Azure Storage is the managed cloud storage service offered in Microsoft Azure. Azure Storage provides a highly available, durable, scalable, and redundant storage service.
- Azure Storage is highly durable and available which safeguard data from general hardware failures. You can opt to replicate data across datacenters or geographical regions for additional protection from unforeseen events and natural disasters.
- Since all data written to an Azure storage account is encrypted. Azure Storage provides fine-grained control over access privileges to your data.
- Azure Storage is designed to be massively scalable to meet the data storage and performance needs of today’s applications.
- Azure Storage is a managed service. Azure handles hardware maintenance, updates, and critical issues for you.
- Data in Azure Storage is accessible from anywhere in the world over HTTP or HTTPS.
- Azure Storage supports scripting in Azure PowerShell or Azure CLI.
- Azure portal and Azure Storage Explorer offer simplified visual solutions for working with your data.
Types of Storage Services
Now let us look at the various storage services provided by the Azure Storage platform.
- Azure Blobs: Azure Blob storage is Microsoft’s object storage solution for the cloud. Blob storage is optimized for storing massive amounts of unstructured data that doesn’t adhere to a particular data model or definition, such as text or binary data. Blob storage is also referred to as object storage.
- Azure Files: It is a fully managed file sharing service in the cloud or on-premise.
- Azure Queues: Azure Queues is a storage service that can be used for reliable messaging between application components.
- Azure Tables: Azure Table storage is now part of Azure Cosmos DB. It is used as a NoSQL store for schemaless storage of structured data.
- Azure Disks: Azure Disks is the virtual hard disk (VHD) for Azure VMs.
Azure Blob storage is optimized for storing massive amounts of unstructured data, such as text or binary data that can be accessed from any place via protocols like HTTP or HTTPS. Users or client applications can access blobs via URLs, the Azure Storage REST API, Azure PowerShell, Azure CLI, or an Azure Storage client library.
Blob storage is ideal for:
- Storing files for shared access.
- Streaming video and audio.
- Serving images or documents directly to a browser.
- Storing data for backup and restore, disaster recovery, and archiving.
- Storing data for analysis by an on-premises or Azure-hosted service.
Azure Storage supports three types of blobs:
- Block blobs are made up of blocks of data that can be managed individually. Block blobs store text and binary data, up to about 4.7 TB.
- Append blobs are made up of blocks like block blobs, but are optimized for append operations. When you modify these blobs new blocks are added at the end. Append blobs are ideal for scenarios such as logging data from virtual machines.
- Page blobs store random access files up to 8 TB in size. Page blobs store virtual hard drive (VHD) files and serve as disks for Azure virtual machines.
You can find more information about Blob storage here Introduction to Blob storage.
Azure Files helps you to set up highly available network file shares that can be accessed by using the standard Server Message Block (SMB) protocol. Multiple VMs can share the same files with both read and write access. You can also read the files using the REST interface or the storage client libraries. You can access the files from anywhere in the world using a URL that points to the file and includes a shared access signature (SAS) token.
You can find more information about Azure Files here Introduction to Azure Files.
The Azure Queue service is used to store and retrieve messages. Queue messages can be up to 64 KB in size, and a queue can contain millions of messages. Queues are generally used to store lists of messages to be processed asynchronously.
You can find more information about Azure Queues here Introduction to Queues.
Azure Table storage is now part of Azure Cosmos DB. Azure Table storage stores large amounts of structured data. The service is a NoSQL datastore which accepts authenticated calls from inside and outside the Azure cloud. Azure tables are ideal for storing structured, non-relational data.
You can find more information about Table storage here Overview of Azure Table storage.
Azure managed disks are block-level storage volumes that are managed by Azure and used with Azure Virtual Machines. Managed disks are like a physical disk in an on-premises server but virtualized. Azure-managed disks are stored as page blobs. Azure managed Disks is an abstraction over page blobs, blob containers, and Azure storage accounts. You just need to provision the disk, and Azure takes care of the rest.
You can find more information about Azure disks here Introduction to Azure managed disks.
To access any of the storage services, you need to have an Azure Storage account. You can read more about Azure Storage account here Azure storage account overview.
Secure access to storage accounts
Security is an important aspect of Azure Storage. Every request to Azure Storage must be authorized. Azure Storage supports the following authorization methods:
- Azure Active Directory (Azure AD) integration for blob and queue data. Azure Storage supports authentication and authorization with Azure AD for the Blob and Queue services via role-based access control (RBAC). Authorizing requests with Azure AD is recommended for superior security and ease of use.
- Azure AD authorization over SMB for Azure Files. Azure Files supports identity-based authorization over SMB (Server Message Block) through either Azure Active Directory Domain Services (Azure AD DS) or on-premises Active Directory Domain Services (preview). Your domain-joined Windows VMs can access Azure file shares using Azure AD credentials.
- Authorization with Shared Key. The Azure Storage Blob, Files, Queue, and Table services support authorization with Shared Key. A client using Shared Key authorization passes a header with every request that is signed using the storage account access key.
- Authorization using shared access signatures (SAS). A shared access signature (SAS) is a string containing a security token that can be appended to the URI for a storage resource. The security token encapsulates constraints such as permissions and the interval of access.
- Anonymous access to containers and blobs. A container and its blobs may be publicly available. When you specify that a container or blob is public, anyone can read it anonymously; no authentication is required.
There are two basic kinds of encryption available for the core storage services.
Encryption at rest
Azure Storage automatically encrypts all data prior to persisting to the storage account and decrypts it prior to retrieval. The encryption, decryption, and key management processes are transparent to users. Customers can also choose to manage their own keys using Azure Key Vault.
The Azure Storage client libraries provide methods for encrypting data from the client library before sending it across the wire and decrypting the response. Data encrypted via client-side encryption is also encrypted at rest by Azure Storage.
Azure Storage is the managed cloud storage service provided offered in Microsoft Azure. Azure Storage provides a highly available, durable, scalable, and redundant storage service. Azure Storage ensures that every request must be authorized. Azure Storage provides two basic kinds of encryption available for the core storage service. You can monitor storage services with the help of Microsoft Azure storage explorer easily.