DEV Community

nnamdi nmarah
nnamdi nmarah

Posted on

Provide private storage for internal company documents

#devops #cloud #computerscience #azure

What is a Private Storage?

Private storage is a storage system designed to keep data restricted to authorized users only. It is not publicly accessible over the internet, requires authentication and access controls, and is used to securely store internal or sensitive information, such as company documents, records, or proprietary data.

Create a storage account and configure high availability

Create a storage account for the internal private company documents.

  • In the portal, search for and select Storage accounts

select Storage accounts

  • Select + Create

plus create

  • Select the Resource group created in the previous lab

Select the Resource group

  • Set the Storage account name to private. Add an identifier to the name to ensure the name is unique

Set the Storage account name to private

  • Select Review, and then Create the storage account

review and create

  • Wait for the storage account to deploy, and then select Go to resource

select Go to resource

This storage requires high availability if there’s a regional outage. Read access in the secondary region is not required. Configure the appropriate level of redundancy.

  • In the storage account, in the Data management section, select the Redundancy blade.

select the Redundancy blade

  • Ensure Geo-redundant storage (GRS) is selected

Geo-redundant storage (GRS) is selected

  • Refresh the page

Refresh page

  • Review the primary and secondary location information

primary and secondary location information

  • Save your changes

Save your changes

Create a storage container, upload a file, and restrict access to the file

Create a private storage container for the corporate data

  • In the storage account, in the Data storage section, select the Containers blade

select the Containers blade

  • Select + Container

plus Container

  • Ensure the Name of the container is private

Name of the container is private

  • Ensure the Public access level is Private (no anonymous access)

Public access level is Private

  • As you have time, review the Advanced settings, but take the defaults

  • Select Create.

private created

For testing, upload a file to the private container. he type of file doesn’t matter. A small image or text file is a good choice. Test to ensure the file isn’t publically accessible.

  • Select the container

Select the container

  • Select Upload

Select Upload

  • Browse to files and select a file

Browse to files

  • Upload the file

Upload the file

  • Select the uploaded file

upload file

  • On the Overview tab, copy the URL

copy the URL

  • Paste the URL into a new browser tab.

Paste the URL into a new browser tab

  • Verify the file doesn’t display and you receive an error

Verify the file doesn’t display

An external partner requires read and write access to the file for at least the next 24 hours. Configure and test a shared access signature (SAS). Learn more about Shared Access Signatures

  • Select your uploaded blob file and move to the Generate SAS tab

move to the Generate SAS tab

  • In the Permissions drop-down, ensure the partner has only Read permissions.

ensure the partner has only Read permissions

  • Verify the Start and expiry date/time is for the next 24 hours

date/time is for the next 24 hours

  • Select Generate SAS token and URL

Generate SAS token and URL

  • Copy the Blob SAS URL to a new browser tab

Copy the Blob SAS URL to a new browser tab

  • Verify you can access the file. If you have uploaded an image file it will display in the browser. Other file types will be downloaded.

access the file

Configure storage access tiers and content replication.

To save on costs, after 30 days, move blobs from the hot tier to the cool tier. Learn more how manage the Azure Blob storage lifecycle.

  • Return to the storage account.

Return to the storage account

  • In the Overview section, notice the Default access tier is set to Hot.

Default access tier

  • In the Data management section, select the Lifecycle management blade

select the Lifecycle management blade

  • Select Add rule.

Select Add rule

  • Set the Rule name to movetocool.

Rule name to movetocool

  • Set the Rule scope to Apply rule to all blobs in the storage account.

Set the Rule scope

  • Select Next.

Select Next

  • Ensure Last modified is selected.

Ensure Last modified is selected

  • Set More than (days ago) to 30.

Set More than (days ago) to 30

  • In the Then drop-down select Move to cool storage.

Move to cool storage

  • As you have time, review other lifecycle options in the drop-down.

review other lifecycle options

  • Add the rule

Add the rule

The public website files need to be backed up to another storage account.[Learn more about object replication.

  • In your storage account, create a new container called backup. Use the default values. Refer back to Lab 02a if you need detailed instructions.

create a new container called backup

  • Navigate to your publicwebsite storage account. This storage account was created in the previous exercise.

Navigate to your publicwebsite storage account

  • In the Data management section, select the Object replication blade.

select the Object replication blade

  • Select Create replication rules.

Select Create replication rules

  • Set the Destination storage account to the private storage account.

Set the Destination storage account to the private storage account

  • Set the Source container to public and the Destination container to backup.

Set the Source container to public and the Destination container to backup

  • Create the replication rule.

Create the replication rule

Top comments (0)