DEV Community

Cover image for File shares with limited access (corporate virtual networks) - Azure Files and Azure Blobs
Ola
Ola

Posted on

File shares with limited access (corporate virtual networks) - Azure Files and Azure Blobs

Create and configure a storage account for Azure Files.

Create a storage account for the finance department’s shared files.
In the portal, search for and select Storage accounts.
search for and select Storage accounts
Select + Create.
Select + Create.
For Resource group select Create new. Give your resource group a name and select OK to save your changes.

Resources grp

Provide a Storage account name. Ensure the name meets the naming requirements.
Set the Performance to Premium.
Set the Premium account type to File shares.
Set the Redundancy to Zone-redundant storage.

Set up
Select Review and then Create the storage account.
Review
Wait for the resource to deploy.

Deployment

Select Go to resource.

Resource

Create and configure a file share with directory.

Create a file share for the corporate office.
In the storage account, in the Data storage section, select the File shares blade.
File Share
Select + File share and provide a Name.

File Name
Review the other options, but take the defaults.

Review

Select Create

fine

Add a directory to the file share for the finance department. For future testing, upload a file.

testing file

file uploaded

Select your file share and select + Add directory.
Name the new directory finance.
directory
Select Browse and then select the finance directory.
Notice you can Add directory to further organize your file share.

confirmation of directory

Upload a file of your choosing.

upload to finance

upload to finance

Configure and test snapshots.

Similar to blob storage, you need to protect against accidental deletion of files. You decide to use snapshots.

Select your file share.
In the Operations section, select the Snapshots blade.
Select + Add snapshot. The comment is optional.
Select OK.
Snapshot

Actual Snapshot

Select your snapshot and verify your file directory and uploaded file are included.

Snap

Practice using snapshots to restore a file.

Return to your file share.
Browse to your file directory.

file dir

Locate your uploaded file and in the Properties pane select Delete. Select Yes to confirm the deletion.
delete

deleted
Select the Snapshots blade and then select your snapshot.

Snap restore

Select the Snapshots blade and then select your snapshot.
Navigate to the file you want to restore

restore

Select the file and the select Restore.
Provide a Restored file name.

file restored

Verify your file directory has the restored file.

restoration confirmed

Configure restricting storage access to selected virtual networks.

This tasks in this section require a virtual network with subnet. In a production environment these resources would already be created.
Search for and select Virtual networks.
Virtual network
Select Create. Select your resource group. and give the virtual network a name.
Virtual network

Virtual net name
Take the defaults for other parameters, select Review + create, and then Create.
Create Virtual Network
Wait for the resource to deploy.
Select Go to resource.

Go to resource
In the Settings section, select the Subnets blade.
Select the default subnet.
default
In the Settings section, select the Subnets blade.
Select the default subnet.
In the Service endpoints section choose Microsoft.Storage in the Services drop-down.
Do not make any other changes.
Be sure to Save your changes.
Service Endpoint
The storage account should only be accessed from the virtual network you just created. Learn more about using private storage endpoints..

Return to your files storage account.
In the Security + networking section, select the Networking blade.
Change the Public network access to Enabled from selected virtual networks and IP addresses.

In the Virtual networks section, select Add existing virtual network.
Select your virtual network and subnet, select Add.

Configure security and network
Be sure to Save your changes.
save and confirm security + network

Top comments (0)