locked
Storage option for application RRS feed

  • Question

  • Hi all - I am looking at possible options to have an encrypted and geo-redundant file share for an in-house application. The application needs to access the share using pass-through authentication (similar to authenticating with an AD account). We need this so we can fail our application to another geographical site and still have the storage available there.

    What options do we have?

    We have set up Azure Files file share and with AAD and are able to authenticate to the share using and AAD account. We can fail the file share to another geo location but AAD Domain Services does not support geo-redundant deployment model - which is a problem.

    Any thoughts or guidance will be greatly appreciated.

    Thank you!

     

    Mayur


    • Edited by Mayurkirti Friday, June 14, 2019 7:26 PM
    Friday, June 14, 2019 3:55 PM

All replies

  • there are different workarounds for your scenario, i can advise on the storage good practices, but for AAD you might have to post on AAd forums  here

    t
    he workaround using AAD for a regional setup would be to deploy regional domains as per the AAD documentation:https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/reviewing-the-domain-models

    a
    nother architectural suggestion would include the use of App services in Azure, which does support automatic failovers, more on this can be found here . You can also configure traffic manager to act on switching the resource used that went down onto the other region, (AAD regional services would most likely be required), if it's only for a short time, you could by-pass AAD temporarily and generate and use a SAS token to access the file share that's on a different region. I hope this provides you with some insights.
    Friday, June 14, 2019 6:58 PM
  • Hi Adam - I reviewing your post. I edited my post to add some clarification. 

    The main question is around what type of storage to use. We are trying Azure Files which required AAD for pass-through authentication. We are able to replicate the Azure Files fileshare using ASR, but AAD does not support geo-redundancy. 


    Mayur

    Friday, June 14, 2019 7:31 PM
  • Thanks for the clarification, you have to keep in mind that Azure File Shares are SMB based. Meaning, your application has to communicate with azure file share either via SMB or the Rest API for azure file share. My recommendation is to consider Azure blob Storage instead, which is fully based on API/SDK interactions, which would be easier to use with your application. But I'm not sure when it comes to AAD Geo-redundancy in this case(I'd recommend using the Azure Ad forums), or you could use the Geo replication failover feature in Azure storage, you can read more about it here
    Friday, June 14, 2019 10:35 PM
  • @Mayurkirti Just checking in to see if the above answer helped. If this answers your query, do click “Mark as Answer” and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
    Wednesday, July 10, 2019 6:38 AM
  • Is there any update on the issue?

    If the suggested answer helped for your issue, do click on "Mark as Answer" and “Vote as Helpful” on the post that helps you, this can be beneficial to other community members.

    Wednesday, July 24, 2019 2:27 PM