windows 365 cloud PCs). Modern Windows clients can take advantage of SMB over QUIC, giving you a files-only VPN for approved users.

Getting started with Azure Files is simple enough. You should start by choosing what file sharing protocol you’re intending to use. SMB is best for Windows systems, with support for SMB 2.1 and higher, while NFS is used by UNIX systems. You‘ll need to choose the type of underlying storage account you’re using: Microsoft recommends using either Azure general purpose V2 accounts using hard disk-based storage or FileStorage accounts using SSDs. FileStorage accounts can only be used by Azure Files and can’t be used to host other types of Azure storage. There are other Azure storage options, some of which can host Azure Files data, but they don’t support all Azure Files’ features.

It’s important to get the right performance for your storage, with four tiers that help manage how data is accessed. Premium is fast and uses SSD for minimum latency, while transaction-optimized is best for centrally storing application data that doesn’t need low latency access. Hot data is for most general purpose file shares, while cool data is a cheaper, slower option, best used for archives.

As Microsoft’s range of StorSimple storage appliances are coming to end-of-life in December 2022, it’s a good time to start thinking about taking advantage of Azure Files. The platform is more flexible than StorSimple, but if you prefer to use Azure to extend on-premises shares you can use Azure File Sync to provide a local share that acts as a read-write cache for Azure Files.

Microsoft’s hybrid cloud vision is a lot bigger than for your applications and data; it’s about bringing cloud and on-premises together so that they are part of one larger platform that works the way you want to work, not the way Microsoft thinks you should work. Azure Files is part of that vision, helping bridge the divide between personal, work, and cloud data. With Windows 365 cloud PCs planned to be just another virtual desktop in Windows 11, having a file system like Azure Files that’s shared between your PC and those cloud PCs is going to be essential.

Subscribe to the Developer Insider Newsletter

From the hottest programming languages to commentary on the Linux OS, get the developer and open source news and tips you need to know. Delivered Tuesdays and Thursdays

Subscribe to the Developer Insider Newsletter

From the hottest programming languages to commentary on the Linux OS, get the developer and open source news and tips you need to know. Delivered Tuesdays and Thursdays