#Azure : Application Gateway

Like your layer 7 load balancer in your traditional datacenter, Azure application gateway takes care of your HTTP/HTTPS based requests. It works at application layer (level 7 of OSI model) and works as a reverse-proxy as well. In application gateway, client connections are terminated at gateway and then forwarded to application.

Let me show, how to create and configure application gateway step-by-step.

Login to the Azure Portal and select “+ Create a resource”. Select the “Networking” and then select “Application Gateway”.

In the basic configuration settings:

Enter the name of the application gateway. Always use a name for any components in Azure that fit for purpose and easy to distinguish.

Select the application gateway tier:

  • Standard: As any other layer 7 load balancer, it provides HTTP(S) load balancing, cookie-based session affinity, secure sockets layer (SSL) offload, end-to-end SSL, URL based content routing, multi-site routing, websocket support, health monitoring, SSL policy and ciphers, request redirect, and multi-tenant back-end support etc.
  • WAF: WAF is an advanced version of standard application gateway with application firewall capabilities that supports all standard AG features along with protection of web applications from common web vulnerabilities and exploits. Application gateway WAF comes pre-configured with OWASP (online web application security project) modsecurity core rule set (3.0 or 2.29) that provides baseline security against many of these vulnerabilities. It provides protection against SQL injection, cross site scripting, command injection, HTTP request smuggling, HTTP response splitting, remote file inclusion attack, HTTP protocol violations and anomalies, bots, crawlers, scanners, application misconfiguration and HTTP Denial of Service etc.

Select SKU size based on your requirement. AG sku comes in small, medium and large size.

Select instance count based on your need. The default instant count is 2.

Select subscription, resource group and location.

Once completed all basic configuration settings, click on OK.

In settings panel, complete following application gateway specific configuration settings:

Select virtual network and subnet that is going to associate with this application gateway.

Complete frontend IP configuration based on your application gateway requirements.

Set idle timeout settings and set the DNS name label.

Select the listener configuration protocol and associated port number.

Once completed with the configuration details, click on OK.

If you select HTTPS in listener configuration, upload PFX certificate file and provide credentials. Once completed with the configuration, click on OK.

Review the summary of the configuration and click on OK to create application gateway.

In the overview section, review the basic configuration.

In configuration panel under settings, you can change the application gateway tier, SKU size and instant count based on your requirements.

In Web application firewall panel under settings, you can upgrade to WAF tier if using standard tier and can also “enable/disable” firewall, configure firewall mode “detection/prevention”, configure rule set with OWASP and advanced configuration for your application gateway.

In Backend pools panel under settings, add and configure backend pools for application gateway. Click on add or existing backend pool to define the backend pool settings.

Click on “+ Add target” to define targets either using “IP address or FQDN” or “Virtual machine”. Click on rules to configure redirection if required.

In HTTP settings under settings, add or edit backend HTTP(S) settings such as cookie based affinity, request timeout, protocol and port etc.

In frontend IP configurations panel under settings, review IP configurations, type, status and associated listeners.

In listeners panel under settings, add basic and multi-site listeners.

In rules panel under settings, define basic and path-based rules based on your requirements.

In health probes panel under settings, you can add and edit health probes.

Once you add health probe, you define following parameters:

Name of the health probe.

Protocol either HTTP or HTTPS.

Enter the host name, path, interval in seconds, timeout in seconds and number of unhealthy thresholds.

In the properties section, you can look at the application gateway properties.

Under the locks section, you can create and configure the lock type to prevent changes and protecting the application gateway profile.

Under the “Automation script” download the script or add to library for reuse.

In the metrics panel, you can monitor the metrics of the application gateway by following parameters:

  • Current Connections
  • Failed Requests
  • Healthy Host Count
  • Response Status
  • Throughput
  • Total Requests
  • Unhealthy Host Count

In alert rules panel under settings, you can define conditional rules.

In diagnostics logs panel under settings, you can view the logs of the resources.

In backend health under settings, you can review the status of the backend pool.

I hope, this article helped you to understand, create, configure and manage Azure application gateways.


#Azure : Load Balancer

Like your traditional datacenter load balancer, Azure load balancer provides an ability to scale your application and create high availability for your services. Azure load balancer is layer 4 device and understands TCP and UDP packets. There are two types of azure load balancers are available:

  • Internal Load Balancer
  • Public Load Balancer

Let me show, how to create and configure load balancer step-by-step.

Login to the Azure Portal and select “+ Create a resource”. Select the “Networking” and then select “Load Balancer”.

Enter the name of the load balancer and set the load balancer type to either Internal or Public based on your business requirements.

If you select “Basic” sku for public load balancer then define public ip address, subscription, resource group, and location.

Standard SKU supports many advance features than the basic sku. If you want to know more about the difference between basic and standard sku, read Why use Standard Load Balancer?

If you create an internal load balancer with standard sku, you get an option to select virtual network and subnet.

Azure load balancer with standard sku provides an option to select availability zone.

If you select Internal Azure Load Balancer with SKU, you get two options for IP address assignment i.e. Static and Dynamic.

If you select static ip address assignment then you assign private ip address manually.

In my configuration, I am creating Internal Azure Load Balancer with Basic SKU.

I am using private configuration for my internal load balancer. Once completed the configuration, click on “Create” to deploy load balancer.

Once completed, you can review the basic configuration from overview panel.

In Frontend IP configuration under settings, you can review and add the LoadBalancerFrontEnd Ip addresses.

In Backend pools under settings, you can define add virtual machines that needs to be managed by the load balancer. Click on Add to configure backend pool.

Set the name and associate the backend pool with different types of virtual machines configurations, and click on OK.

In Health probes panel under settings, you get an option to add probes to check the health of your service endpoints. Click on “Add” to configure the health probes.

Configure the Name, Protocol, Port, Interval and Unhealthy threshold options based on your requirements.

In the Load balancing rules panel under settings, click on “Add” to create the load balancing rules.

Define the load balancing rules based on your requirement.

Once completed with the configuration, click on OK to create a rule with defined parameters.

You can also define Inbound NAT rules, click on “Add” to create NAT rules.

Define inbound NAT rules based on your requirement and click on “OK” to create.

In the properties section, you can look at the load balancer properties.

Under the locks section, you can create and configure the lock type to prevent changes and protecting the azure load balancer.

I hope, this article helped you to understand, create, configure and manage Azure load balancers.

#Azure : VNet-to-VNet Connectivity

VNet-to-VNet connectivity is another option to connect two virtual networks. When peering was not available in Azure, VNet-to-VNet connection was the only option to connect two virtual networks either in same region or in two different regions. Connecting a virtual network to another virtual network (VNet-to-VNet) is like connecting a VNet to an on-premises site location. Both connectivity types use an Azure VPN gateway to provide a secure tunnel using IPsec/IKE.

The VNets you connect can be:

  • In the same or different regions
  • In the same or different subscriptions
  • In the same or different deployment models

Let me explain you, how to set it up step by step. Login to the Azure Portal and go to the virtual network.

As you are going to setup a VNet-to-VNet connectivity between two virtual networks, therefore a Gateway subnet and a Network gateway is required in both virtual networks.

Select subnet under settings in virtual network, select “+ Gateway subnet” to create a gateway subnet for this virtual network.

Select an address range that will be used by this network gateway. By default, it selects next available address range.

In my case, I am using last subnet of my address space for gateway subnet.

Once added, you can review all used subnets in subnet panel.

Once, you have setup the subnet gateway in your virtual network then move on and create virtual network gateway to attach with gateway subnet.

Define the name of the virtual network gateway. Select the gateway type to “VPN” as we are establishing VNet-to-VNet connection. Select VPN type either Route-based or Policy-based according to your requirements. Select the VPN SKU based on your need.

Gateway SKUs by tunnel, connection, and throughput:

SKU S2S/VNet-to-VNet
Throughput Benchmark
VpnGw1 Max. 30 Max. 128 650 Mbps
VpnGw2 Max. 30 Max. 128 1 Gbps
VpnGw3 Max. 30 Max. 128 1.25 Gbps
Basic Max. 10 Max. 128 100 Mbps

Courtesy: Microsoft

Select the resource group, location and subscription etc.

Select your virtual network for which you are setting up this virtual network gateway.

Create new public IP address for your virtual network gateway.

Create public IP address using either Basic SKU or Standard SKU.

Once you are done with all the details, click on “Create” to deploy virtual network gateway.

Follow the same steps for another virtual network as well.

Once completed above steps in both the virtual networks now this is a time to establish a connection between both virtual network gateways which belongs to their respective virtual networks so that both the virtual networks can talk to each other. To do this, go to the “+ Create a resource” and search for “connection”.

Select the “Connection”.

Click on “Create” to establish a connection between virtual networks.

In basic settings select the type of the connection to VNet-to-VNet. Select the appropriate subscription, resource group and location.

Once configured all the basic settings, select “OK”.

Select both the virtual network gateways that needs to be connected, select the checkbox “Establish bidirectional connectivity” if you want to establish two-way connection. Define first and second connection names and then shared key to establish a secure connection.

Select first virtual network gateway.

Select second virtual network gateway.

Define both first and second connection name and enter the shared key, select OK.

Review the details in summary page and select OK to create a connection between virtual network gateways.

Once completed successfully, resources can talk to each other across virtual networks.

#Azure : Network Peering

In Microsoft Azure Virtual Networks, Peering connects multiple virtual networks. It simplifies the connectivity and configuration between virtual networks. Once connectivity established through peering, traffic flows seamlessly between two virtual networks. Traffic between peered virtual network leverages Microsoft infrastructure backbone, much likely traffic is flowing within the same virtual network. However, it doesn’t cover all the scenarios and it is the option available only for virtual networks available in same region. Apart from this major constraint, there are many other restrictions applies to it such as address ranges can’t be added or deleted from the address space of a virtual network once peered with another virtual network. However, peering virtual networks between region is currently in preview for few regions and it may be generally available soon.

Address spaces within same virtual network doesn’t require peering. For example, if I have two address spaces one for corporate network and another for perimeter network, and both are part of the same virtual network then there is no need to establish any kind of connectivity because both networks can talk to each other by default.

Now, let me show you how to setup peering between virtual network.

Login to the Azure Portal and first go to your virtual network and then go to the “Peering” under settings. Select “+ Add” to establish a peering between virtual networks.

In Add peering panel, fill the required details.

Name: Enter a common name for the peering that you can recognized.

Peer details: Select virtual network deployment model.

Subscription: Select the subscription.

Virtual network: Select the destination virtual network.

Configuration: By default, “Allow virtual network access” enabled. If you don’t have specific configuration, go with default configuration.

Once entered all the necessary details then click “OK” to setup a peering.

Once created successfully, you will be able to see it in peering panel.

Follow the same steps in another virtual network as well. Once completed from both the side, you will be able to flow data between peered networks.

#Azure : Virtual Networks

Azure virtual network enables Azure resources to communicate with each other in Azure network and with external resources through internet. Azure virtual network is like your traditional local area network in datacenter. Azure virtual networks can be connected with another virtual network in Azure and with your On-premises datacenter as well. Azure virtual network supports private ip addressing and subnetting as you do in your on-premises network. Azure virtual network supports subnets within a virtual network, the number of subnets can be defined based on the virtual network class and size of each subnets, and it is as same as VLAN in your traditional network. By default, subnets within virtual network can talk to each other without establishing any connection. Once a virtual network created, multiple address spaces can be added based on your need. While doing this entire exercise, please make sure that any ip address or ip addresses range is not overlapping with each other neither across your Azure virtual networks nor with on-premises network.

Let me show you, how to set up virtual networks step by step. To start login to Azure portal.

In Azure portal, select “+ Create a resource” à“Networking” à “Virtual network”.

Look at the details required to create a virtual network.

Name: Name of the virtual network, it should be unique in your Azure environment.

Address space: Define address space based on your requirement.

Subscription: Select your subscription.

Resource: Either create a new one or use existing resource group.

Location: Select location to create this virtual network resource, It will selected automatically if you are using existing resource group.

Subnet: Define the name of the subnet.

Address range: Define the address range for this subnet.

Service endpoints: Define the service endpoints, by default it is disable.

Look at the below screenshots for filled details. Once filled all the required details, click on “Create” to deploy a virtual network.

Once deployed successfully, you can find this virtual network in your resources.

Select “Subnets” to look at/verify your existing subnet. Click on “+ Subnet” to create a new subnet in your existing virtual network.

Enter the name of the subnet and then enter the address range for this subnet. As we had used ( –, therefore the next range will start from, You can specify the new range based on your need.

Once filled the required details, select “OK” to deploy a new subnet in your existing virtual network.

Once deployed successfully, you can see both your subnets here.

Go to the Address space, if you would like to add a new address space in your virtual network.

Add the address space based on your requirement. (Example: Many organization uses different – different set of ip address ranges for different types of networks. Very simple example is Corporate and Perimeter network.) Once entered the range, click on “Save”.

Once added the address space successfully, define the subnet in that address space.

In connected device panel, you can see the devices that are using ip address from this virtual network.

In subnet panel, you can define multiple subnets based on your define address ranges.

In DNS panel, you can define the custom DNS server addresses based your network design. By default, it uses Azure-provided DNS server.

In peering panel, you can define peering between two virtual networks that belongs to the same region.

In Service endpoints panel, you can specify services endpoints based on your requirement. In general, you don’t have to define any thing here.

In properties panel, you can see the properties of your virtual network, such as resource id, location, resource group etc.

In Locks, you panel you can define the locks for your resources by defining lock type either “delete” or “read-only”.

In the Automation script panel, you can view the temple of this deployment and you also get an option for download, add to library and deploy.

In the diagram panel, you get the graphical representation of all the subnets and associated resources.

I hope, this step by step blog post helped you to create your virtual network and subnets in Microsoft Azure. To know more about the networking features such as Gateway subnet, peering etc., read the next blog post.

#Azure : Map your traditional datacenter storage with cloud storage

Storage plays a critical role in technology, without storage you can’t think about anything. Because of the criticality of its existence, storage providers have made enormous amount of money in the past by selling disks with the intelligent built into their proprietary storage controllers that controllers the behavior and performance of the storage. At present, that intelligence has been integrated with the software and that’s why this kind of storage are known as software defined storage. SDS has given a chance to the industry to have infinite amount of data without the hurdle of jumbling cables connectivity between the compute and the storage. In short, now you can leverage your compute with local disks attached to it and create your own software defined storage using software capabilities such as VMware vSAN, Windows S2D, Scale IO etc.

Let me provide you a high-level overview of traditional datacenter storage:

Direct Attach Storage: Direct attach storage as name describes, it is a pool of disk that can be directly connected with the server locally using SAS cable. You can attach multiple DAS with on one server in the form of chain, while number of DAS in one chain depends on DAS specification. Example: Very good option for application like Microsoft Exchange to provide large mailbox size.

Storage Area Network: SAN is a block level data storage technology and commonly used storage across enterprises. It is also known as intelligent storage and supports high availability, scalability, resiliency and so on. In general SAN has two storage controllers in HA mode and it can be connected using two methodologies based on storage type, these methodologies are fiber channel and iSCSI. Fiber channel storage uses fiber channel switch to establish a connection between storage arrays and with compute using FC cables. Now-a-days few fiber channel SAN supports FCoE (Fiber channel over Ethernet). Another option in SAN is iSCSI, it uses network switch to connect between storage arrays and with compute using SFP+ cables. There are many hybrid SANs are available in the market, which supports both the technologies.

Network Ares Storage: NAS is a file level computer data storage, which used over the network. Many enterprises use this technology for File Share storage and NFS. This type of storage directly connects to your local area network using ethernet switch.

Software Defined Storage: Software defined storage is a latest technology that is being used in traditional datacenter as well as in the cloud. This technology generally used your local internal storage of the server and leverage the storage logic defined by software services such as vSAN from VMware, Storage space direct from Microsoft and Scale IO from Dell EMC etc. It uses a pool of servers and their local storage to create a single storage pool that can leveraged across the compute nodes. It also provides traditional SAN capabilities such as tiering.

When it comes to the cloud and specifically Microsoft Azure storage services, you can differentiate available services in four categories i.e. blob, file queue and table storage. In most of the cases, you leverage blob storage. To know more about in details, read the following posts:

Storage Accounts

Storage services

Storage replication

Step-by-step Microsoft Azure Storage

Storage Explorer

Now, let me explain how to do a selection of storage in cloud.

Largely data in cloud has been divided into two large pieces i.e. structured data and unstructured data. While the type of storage has been divided into two tiers i.e. Standard and Premium. Standards storage is common across entire storage service landscape while premium is only part of the blob and can be leveraged only to create OS and data disks. Follow the following steps to select the right set of storage service option for your specific solutions.

OS & data disk: Uses blob and performance tier can be selected between standard and premium. Standard is backed by SAS HDDs and premium is backed by high-performance SSDs. Many high-performance OS disks use SSD by default. OS disk is to install the operating systems and data disk can be used to install application binaries and to store the application data as well.

Application storage requirement: Look at the application architecture and IOPS requirement. Look at your exiting application environment and storage configuration in case of brown field and use the application definition documentation to estimate the storage size, performance tier and type of storage service. Once defined then use the storage service based on your application requirement.

Database storage requirement: First select between PaaS and IaaS based on your application need and then define the storage tier and storage service based on your database type and application need.

Above mentioned criteria are a very high-level decision-making technique but in one line I would say, know your application and data requirement in terms of size (first) and availability/replication (second) and performance (third) to make the right selection.

#Azure : Storage Explorer

When you move from traditional datacenter to the cloud, you know the limitation very well. In the cloud, you don’t much worry about the underlying infrastructure management. In the context of virtual machine, you don’t play with hypervisor at all. But once you look at the storage, you feel that management tool is required to manage the storage pool. To help you in this area, you have few options from Microsoft but at the same time you may find multiple offerings from the Microsoft Partners. Microsoft natively provide following options for storage management.

  • Microsoft Azure Portal
  • Microsoft Visual Studio Server Explorer
  • Microsoft Azure Storage Explorer

Microsoft Azure Storage Explorer comes with full-fledged functionalities and support all major operating systems such as Windows, Linux and OSX. It is a thick client application that you need to download and install on your system.

To download this tool, go to the “Azure Storage Explorer” page and download the storage explorer by selecting right operating system based on your need.

Once download completes, install this tool in your system.

To install, run StorageExplorer.exe on your system. Accept the agreement and click on Next.

Select the installation directory and click on Next.

Go with default setting and click on Next as it will create a short cut in the Start Menu.

It will take few seconds to compete the installation.

Once done, click on Next to open the Storage Explorer wizard.

First time, it will take few seconds to load the wizard.

Once loaded successfully, you will get an option to connect your storage account or service. Click on “Sign in” to continue.

In my case, I would like to manage entire storage portfolio of my Azure subscription. But you can use specific storage accounts or provide access to others on a specific storage accounts using different methods.

Login using your Microsoft Azure subscription account.

Go to the Microsoft Azure Storage Explorer and select “Manage Accounts” option and then click on either “All subscriptions” or any specific subscription and then finally click on apply.

Once connected, you will be able to see all your storage accounts.

Now, you can play with it. You can use storage explorer for following activities.

Blob storage

  • View, delete, and copy blobs and folders
  • Upload and download blobs while maintaining data integrity
  • Manage snapshots for blobs

Queue storage

  • Peek most recent 32 messages
  • View, add, and dequeue messages
  • Clear queue

Table storage

  • Query entities with OData or query builder
  • Add, edit, and delete entities
  • Import and export tables and query results

File storage

  • Navigate files through directories
  • Upload, download, delete, and copy files and directories
  • View and edit file properties

Azure Cosmos DB storage

  • Create, manage and delete databases and collections
  • Generate, edit, delete and filter documents
  • Manage stored procedure, triggers and user-defined functions

Azure Data Lake storage

  • Navigate ADLS resources across multiple ADL accounts
  • Upload, download files and folders
  • Copy folders or files to the clipboard
  • Delete files and folders

Above mentioned activities are just an overview that you can see when opening Microsoft Azure Store Explorer web page but you can do many more things with storage explorer. Therefore, explore this explorer as much as possible.

#Azure : Step-by-step Microsoft Azure Storage

Microsoft Azure storage offers variety of services that can be used to fulfill most of the business needs. Configuration and selection of services differs based on the storage requirements. I have covered most of the services and configuration options in the following post:

Storage Accounts

Storage services

Storage replication

In this blogpost, I am going to cover step-by-step process for creating storage accounts, configuring required storage services and selecting right storage replication methodology to fulfill your business needs.

Login to Azure Portal. Create a new resource group or use existing one based on your requirements.

Select “+ Create a resource” to create storage account.

Select “Storage” from the Azure market place and then select “Storage account – blob, file, table, queue”.

In the “Create storage account” panel, enter the unique name for the storage account. This name should be in all lowercase without any space or special characters.

By default deployment model is set to “Resource manager”, if you choose “Classic” under deployment model then you will not be able to select the kind of the storage account and as well as many new features that comes with general purpose v2 storage account.

When you go with default deployment model “Resource Manager”, you can select one of the following account kind:

Storage (general purpose v1)

StorageV2 (general purpose v2)

Blob storage

Select the performance tier based on your requirements.

Standard performance tier provides, four replication methodologies. Select most suitable replication options based on data availability requirements.

If you select premium performance tier then only you have one replication option i.e. LRS, and default access tier will be Hot. In premium storage, there is no option for cold access tier.

All four replication methodology is very specific to location. In few locations, you don’t have option to go with ZRS.

In “Resource Manager” deployment model, you have an option to select virtual network. In general, we don’t enable this option (by default it is disabled) but if you have any specific requirement based on your data confidentiality then you can define the virtual network / subnet so that the services running under specified network subnet can only use this storage account.

Once done with the configuration, click on create to create a storage account with specified storage services. I hope, it gives you a clearer picture about storage configuration in Microsoft Azure. Please feel free to share your experience by leaving a comment in the comment box section.

#Azure : Storage replication

Microsoft Azure storage offers numerous type of availability and durability of the data, within the datacenter, across datacenters, within the same region, or across regions. Based on your needs, you can select the right replication methodology. For example, if you would like to save your data from catastrophic failure in a single region then choose replication option that supports replication across regions.

Please keep in mind that you can configure replication options when you are creating a storage account and each region doesn’t support all replication options. Microsoft Azure offers four different replication options.

LRS: Locally redundant storage

ZRS: Zone-redundant storage

GRS: Geo-redundant storage

RA-GRS: Read-access geo-redundant storage

Table below provides you a quick overview about differences between all four replication options.

Data is replicated across multiple datacenters. No Yes Yes Yes
Data can be read from a secondary location as well as the primary location. No No No Yes
Designed to provide _durability of objects over a given year. at least 99.999999999% (11 9’s) at least 99.9999999999% (12 9’s) at least 99.99999999999999% (16 9’s) at least 99.99999999999999% (16 9’s)

Courtesy: Microsoft

Let me explain you all four replication options in detail.

Locally redundant storage: maintains three copies of your data. It replicates your data within a scale unit, which is hosted in a datacenter in the region in which you create your storage account. A scale unit is nothing but a set of multiple racks, which hosts storage nodes. To maintain high availability, these replicas reside in separate fault domains and update domain. A fault domain is nothing but a group of nodes, which belongs to a single point of failure. While an update domain is a group of nodes that can be upgraded at the same time. LRS is cost effective solution but doesn’t safeguard your data from datacenter level failure.

Zone-redundant storage: maintains three copies of your data. ZRS is little confusing as of now because of its two versions. ZRS is in preview, which falls under general purpose v2 storage accounts, it replicates data synchronously across multiple availability zones with in a region and very useful for highly available applications. While the existing or old ZRS capability is now referred to as ZRS classic, which falls under general purpose v1 storage accounts. ZRS classic replicates data asynchronously three times across two to three facilities within same region or in some cases across two regions. ZRS classic are planned to depreciate by March 2021 and once new ZRS generally available in a region then ZRS classic can’t be created.

Geo-redundant storage: maintains six copies of your data. It replicates three copies in one region and another three copies in another region. In primary region, it replicates your data within a scale unit, which is hosted in a datacenter in the region in which you create your storage account. A scale unit is nothing but a set of multiple racks, which hosts storage nodes. To maintain high availability, these replicas reside in separate fault domains and update domain just like LRS. While in secondary region also it does the same thing but between the region data replication take place in asynchronous mode. Your data doesn’t become available in case of primary region failure, until Microsoft initiates the failover. Primary and secondary region association is pre-defined based on the locations and can’t be changes manually. Once you create a storage account, you just need to specify your primary azure region. Here is the list of primary and their respective secondary regions.

Primary Secondary
North Central US South Central US
South Central US North Central US
East US West US
West US East US
US East 2 Central US
Central US US East 2
North Europe West Europe
West Europe North Europe
South East Asia East Asia
East Asia South East Asia
East China North China
North China East China
Japan East Japan West
Japan West Japan East
Brazil South South Central US
Australia East Australia Southeast
Australia Southeast Australia East
India South India Central
India Central India South
India West India South
US Gov Iowa US Gov Virginia
US Gov Virginia US Gov Texas
US Gov Texas US Gov Arizona
US Gov Arizona US Gov Texas
Canada Central Canada East
Canada East Canada Central
UK West UK South
UK South UK West
Germany Central Germany Northeast
Germany Northeast Germany Central
West US 2 West Central US
West Central US West US 2

Courtesy: Microsoft

Read-access geo-redundant storage: maintains six copies of your data. It replicates three copies in one region and another three copies in another region. In primary region, it replicates your data within a scale unit, which is hosted in a datacenter in the region in which you create your storage account. A scale unit is nothing but a set of multiple racks, which hosts storage nodes. To maintain high availability, these replicas reside in separate fault domains and update domain just like LRS. While in secondary region also it does the same thing but between the region data replication take place in asynchronous mode. In case of RA-GRS, your data is available in read mode always, even in case of primary region failure. However, you can’t get write access on your data from secondary region until Microsoft initiates the failover. Primary and secondary region association is pre-defined based on the locations and can’t be changes manually like GRS. Once you create a storage account, you just need to specify your primary azure region.

#Azure : Storage services

In Azure Storage Accounts blogpost, I have covered details of storage accounts, access tiers and performance tiers. Storage account is a kind of container for storage services in Microsoft Azure. There are following storage services provided by Microsoft Azure:

Blob storage

File storage

Queues storage

Table storage

Disk Storage

Let me explain you each storage service in detail.

Blob storage: This name “blob” looks bit confusing to the people who are new in the world of storage. In simple words, a blob is a storage that can store almost any kind of file that you store in your PC, tablet, mobile and cloud drives. For example, MS office documents, HTML files, database, database log files, backup files and big data etc. Once stored, you can access it from anywhere in the world through URLs, REST API, and Azure SDK storage clients etc. There are three types of blobs, block blobs, page blobs and append blobs.

  • Block blobs: It is an ideal for storing any kind of ordinary files such as text or media file. It supports files up to about 4.7 TB in size.
  • Page blobs: It is kind of blob that is meant for random access and more efficient with frequent read/write operations. It supports files up to 8TB in size and used for OS and Data VHDs.
  • Append blobs: It is as same as block blob and in other words it is made up of blocks like block blob but it provides an additional capability of appending the files. It is generally used in logging scenarios, where we store logging information from multiple sources and append it.

File storage: Azure file storage is highly available network file share based on the SMB 3.0 (Server Message Block) protocol also known as CIFS (Common Internet File System). Azure file shares can be accessed by Azure virtual machines and cloud services by mounting the share, while on premises deployments can access it through Rest APIs. One of the amazing capability that distinguish it from normal file share i.e. it can be access from anywhere through the URL that points to any file and includes SAS token. The way we use traditional file share, in the same way azure file share can be used. Let’s take few examples to make it clearer.

  • File share to store data such as files, software, utilities, reports etc.
  • Application that depends on file share
  • Configuration files that need to be accessed by multiple sources at the same time.
  • To store crash dump, metrics and diagnostic logs etc.

These are few examples but in your day-to-day life you find many more. As of now, AD based authentication and ACLs are not supported but in future you may see it as well.

Queue storage: This is not a new word for any experienced IT developer/professional. Azure Queue storage is a service to store and retrieve messages asynchronously. A queue can contain millions of messages, up to a capacity limit of the storage account and within a message size limit of 64 KB each. It can be accessed from anywhere in the world via authenticated calls using HTTP or HTTPS. The maximum time that a message can remain in the queue is 7 days. Few examples of queue storage services are:

  • Passing a message from an Azure web role to an Azure worker role.
  • Covert file types of large number of files such as .png to .jpeg by using azure function. Once you will start uploading the files, azure function will start converting its format.

Table storage: Azure table storage is a service that stores structured data. This service is NoSQL datastore that accepts authenticated calls from inside and outside the Azure cloud. It is ideal for storing structure and non-relational data such as spreadsheet kind of information, address books, user data for web applications etc. You can store millions of structured and non-relational entries, up to limit of the storage account. Few example of table storage service are: (Courtesy: Microsoft docs)

  • Storing terabytes of structured data capable of serving web scale applications.
  • Storing datasets that don’t require complex joins, foreign keys, or stored procedures and can be denormalized for fast access.
  • Quickly querying data using a clustered index.
  • Accessing data using the OData protocol and LINQ queries with WCF Data Service .NET Libraries

Disk Storage: Azure disk storage service is the simplest one to understand as we use it as part of the virtual machines either on-premises or in the cloud. Disk storage can be used for operating systems, application or any other kind of data. All virtual machines in Azure have at least two disks, a disk for operating system and a temporary disk. VMs can have one or more data disks. All disk will be in VHD format and can have capacity up to 1023 GB. Azure disk storage service provides these disks in two ways, a managed disk and an unmanaged disk. These disks can further divide between two performance tiers, standard and premium.

Managed disk: Managed disk are disks that is created and managed by Microsoft and you don’t have to worry about the availability of storage. Managed disks are available in both performance tier, based on our requirement you can select the right size of disk and performance tier. Standard performance is represented by S and premium performance tier is represented by P. The available size for both the performance tier is between 32 GB to 4095 GB.

Unmanaged disk: Unmanaged disks are disks that is created and managed by you. To create these disks, first you create storage account and define availability by selecting replication options and then you create unmanaged disks under it. Unmanaged disk also supports standard and premium tier. Here, you are responsible of availability of the disk based on replication method you select.

Standard tier: Standard tier disks are basically HDD and provide limited number of IOPS. This type of disks provides maximum 500 IOPS.

Premium tier: Premium tier disks are SSDs and provide high IOPS and low latency. This type of disks provides maximum 7500 IOPS. Premium disks are only available with limited series of Azure VMs.