This course will teach you how to configure the security, access, management and monitoring features common to Blob, File, Queue, and Table services using Azure Storage Accounts. Setup, administration, and cost tracking are covered as well.
Azure Storage Accounts provide a unique namespace to store and access your data objects in the cloud. Blob, File, Queue, and Table services all share common features of security, access, monitoring, and cost tracking through a Storage Account. In this course, Creating and Configuring Microsoft Azure Storage Accounts, you'll learn how to create and configure Microsoft Azure storage accounts. First, you'll explore how to create and secure Azure Storage Accounts and perform administration using the Azure Portal, Azure CLI, and Azure Storage Explorer. Next, you'll discover the basics of account types and storage account replications options, as well as more advanced monitoring and troubleshooting of storage accounts using metrics, diagnostics logs, and activity logs. Finally, you'll learn how to monitor the ongoing cost of your storage services. By the end of this course, you'll know how to create and manage storage accounts, how to secure access, and how to monitor your storage account.
Neil is a solutions architect and developer, with a passion for web development, architecture, and security. He has worked in large and small IT organizations, written articles on development, and spoken at local .NET user groups. Neil has several Microsoft Certifications, including MCPD, MCSA, and MCSD.
Course Overview Hi everyone. My name is Neil Morrissey, and welcome to my course on Creating and Configuring Microsoft Azure Storage Accounts. Azure Storage is a highly-available, highly-scalable, cloud-based service for storing a variety of different data types. It includes such services as Blob Storage, File Storage, Queue Storage, and Table Storage. Securing the data in these services and preventing unauthorized access is a major concern for most organizations when moving to the cloud. Azure storage accounts have a lot of features when it comes to securing the data itself and securing access to the data. Given that your data is being stored in a cloud datacenter, you also want to have visibility in to the health of the service and the activities being performed against it. There are metrics available to provide that insight, as well as logs created of the operations against your storage account services. This course is part of a path on Azure Storage, along with other courses that go into more detail on particular services within Azure Storage, like Blob Storage and File Storage. But all of those services share some common features around security, access, management, and monitoring, so this course is a foundation for understanding all of the Azure Storage services. Some of the major topics we'll cover include the basics of storage accounts, like the different types of accounts you can create and how you can set up replication for high availability and disaster recovery of your data; protecting access to your data using storage account keys, shared access signatures, role-based access control, and even encrypting data using your own keys. Besides seeing the management features in the Azure portal, you'll learn the capabilities of Azure Storage Explorer for managing storage accounts from multiple subscriptions, all within one view. And we'll go in depth on the metrics and monitoring capabilities of Azure Storage so you can see who performed operations against the storage account itself and against the data within the storage account. And we'll also look at how you can monitor the ongoing cost of your storage account. By the end of this course, you'll know how to create and manage storage accounts, how to secure access, and how to monitor your storage accounts. I hope you'll join me on this journey to learn all about Creating and Configuring Microsoft Azure Storage Accounts, here on Pluralsight.
Creating Azure Storage Accounts A Storage Account is the top level container for various storage services in Microsoft Azure, like Blob Storage, File Storage, Table Storage, and Queue Storage. Before you can configure any of those services though, you need to create a Microsoft Azure Storage Account. And that's what we're going to do in this module. But first, we'll discuss Azure Storage in general, so we can put some context to the types of storage services that are part of storage accounts. Then we'll look at the different types of storage accounts you can create and the features available with each one. Next we'll examine replication options, which allow you to configure your storage account to replicate data within one Azure region or across different regions for true disaster recovery. And then we'll walk through how to create a new storage account in the Azure portal, as well as using the Azure CLI. And finally, we'll discuss the different factors that affect the cost of your Storage Account. So let's get started!
Configuring Security and Access Protecting data from unauthorized access is a big concern for most people when moving to the cloud or when considering new opportunities to leverage the cost benefits and features of cloud data storage. Azure Storage includes features to restrict access to your data and also enable access to users, groups, and applications that you've authorized. Some of these features involve the use of Azure Active Directory to authenticate users, and other approaches involve the use of tokens that can be passed to Azure Storage when making calls to read or modify data. In this module, we'll start with an overview of management plane security and access. This is about protecting access to the administrator functions of your storage account. Then we'll look at protecting the data plane, which is how users and applications will access the data within the storage account. Next, we'll discuss the three major ways of authenticating to the data plane, which are by using storage account keys, the shared access signatures, along with a related feature called Stored Access Policies, and the latest way of authenticating to blob and queue storage by using Azure AD authentication. Then we'll discuss encryption in transit, to ensure the integrity of your data while its moving in and out of Azure and then encrypting data at rest, including looking at how to use your own encryption keys to encrypt blobs and files. And the last thing we'll examine is how you can configure Azure Storage so your storage account can only be accessed from certain virtual networks in Azure that you assign access to or from a range of IP addresses from the internet. So you can effectively prevent your storage account from being publicly accessible from the internet. We've got a lot to get through in this module, so let's get started.
Using Azure Storage Explorer to Manage Storage Accounts Azure Storage Explorer is a free, standalone client application from Microsoft, with versions available for Windows, Mac, and Linux. It gives you a view into your storage accounts, and allows you to do a significant amount of administration. In this module, I'll show you where to download the tool from, and we'll go through installation on a Windows desktop. Then we'll look at connecting to Azure Storage in a few different ways. You'll see administrator type access by connecting with Azure administrator credentials, and also how you can delegate some limited admin, for a limited time period by providing an account level shared access signature. For administrators, Azure Storage Explorer can provide a single pane of glass into storage accounts across multiple subscriptions. Then I'll show you how you can create a shared access signature within Azure Storage Explorer that can be provided to a business client to allow them to only upload a file to a particular blob container and not be able to download or delete files. We'll also look at connecting to Cosmos DB and Azure Data Lake as well. And then we'll examine the features in Azure Storage Explorer for administrators to perform tasks. You can do most of the same things in Azure Storage Explorer that you can do in the Azure portal, plus you have access to manage the data within the Table service. And finally, I'll show you a new feature in the Azure portal that's currently in preview, which is a web-based version of Azure Storage Explorer that lets you do many of the same things with a familiar interface. Rather than go through the features of Azure Storage Explorer in a PowerPoint presentation, let's just jump right in and see those features in action. So let's get started by installing the tool on a workstation.
Monitoring Storage Accounts This module is about monitoring your azure storage account. That can mean a lot of different things, and I'm going to try and cover most if not all of them. First of all, we'll talk about activity logs, which are the logs created for the management plane of your storage account, in other words, the operations that are performed on the storage account by administrators. Then, we'll look at diagnostic logs that are created by Azure Storage Analytics. You'll see how to enable those logs, we'll create some test data, and then download the log files and analyze them using a free tool from Microsoft called Message Analyzer. Next, we'll look at the metrics that are collected by Azure Storage Analytics. Metrics are in the process of changing. In the past, they've been stored in tables within the storage account itself, and those tables are still available for now. But Microsoft is moving all metrics into Azure Monitor, and storage analytic metrics are currently also being sent there. So we'll look at some of the metrics available for storage analytics within Azure Monitor. I'll also show you how to set up alerts to notify you when thresholds are reached on any metrics you want to proactively monitor. And the last thing we'll look at is monitoring costs for your storage account. We talked in an earlier module about predicting costs using the Azure Pricing Calculator. But in this module, you'll see how you can monitor ongoing costs within the Azure portal and using Cost Management by Cloudyn, which is a new tool licensed by Microsoft. Sometimes you want maximum flexibility though. You might have a need to create a custom cost monitoring solution or integrate with an existing reporting system. In that case, you can leverage the Azure Billing APIs, and I'll show you how to do that in the last demo of this module. So let's get started with a discussion of activity log monitoring.