none
Best practice for accessing a file share on an Azure File Server RRS feed

  • Question

  • Hi,

    What would be a best practice for accessing a file share on an Azure File Server.

    One or two users need to access files from there Windows 10 desktop on a VM that is located in Azure. I can open port 445 on the VM in Azure and allow only access from the external IP of the customer. Or is it a best practice to use Azure Files instead? What would be the better choice and why?


    Monday, November 25, 2019 10:41 AM

All replies

  • Users can mount the file share on their system or use Azure Storage Explorer and access files. 

    Please check below FAQs.

    https://docs.microsoft.com/en-us/azure/storage/files/storage-files-faq#general


    If the response helped, do "Mark as answer" or upvote it
    - Vaibhav

    Monday, November 25, 2019 11:11 AM
  • Hi,

    I guess, Azure File sync could be a good match for your requirement. Give a try with 

    https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide?tabs=azure-portal

    https://www.youtube.com/watch?v=n3R9GqOrBOY


    -Malleswar

    Monday, November 25, 2019 11:30 AM
  • Is there security wise any difference accessing the files on the Azure VM directly (port 445) or through Azure File Share?
    Monday, November 25, 2019 1:11 PM
  • To Access Azure File share port 445 needs to be enabled. Authorizing option on Azure File share is Supported, only with AAD Domain Services and Shared Key (storage account key)

    Azure files can be used for  “lift and shift” applications to the cloud while maintaining the same security model used on-premises with the general availability of Azure Active Directory Domain Services (Azure AD DS) authentication for Azure Files. By integrating Azure AD DS, you can mount your Azure file share over SMB using Azure Active Directory (Azure AD) credentials from Azure AD DS domain joined Windows virtual machines (VMs) with NTFS access control lists (ACLs) enforced

    This article explains Better security with enhanced access control experience in Azure Files

    Data will be more secured in Azure File Share and also you can provide access to the external users  Secured option SAS and AAD, Even you can use Azure Private end point for your Azure Storage account.

    Azure Files use:

    1. Replace On Premise file servers or supplement with Azure File sync
    2. Lift and shift applications. If you are moving any application to the Cloud , the using Azure Files, you can move both Application and Data to the Cloud. Or you can implement Hybrid scenario where application runs On Premise and Data resides in the Cloud. If you have an app that works with your on-premise file server, moving it to Azure means rewriting it, or setting up a file server in the cloud. Azure Files is perfect for that.
    3. Shared Application settings. If you are running a Distributed application at multiple locations, and there is a need for these multiple applications to access common application settings, these can be on Azure Files
    4. A Cloud Application can write logs, metrics, crash dumps on Azure files. Then using Azure File Sync these will be replicated on local Server periodically.

    Azure File Sync

    Azure File Sync syncs file shares to Storage Account using Azure File Service.

    Features and Benefits

    1. Multiple File Servers at multiple locations. Sync all to single Azure File Storage. Commonly used files are cached on local server. If local server goes down, quickly install another Server or VM and sync Azure files to it.
    2. The older, rarely accessed files will move to Azure thus freeing your local file Server .
    3. Sync Group helps to manage locations that should be kept in sync with each other. Every Sync Group has one common Cloud Storage. So a Sync Group will have one Azure End point and multiple Server end points. There is a 2 way sync so that changes to Cloud are replicated on local server within 12 to 24 hours. But changes on a local server are replicated to all end points within 5 minutes.
    4. An agent is installed on the Server end point . There is no need to change or relocate data on a different volume. Thus it is non-disruptive type of agent.
    5. Every Server end point creates an Azure file share in the storage account. End user experience is unchanged
    6. When a particular local file is getting synced , then it is locked. But this is only for a few seconds.
    7. A Disaster Recovery Solution for File Server. If local File Server is destroyed, set up a VM or physical server , join to the previous sync group and you get “rapid restore”.
    8. When a file is renamed or moved, the meta data is preserved.
    9. Its different from One Drive . One Drive is for Personal Document management and is not a general purpose File Server. One Drive is primarily meant for collaborating on Office files. Not optimized for very large files , CAD drawings, multimedia development projects.

    10. Azure File Sync works with On Premise AD and not Azure AD.

    There is video in this article you may refer here for detailed information.

    I would recommended to use the Azure Files.

    Hope this helps! 

    Kindly let us know if the above helps or you need further assistance on this issue.

    ------------------------------------------------------------------------------------------

    Do click on "Mark as Answer" and Upvote on the post that helps you, this can be beneficial to other community members.

    Monday, November 25, 2019 2:27 PM
    Moderator
  • Is there any update on the issue?

    If the suggested answer helped for your issue, do click on "Mark as Answer" and “Vote as Helpful” on the post that helps you, this can be beneficial to other community members.

    Thursday, November 28, 2019 2:57 PM
    Moderator
  •  Just checking in to see if the above answer helped. If this answers your query, do click “Mark as Answer” and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
    Wednesday, December 4, 2019 5:40 AM
    Moderator