Hello Readers!
The below is the second blog I am writing on Azure Storage Accounts. In this blog, I will be documenting the steps that you need to follow to create a storage account .Because of blog size , I will document the steps to access the storage account from your on-premise machines later.
Pre-requisites: You have read and understood the basics covered in my previous post on Storage account basics. Access it here
Lets get to it.
Creating an Azure Storage Account
Login to Azure portal with your azure account and search for Storage Accounts.
Click on add
It will open the form for creating your storage account like the one below.
You can select your subscription and resource group . There is also an option to create resource group to add your storage account under it.
Choose a name(All characters in smallcaps), and azure Region according to your will. I am keeping standard with the assumption that you will be using this only for beginner/POC experience and not for Production.
Premium account sits on SSD (Solid State Drive) and Standard one is created on a Hard Disk Drive (HDD).And as you might know SSD gives us better performance than what HDD offers.
In account Kind , you would get to choose three options. Choose according to the description below.
General Purpose V2: This supports every Replication settings
General Purpose V1: Supports only LRS, GRS and RA-GRS
Blob Storage: When your purpose is only using Blob storage service and not other storage services.
Hot is to be chosen as the access tier if the files are going to be accessed frequently.
Once you decide on your choices and fill in the details, please click on next and proceed.
The below is what you get get.You need to decide whether we can go public access(Access over internet/all network ) or public access with your storage account added to your VNet/Subnet to limit access from all other networks.(Unless added explicitly under Firewalls and Virtual Network settings in your storage account).
Even if you are a beginner , I would recommend you to associate your storage account with a Vnet/Subnet and later you can whitelist a public IP of your/Team/Company network to enable access from your office desktops. (Wait for my Next blog for information on it).
Though it is fine to use the pure public( all networks option like below), if you are exploring with your free azure subscription with no company data at all. In this way, you would only need an access key/Shared access keys for authentication.
For this POC , we are going with the connection method as Public endpoint (Selected networks), which would let us choose a VNet and Subnet to associate our Storage account and limit the accessibility unless we enable it for a particular IP range, other VNets etc.
Storage accounts doesn't support Private endpoints in the create windows.We can workaround it using azure firewall service later. I will write on that later.
The first option above (Secure Transfer required) would demand secure connections (HTTPs/Encryption for Fileshare ) for connections.
The second one is for enabling Blob Soft delete which would enable us to recover the data that is overwritten in the blobs.You will have to mention a retention period for the data. It can be any number of days between 1 and 365 .
We cant turn on the third option unless the 2nd is turned off. Data lake is an azure solution for big data analytics.
Clicking on Next with your preferences will launch the page for giving tags.
You could give a variety of Tags to your azure resources like Name, billing Approver, Created by etc for it to be identified among a large pool of resources created across Resource groups and VNets.
Clicking on Next is for validating and displaying the options we have chosen in the windows so far.
Mine would look like something like the above.
Once you verify the settings , please click on create. It would take around 10 mins for the storage account to be created.
Whitelisting your Public IP
You can get the public IP from google for any sort of network connections. Try searching for "My public IP " when connected from your home internet, Office VPN, office LAN connections etc.You are supposed to get different IPs for each of your Network connections.
Imagine you want to enable access to your storage account for your colleagues/Team mates when they are connected via Office VPN, all you got to do is whitelist your VPN network's public IP. (Find from google whats your public IP when you are connected to office VPN)
Go to your storage account and click on Firewalls and Virtual Networks on the left Pane.
Enter the public IP in the textbox and save it. You can also add more Virtual networks to enable access in the same window.
And that brings us to the end of this blog. I hope you learned good today about Storage account creation and configuration. I will write soon on , connecting to it and uploading files in my next blog.
Keep learning and write your comments below.
The below is the second blog I am writing on Azure Storage Accounts. In this blog, I will be documenting the steps that you need to follow to create a storage account .Because of blog size , I will document the steps to access the storage account from your on-premise machines later.
Pre-requisites: You have read and understood the basics covered in my previous post on Storage account basics. Access it here
Lets get to it.
Creating an Azure Storage Account
Login to Azure portal with your azure account and search for Storage Accounts.
Click on add
It will open the form for creating your storage account like the one below.
You can select your subscription and resource group . There is also an option to create resource group to add your storage account under it.
Choose a name(All characters in smallcaps), and azure Region according to your will. I am keeping standard with the assumption that you will be using this only for beginner/POC experience and not for Production.
Premium account sits on SSD (Solid State Drive) and Standard one is created on a Hard Disk Drive (HDD).And as you might know SSD gives us better performance than what HDD offers.
In account Kind , you would get to choose three options. Choose according to the description below.
General Purpose V2: This supports every Replication settings
General Purpose V1: Supports only LRS, GRS and RA-GRS
Blob Storage: When your purpose is only using Blob storage service and not other storage services.
Hot is to be chosen as the access tier if the files are going to be accessed frequently.
Once you decide on your choices and fill in the details, please click on next and proceed.
The below is what you get get.You need to decide whether we can go public access(Access over internet/all network ) or public access with your storage account added to your VNet/Subnet to limit access from all other networks.(Unless added explicitly under Firewalls and Virtual Network settings in your storage account).
Even if you are a beginner , I would recommend you to associate your storage account with a Vnet/Subnet and later you can whitelist a public IP of your/Team/Company network to enable access from your office desktops. (Wait for my Next blog for information on it).
Though it is fine to use the pure public( all networks option like below), if you are exploring with your free azure subscription with no company data at all. In this way, you would only need an access key/Shared access keys for authentication.
For this POC , we are going with the connection method as Public endpoint (Selected networks), which would let us choose a VNet and Subnet to associate our Storage account and limit the accessibility unless we enable it for a particular IP range, other VNets etc.
Storage accounts doesn't support Private endpoints in the create windows.We can workaround it using azure firewall service later. I will write on that later.
The first option above (Secure Transfer required) would demand secure connections (HTTPs/Encryption for Fileshare ) for connections.
The second one is for enabling Blob Soft delete which would enable us to recover the data that is overwritten in the blobs.You will have to mention a retention period for the data. It can be any number of days between 1 and 365 .
We cant turn on the third option unless the 2nd is turned off. Data lake is an azure solution for big data analytics.
Clicking on Next with your preferences will launch the page for giving tags.
You could give a variety of Tags to your azure resources like Name, billing Approver, Created by etc for it to be identified among a large pool of resources created across Resource groups and VNets.
Clicking on Next is for validating and displaying the options we have chosen in the windows so far.
Mine would look like something like the above.
Once you verify the settings , please click on create. It would take around 10 mins for the storage account to be created.
Whitelisting your Public IP
You can get the public IP from google for any sort of network connections. Try searching for "My public IP " when connected from your home internet, Office VPN, office LAN connections etc.You are supposed to get different IPs for each of your Network connections.
Imagine you want to enable access to your storage account for your colleagues/Team mates when they are connected via Office VPN, all you got to do is whitelist your VPN network's public IP. (Find from google whats your public IP when you are connected to office VPN)
Go to your storage account and click on Firewalls and Virtual Networks on the left Pane.
Enter the public IP in the textbox and save it. You can also add more Virtual networks to enable access in the same window.
And that brings us to the end of this blog. I hope you learned good today about Storage account creation and configuration. I will write soon on , connecting to it and uploading files in my next blog.
Keep learning and write your comments below.
No comments:
Post a Comment