Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far greater than traditional on-prem options.
During and after that shift to cloud, though, one area that still poses a struggle for many organizations is what to do with their department file shares. I’m sure you’re thinking “there are all kinds of solutions,” and most of them are far better than a traditional network share. I’d agree with you; however, many organizations have a workforce that is accustomed to this old process. While solutions like SharePoint, One Drive for Business, and Dropbox are nice and have additional features, most organizations still prefer the Windows file share.
One solution that holds promise is Microsoft’s Azure File Services. The offering was originally intended to enable companies to move applications that interacted with file shares to Azure, and it was only accessible from Virtual Machines within the same Azure data center when it was first released. But last year Microsoft released an update that leverages SMB 3.0 and enables users to securely connect to the shares from any location.
There are some limitations if you’re looking to deploy Azure File Services within your organization. The biggest that I found was that not all internet service providers (ISPs), such as Comcast and Charter Spectrum, will allow port 45 access across their networks. (Here is a list of known ISPs that do and don’t block this.)
The other major limitation at this time is while you can assign Azure AD permissions to the share, when a user connects, they have to authenticate with the Azure Storage Account and key. This requirement means that everyone is authenticating with the same account. Microsoft is aware this is a short-coming and is supposed to be addressing it in the future with an update to the service.
These two limitations aside, I see the service being useful for organizations that need to archive data and only allow access from a limited number of individuals or systems. As Azure storage is a low-cost retention solution, the data at rest can easily be encrypted with Azure encryption services.
If you’d like to try Azure File Services for yourself, follow these steps:
1. Go to the Azure management portal and log in with your account.
2. Browse to Storage Accounts and create a new Storage Account for this scenario.
3. Make sure when naming the resource to use all lower case letters (this is a Microsoft Configuration requirement). For Account Kind, make sure to select “General Purpose.” For our demo we’ll be using Standard performance disks and Geo-redundant Storage. We’ve also enabled Encryption to show you how easy this function is.
4. Once the storage account has been created, browse to it and under File Service click Files. You see a sub screen and the Create File Share Button: click it, give your file share a name, specify how large you’d like it to be, and click Create.
Congratulations – you’ve just created your first Azure File Share. But wait! You’re asking, “How do I connect to this file share?”
If you click on Connect it will give you the command syntax to connect from either a Windows or a Linux machine.
Remember, your ISP may be blocking port 445. However once you do connect you can upload files and interact like a normal file share. Look for future updates from Microsoft on this feature to add additional security and the ability to assign individualized permissions based on Azure AD accounts. Alternatively, if you are considering Azure for your organization but need additional expertise for deployment and management services, learn more about public cloud management services like those from Concerto Cloud.
Thank you for reading.
|4 Tips for Writing LinkedIn Blog Posts That Expand Your Influence||470|
|IPsec VPN Configuration On Cisco IOS XE - Part 1 - Policy Based VPN||214|
|Methods to Troubleshoot RPC Server is Unavailable Error in Windows||167|
|IPsec VPN Configuration On Cisco IOS XE - Part 4 - Route Based VPN With Dynamic Routing (OSPF)||93|