Private Document Storage for Internal Business Needs

In this article, we will be helping a company that needs storage for their offices and departments. This content is private to the company and so shouldn't be shared without consent. This storage requires high availability if there's a regional outage and we will use this storage to back up the public website storage.

Step 1: Create a storage account and configure high availability.

1. In the portal, search for and select Storage accounts. Select + Create. Select the Resource group created in the previous article. Set the Storage account name to private. Add an identifier to the name to ensure the name is unique.

   • 

   • Select Review, and then Create the storage account. The name of our storage account is ‘private15’ and can be found in the resource group named ‘Valerierg’

     

   • Wait for the storage account to deploy, and then select Go to resource.

     

2. This storage requires high availability if there’s a regional outage. Let’s assume that read access in the secondary region is not required, we will go ahead to configure the appropriate level of redundancy.

   • In the storage account, in the Data management section, select the Redundancy blade. Ensure Geo-redundant storage (GRS) is selected and then refresh the page.

     

     

     Review the primary and secondary location information in the above image and save your changes.

Step 2: Create a storage container, upload a file, and restrict access to the file.

1. Create a private storage container for the corporate data.

   • In the storage account, in the Data storage section, select the Containers blade. Select + Container and ensure the Name of the container is private.

     

     

   • Ensure the Public access level is Private (no anonymous access).

     

2. For testing, let’s upload a file to the private container. No restriction as to the type of file but for the sake of this project, a small image or text file is a good choice. At the end, we will test to ensure the file isn’t publicly accessible. It’s simple!

   • Select the container. Select upload then browse to files and select a file to upload the file.

     

     

     

   • Select the uploaded file. On the Overview tab, copy the URL.

     

   • Paste the copied URL into a new browser tab. Verify the file doesn’t display and you receive an error.

     Oh yes! That’s the whole idea for this step

     

3. Next, we will grant an external partner read and write access to the file for at least the next 24 hours. Let’s configure and test a shared access signature (SAS).

   • Select your uploaded blob file and move to the Generate SAS tab.

     

   • In the Permissions drop-down, ensure the partner has only Read permissions.

     

   • Verify the Start and expiry date/time is for the next 24 hours. Then select Generate SAS token and URL.

     

   • Copy the Blob SAS URL to a new browser tab.

     

   • Verify you can access the file. If you have uploaded an image file, it will display in the browser. Other file types will be downloaded.

     

Step 3: Configure storage access tiers and content replication

1. The plan is to save cost, so after 30 days, we want to move blobs from the hot tier to the cool tier.

   • Let’s return to the storage account. In the Overview section, notice the Default access tier is set to Hot.

     

   • In the Data management section, select the Lifecycle management blade. Select Add rule

     

     Set the Rule name to movetocool. Set the Rule scope to Apply rule to all blobs in the storage account. Then select Next.

     

   • Ensure Last modified is selected. Set More than (days ago) to 30. In the Then drop-down select Move to cool storage. Then add the rule.

     

2. Now, we proceed to Object Replication as implied, through the below steps

   • In our storage account, let’s create a new container called backup whilst maintaining the default values.

     

   • Navigate to your publicwebsite storage account.

     

   • In the Data management section, select the Object replication blade. Select Create replication rules.

     

     • Set the Destination storage account to the private storage account. Also, set the Source container to public and the Destination container to backup. Then create the replication rule.

Let’s summarize our key takeaways; we’ve been able to set up a private document storage, configure it to have high availability, private access, save cost by moving content after a defined number of days and we also learnt to replicate objects.

Thanks for reading! Please like and share!!