AZ 104 — Azure File Sync
- Azure File Sync requires Windows Server 2012 R2 or later.
- You can access your on-premises file share with any supported file sharing protocol that Windows Server supports, like SMB, NFS, or FTPS.
- Azure File Sync uses your on-premises file server as a local cache for your Azure file share.
- With cloud tiering, you can cache locally on your file server the files your organization uses the most.
- The files that are used less frequently are accessible from the same local share, but only a pointer to the data is stored there.
- When a user goes to open the file, the rest of the file data is pulled from Azure Files.
- VMs can be defined and deployed on Azure in several ways: the Azure portal, a script (using the Azure CLI or Azure PowerShell), or an Azure Resource Manager template.
- The primary VM drive, and it has a maximum capacity of 2048 GB
· Each disk can hold up to 32,767 gibibytes (GiB) of data, with the maximum amount of storage determined by the VM size you select.
· An interesting capability is to create a VHD image from a real disk. This allows you to easily migrate existing information from an on-premises computer to the cloud.
- If no security group is applied, then all traffic is allowed by Azure.
- In Azure, VHDs are stored in an Azure storage account as page blobs.
- There are two built-in methods of data access supported by Azure Files.
- One method is direct access via a mounted drive in your operating system.
- The other method is to use a Windows server (either on-premises or in Azure) and install Azure File Sync to synchronize the files between local shares and Azure Files.
· Because Azure Files stores files in a storage account, you can choose between standard or premium performance storage accounts:
- Standard performance: Double-digit ms latency, 10,000 IOPS, 300-MBps bandwidth
- Premium performance: Single-digit ms latency, 100,000 IOPS, 5-GBps bandwidth
· Axure file shares only support mounting them from SMB version 3.0.
· There are known vulnerabilities with SMB 1.0. Microsoft recommends you either uninstall or disable this version from all the machines you’re responsible for.
· When you mount Azure file shares, Windows needs to communicate over port 445
· Encryption is about converting meaningful information into something that appears meaningless, such as a random sequence of letters and numbers.
· The process of encryption uses some form of key as part of the algorithm that creates the encrypted data.
· A key is also needed to perform the decryption.
o Keys may be symmetric, where the same key is used for encryption and decryption, or asymmetric, where different keys are used.
- Antivirus programs work by scanning files known for malicious code. This feature might cause an undesired recall of tiered files. Most recent antivirus products, including Microsoft products like Windows Defender and System Center Endpoint Protection, recognize and support dealing with these files. But if you’re using a third-party program, check compatibility with the software vendor.
- Like antivirus solutions, backup solutions can cause the recall and processing of tiered files. We highly recommended you use Azure Backup because it backs up the data on the Azure file share itself. If you’re restoring files from Azure Backup, it’s important to use volume-level or file-level restore operations when you’re using Azure File Sync. Files restored by these methods will automatically be synced to all endpoints in the sync group. Existing files will be replaced with the newly restored versions.
- Azure File Sync works with common encryption methods from Microsoft, including BitLocker, Azure Information Protection, Azure Rights Management, and Active Directory RMS. Azure File Sync doesn’t work with the NTFS file system encryption method, Encrypted File System (EFS).
· Azure File Sync has these system requirements for your local file server:
o Operating system: Windows Server 2012 R2, Windows Server 2016, or Windows Server 2019, in either Datacenter or Standard edition in full or core deployments.
o Memory: 2 GB of RAM or more.
o Patches: Latest Windows patches applied.
o Storage: Locally attached volume formatted in the NTFS file format. Remote storage connected by USB isn’t supported.
· The following files are ignored:
- Desktop.ini: OS-specific file
- ethumbs.db$: Temporary file for thumbnails
- -$.: Temporary Office file
- .tmp: Temporary file
- .laccdb: Access DB locking file
- 6878HDHJKDHHJ7878: Internal sync file
- \System Volume Information: Volume-specific folder
- $RECYCLE.BIN: Folder for deleted items
- \SyncShareState: Folder for sync
· The sync group must contain one cloud endpoint that represents an Azure file share and one or more server endpoints that map to a path on a registered Windows file server.
· The sync group manages the process by using metadata stored in a hidden folder: .SystemShareInformation. Don’t delete this folder.
· The default configuration for all versions of Windows Server is to restrict web browsing and downloads of additional software.
· You must disable this protection for the initial server registration.
· In the Server Manager console, set IE Enhanced Security Configuration to Off for both administrators and users.
· Re-enable this protection after the agent is installed
· Each server can be registered and connected to only one Storage Sync Service at a time.
· But the server can sync with other servers and Azure file shares that are associated with that service.