How to Use Azure Files

Azure Files offers fully managed cloud file shares that are accessible via the industry-standard Server Message Block (SMB) protocol and Network File System (NFS) protocol. This means you can lift and shift your on-premises applications that rely on file shares into Azure without significant code changes.

Creating an Azure File Share

To create an Azure file share, you first need a storage account. You can create a storage account and a file share using the Azure portal, Azure CLI, or Azure PowerShell.

Using the Azure Portal

1. Sign in to the Azure portal.
2. Navigate to your storage account. If you don't have one, create a new storage account.
3. In the storage account menu, select File shares under Data storage.
4. Click + File share.
5. Enter a name for your file share, set the tier (e.g., Transaction optimized, Hot, Cool), and specify the quota in GiB.
6. Click Create.

Using Azure CLI

Replace placeholders like <your-storage-account-name>, <your-resource-group-name>, and <your-share-name> with your actual values.

az storage share create --name <your-share-name> --account-name <your-storage-account-name> --resource-group <your-resource-group-name> --quota 1024 --tier TransactionOptimized

Mounting an Azure File Share

Once your file share is created, you can mount it to your virtual machines or on-premises servers. The method for mounting depends on your operating system.

Mounting on Windows

You can use PowerShell or File Explorer to mount the share. You'll need the storage account name and the access key.

1. In the Azure portal, navigate to your storage account, then select Access keys. Copy one of the keys.
2. Open PowerShell as an administrator.
3. Use the following command, replacing placeholders:

   $connectTestResult = Test-NetConnection -ComputerName <your-storage-account-name>.file.core.windows.net -Port 445
   if ($connectTestResult.TcpTestSucceeded) {
       cmd.exe /C "mklink /D C:\Users\%USERNAME%\Azure<your-share-name> \\<your-storage-account-name>.file.core.windows.net\<your-share-name>"
   } else {
       Write-Error -Message "Unable to reach the Azure storage account via port 445. Check to ensure that port 445 is open."
       exit
   }

4. You may be prompted for your storage account name and access key.

Mounting on Linux

You'll need to install the cifs-utils package. The mount command uses the storage account name, access key, and the share name.

sudo apt-get update
sudo apt-get install cifs-utils

sudo mkdir /mnt/azure
sudo mount -t cifs \\\\<your-storage-account-name>.file.core.windows.net\\<your-share-name> /mnt/azure -o vers=3.0,username=<your-storage-account-name>,password=<your-access-key>,dir_mode=0777,file_mode=0777,serverino

Accessing and Managing Files

Once mounted, you can interact with your Azure File Share like any other network drive or mounted directory. You can copy, move, delete, and create files and folders as needed.

Permissions

Azure Files supports standard SMB permissions, which can be managed through Active Directory Domain Services (AD DS) or Azure Active Directory Domain Services (Azure AD DS) integration. For simpler scenarios, you can use shared access signatures (SAS) for temporary, delegated access.

Syncing with Azure File Sync

Azure File Sync is a service that allows you to synchronize your on-premises Windows file shares with Azure Files. This can be useful for cloud tiering, disaster recovery, and centralized management.

Best Practices

• Use appropriate tiers (Transaction optimized, Hot, Cool) based on your access patterns to optimize costs.
• Monitor your file share's usage and performance.
• For security, use managed identities or service principals instead of account access keys where possible, especially for applications.
• Consider Azure Private Endpoints for secure and private access to your file shares from virtual networks.

This guide provides a foundational understanding of how to use Azure Files. For more advanced configurations and details, please refer to the Azure Files documentation.