Microsoft Azure basic terms and Different aspects of Azure Storage
Microsoft Azure is the leading cloud provider in the cloud industry. It has a huge data center in the world on different corners including underwater data centers for Microsoft. Mircosoft hosted around 50+ regions to make cloud providing solution more reliable and promising solutions to the customers. I am planning to write more and more about Microsoft Azure for the next couple of months. In this article, Just trying to present a few aspects of Microsoft Azure Storage.
In the real world, data comes from different shapes and a different format. Data will be either one of the categories as Structured, Semi-structured, and UnStructured. Data can be any format or category, End of the day we need a medium to store our data efficiently and securely.
Let's have quick look at the above 3 formats of data,
Structure data will have a schema to identify the skeleton of the data representation. We can also call this a relational database. The name implies it gave a context of data and tools, which we will use to get and maintain this type of data. Yes it is SQL (Structured Query Language)
Semi-structured data is less organized than structured data and it is not stored in relational format. It can be mentioned as non-relational or NoSQL data. Semi-structure data contain the data serialization language contents like JSON, XML, and YAML.
Unstructured data is often delivered in files. Files are such as documents, images, and videos. This data are a user-defined structure. However azure has an ability to these are formats that can be stored in a single storage account.
Azure offers us different types of storage with a high availability guarantee.
- Azure Storage
- Azure SQL Server
- Azure Cosmos DB
Azure Storage has multiple options to store your data like Table, Blob, Files, and Queues. To use the Azure storage service, we should have the storage account to create the storage elements. The storage account is the container to group together the Azure storage services. Before I get into the deeper explanation about storage service. Let me walk you through the azure structure on subscriptions (If you're new to the Azure, the terms will be a bit confusing.. Let me explain to you now)
If you want to get the subscription of the Azure cloud hosting, you must have any one of the Microsoft accounts(@live.com or @hotmail.com) to get the Azure subscription. At the same time, your account can have multiple subscriptions. I have explained some of the azure subscription models in another blog on my site. However, let me give you the quick intro here too.
If you see the above picture, it clearly states the azure subscription and its hierarchy. Subscription is your account privilege to access the azure components. When you created your subscription to the next setup you can create your resources(VM, Storage, etc …) But you will not able to organize the resources as a definite way of usage. To fill the gap, Azure has introduced the concept of Resource Groups. It will enable you to organize the resource into different groups. So each resource group can have multiple resources.
What is Resource?
The resource is referred to an entities, which are managed and provisioned to the audience to make reliable cloud computing. For example- Virtual Machine, Networking, Storage, Load balancer, etc …
I hope this helps you to understand high-level context about the azure entity model. Let me resume back to storage accounts.
Back to Azure Storage …
The Azure storage account is the container to group together the storage services like a table, queue, blob, and files. In the table, you can store the JSON, raw packets, XML, etc … Queue usage will be on, where you need to capture millions of records at a time. There you will be able to use this storage to keep the data in the queue before manipulating them into the actual process. Blob storage is to store the unstructured data like either text or binary data. Finally, file storage will help you keep the file in a different medium of storage as shared or disk spaces.
Storage account properties
To create a storage account, we need a few attributes to be configured for reliable service. This also helps us to keep the system more secure and safer when disaster happens to the location or hardware. The below options are more crucial for an azure storage account,
- Access tier
- Secure transfer protocols
- Virtual Networks with segregated NSG (Network Security Group)
Location is one of the primary attributes of any resource in Azure. You can choose your location where you want to put your resource to be operated from. Some of the locations like East US, West US, Central US, South India, etc… We can also call as Regions. Totally azure supports around 53 regions and announced 8 more regions can be expected in a few months.
Performance is the primary expectation of any entity on the cloud, azure provide us 2 types of plan to optimized based on cost and different techniques. Standard and Premium hardware disk packages for performance-oriented. MS introduced the new disk category called Ultra SSD, which will be the highest performance available in Azure. You can extend up to 64 TB. The unique feature of the Ultra SSD is you can adjust the IOPS(Input/Output Operations for seconds)and throughputs.
Access tier is a value-added to the cost and performance of the storage spaces. It has 2 types of access tiers like Hot and Cool Storage. The application has millions of reading transactions per day and frequently required to access the content from the storage, it suits Hot Tier. If the application doesn’t have the frequent access to the storage and it may require a couple of weeks once, it suits for Cool tier.
Security Aspects in Azure Storage
Security is the major criteria for any entity, we cannot trust any medium in today's world. We need some solid practice of security rules and protections. Azure is trustworthy on security aspects, When we write any data to azure storage is automatically by Storage service encryption (SSE) with 256-bit Advanced Encryption Standards (AES). At the same time, it has capability decrypt then when we read from azure to applications (This service in-built with azure storage, we cannot disable it).
Encryption on transit, we can enable the HTTPS transfer protocol for storage accounts.
Role-Based Access Control is one of the major security as Azure active directory users. It will help you to give access based on roles and organizations. This permission will be applied for resource manager and storage accounts including data operations.
Storage accounts keys — Each storage accounts will be provisioned you with 2 keys to access the storage entities as Primary and Secondary. These keys have the capability to refresh them periodically.
Firewall and Virtual Networks also one of the security measures for the storage accounts. Based on the firewall rules, you can define the inbound and outbound IP and specific IP to be allowed to the storage. You can adopt the storage accounts to the virtual networks, which will enable you to include in Network Security Groups(NSG) with multi-layer security.
I know, I have not explained the Virtual networks and NSG. An upcoming post will be more detail about them. Because it requires an example and basic understanding of networking.
Advanced Threat Protection will help us to protect the network and entity if it detects any abnormal behavior to the account. It will send the notifications via Azur monitor. At present, this protects it only available for Azure Blob Storage.
Replications Features and its options
Azure provides you with a more reliable service with high availability server in your application with the help of replication. Azure enabling us to keep the replication in 4 ways,
- Local Redundant Storage(LRS)
- Zone-Redundant Storage(ZRS)
- Geographically Redundant Storage(GRS)
- Read-Access Geo-Redundant Storage(RA-GRS)
Local Redundant Storage is the option, where you will keep the data replication within your data center but with different racks/hardware. It will keep 3 copies including master copy. It will protect our data from hardware failure issues. However, it is the least expensive replication in azure. On another aspect, it is also the least durability solution, because you may lose your data on data center outage.
Zone Redundant Storage is the next level of replication from Local Redundant Storage, it will keep the replication with the Zone (One or more data center together) on different data centers.
Geographically Redundant Storage even more further protection to keep the data across different regions.
Read-Access Geo-Redundant Storage is the more promising solution on high availability on the storage account. It will keep totally 6 copies of the data on different 2 different regions as primary and secondary. If the primary goes down, it will automatically map with secondary to keep the system availability without interruption.
Thanks for reading this article. I believe you got to know something from this article. Will catch you all with another interesting concept from Microsoft Azure.