Introduction to Azure Storage

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
22 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
24
Video Transcription
00:01
>> Hey everybody and welcome back.
00:01
In this lecture we're going to be talking
00:01
about Azure Storage,
00:01
introducing a new module here
00:01
on the Azure Storage Services.
00:01
Let's go ahead and take
00:01
a look at the learning objectives.
00:01
In this lecture it's going to
00:01
be very much of an overview.
00:01
We're going to be talking a little bit
00:01
about Blobs, files, tables,
00:01
and queues and then we're going
00:01
to understand and break down
00:01
the different characteristics of
00:01
how Azure Storage Services work.
00:01
Let's talk about Azure storage as a high level.
00:01
It is what it sounds like it.
00:01
These are the storage services
00:01
that are offered by the Azure Cloud.
00:01
We have to think,
00:01
just like there are multiple
00:01
>> different types of storage,
00:01
>> services and environments or resources
00:01
that we can build up within an on-premise environment.
00:01
Think about it, you have databases,
00:01
you have file hierarchical storage.
00:01
You have disk raids.
00:01
The hard drives that are going to be plugging into
00:01
the actual VMs or desktops and things like that.
00:01
These storage methods are
00:01
also going to be applicable
00:01
to us when we go into the Cloud.
00:01
They just look a little different.
00:01
Instead of having the physical touch and feel,
00:01
it's not like that everything is virtualized.
00:01
There are the physical pieces obviously,
00:01
going back to some of the first,
00:01
early conversations we're having.
00:01
When we were learning about infrastructure,
00:01
there are thousands of server blades that are offering
00:01
these services in a virtualized forms
00:01
so we can access it over the Internet.
00:01
It's all software defined
00:01
and here this is
00:01
how we can access the Azure Storage Services.
00:01
This is through that software
00:01
defined environments within the Cloud.
00:01
So we can deploy databases,
00:01
we can deploy object-based storage.
00:01
We can deploy hard disks or
00:01
virtual disk that do attach
00:01
to our virtual machines within the Cloud.
00:01
All of those things do cross over,
00:01
but before we get into
00:01
the nitty gritty details on storage services,
00:01
we need to talk about how you go
00:01
about standing up storage services to begin with.
00:01
We were talking about
00:01
>> building up identities or creating
00:01
>> identities within IAM or Azure AD,
00:01
we needed a tenant.
00:01
Then within there, we can go ahead and
00:01
link that to a subscription and then a resource group
00:01
in order to deploy resources like
00:01
storage services and virtual
00:01
>> machines and what have you.
00:01
>> When we get into storage services,
00:01
there's another management account,
00:01
if you will, that we have to create
00:01
>> before we can deploy
00:01
>> the actual storage service and
00:01
that is called a storage account.
00:01
That's what's represented right here in this blue box.
00:01
Notice here in this white box we have a resource group.
00:01
We're very familiar with resource groups at this point,
00:01
but storage accounts are new and so this is going to be
00:01
a newer thing and certain services
00:01
are going to go into our storage account.
00:01
These are the blobs and files and queues.
00:01
In order for us to deploy storage services,
00:01
we need to have a storage account.
00:01
The best way that I like to look at this is,
00:01
as another logical container.
00:01
When we manage our storage services
00:01
within this logical container,
00:01
it gives us the ability to put
00:01
security policies or other types of policies,
00:01
or maybe monitor these storage accounts
00:01
for billing and other metrics.
00:01
It gives us another way to slice the pie and look at
00:01
the storage account and these
00:01
particular storage services for
00:01
particular things that we want to track.
00:01
It could be performance, it could be security,
00:01
it could be billing, could be anything.
00:01
One thing to keep in mind about
00:01
>> storage accounts is that
00:01
>> the naming convention that you use for
00:01
them have to be globally unique.
00:01
Now one thing I do recommend is that if you're going
00:01
to be building up a lot of storage accounts
00:01
because maybe you have other teams,
00:01
your departments, come up with a naming scheme.
00:01
If this is something that you do
00:01
already, that's excellent.
00:01
It's something that I've noticed.
00:01
It's hit or miss within
00:01
a lot of projects and organizations,
00:01
people tend to get lazy with it.
00:01
I say, absolutely create a naming convention,
00:01
a scheme something that you can go off of,
00:01
maybe with some acronyms that define departments
00:01
and whether this is
00:01
a dev tests or prod environments or whatever,
00:01
just do something that works for you and stay with it.
00:01
Stick with it because it's going to make things a lot
00:01
easier to deploy across.
00:01
Obviously, long tail naming conventions
00:01
meaning the more words or
00:01
acronyms that you use in the name
00:01
will make it easier for you to stay globally unique.
00:01
Just keep that in mind.
00:01
There are various ways that you can
00:01
deploy the storage services and storage accounts.
00:01
You can do this in a classic method.
00:01
You can do this with
00:01
the Resource Manager, which is recommended.
00:01
You can do this with Azure portal.
00:01
You can do this using the command line or PowerShell,
00:01
and you can also deploy using management libraries.
00:01
Let's talk about the actual storage account types.
00:01
We have a few, we have Azure Files,
00:01
which is going to be like
00:01
>> this Cloud base file structure.
00:01
>> You can share files to and from
00:01
between your on-premise and your ecosystem
00:01
within Azure Cloud and it allows you
00:01
to connect via SMB protocol.
00:01
We have Azure Blobs,
00:01
which is an object-based storage system
00:01
where you can store files,
00:01
picks, videos, whatever you want.
00:01
They have to be object-based.
00:01
This isn't something that you can use for
00:01
like a database necessarily,
00:01
but you can link these together to
00:01
create a data lake or something like that.
00:01
These are excellent storage services
00:01
for applications and what have you.
00:01
We won't get into too
00:01
much in the weeds on blobs because we're going
00:01
to be talking about it later on in this module,
00:01
but just know that that is a storage service.
00:01
Moving on, we have Azure disks.
00:01
These are the virtual disk
00:01
that you can attach to your VMs.
00:01
Just think of these as like
00:01
>> virtual hard drives or SSDs.
00:01
>> We have Azure queues,
00:01
which is the Azure managed message queue service.
00:01
Basically what that is it allows for
00:01
the ingestion and the processing
00:01
of messages into applications,
00:01
this helps act as
00:01
a buffer to prevents or maybe like a load balancing and
00:01
prevents any type of overkill on an application or
00:01
a virtual machine by
00:01
processing first-in-first-out type message queuing.
00:01
Then we have Azure Tables,
00:01
which is essentially
00:01
a NoSQL database solution in Azure Cloud.
00:01
We need to talk a little bit about
00:01
redundancy and the storage security.
00:01
Storage security is actually pretty easy.
00:01
Azure does a pretty good job about making sure that
00:01
your services are secure by
00:01
default and what I mean by that is
00:01
that nothing is going to be public.
00:01
Nothing is unencrypted.
00:01
You do have data at rest encrypted at AES-256,
00:01
which is the standard for data at rest,
00:01
but you do have data encrypted in transit using TLS,
00:01
the latest version,
00:01
and then you're going to have
00:01
the ability to deploy RBAC,
00:01
Role-Based Access Control for
00:01
whoever needs to have access
00:01
or rather whoever shouldn't have access to
00:01
particular data stores in your Cloud.
00:01
Now for redundancy, we have a few options.
00:01
We have locally redundant storage,
00:01
which basically allows us to copy
00:01
any data three times
00:01
within the same physical location and region.
00:01
This is great if you're not looking for
00:01
lots of high availability,
00:01
this is going to reduce your costs
00:01
because you can always fail over to
00:01
a storage system within
00:01
the same facility or within the same region,
00:01
but it's not going to provide that high availability.
00:01
If the entire datacenter where to get knocked
00:01
out and you had to fail over to something else,
00:01
you would want something
00:01
other than locally redundant storage,
00:01
not within the same physical location.
00:01
That brings us to the zone redundant storage, ZRS,
00:01
which copies data three times across
00:01
multiple availability zones in a primary region.
00:01
Geo-redundant storage copies the data
00:01
three times in one region
00:01
and three times in another region.
00:01
So you can be pretty darn
00:01
sure that data is going to be highly secure
00:01
or highly available rather
00:01
to ensure that to if that one region where to go down,
00:01
then you can always fail over to the next region.
00:01
This is great if you have business
00:01
critical data or maybe you
00:01
>> have an e-commerce sites that
00:01
>> needs databases in order to
00:01
maintain your processing of
00:01
sales and records and what have you.
00:01
This is a good option to have.
00:01
You can always flop back and forth if you need
00:01
to using load balancing techniques,
00:01
but this is something that you want to
00:01
keep in mind for that availability.
00:01
Then we have geo zone redundant storage,
00:01
which is a mouthful, GZRS.
00:01
This data is copied across three different zones
00:01
and a primary region and in
00:01
three different zones and a secondary regions.
00:01
So super highly available, highly redundant storage.
00:01
All right everybody, that wraps it up for this lecture.
00:01
In this lecture we talked about Azure Storage Services,
00:01
talking about the various services that
00:01
are open to you that you can use.
00:01
We talked about how these
00:01
>> storage services are organized
00:01
>> using storage service accounts or storage accounts
00:01
and then we talked about
00:01
the redundancy options that you have for deploying
00:01
your storage solutions based on
00:01
your availability and redundancy needs.
00:01
Just keep in mind, Azure's constantly
00:01
putting out new Cloud services.
00:01
The Cloud is constantly growing,
00:01
but these were handpicked by
00:01
Microsoft and Azure for the AZ-104 exam.
00:01
So we're going to be focusing on these for this module.
00:01
That wraps it up for this one,
00:01
I'll see you in the next lecture.
Up Next
Configure Role Based Access Control (RBAC) for Storage Accounts Lab
45m
Create and Manage Shared Access Signatures (SAS) Lab
45m