Azure 101 – Azure Storage Accounts for Beginners

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

in this video I'm going to introduce you to azure storage accounts hello everyone this is ciraltos and I'm Travis storage accounts are an important part of Azure cloud services and you will likely use them on your journey to cloud computing in this video I'm gonna give you an overview of the characteristics and features of an azure storage account this is not intended to be a deep dive into storage accounts there are many features included with a storage account and most require their own video this is a 100 level video that will cover the main features of an azure storage account to help people new to azure before we go on I'm contractually obligated to ask you to subscribe so please do so so what is a storage account a storage account is a cloud repository for data when I first started out with azure I made the mistake of acquainting it to a SAN or NAS device it is not like that at all matter of fact it would be a mistake to think of it in terms of traditional block storage or file storage blob stands for binary large object blob storage is object-based storage used to store massive amounts of data blob storage consists of a single level of storage within a container there is no true directory structure however paths can be emulated by creating blobs that contain the slash in the name also blob storage is accessible by HTTP or HTTPS protocol not SMB or NFS like traditional file servers any binary object can be saved to blob storage including images or documents media files log files backup or archive files and virtual disk files there are three types of blob storage intended for different uses block blobs these are for text and binary data files existing blocks can be inserted replaced or deleted append blobs are optimized for append operations when modify blocks are appended to the end of the blob only use this if you need to track history of changes on blob files page blobs are a collection of 512 byte pages optimized for random read and write operations this is what Azure VM's use for a virtual disk because of the random nature of the reads and writes let's move on to locations and redundancy storage accounts are core components of Azure and as such they're available in each region azure also protects data by keeping replicas of the data in storage accounts to protect it from planned and unplanned outages there are four redundancy options with different SLA guarantees available when deploying a storage account first is local redundant storage or LRS there's multiple copies in one data center this gives you 11 nines for the SLA next is zone redundant storage or zrs with this there's multiple copies of the data in multiple data centers within a region next is geo redundant storage or GRS multiple copies of data are kept in multiple regions this ups to a 16 nines SLA read access geo redundant storage or RA - GRS is the same as GRS only you can read from those copies in other regions the geo redundant option copies data between paired regions I went over paired regions in a previous video you can find it in the link above here someplace keep in mind that these replicas are intended for assure to meet the SLA for storage should not be considered a backup strategy if there's data corruption for example that corruption will be replicated to all copies also Microsoft controls when a fell over to a replica occurs that is not a user initiated activity next let's move on to access tiers there are three access tiers in blob storage each optimized for different data access and retention scenarios hot is for data that's accessed frequently there's a higher storage cost but a lower access cost think of this for a virtual disk cool is for data infrequently access there's a lower storage cost but a higher cost to access and then finally there's archive this is for data rarely accessed it has the lowest storage cost but the highest access cost there's also a delay in retrieving data if you need to call it back you could equate this to like tape storage the three options provide an economic data storage strategy based on how frequently that data is accessed but wait there's more storage accounts are not limited to storing blob files there are other services available in a storage account as well one being is your files these are SMB shares back by blob storage as your files are secured by role based access control not NTFS there wouldn't be a good option for user file but if you have some services that need to access an SMB share this may be a good option Azure queue storage this is a messaging service for storing large number of messages think of micro services that need to communicate with each other asynchronously they could use queue storage as a broker or queue for the messages this is when queue storage would be used and azure table storage this is a no-sql table data storage think of it as a large Excel spreadsheet as your table storage allows for uploading of large amounts of unstructured key value pair data and then azure disk storage this is also known as managed disks this can be created in Azure blob storage or as managed disks managed discs are more expensive but offer more features and are simpler to manage let's move on to securing storage accounts there are two ways to secure access to a storage account with access keys or with SAS tokens first is access keys there are two per storage account and those access keys give full access to everything within the storage account the two keys allow for key rotation without disrupting access access to these keys should be limited because they grant full access really if you're going to give people access to a storage account the better way is through a shared access signature or SAS token these are time-based access keys or token that give granular control and we're gonna demo that right now in the demo alright buckle up everyone it's demo time in this demo I'm going to do two things first I'm going to create a storage account and then we'll go through and look at some of the different options and settings that we talked about next I'm going to create a SAS token that I'll use to connect to the storage account with storage explorer so i guess technically that's three things but well let's get started so the first thing we're gonna do is create a resource and that resource is going to be a storage account and there it is also like this I'm gonna create okay so the subscription is going to be pay-as-you-go that's my subscription I'm gonna create a new resource group we'll just call this demo storage all right so that's gonna be a new resource group and then for a storage account name I'm going to give it a name Cir test storage the storage name does need to be globally unique because it is accessed by a URL I'll leave east us two is the location there's a couple of performance tiers standard and premium I'm gonna go a standard I'll leave it as a storage v2 for replication I'm going to leave this as LRS but here you can see the different options available lrs zrs grs and read access grs and the default here will be hot so next thing you wanna do advanced so secure transfer required that requires https virtual networks you can select if you want to allow access from all networks or a selected virtual network i'll leave it at this all networks data protection this is kind of interesting you can enable soft delete this puts any blobs that are deleted into like a recycle basket for seven days by default but you can turn that up if you want it I'm just gonna leave it at seven there we go and I do not need data like storage so I'm gonna go to review and create because I'm not going to use tags and then I will create and this is going to take a couple seconds so I'll be back shortly alright that took about a minute to complete I'm gonna go to resources and here we can see all that we talked about before at the top is the standard azure stuff activity logs tags and then here under settings we're going to come back to that but here is the blob storage you can see I don't have a blob there but let's create a container quick I'm gonna call this test container and we'll click OK that created a container that I can use to store blob files there's a few other things in here again this is more of a high-level each one of these probably requires its own video to go over into deep detail but I want to show also here's the file services although there is none but I could create a share here table storage and queues so let's go back up I want to show you two things here first is access keys now these are all black blanked out see here ok I'll enable these for now and I don't mind you seeing these because this will be long gone by the time you see this video but here you can see there's two keys as well as constrict connection strings for each key now these are the keys that will grant full access to this storage account and I don't want to use those what I want to use is the shared access signature here you can see I can get granular I can disable or enable blob file queue and table I can also specify the allowed resources allowed permissions and we can also set a time as well as allowed IP addresses I can specify HTTPS only or HTTP and HTTPS now if you remember back when I set up this account I specified secure connections only so HTTP won't work and then I'm going to generate a SAS connection string and it's gonna generate off from that first key I could select two if I wanted to but I'm gonna leave it as key one obviously if I rotated key one this would be no good so here it's giving me a list of a lot of connection strings SAS tokens blob service SAS URLs file service SAS URL queue service SAS URL and table service SAS URL so if I wanted to interact directly with any one of those services I could use these URLs I'm gonna grab this connection string though and with that I'm gonna hop over to storage Explorer now if you haven't used storage Explorer before this is kind of like File Explorer but for azure storage you can download it from Microsoft just do a search for Microsoft Azure storage Explorer and you'll get the most recent version from here I'm gonna connect and I'm gonna use this option use connection string and reality what I probably do is add the azure account that will just have me sign in to Azure and then I'll be able to see all my storage accounts but for the demo I'm going to show you how a connection string works so I'm going to select that option and then I'll go into connection string and you can see I pasted the connection string in and it came up with the display name the Cirteststorage and the next and then I'll click connect there it is now we can go into that storage account and you can see a blob containers file queue and table because I selected the connection string that connects to all those services if I go into blob we can see my test container is there and it is empty but what I'm going to do is upload a file I'm gonna select just a test file that I have on the desktop and I'll select upload there it is so now that the file is showing up in azure storage Explorer now I'm going to minimize this and go back to my storage account in the portal and one thing I will note all these will go away as soon as I exit out so if I needed to come back and retrieve that I would have to recreate a new connection string I'm gonna go into blob storage or I'm sorry blobs we can see my test container and there is the blob test.txt now if I come over here I've got a few different options if I go to blob properties you can see I have the option to create a snapshot I can edit the blob generate a SAS to that specific blob so this would not be to the container or the storage account this was before the specific blob I go into overview you can see I have optimized storage cost by placing your data in the appropriate accessed tier that's set to hot because that's the default but here's where I have cool and archived so I could change that to archive if it was a file that I wasn't gonna access frequently at all and I just wanted to store it out there at the cheapest possible price there you have it that's an overview of creating a storage account creating a SAS token and using that token in azure storage Explorer to connect to the container cool ok let's move on to some recommendations first safeguard that access key you shouldn't give out the access key you should only use the SAS tokens instead keep the storage accounts close to the resources that are using it you wouldn't want a VM and East us using a disk that's located in a storage account and West us keep the storage account in the same resource group as services with similar lifecycle for organization and billing also keep IOPS in mind each storage account has limited amount of IOPS you may need to spread resources such as data disk across multiple storage account for best performance as I said in the beginning this is not intended to be a deep dive into storage accounts but this information should get you started with an understanding of what a storage account is core features of storage accounts and how to access them with stored access access signatures thanks for watching please don't forget to subscribe and click the bell icon for notifications of new videos

Info

Channel: Travis Roberts

Views: 26,953

Rating: undefined out of 5

Keywords: SMB, NFS, no-sql, table storage, message queue, queue, microservices, storage explorer, Azure Storage Explorer, Microsoft, Azure, walk through, walkthrough, tutorial, Microsoft learning, learning, free, URL, Connection String, HTTP, HTTPS, Share Access Signature, SAS, Storage, Storage Access, Blob, Blob Blob, Page Blob, Table Storage, messaging, Queue Storage, Messaging Queue, train, training, setup, azure training, storage setup, azure tutorial for beginners

Id: Up9yAWmJ6b0

Channel Id: undefined

Length: 14min 57sec (897 seconds)

Published: Tue Jun 25 2019