Please enable JavaScript.

Coggle requires JavaScript to display documents.

Azure Storage chapter (Security (Secure storage account using RBAC (Role…

- - - - Allow occasional rollover of keys to enhance security
- - - - In a container
        
        supports single level container
        (container in a container not supported)
        
        Is analogous to a folder
      - Supports simulation of file system by allowing / in blob names
    - - URLs
        
        Format: https://[storage account name]/blob.core.windows.net/[container]/[blob name]
        
        Custom domain assignment to storage account to avoid CORS
        http://[storage.companyname.com]/[container]/[blobname]
        
        Does it support https for custom domain currently?
        
        Supports CORs
      - REST interface
      - Azure storage client libraries
        
        .Net
        
        Node.js
        
        Java
        
        PHP
        
        Ruby
        
        Python
  - - - With SMB 2.1, file share accessible to VMs in the same region as storage account. Because SMB 2.1 does not support encryption
      - With SMB 3.0, share accessible to VMs in different regions or even desktop
        
        To mount Azure file share on the desktop, port 445 (SMB)
        must be open
        
        SMB 3.0 by Linux/Mac does not support encryption, hence share can not be mounted on those platforms
      - File Share
        
        Size: 5TB
        Throughput: 60MB/sec
        Max file size on share: 1TB
        1000 IOPS (of size 8KB) per share
        
        AD based authentication and ACLs are not supported
    - - REST interface
      - Storage client libraries
      - Url with appended SAS(Shared access Signature)
        
        Url with appended SAS (Shared access signatures)
        
        Format: \[storage account name].file.core.windows.net[share name].
    - - Use
        
        Azure Portal
        
        PowerShell
        
        Azure CLI
        
        REST APIs
        
        Storage client libraries
        
        AzCopy
  - - - For semi structured,
        non relational data
    - - Stores entities
      - Each entity is a set of key value pairs
      - Each entity has 3 system properties
        
        Partition key
        
        To shard entities across different storage nodes
        
        Entities with same partition key are stored on
        same storage node
        
        Row key
        
        To provide uniqueness within a given partition
        
        Timestamp
        
        To represent the date and time
        the entity was last modified
        
        Used by Azure to support optimistic concurrency
        with ETags
      - Partition key and row key together form the primary key for the table
      - Each entity has collection of KVP called properties
        
        Upto 252 KVP allowed
      - Addressable with Odata protocol
        \[storage account name].table.core.windows.net[table name].
    - - Storage client library
      - REST API
        
        Implements Odata protocol
- - - - General purpose standard storage account
        
        Most widely used
        
        Supports all four types of data
        
        Uses magnetic media to store data
      - General purpose premium storage account
        
        Uses SSD to store data
        
        High performance storage for page blobs and VHDs
        
        MS recommends this storage for VMs
      - Blob storage account
        
        Store Block and Append blobs
        
        Can not store Page blobs.
        Hence VHDs can't be stored
        
        Access tier
        
        Hot
        
        For frequently accessed data
        
        Cost of storage is high.
        Cost of access is low.
        
        Cold
        
        For infrequently accessed data
        
        Cost of storage is low.
        Cost of access is high.
        
        Can be changed at any time