Whether you are stepping into cloud computing or looking to move from physical storage infrastructure, Azure Storage is one of the best places to start. Managing data on local hardware comes with constant headaches, hardware failure, maintenance costs, and limited scalability. Azure storage solves all that by providing flexible, internet based storage that you can set up in minutes.
In this guide, you'll learn how to set up an Azure Storage Account from scratch, the right way. We'll walk through creating a resource group, deploying a storage account, and configuring key security and network settings, all tailored for an IT department running employee training materials. By the end, you'll have a fully configured, secure storage environment ready to use
What is Azure Storage
In simple terms, an Azure storage account refers to space in the form of containers that is rented on the internet for the storage of data (mostly unstructured data), instead of having physical servers and storage hardware that need constant maintenance. Examples of unstructured data that can be stored on Azure Storage include PDFs, Images, audio files, etc.
Prerequisites
You will need to sign into your Azure account.
Next, you need to create and deploy a resource group.
Creating a resource group and a storage account.
Step 1: Create a resource group.
Resource Group - this is a space/container that holds related resource solutions.
In your Azure portal, search for and select Resource groups
Select + Create
Give your resource group a name, select a region. Select Review and create to validate the resource group.
Once you are satisfied, select Create to deploy the resource group.
Once the Resource Group is created, it should look like the image below.
Step 2: Create and deploy a storage account.
In the Azure portal, search for and select Storage accounts. When selecting Storage account, you will encounter a classic storage account, this is an old version/build.
Select + Create.
On the Basics tab, select your Resource group,
and provide a Storage account name. The storage account name must be unique in Azure. Set the Performance to Standard, there is a Premium option that requires more cost because it provides low latency. Select Review, and then Create.
- Wait for the storage account to deploy and then go to resource.
Configure simple settings in the storage account.
Step 1: Set redundancy to locally-redundant storage (LRS)
Since this storage account holds employee training materials rather than critical business data, LRS is the most cost effective option, it keeps one copy of your data within a single datacenter without paying for geo-redundancy you don't need.
In your storage account, in the Data management section, select the Redundancy blade.
Select Locally-redundant storage (LRS) in the Redundancy drop-down. By default, it is set to Read-access geo-redundant storage.
Locally redundant storage (LRS) replicates the data within your storage accounts to a single physical datacenter in the primary region of your choice.
Save your changes.
Refresh the page and notice the content only exists in the primary location.
Step 2: Enable secure transfer.
Enabling secure transfer ensures that all communication with your storage account happens securely, protecting data from being intercepted in transit, especially important when employees are accessing training files over a corporate network.
In the Settings section, select the Configuration blade.
Ensure Secure transfer required is Enabled.
Step 3: Set the minimum TLS version to 1.2
TLS 1.2 ensures that only modern, secure connections are accepted.
TLS (Transport Layer Security) is an encryption protocol between a client application and an Azure Storage account that ensures privacy and data integrity between clients over the internet.
- In the Settings section, select the Configuration blade.
- Ensure the Minimal TLS version is set to Version 1.2.
Step 4: Disable storage account key access.
Disabling key access temporarily locks down the storage account so no one can read or write data while it's not in active use.
- In the Settings section, select the Configuration blade.
- Ensure Allow storage account key access is Disabled.
- Save your changes.
Step 5: Configure public network access
Since this storage account needs to be reachable by employees across different locations and devices, enabling public network access ensures they can access the training materials over the internet.
- In the Security + networking section, select the Networking blade.
Ensure Public network access is set to Enabled from all networks.
Once you click on manage, you can enable the Public network access. Be sure to save your changes.
And just like that, we've set up a fully configured Azure Storage Account. We created a resource group to organise your resources, deployed a storage account for your IT department's training materials, and locked it down with the right security settings: LRS redundancy, enforced HTTPS, TLS 1.2, and controlled network access.
Let's engage in the comments section and share more knowledge on this topic.
Top comments (1)
Welldone!