Tutorial / Cram Notes
Creating and configuring storage accounts is a key task for Azure administrators, particularly when preparing for the AZ-104 Microsoft Azure Administrator exam. Azure Storage is a Microsoft-managed service providing cloud storage that is highly available, secure, durable, scalable, and redundant.
Step 1: Understanding Storage Account Options
Before creating a storage account, it’s crucial to understand the available options:
- Performance Tier: There are two performance tiers: Standard and Premium. Standard is backed by magnetic drives and suitable for general-purpose storage, while Premium is backed by SSDs and intended for high-performance requirements.
- Account Kind: There are three kinds of storage accounts:
- General-purpose v2 (GPv2): Offers storage for blobs, files, queues, tables, and disks with access to all the latest features.
- General-purpose v1 (GPv1): Legacy option providing access to the same services as GPv2 but lacking some of the latest features and pricing model benefits.
- BlobStorage: Specialized storage for unstructured object data, accessible via HTTP/HTTPS.
- Replication Options:
- Locally Redundant Storage (LRS): Stores three copies of data in a single physical location.
- Zone-Redundant Storage (ZRS): Stores three copies across two to three availability zones within a region.
- Geo-Redundant Storage (GRS): Replicates data to a secondary region, hundreds of miles away from the primary location.
- Geo-Zone-Redundant Storage (GZRS): Combines ZRS and GRS, with synchronous replication across availability zones and asynchronous replication to a secondary region.
Step 2: Creating a Storage Account
To create a storage account in Azure, follow these steps:
- In the Azure portal, select “Storage accounts” from the services menu, then click “Add”.
- Fill in the basic information:
- Subscription: Choose the subscription to tie to the storage account.
- Resource Group: Select an existing resource group or create a new one.
- Storage Account Name: Provide a unique name for your account.
- Configure the account settings:
- Performance: Choose between Standard and Premium.
- Account Kind: Select GPv2, GPv1, or BlobStorage.
- Replication: Pick the replication strategy (LRS, ZRS, GRS, or GZRS).
- Location: Decide the Azure region where your storage will be located.
- Apply any additional configurations if required, such as networking settings, data protection options or advanced settings like blob storage tiering.
- Review and create the storage account.
Step 3: Configuring Storage Account Access
Once the storage account is created, consider the access control and security aspects:
- Access Keys: Azure provides two keys for each storage account, which are used for authentication when accessing the account programmatically. Rotate these keys periodically for security purposes.
- Shared Access Signatures (SAS): Generate SAS tokens to provide limited or scoped access to objects within the storage account.
- Azure Active Directory (Azure AD) Integration: Use Azure AD for role-based access control (RBAC) to manage who can access storage account resources.
Step 4: Monitoring and Maintenance
After a storage account is set up, you need to implement monitoring and maintenance:
- Azure Monitor: Use it to track performance metrics and set up alerts based on specified conditions.
- Azure Storage Analytics: Stores logs and metrics data that can help you trace requests, analyze usage patterns, and diagnose issues with your storage account.
- Lifecycle Management Policies: Implement automatic data lifecycle management policies to transition data to a cooler storage tier or delete it entirely after a defined period.
Step 5: Example Scenario
Suppose you need to set up a storage solution for a web application that requires a mix of file storage for application data, blob storage for multimedia, and a NoSQL table for user data. A suggested configuration could be:
- Performance: Standard (as high-performance SSD storage is likely unnecessary)
- Account Kind: General-purpose v2, for access to the latest features and all storage services.
- Replication: Geo-redundant storage (GRS), ensuring data is safe even if there is a regional outage.
- Location: Choose a region closest to the majority of your users for reduced latency.
Once the storage account is created and properly configured, you can then begin uploading data to blobs, files, or tables as needed by your application’s architecture.
By understanding these steps and considering the requirements of your application or workload, you can effectively create and configure Azure Storage accounts to ensure robust, secure, and efficient storage solutions.
Practice Test with Explanation
True or False: Storage account names must be globally unique within Azure.
- A) True
- B) False
Answer: A) True
Explanation: Storage account names must be unique across Azure since they are used within the storage account URLs.
Which of the following redundancy options provides the highest level of durability for objects in Azure Storage?
- A) Locally Redundant Storage (LRS)
- B) Zone-Redundant Storage (ZRS)
- C) Geo-Redundant Storage (GRS)
- D) Read-Access Geo-Redundant Storage (RA-GRS)
Answer: C) Geo-Redundant Storage (GRS)
Explanation: GRS replicates the data to a secondary region far from the primary location, providing higher durability compared to LRS or ZRS.
True or False: You can convert a standard performance storage account to a premium performance storage account without migrating data.
- A) True
- B) False
Answer: B) False
Explanation: It is not possible to directly convert the performance tier of an existing storage account. Data migration to a new account with the preferred performance tier is required.
Which of the following data transfer methods does not impose additional costs?
- A) Data Import/Export service
- B) Azure Files Sync
- C) AzCopy
- D) Azure Data Box
Answer: C) AzCopy
Explanation: AzCopy is a command-line utility that you can use to copy data to and from Azure storage accounts without additional cost, except for the storage and bandwidth costs.
True or False: You can enable soft delete on Azure Blob Storage to recover items that have been deleted.
- A) True
- B) False
Answer: A) True
Explanation: Soft delete is a feature that allows you to recover blobs or blob versions that were deleted.
Multiple Select: Which of the following are supported performance tiers in Azure Storage?
- A) Standard
- B) Premium
- C) Ultra
- D) High Performance
Answers: A) Standard, B) Premium
Explanation: Azure Storage supports Standard and Premium performance tiers for different types of workloads.
True or False: You can restrict access to a storage account using Azure Active Directory (Azure AD) authentication.
- A) True
- B) False
Answer: A) True
Explanation: Azure AD can be used to control access based on identity for Blob and Queue storage.
Which type of access key is recommended to be regenerated first for minimal disruption, if you are rotating access keys?
- A) Primary access key
- B) Secondary access key
Answer: B) Secondary access key
Explanation: Regenerating the secondary access key first allows you to update your applications to use the new key before regenerating the primary key, thus minimizing downtime.
True or False: You can host a static website using Azure Blob Storage.
- A) True
- B) False
Answer: A) True
Explanation: Azure Blob Storage can be used to host static websites, where the content is uploaded as blobs and served via public read access.
What is the time span for retaining deleted data with the soft delete option in Azure Blob Storage?
- A) 3-35 days
- B) 1-365 days
- C) 7-30 days
- D) 7-365 days
Answer: D) 7-365 days
Explanation: The soft delete option in Azure Blob Storage allows retaining deleted data for a configurable time span from 7 to 365 days before it is permanently removed.
True or False: Enabling storage account replication incurs additional costs due to the storage of replicated data and outbound data transfer charges.
- A) True
- B) False
Answer: A) True
Explanation: Replication involves additional storage costs for the replicated data and potential charges for outbound data transfer when the data is replicated across regions.
Which of the following is a storage service that is specifically designed to store large amounts of sequential data, such as logs and telemetry, cost-effectively?
- A) Azure Blob Storage
- B) Azure Table Storage
- C) Azure Queue Storage
- D) Azure Data Lake Storage
Answer: A) Azure Blob Storage
Explanation: Azure Blob Storage is designed for storing large amounts of unstructured data, making it suitable for logs, telemetry, and other sequential data.
Interview Questions
What is a storage account in Azure?
A storage account in Azure is a globally unique namespace that provides storage services for data objects in Azure.
What types of storage accounts are available in Azure?
There are four types of storage accounts in Azure General-purpose v2, General-purpose v1, BlockBlobStorage, and FileStorage.
What is the difference between General-purpose v1 and General-purpose v2 storage accounts?
General-purpose v2 storage accounts are recommended for most Azure Storage scenarios, whereas General-purpose v1 storage accounts are intended for legacy applications. General-purpose v2 storage accounts support all the latest Azure Storage features and offer better performance than General-purpose v1 storage accounts.
What is the maximum size of a storage account in Azure?
The maximum size of a storage account in Azure is 5 PiB (petabytes).
What are the two types of replication available for storage accounts in Azure?
The two types of replication available for storage accounts in Azure are Locally-redundant storage (LRS) and Geo-redundant storage (GRS).
What is the difference between LRS and GRS replication?
LRS replication creates three copies of your data within a single region, while GRS replication creates six copies of your data across two regions.
How can you create a new storage account in Azure?
You can create a new storage account in Azure using the Azure portal, Azure PowerShell, or Azure CLI.
How can you upgrade a General-purpose v1 storage account to a General-purpose v2 storage account?
You can upgrade a General-purpose v1 storage account to a General-purpose v2 storage account using the Azure portal, Azure PowerShell, or Azure CLI.
What is the maximum number of storage accounts that can be created per Azure subscription?
The maximum number of storage accounts that can be created per Azure subscription is 250.
How can you configure access keys for a storage account?
You can configure access keys for a storage account using the Azure portal, Azure PowerShell, or Azure CLI.
Can you change the replication type of an existing storage account?
Yes, you can change the replication type of an existing storage account using the Azure portal, Azure PowerShell, or Azure CLI.
How can you configure network access to a storage account?
You can configure network access to a storage account using the Azure portal, Azure PowerShell, or Azure CLI.
Can you create a storage account in a specific region?
Yes, you can create a storage account in a specific region by selecting the region when you create the storage account.
What is the purpose of the storage account kind property?
The storage account kind property specifies the type of storage account, such as General-purpose v2, General-purpose v1, BlockBlobStorage, or FileStorage.
What is the purpose of the storage account performance property?
The storage account performance property specifies the performance tier of the storage account, such as Standard or Premium.
I found this guide on creating and configuring storage accounts extremely helpful. Thanks for sharing!
Can you specify the differences between Standard and Premium storage accounts in Azure?
Where exactly in the Azure portal can I create a new storage account?
Appreciate the detailed instructions!
I ran into an ‘AccountNameInvalid’ error. What am I doing wrong?
How can I enable encryption for my storage accounts?
Does anyone have tips for best practices on naming conventions for storage accounts?
Fantastic guide, really helped me out!