How To Configure Azure Blob Storage

In this tutorial, we will learn how to configure an Azure Blob Storage.

Scope and Coverage: - The scope and coverage of this tutorial includes the following.

1. Create a blob storage.

2. Upload a file (blob) - ensure it is not publicly accessible.

3. Share the file with an external user for five (5) minutes.

4. Create replication rules.

Prerequisite: - You will need an Azure Subscription to be able to participate in this tutorial.

Let’s Get Started........

First step is to create our Azure Storage Account

Please follow the steps below to create your Azure Storage account

SIGN IN TO AZURE PORTAL

As a prerequisite, if you don't have an Azure subscription, click here to create your azure Free Account. Now that you have created your Azure subscription, go to the Azure Portal and sign in with your Azure account credentials to get started.

Alternatively, click here to create an azure learn account in order to access a sandbox (to access a sandbox, you don’t need to have an azure subscription). Once you have created your azure learn account, you can access the sandbox using this link

CREATE YOUR AZURE STORAGE ACCOUNT

a. In the left-hand menu, click on “Storage accounts”

b. Click on the "Create" button below the Storage accounts page.

CONFIGURE BASIC SETTINGS

1. Project Details

   a. Subscription: Select your Azure subscription.

   An Azure subscription is a way to manage the products and services you acquire from Microsoft Azure. It serves several purposes, including being a legal agreement associated with an Azure offer, a payment agreement where you provide billing information, a boundary of scale for resource limits, and an administrative boundary for managing security and policies. Each subscription can contain a set of Azure resources that will be invoiced together. You can create multiple subscriptions for better management and billing purposes.

   b. Resource Group: Choose an existing resource group or create a new one.

   An Azure resource group is a logical container that holds related resources for an Azure solution. It allows you to manage multiple resources as a single entity, coordinating their deployment, updates, and deletions based on their lifecycle. Resources within a resource group can include virtual machines, storage accounts, and networking devices. Each resource must belong to one resource group, but resources can be moved between groups if needed. The best practice is to group resources that share the same lifecycle together.

2. Instance Details

   a. Storage Account Name: Enter a name for your Storage account (e.g., journal01). Your Account Name must be globally unique.

   b. Region: Select the region where you want to deploy the storage account. e.g., (US) East US 2.

   c. Primary Service: Choose your primary service, choose “Azure Blob Storage or Azure Data Lake Storage gen 2“.

   d. Performance: Based on your need, choose either standard or premium.

   e. Redundancy: Choose the redundancy that suite your need. Azure Storage always stores multiple copies of your data to protect it from planned and unplanned events. Examples of these events include transient hardware failures, network or power outages, and massive natural disasters. Redundancy ensures that your storage account meets its availability and durability targets even in the face of failures. When deciding which redundancy option is best for your scenario, consider the tradeoffs between lower costs and higher availability. The factors that help determine which redundancy option you should choose include:

   • How your data is replicated within the primary region.

   • Whether your data is replicated from a primary region to a second, geographically distant region, to protect against regional disasters (geo-replication).

   • Whether your application requires read access to the replicated data in the secondary region during an outage in the primary region (geo-replication with read access).

For this tutorial we are selecting Geo-zone-redundant storage (GZRS).

f. Click on "Next" to direct you to the Advanced page.

3. Security

   Under security click on “Allow enabling anonymous access on individual containers” and leave every other thing as default.

   

4. Blob storage

Data stored in the cloud grows at an exponential pace. To manage costs for your expanding storage needs, it can be helpful to organize your data based on how frequently it will be accessed and how long it will be retained. Azure storage offers different access tiers so that you can store your blob data in the most cost-effective manner based on how it's being used. Azure Storage access tiers include:

• Hot tier - An online tier optimized for storing data that is accessed or modified frequently. The hot tier has the highest storage costs, but the lowest access costs.

• Cool tier - An online tier optimized for storing data that is infrequently accessed or modified. Data in the cool tier should be stored for a minimum of 30 days. The cool tier has lower storage costs and higher access costs compared to the hot tier.

• Cold tier - An online tier optimized for storing data that is rarely accessed or modified but still requires fast retrieval. Data in the cold tier should be stored for a minimum of 90 days. The cold tier has lower storage costs and higher access costs compared to the cool tier.

• Archive tier - An offline tier optimized for storing data that is rarely accessed, and that has flexible latency requirements, on the order of hours. Data in the archive tier should be stored for a minimum of 180 days.

• For this tutorial we are selecting “Hot”.

  Click on "Next" to direct you to the Network page.

Leave every other thing as default - Network, data protection, Encryption and Tags.

Click “Review + create“

After Reviewing, click “create”

After deployment, click “Go to resource“

CREATE BLOB STORAGE

a. On the storage account page click on the Data storage drop down button and select Container

b. On the Container page, click “container“, assign your container and name. On the anonymous access level drop down button, select Private (no anonymous access), then click “create“.

Note: selecting Private (no anonymous access) ensure that files(blobs) uploaded in this container are not publicly accessible

UPLOAD A FILE (BLOB)

a. Double click on the container you just created.

b. On the created container page, click “Upload”, browse for a file in your computer and upload the file.

SHARE THE FILE WITH AN EXTERNAL USER FOR FIVE (5) MINURES

a. First, let try and see if our file is accessible. Double click on the uploaded file and copy the URL, open a new window in your browser, paste the URL and click enter on your keyboard

b. You should have an error messaged as displayed below. This is because we selected “Private (no anonymous access)” while creating our container.

c. To share the file with an external user for five (5) minutes, click on the three dots and select “Generate SAS”.

d. To generate the SAS, assign date and time, click on “Generate SAS token and URL“ then copy the “Blob SAS URL” link.

e. Results:

1. Prior to the start date and time

   

2. During start date and time

   

3. After the expiration of the start date and time.

   

CREATE REPLICATION RULES

a. To create a replication rule, we need to create new Azure Storage Account and a Blob Storage. To so, kindly follow the step we used above in creating an Azure Storage Account and a Blob Storage.

For this tutorial, we named the Azure Storage Account records01 and named the Blob Storage (container) ami.

After creating a new Azure Storage Account and a Blob Storage, click storage account from the home page.

b. Click on the storage account named jurnal01

c. Click on the drop-down button of “Data management” and select “Object replication”

d. Click on “Create replication rules”

e. To create a replication rule, assign a destination storage account. In this case ecords01 (the new Azure Storage Account). Assign a source container (esa), assign a destination container (ami) and click create

f. After creating the replication rule, upload some files(blobs) into the source container (named esa).

g. Navigate to the destination container; you should have your files(blobs) from the source container replicated inside your destination container as shown below.