Azure Storage - #4 - Azure Files Sync
ฝัง
- เผยแพร่เมื่อ 9 ก.ค. 2024
- Learn about the next generation cloud based File service that turns your file servers into a Hot Files Cache
What is Azure Files - 0:25
Benefits of Azure Files - 1:44
Your first Files Share - 4:20
what is Azure Files Sync - 5:00
Create a Sync Group - 8:41
Add Cloud Endpoint - 9:04
Register Sync Agent Server - 9:17
Add Server Endpoint - 10:34
DFS-N & AFS Together - 12:35
AFS with more that 30TB - 13:43
AFS for Rapid DR or patching - 15:33
Consider supporting us at Patreon - / azureacademy
#TheAzureAcademy #AzureStorage #AzureFilesSync - วิทยาศาสตร์และเทคโนโลยี
this is the best series i followed on azure technologies.
Thanks!
I am absolutely SHOCKED by how clear your videos are!!!! I swear I just took az-104 course and somehow I feel like I must have slept a few hours when I am watching your videos!!!! AMAZING!!!! That video is gold!
Thanks!
+mozbius thanks happy to help, and glad you are enjoying and learning!
Best playlist for Azure fundamentals concepts.Thanks a lot.
Awesome thanks!
You produce great material. Thank you.
Glad you enjoy it!
Great video as usuaI realize this video is 4 years old but the same pretty much apply. However, please to report file shares support up to 100TiB today
Thanks James!
Really good video, I’ve watched a few on the topic but yours was the most clear. I am wondering how to onboard existing data (without moving data into the new Azure created share) and I’m assuming NTFS permissions are maintained?
Thanks Tom, Yes the NTFS permissions are all maintained by AFS. Onboard existing datasets by installing the agent on a files server and allow it to sync the data to the cloud. Once there you can setup other server endpoints to wherever you need.
Azure Academy fabulous, thank you!
@@TomWhi 👍
Nice video! Congrats! Is Azure file sync able to give you audit trails so you can monitor who accesses the files from the local servers?
As in monitor down to the local user accessing the files? No…this is a file level replication tool. For file access you would reply on windows logs
@@AzureAcademy yes, like that. Thanks for your answer! Really appreciated! What about Azure file share? Does that offer any audit trails to see who did what with a file on an cloud end point?
Yes The Azure Files Share does show that in the activity logs
Hey, Great video and it helped me understand Azure File Sync even better, but one thing i haven't fully understood when im labbing with it is.
- Does "Azure File Sync" actully sync both ways or just one way (I only had it working from my Server -> Cloud.
Would love to have an answer
It keeps the File servers in sync with the cloud. lets say you have 1 cloud endpoint and 20 servers. You make a change on server 1. That change is sent up to the cloud with AFS. AFS will then send that change to the other 19 servers in the group.
Great Content! I have configured the Azure file Sync server cached to on-premise server, so my NTFS permission from local will be applicable on azure file share? will it be inherited from local cache server to azure file share and then to other server endpoints as well in different location?
Also as per my experience azure files does not have NTFS permission mechanism without ADDS or windows AD integration?
Thanks! The Azure Files share does not have NTFS permissions today.
However you can sync the NTFS permissions from server endpoint to server endpoint with Azure Files Sync.
You can also enable AD Authentication for the Azure Files Share as I have shown in several videos like this one - th-cam.com/video/9S5A1IJqfOQ/w-d-xo.html
but if you accessed Azure Files directly in the portal...there are NO NTFS Permissions
This is awesome, but is there now an application that makes those file share files available to the user while out of the office? (Similar to how users can sync with One Drive)
Not a native app that does that…not sure if a 3rd party does or not
How do you secure the share ???
is there a way to only allows a few static ip-address to access the cloud share ???
Do we need backup or is it like OneDrive ???
To isolate the share to specific networks or up addresses use the storage account firewall
You can setup the share to use Active Directory authentication as well.
As for backups
You can do manual snapshots or setup Azure Backup to automate it
Can this setup be used with Azure RMS encryption? If yes, does this imply that receiver has to have RMS installed in their machine?
As far as I know…NO. RMS is the Azure rights management service and protects office 365 services. This solution is built on Azure Files, which is a cloud based storage file share. This is not like share point or one drive
Thank you for this! Do we need to have site to site vpn on for this? Or this is going through the Internet?
AFS will sync over the internet by default
If you want to redirect the traffic to over your VPN...hm...I haven't run into this one, so maybe we can figure it out together
Here is the doc aboutusing a proxy for AFS, I think this would be the same principal
docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-firewall-and-proxy
This doc talks about Azure Files with a VPN
docs.microsoft.com/en-us/azure/storage/files/storage-files-configure-s2s-vpn
walk through this and let me know how it goes.
If you have further questions I can ask the AFS Product group for you
Azure Academy thank you!
anytime
Hi, I have a issue..sync works from server to azure blob but other way around, if changes made on azure such as adding sub folder or files doesn’t reflect in server. (Waited 24hours but still the same issue)
did you also put files into that folder? I believe it would only sync folders that contain files
@@AzureAcademy yes but it doesn't sync :(
So you are saying the folder isn’t syncing from Azure Files in the cloud to the on prem servers and that is the issue?
So from on prem you can’t see the folder or the files in it...correct?
Big fan of your work. Just had a question around file changes from cloud endpoint (Azure file Shares) to server endpoint (File sync server) taking long. I noticed that any change on server endpoint are being updated in cloud endpoint immediately but is taking 24 hours when its other way around i.e. from Azure files shares to File Sync server. Proactive recall is not helping here and the only way to update is through the invoke command. Curious to know if there is a better way to update the namespace more frequently.
Awesome, thanks for watching! Normally when you are using Azure Files Sync you only access the Azure Files data through one of the server endpoints. I’m curious if there is a reason you are accessing the file share directly?
The server endpoints are designed to pull down the files on user demand not on cloud changes.
So the sync time from cloud change to server is one sync per day by default
@@AzureAcademy This part came up as a variation where only the 5% of users working in particular department are required to maintian the cache for better performance and also for some legacy application dependencies. Just for this 5% users, if we were to implement file sync for everyone in the business, the Azure cost is going to blow out in terms of compute, storage and transaction costs. The plan was always to use Azure file shares directly but with this change, it has become very difficult to plan out the best method moving forward. Any suggestion is highly appreciated.
Just as an example - Head office currently has Azure file sync server on-prem and the remaining users connect to AVD to access corporate data. We do not want AVD users to access server endpoint through express route as this will be slow and would prefer to have them access Azure file shares directly for better performance. Not sure if there is a better way to handle situations like this?
@@Satya-rg8tu first off I would NOT implement something for 5% of my users 😲😲 second I'd need to understand more about it before I would make a suggestion
I'd use AD Sites and Services. This requires your subnets and DCs to be entered to you know which services are nearest to which VMs and DCs so they can access the closest resource.
However, with something like Azure Files Sync...you will also probably need DFS to put the Azure Files share link and the Server endpoint in the same group...
Thanks for d video, how can we provide Multiple user access to Same File, Through Win AD or RBAC?
+chandra shekhar AFS will sync the file from your file server to Azure and then to all your other file servers. So on different file servers multiple users can access the same file...or are you referring to global file locking?
Hi, Great video, can I clasify the information according the age, if the file have more than 1 year? , for example: I want to move this file to a read-only cold tier, Is that possible with Azure files?
good question Rafael...you might be able to do this in PowerShell, but not in the portal today. Can you tell me your use case for this feature? The way it works nativly...if the file is not in use it will tier off to the cloud to save space on the file server...so why is 1 year so important?
@@AzureAcademy Hi there, Thanks really much for your answer, in that case I'm thinking to replace the file server and create two tiers Tier 1 with Hot Access but the files that have more than 1 year without modification, I want to move these files to another Tier Like Archive Tier, in order to save storage cost (Similar to Lifecycle management in Blob Storage)
not sure I totally follow @@Rfeliz456
You understand that Azure File, which is the basis for Azure Files Sync isn't going to store the files at lower cost archive storage so why go through the trouble? Unless you store your main data in a premium files account and want to use standard for the 1 year old data??
Good video. It's one-way out of the box I guess, on-premises to cloud?
An oldie but a goodie, on prem to cloud or anywhere else
Dean, Could you add more info on NTFS ACLs of the azure files? It would be interesting to use azure files for Remote Desktop Servers User Profile Disk. I am thinking to have Session Hosts provision in different subscriptions from GW/Connection Broker servers. Then peer PSS ("master" subscription prod shared services vNET with DEV/SIT/UAT subscriptions vNETs) basically segregate Collections (UPD) per environment (subscriptions)OTHER QQ, 10:26 the account you've used to setup actual server, how restrictive that could be? What would happened if the password is changed for that account? Can Azure AD Managed Service Identity be used here? Would help if you could share best practice PS: FAQ from azure docs doesn't tell much.
good point.
with Azure Files...today there is no support for ACLs...however when you use Azure Files Sync all the ACLs are passed along to which ever systems are in the sync group.
However there is a preview that you may want to look at...docs.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-overview
this is an Azure AD based authentication using Azure AD Domain Services instead of traditional AD so you can use Azure Files without any other servers or infrastructure and still be able to have ACLs.
as to the remote desktop User profile disks...I see what you are thinking here, and this is using traditional RDS...you should look at the new preview for Windows Virtual Desktop.
This is a VDI and also a remote windows server implementation native in Azure.
azure.microsoft.com/en-us/blog/microsoft-365-adds-modern-desktop-on-azure/
sign up for the preview here - azure.microsoft.com/en-us/services/virtual-desktop/
the idea you are talking about might be able to use managed ID, because they are basically non-human service accounts that you give rights too...this way the passwords would not ahve to change...but you should also think about the Azure Key Vault.
Store the password in the Vault as a secret and then no one need to know the password they just call the secret and the password can change behind it.
@@AzureAcademy there is now - wuhu ;)
Yes there is!
Check out this weeks video for more on Azure Files with AD Auth
And we will use it with DFS, FSLogix and WVD
I didn't understand your example with the 2GB video file. If you have a 2GB video file tiered to the cloud and you open it to watch the first 5 seconds, it will download the whole thing not only the first 5s. Or did I miss this feature somehow? Also your while argument about "throwing away the fileserver if it makes trouble" is correct, you can do the same with a SAN attached fileserver, as you can attach the disk to another server too. Still, Azure File Sync looks promising, already using it in some small scale production scenarios. And thanks for the video, good summary!
Thanks for your question Jotadog.
Your question involves the feature known as Cloud Tiering and Partial File Recall.
The 2GB video file when opened will only partially download. As the Video continues to play more of the file will stream to your system and buffer so the user experience remains smooth.
Here is a link to one of the Ignite 2018 sessions on AFS Cloud Tiering and Partial File Recall
th-cam.com/video/HAQajyFJ58U/w-d-xo.html
Here is a link to another AFS session where you can see the Partial File Recall in action.
th-cam.com/video/GMzh2M66E9o/w-d-xo.html
I hope that answered your question...keep your questions coming, and let me know some other things you would like to learn about
Happy Learning!
We have small remote offices connected over MPLS 10Mb links. Each office has a local server providing a number of services including the user and shared office drives that are mapped via GPO. We replicate their data back to HQ each night using DFS-R for backup. Its time to replace the servers and I'm interested in Azure Files and AFS to replace all of this over our MPLS to ExpressRoute connection. Any suggestions on a best practice config, testing, etc?
The Azure Files Sync service needs to connect to an Azure Storage account...which is a PaaS service. This means that IF you want to force the traffic over your ExpressRoute you would need to setup Microsoft Peering and possibly setup a route filter for your region and the services you want to use. If However you are going over the public internet to Azure storage, you may be connecting over your MPLS. Both are fine and will work. The difference may be in latency and performance. The Service will send all the data to the cloud, then from the cloud to the other servers in the group...which means that the servers in the syncgroup do not directly communicate with each other like DFS-R. So your replication strategy will need to account for this.
@@AzureAcademy thank you for taking the time to respond. Great info, it will definitely help me put together an outline of things to consider. I'm sure we will keep off the public internet, so peering and route filters will be required. This old IT dog has a lot of new tricks to learn...
You can use private endpoints now, which keep all your communicates secure th-cam.com/video/PWKM5KXjWno/w-d-xo.htmlsi=WYqrx6I3X5PEN5BT