Chapter 9: Exploring Storage Solutions
In the previous chapter, we looked at network connectivity and security, including how IP addresses and the Domain Name System (DNS) work, and how to control traffic with network security groups, application groups, and routing. We then looked at advanced traffic flow tools, such as Azure Load Balancer, Traffic Manager, and Application Gateway.
Most solutions, at some point, need to store data, and choosing the right type of storage is dependent on many factors such as the kind of data it is, how it needs to be managed, and its lifecycle.
In this chapter, we will continue the Infrastructure and Storage Components topic by looking at storage. We will look at different storage types, mainly focusing on Azure Storage accounts and how to choose the right options for your requirements.
We will then investigate how to secure access to your storage accounts before examining the different tooling that is available to manipulate the data stored inside...
Understanding storage types
When designing Azure solutions, at some point, you will be required to store data. Azure has several options for storing data, and the choice of which to use depends on several different factors.
This section will examine the various options and which option is best suited to which scenario.
First, we will take a high-level look at one of the most common non-database storage mechanisms – Azure Storage accounts.
Azure Storage accounts
Azure Storage accounts are the main form of managed data storage. They can store different types of data depending on how you configure them on initial creation.
When creating a storage account, you must choose an Account Kind – the options are General Purpose V2 (GPv2), General Purpose V1 (GPv1), Blob Storage, or File Storage.
Storage accounts are grouped into two performance tiers – Standard or Premium.
Performance tiers
To make sense of the options, we will first consider the performance...
Designing storage security
Protecting your data is a crucial consideration with any storage mechanism. Luckily, security is at the heart of Azure components, and storage solutions implement various protection levels by default.
We will take a look at the different security options for Cosmos DB and Azure SQL in Chapter 12, Creating Saleable and Secure Databases. In this section, we will look at how to secure Azure Storage accounts.
Securing your data can be achieved in four different ways:
- Network protection: First, we need to protect your data against unauthorized access at the network level – only allow access from the applications that need access and no more.
- Authorization: Next, ensure that any system or person who can access the network level also has to access the data based on their account—in other words, use Role-Based Access Controls (RBAC).
- Encryption: Ensure data is encrypted so that if a hacker were able to bypass the network and role-based...
Using storage management tools
You will need to copy data into and out of a storage account; therefore, we will examine the different tools available in this final section.
All data operations can be actioned by calling the Azure Storage REST APIs – in fact, all of the other tools that we will explore through this section use the REST APIs themselves.
Azure Storage REST APIs
Each storage service – Blob Storage, Data Lake, Files, Queues, and Tables – all have their endpoint URLs, as follows:
Each service, then, has its own unique set of calls that can be made depending on the action you are trying to take. For example, to get a list of all blobs within a folder, you can follow the GET call:
https://mystor.blob.core.windows.net/?comp=list&maxresults=3
Here, mystor is the name of the storage account. Note that if the storage account or container is set to private, you first need to make a call to the Azure authentication service to obtain an authorization...
Summary
This chapter has explored the different configuration options of Azure Storage, including when to choose which. Designing applications for storage involves thinking about many other aspects of your data – from the speed at which you need to read and write to cost and availability – all of which we have looked at.
We've also delved into how to secure access to our storage at the network level, with identities and encryption. Finally, we learned the different options for manipulating and managing data in our storage accounts, from the user-friendly GUI of Azure Storage Explorer to the more manual methods of AzCopy. We also saw how they all use Storage REST APIs under the hood.
In the next chapter, we will consider the various options that are available for migrating workloads into Azure, including VMs.
Exam scenario
The solution to the exam scenario can be found in the Assessments section at the end of the book.
MegaCorp Inc. is building a new insurance application that allows users to enter details and then generates a PDF quote that users can download.
Security is essential because the data and reports contain Personally Identifiable Information (PII).
Quotes older than 6 months must be kept for 7 years if users ever want to look back at their past quotations; however, this rarely happens.
Live data (that is, 6 months or newer) should also be protected against a single availability zone failure; however, historical quotes are not critical and, therefore, don't require any additional resilience.
Recommend a storage solution that meets the customer's requirements.