DEV Community

Cover image for How to create a Microsoft Azure storage account for securing private data and file backup
Oluwaloseyi Oluwatofunmi Emmanuel
Oluwaloseyi Oluwatofunmi Emmanuel

Posted on

How to create a Microsoft Azure storage account for securing private data and file backup

#azure #cloud #tutorial #devops

Table of Contents

Introduction

If you are a person or an organization that handles sensitive files in the cloud you need to have data security and a reliable backup solution. Microsoft Azure provides a secure and scalable platform through Azure Storage Accounts, allowing users to safely store private data, manage access permissions, and protect files against accidental loss or system failure.

In this article, we will learn how to create an Azure storage account for private data, configure redundancy, create a restricted storage container, generate a shared access signature (SAS) for partners, implement lifecycle management to move files to the cool tier, and back up public website storage for improved data protection and recovery.

Step 1: Create a storage account for private data.

  • In the portal, search for and select Storage accounts.

Storage accounts

  • Select + Create.

+ Create

  • Select the Resource group created in the previous lab.
  • Set the Storage account name to private. Add an identifier to the name to ensure the name is unique.
  • Select Review, and then Create the storage account.

Review & Create

  • Wait for the storage account to deploy, and then select Go to resource.

Go to resource

Step 2: Configure redundancy for the storage account.

  • In the storage account, in the Data management section, select the Redundancy blade.
  • Ensure Geo-redundant storage (GRS) is selected.
  • Save your changes.
  • Refresh the page.
  • Review the primary and secondary location information.

High availability

Step 3: Create a storage container with restricted access & upload to test it.

  • In the storage account, in the Data storage section, select the Containers blade.
  • Select + Container.
  • Ensure the Name of the container is private.
  • Ensure the Public access level is Private (no anonymous access).
  • As you have time, review the Advanced settings, but take the defaults.
  • Select Create.

Storage container

  • Select the container.

Open

  • Select Upload.
  • Browse to files and select a file.
  • Upload the file.

Upload

  • Select the uploaded file.
  • On the Overview tab, copy the URL.

copy the URL

  • Paste the URL into a new browser tab.
  • Verify the file doesn’t display and you receive an error.

file doesn’t display

Step 4: Configure a shared access signature for partners.

  • Select your uploaded blob file and move to the Generate SAS tab.
  • In the Permissions drop-down, ensure the partner has only Read permissions.

SAS permission

  • Verify the Start and expiry date/time is for the next 24 hours.
  • Select Generate SAS token and URL.
  • Copy the Blob SAS URL to a new browser tab.

Blob SAS URL

  • Verify you can access the file. If you have uploaded an image file it will display in the browser. Other file types will be downloaded.

Verify

Step 5: Implement lifecycle management to move content to the cool tier.

  • Return to the storage account.
  • In the Overview section, notice the Default access tier is set to Hot.

Notice

  • In the Data management section, select the Lifecycle management blade.
  • Select Add rule.

Add rule

  • Set the Rule name to movetocool.
  • Set the Rule scope to Apply rule to all blobs in the storage account.
  • Select Next.

Apply rule

  • Ensure Last modified is selected.
  • Set More than (days ago) to 30.
  • In the Then drop-down, select Move to cool storage.
  • As you have time, review other lifecycle options in the drop-down.
  • Add the rule.

Add rule

Step 6: Back up the public website storage.

Backup

  • Navigate to your publicwebsite storage account. This storage account was created in the previous article on storage.
  • In the Data management section, select the Object replication blade.
  • Select Create replication rules.

Create replication rules

  • Set the Destination storage account to the private storage account.
  • Set the Source container to public and the Destination container to backup.
  • Create the replication rule.

Destination

  • Optionally, as you have time, upload a file to the public container. Return to the private storage account and refresh the backup container. Within a few minutes your public website file will appear in the backup folder.

public container

Backup

Conclusion

To summarize, Azure Storage Accounts are a secure and reliable way to protect private data and manage file backups in the cloud. You can improve data security, accessibility, and efficiency for long-term storage on Microsoft Azure by setting up redundancy, restricting access, utilizing shared access signatures, applying lifecycle management, and backing up website storage.

Thank you for reading my blog. 😊😊

If you need further assistance, feel free to reach out in the comments or hit me up on Twitter. You can also follow me on GitHub. My DMs are open and love discussions on cloud topics as always! 😁

Oluwatofunmi Emmanuel Oluwaloseyi

Top comments (0)