Save to My DOJO
Welcome to my new article for Altaro Software. I want to give you an introduction into Azure Files and Azure File Sync, as well as scenarios where to use them.
What is Azure Files?
Before we can speak about Azure Files use cases, we need to learn a few more things about Azure Files in general.
Azure Files is a Microsoft Azure managed file share. It can be accessed by standard protocols like Server Message Block (SMB) or Network File System (NFS). Azure Files can be mounted either from on-premises and from the cloud directly.
You can access Azure Files from Windows, Linux and macOS. The following table gives an overview of the protocol and the possible operating systems.
| Azure Files SMB Share | Azure Files NFS Share | |
|---|---|---|
| Windows | Yes | No |
| Linux | Yes | Yes |
| macOS | Yes | Yes |
You also have the option to cache Azure Files SMB shares on a Windows Server using Azure File Sync. That enables your users to faster access regularly used files and store them near the user. The technology is comparable to Windows Server Distributed File System Replication (DFS-R) but much easier to set up, reliable, and more advanced in regards to features.
Azure Files SKUs and Limits
As you can imagine, Microsoft Azure Files has different limitations and costs which are reflected in the SKUs. The tables below show you the limitations and SKUs. The current SKUs are Standard and Premium File Shares.
| Resource | Standard file shares* | Premium file shares |
|---|---|---|
| Minimum size of a file share | No minimum; pay as you go | 100 GiB; provisioned |
| Maximum size of a file share | 100 TiB**, 5 TiB | 100 TiB |
| Maximum size of a file in a file share | 1 TiB | 4 TiB |
| Maximum number of files in a file share | No limit | No limit |
| Maximum IOPS per share | 10,000 IOPS**, 1,000 IOPS or 100 requests in 100ms | 100,000 IOPS |
| Maximum number of stored access policies per file share | 5 | 5 |
| Target throughput for a single file share | up to 300 MiB/sec**, Up to 60 MiB/sec , | See premium file share ingress and egress values |
| Maximum egress for a single file share | See standard file share target throughput | Up to 6,204 MiB/s |
| Maximum ingress for a single file share | See standard file share target throughput | Up to 4,136 MiB/s |
| Maximum open handles per file or directory | 2,000 open handles | 2,000 open handles |
| Maximum number of share snapshots | 200 share snapshots | 200 share snapshots |
| Maximum object (directories and files) name length | 2,048 characters | 2,048 characters |
| Maximum pathname component (in the path ABCD, each letter is a component) | 255 characters | 255 characters |
| Hard link limit (NFS only) | N/A | 178 |
| Maximum number of SMB Multichannel channels | N/A | 4 |
* The limits for standard file shares apply to all three of the tiers available for standard file shares: transaction optimized, hot, and cool.
** Default on standard file shares is 5 TiB, see Enable and create large file shares for the details on how to increase the standard file shares scale up to 100 TiB.
What is Azure File Sync?
With Azure File Sync, Azure customers get the opportunity to centrally organize their file shares with Azure Files. With Azure Files and the Azure Storage backend, you can gain a flexible, performant and overall very compatible environment for your file server backend. Using Azure File Sync, a Windows Server becomes a local data cache for your branch to provide SMB, NFS and FTPS file access.
With Azure Storage Synchronization and the Azure Edge network, you can set up many caches around the globe where ever it is necessary depending on your office footprint.
The picture below should show a simple example of how such a setup could look like.
Within the next part of the blog post, I want to give a brief intro on how an Azure File Share works.
I will not configure a fileshare within the blog post but if you need a detailed guide, please visit the full deployment guide.
As you can imagine, the current Azure File Sync has some limitations. You can see them below.
| Resource | Target | Hard limit |
|---|---|---|
| Storage Sync Services per region | 100 Storage Sync Services | Yes |
| Sync groups per Storage Sync Service | 200 sync groups | Yes |
| Registered servers per Storage Sync Service | 99 servers | Yes |
| Cloud endpoints per sync group | 1 cloud endpoint | Yes |
| Server endpoints per sync group | 100 server endpoints | Yes |
| Server endpoints per server | 30 server endpoints | Yes |
| File system objects (directories and files) per sync group | 100 million objects | No |
| Maximum number of file system objects (directories and files) in a directory | 5 million objects | Yes |
| Maximum object (directories and files) security descriptor size | 64 KiB | Yes |
| File size | 100 GiB | No |
| Minimum file size for a file to be tiered | V9 and newer: Based on the file system cluster size (double file system cluster size). For example, if the file system cluster size is 4kb, the minimum file size will be 8kb. V8 and older: 64 KiB |
Yes |
If it is not a hard limit, it can be changed via Microsoft Support.
How to enable Azure Files?
Enabling Azure Files is simple. You just create an Azure Storage Account as a Storagev1 or Storagev2 Account. Afterwards, you just add a fileshare.
After you created the share, you can access it via Network Mount or Synchronize it via Azure File Sync Agent.
Microsoft published a very detailed guide on how to connect a Windows File Server with the File Sync agent. Deploy Azure File Sync | Microsoft Docs
What is the difference between Azure and OneDrive?
Now you may wonder and think “Why should I use Azure Files? Microsoft already offers already Microsoft Office OneDrive. Can’t I use OneDrive also for Enterprise File Shares?”.
In the first place, OneDrive is an individual File Storage with certain limitations in Sharing and Storage Capacity. OneDrive has no centrally manageable access management and is based on SharePoint online while Azure Storage is based on SMB / NFS file sharing.
Let me give you a deeper comparison with the table below.
| OneDrive | Azure Storage | |
|---|---|---|
| Target | Targets individual Users | Targets classic Fileserver Workloads |
| Maximum Storage | 5 TB Storage per User | 500TB for a single storage account |
| Backup | Does not offer any backup | Backup optional via Azure Backup Service |
| Offline work | Yes | Yes but needs Fileserver with Azure File Sync as cache |
| Redundancy | Comes as a redundant SaaS service | Storage Vault can be replicated locally in one Azure Region, between different Azure Regions in a Zone or globally with geo-replication to any Azure Region. |
As already explained, OneDrive is built to give individual User a personal fileshare comparable to a classic “\homedriveuser.user” share. Azure Files is a classic fileserver offered by Azure as a cloud service. You can also use it for Homedrives or User Profiles but its normally build to replace classic file shares or offer file shares for applications which still rely on them.
Usage Scenarios
Within the next part of the post, I want to go through some usage scenarios which are pretty common with Azure Customers.
Fileserver for Azure Workloads
One of the most common scenarios for the usage of Azure Files is as File Server Backend for Azure Workloads, Virtual Machines and Services like Windows Virtual Desktop.
At the moment the most used architecture is for Virtual Machines. Virtual Machines are deployed in a Virtual Network, an Azure Storage with Files is connected into a separate Subnet using Azure Private Link. Azure Files then represents a file share to the Virtual Machines.
The architecture could look like below.
You can also access file shares via public Azure IP but most of the customers prefer private link for that scenario since it is available.
Fileserver for On Premises
When using Azure Files on premises, you should first test your latency and roundtrip to the service. If you have a larger roundtrip than 22ms, it makes no sense to use Azure Files. As you remember, we are still using the SMB and NFS protocol. Both of them are not WAN optimized and produce too many overheads to be performant. In those scenarios, you should choose the Azure File Sync scenario and put a cache on a File Server on premises.
There is an easy way to get an estimate using Azure Speed, a community tool which uses Azure Storage to estimate the Roundtrip between your client and Azure Regions.
The connection to an Azure Files can be performed through the Public Endpoint of Azure Storage “storageaccount.file.core.windows.net” using the Internet with native HTTPS encryption.
Another way would be using Azure ExpressRoute with Microsoft Peering and also accessing the same Storage Account.
The latest method would be using VPN or Azure ExpressRoute to Access the file shares via Azure Private Link.
When you have an Azure Region in the proximity of less than 22ms, Azure Files is a great way to replace your current Fileservers.
Hybrid Filestorage for On Premises Fileserver
There is one issue we all know, that is storage space in a Fileserver, especially in a branch. Normally you have a bunch of disks and storage in a server. To reduce the amount of storage used, you must use expensive technology for deduplication and compression.
What would you say if you could you use Azure Files as a hybrid storage space and reduce the storage used on-prem?
There are currently two options which I will briefly introduce below.
Microsoft Azure Stack Edge
The first option is pretty much out of the box. You can order an Azure Stack Edge via the Azure Portal. Azure Stack Edge comes with a preconfigured solution to connect to an Azure Storage Vault and provide a Fileshare to the network.
The required agents are already on the Edge and can be managed via Azure Portal. Azure Stack Edge Pro – FPGA share management | Microsoft Docs
That makes this solution pretty easy to deploy and use but you now own the hardware. It’s a rental pay-as-you-go model where you pay around 560€ to 800€ per month per device depending on the device type. Pricing – Azure Stack Edge | Microsoft Azure
Microsoft Azure File Sync
Another more customizable option is the use of Azure File Sync. Here you take a standard file service like a Dell PowerEdge R640 with a bunch of disks and a simple SAS controller. You can also choose a virtual machine instead of a physical server.
You only need a supported Windows Server OS. Currently, the following Windows Server versions are supported.
| Version | Supported SKUs | Supported deployment options |
|---|---|---|
| Windows Server 2019 | Datacenter, Standard, and IoT | Full and Core |
| Windows Server 2016 | Datacenter, Standard, and Storage Server | Full and Core |
| Windows Server 2012 R2 | Datacenter, Standard, and Storage Server | Full and Core |
Now you can install the Azure File Sync Agent on a Windows Server and connect the Azure File Share to the server. Afterwards, you can configure the cache and sync options. You can find the guides to deploy below.
Deploy Azure File Sync | Microsoft Docs
Choose an Azure solution for data transfer | Microsoft Docs
You can also use that type of deployment to clean up fileservers but I will explain that in the “fun fact for admins” part at the end of the blog post.
Using DFS Namespaces
When you work with different fileshares in different locations e.g. on a synched file server and Azure, connecting to the right fileshare can be a problem. There is a pretty simple and classic tool you can use to solve the issue.
Maybe you know about Windows Server Distributed File System Namespaces? This little sneaky service is available for 20 years and was released with Windows Server 2003. So it is bulletproof. 🙂
One of my co-workers at Microsoft wrote a pretty good guide on how to deploy Azure File Sync with DFS-N. You can find the link below. Azure File Sync: Integration with DFS Namespaces – Microsoft Tech Community
That’s the end of the technical part of my blog post. I will leave you with some closing thoughts and some admin fun facts about Azure Files.
Fun fact for Admins
Do you know the situation? Your users store a bunch of files on your fileservers and never go through them again. I normally call that WORN, write once read never. How do you solve that normally? You normally buy a bunch of very costly storage appliances who do cool things like deduplication, compression and storage tiering. You also buy lots of tapes to backup your data.
That is pretty expensive over time and you still need to backup all that stuff your users are storing. As you may know, Azure Storage is pretty check in comparison with about 2 cents per Gigabyte.
With Azure File Sync you can do a pretty easy trick to migrate your files to Azure and clean up your storage. Azure File Sync can, much like OneDrive, present files that are located in the remote storage of Azure and download them when they are accessed. So what you can do is, upload all your files to Azure and set up a new file share. After you upload the files, you connect the Azure Fileshare with Azure File Sync to the file server on premises. Now only the files customers need will be downloaded. Files which are put on your fileserver with Filesync will, depending on your strategy, sometime disappear from the fileserver and only be stored on Azure. They will leave a link and will be downloaded on demand.
That helps you to keep the footprint on-premises pretty small and will enable centralized backup and recovery within Azure, which reduces administrative effort too.
If you want to learn about the implementation, please visit the documentation.
Closing
I hope after going through the above you gained more knowledge on Azure Files and why should be using them. If you have any additional questions, do not hesitate to leave a comment.
Not a DOJO Member yet?
Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!
More in this category
About the Author
Flo Fox
43 thoughts on "Should I be using Azure Files?"
But what about local AD group access permissions to the file server? Are they preserved in Azure through AAD Connect. And can remote users access the share from home with same credentials as on site?
Thanks for clarifying.
Hi Bravo, yes AD Connect would be required. You can find some more information in the Microsoft Docs. https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-enable If you have a need or current project, where you need advice and help from Microsoft Engineering. Just nominate yourself for the FastTrack for Azure Program. Our EMEA Team would be happy to help you. https://azure.microsoft.com/en-us/programs/azure-fasttrack/partners/
Hi Florian,
Great article, thanks, but what about comparing SharePoint Online (documents library) vs Azure Files?
Hi Oliver,
I’m not a Sharepont expert, so I try to not compare them but there is a great article from Jaap Wesselius I would recommend. https://jaapwesselius.com/2019/09/18/azure-files-instead-of-sharepoint-online/