Azure Table storage behaves as a service that stores structured NoSQL data inside the cloud, producing an attribute store with a schema-less design. Because Table storage is schema-less, it is easy to adapt your data because the needs of your application evolve. Access to Table storage data is fast and cost-effective for several sorts of applications and is usually lower in cost than traditional SQL for similar volumes of knowledge.
Azure Table Storage Use case
Table storage is employed to store flexible datasets like user data for web applications, address books, device information, or other metadata that the service requires. Users can store any number of entities in a table, and a storage account may contain any number of tables, up to the capacity limit of the storage account.
Azure Disk Storage
Azure-managed disks are block-level storage parts that are managed by Azure and used with Azure Virtual Machines. Managed disks are similar to a physical disk in an on-premises server but virtualized. In managed disks, all you must do is specify the disk size, type, and provision the disk. Once the disk is provisioned, Azure handles the rest. Each disk can take one of three roles in a virtual machine
OS disk. One disk in each virtual machine contains the operating system files. When a user creates a virtual machine, he/she selects a virtual machine image and that fixes the operating system and the OS disk that’s attached to the new machine. The OS disk has a maximum capacity of 2,048 GB.
Data disk. Users can add one or more data virtual disks to each virtual machine to store data. For example, database files, website static content, or custom application code should be stored on data disks. The number of data disks that can be added depends on the virtual machine size. Each data disk has a maximum capacity of 32,767 GB.
Temporary disk. Each virtual machine contains a single temporary disk, which is used for short-term storage applications such as page files and swap files. The contents of temporary disks are lost during maintenance events, so do not use these disks for critical data. These disks are local to the server and are not stored in a storage account.
Azure Disk Storage Use case
The user manages a healthcare organization, and he is beginning a lift-and-shift migration to the cloud where many of their systems will be running on Azure virtual machines. These systems have a variety of usage and performance profiles which are highly confidential. The user is concerned about the storage and does not want to access that data outside the virtual machine. To address these needs, the organization’s option is Azure Disk Storage. The Azure Disk Storage is capable of, “Lift and shift” of applications that use native file system APIs to read and write data to persistent disks. Preserve data that is not required to be accessed from outside the virtual machine to which the disk is attached.
Azure Managed Disks are the new and recommended disk storage offering to be used with Azure virtual machines for persistent storage of knowledge. Customers can use multiple Managed Disks with each virtual machine. Azure offers four varieties of Managed Disks —
- Ultra Disk,
- Premium SSD Managed Disks,
- Standard SSD Managed Disks,
- Standard HDD
Azure Storage Security
Azure Storage accounts provide several high-level security benefits for the data in the cloud:
- Protect the data at rest
- Protect the data in transit
- Support browser cross-domain access
- Control who can access data
- Audit storage access
Encryption at rest
All data written to Azure Storage is automatically encrypted by Storage Service Encryption (SSE) with a 256-bit Advanced Encryption Standard (AES) cypher. SSE automatically encrypts data when writing it to Azure Storage. When data is read from Azure Storage, Azure Storage decrypts the data before returning it. This process incurs no additional charges and doesn’t degrade performance. It cannot be disabled.
Encryption in transit
Keep the data secure by enabling transport-level security between Azure and the client. It is advisable to use HTTPS to secure communication over the public internet. When the REST APIs are called to access objects in storage accounts, users can enforce the use of HTTPS by requiring Secure transfer for the storage account. After enabling secure transfer, connections that use HTTP will be refused. This flag will also enforce secure transfer over SMB by requiring SMB 3.0 for all file share mounts.
CORS support
Azure Storage supports cross-domain access through cross-origin resource sharing (CORS). CORS uses HTTP headers so that a web application at one domain can access resources from a server at a different domain. By using CORS, web apps ensure that they load only authorized content from authorized sources. CORS support is an optional flag that can be enabled on Storage accounts
Role-based access control
Azure Storage supports Azure Active Directory and role-based access control (RBAC) for both resource management and data operations. To security principals, users can assign RBAC roles that are scoped to the storage account. Use Active Directory to authorize resource management operations, such as configuration. Active Directory is supported for data operations on Blob and Queue storage service. Storage Analytics logs every operation in real-time, and you can search the Storage Analytics logs for specific requests. Filter based on the authentication mechanism, the success of the operation, or the resource that was accessed.
Azure Monitoring
Azure Monitor maximizes the supply and performance of the applications and services by delivering a comprehensive solution for collecting, analyzing, and working on telemetry from cloud and on-premises environments. It helps us understand how the applications are performing and proactively identifies issues affecting them and therefore the resources they depend upon.
Azure Storage Account Monitoring
Azure Storage Analytics performs logging and offers metrics data for a storage account. Users can use this data to trace requests, examine usage trends, and identify issues with the storage account. To use Storage Analytics, the user must enable it individually for each service to be monitored. This can be enabled from the Azure portal. The gathered data is stored in an eminent blob for logging and in renowned tables for metrics, which may be accessed using the Blob service and Table service APIs. Storage Analytics has a 20 TB limit on the quantity of stored data that is independent of the total limit for the storage account.
Once the desired Storage Account is configured to the Diagnostics option under the Monitoring section, the user will be able to define the type of metrics data to monitor and the retention policy for the data. A default set of metrics is displayed in charts on the Storage Account blade, as well as the individual service blades. Once the metrics are enabled for a service, it may take up to an hour for data to appear in its charts.
Add comment