• AZ-103: 2.3

• AZ-104: 2.3

• Notes

  • Azure File Sync
  • Windows Server

• Tasks

  • Deploy Azure File Sync
  • Mount Azure File Share

• Sources:

Azure File Service allows you to create one or more file shares in the cloud (up to 5 TB per share), similar to a regular Windows File Server. It supports the SMB protocol, so you can connect directly to a file share from outside of Azure, if traffic to port 445 is allowed through the LAN and ISP. It can also be mapped within Windows.

A clever use of a file share is as persistent storage for the Azure Cloud Shell. ^{CloudSkills 32:00}

AzCopy can also be used to copy files to File storage.

Azure File Sync extends Azure File Service to allow on-premises file services to be extended to Azure while maintaining performance and compatibility, communicating over TCP 443 over SSL, and not IPSec.

Use cases:

• Replace on-premises file servers
• Easily replicate data on-premises to make it available during lift-and-shift migrations
• Simply cloud development and management

Azure File Sync works using an Azure File Sync agent, available as an MSI package for Windows Server 2012R2, 2016, and 2019, to register file servers as endpoints to an Azure File Sync Group. After installation, Azure credentials for a subscription must be provided. ^{AZ-103: 153}

In order to create an Azure File Sync, first a Storage Sync Service resource must be created, which works like a container to hold one or more sync groups. Every sync group has only a single cloud endpoint, referring to a storage account, but can have more than one server endpoint. Any server can only be registered to a single Storage Sync Service, and servers synced to different Storage Sync Service resources cannot sync with each other.

Cloud tiering is an optional feature in which frequently accessed files are cached in the on-prem file servers, while less commonly accessed files are tiered to Azure Files. This is done by enabling Cloud Tiering, then selecting a free space policy, a percentage which indicates the amount of free space to maintain on the server endpoint's volume. When a user does access one of these tiered files, that file is downloaded to the on-prem cache and made available locally from that point on. This frees up local storage.

• Cloud tiering cannot be used with server endpoints on the system volume
• Although server endpoints can be configured with different free space policies, the most restrictive setting takes effect
• For tiered files, the file will be partially downloaded as needed
• Although a mount point can be a server endpoint, there can be no mount points inside a server endpoint

When a filename collision occurs between the file share and file server, the file on the server has its filename appended with the server's name.

Failover clustering is supported by Azure File Sync for the "File Server for general use" deployment option. Azure File Sync is incompatible with cluster shared volumes or Scale-Out File Server (SOFS) roles.

Data deduplication is supported on volumes with cloud tiering enabled on Windows Server 2016 and 2019. When Dedup and cloud tiering are enabled on a volume, Dedup optimized files at the server endpoint are tiered just like normal files, then the Dedup garbage collection job runs automatically to reclaim disk space by removing chunks. The data is not deduped in the file share.

Create Storage Sync Service (only possible in PowerShell or Portal)

$storageSync = New-AzStorageSyncService -ResourceGroupName $g -Name $storageSyncName -Location $l

Create Azure File Share

$storageKey = Get-AzStorageAccountKey -ResourceGroupName $g -Name $storageAccount 
$context = New-AzStorageContext -StorageAccountName $storageAccount -StorageAccountKey $storageKey.Value[0]

New-AzStorageShare -Name $shareName -Context $context

constring=$(az storage account show-connection-string -n $storageAccountName)

az storage share create --name $shareName --quota 2048 --connection-string $constring

Create sync group

$syncgroup = New-AzStorageSyncGroup -Name $syncgroupname -ParentObject $storageSync

Create cloud endpoint

New-AzStorageSyncCloudEndpoint -Name $shareName -ParentObject $syncgroup -StorageAccountResourceId $storageAccount.Id -AzureFileShareName $shareName

Connect to and mount an Azure File Share (Windows File Explorer)

1. Right-click on This PC
2. Click Map Network Drive option
3. Specify drive letter to be used
4. Specify folder: \\<storageAccount>.files.core.windows.net\<shareName>
5. Click Finish
6. In the dialog box that opens login with the username: AZURE\<storageName>
7. Password should be access key for the storage account

net use x \\erstandard01.file.core.windows.net\logs /u:AZURE\erstandard01 <accessKey>

Automatically reconnect after reboot in Windows

cmdkey /add:storageAccountName.file.core.windows.net /user:AZURE\storageAccountName /pass:storageAccountKey

$storageKey = (Get-AzStorageAccountKey -ResourceGroupName $g -Name $storageNAme).Value[0]
$acctKey = ConvertTo-SecureString -String $storageKey -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential -ArgumentList "Azure\$storageName", $acctKey
New-PSDrive -Name "Z" -PSProvider FileSystem -Root "\\$storageName.file.core.windows.net\$shareName" -Credential $credential

Mounting to /logs

sudo mount -t cifs //$storageAccount.file.core.windows.net/logs /logs -o "vers=3.0,username=$storageAccount,password=$storageAccountKey,dir_mode=0777,file_mode=0777,sec=ntlmssp"

• Deploy Azure File Sync
• AZ-103: p. 148