Category Archives: Azure File Sync

The evolution of a traditional file server thanks to the potential offered by Azure

The file server continues to be a strategic and heavily used component in our customers' datacenters. Often we are looking for modern solutions that allow you to effectively and functionally centralize the network folders of your infrastructure, while maintaining characteristics in terms of performance, compatibility and flexibility. This article explores the features of the Azure File Sync solution, which allows you to benefit from the potential offered by the Microsoft Azure public cloud as regards synchronization, the provision and protection of file server contents.

The challenges of traditional file servers

Using file servers in traditional mode to provide users with a repository to store content, we often find ourselves in the conditions of:

  • adopt legacy solutions that are inflexible and inefficient
  • having to host a large number of rarely accessed archive folders in their data centers
  • deliver content in an ineffective way in multi-site contexts
  • have difficulty in quickly restoring the provision of the service in the event of faults, security issues or major outages

The principles of operation of Azure File Sync

Azure File Sync is a solution that allows you to centralize the network folders of your infrastructure in Azure Files, maintaining flexibility, the performance and compatibility of a traditional Windows file server. Although there is the possibility to choose to keep a complete copy of your data in an on-premises environment, Azure File Sync allows you to transform Windows Server into a "cache" to quickly access the content on a given Azure file share: in this case all the files are present in the cloud, while the most recent files are also present on the on-premises file server.

Figure 1 – Azure File Sync architecture

Local access to data can occur with any protocol available in Windows Server, such as SMB and NFS. Furthermore, you have the possibility of having multiple "cache" servers located in different geographic locations. Finally, is allowed to directly access content on the File Share from other Azure resources (IaaS and PaaS).

Figure 2 - Access to content in Azure File share

Benefits of Azure File Sync

Among the benefits that can be obtained by adopting the Azure File Sync solution we find:

  • Cloud tiering: are maintained locally only recently accessed data. This allows you to control the amount of disk space used on-premises for storing content. Consequently, cost savings for local storage are achieved, as only part of the data will be stored locally. Files in the cloud can always be quickly retrieved on demand, without interruptions for the user, thus ensuring an optimal experience.
  • Synchronization and multi-site access: you have the option to sync between different sites, allowing to write access to the same data between different Windows Server and Azure Files.
  • Disaster recovery and business continuity: you have the possibility to immediately restore the file metadata and to recall only the necessary data, for faster service reactivation in Disaster Recovery scenarios. Furthermore, Azure File offers several possibilities when it comes to data redundancy.
  • Backup cloud-side: becomes invalid the need to back up data on premises. Content protection can be done directly in the cloud, as described in the following paragraph. This means that it is possible to obtain a reduction in costs with regard to the hardware and software used to perform the on-premises backup.

Azure File share protection

The ability to enable the Cloud Tiering makes Azure File Sync a particularly interesting solution, but this aspect in particular requires making the necessary considerations as regards the data protection strategy. As well as antivirus solutions, backup solutions may cause files stored in the cloud to be recalled through the Cloud Tiering feature. Microsoft recommends a cloud backup solution to back up Azure File share instead of an on-premises backup solution. Among the various workloads supported by Azure Backup, Azure Files is also included:

Figure 3 - Overview of Azure Backup and its features

Azure Backup uses different backup technologies for each workload it can protect. Going into detail, the protection of the Azure File shares used by Azure File Sync can be done using Azure Backup, according to the following architecture:

Figure 4 – Architecture for the protection of Azure File shares

For more details please visit the Microsoft's official documentation.

Advantages of protecting Azure File shares with Azure Backup

The Azure File share protection process using Azure Backup offers the following benefits:

  • Zero infrastructure: no infrastructure is required to enable environmental protection.
  • Security: Azure Backup ensures that backup data is stored securely by leveraging the Azure platform's built-in security features such as RBAC and encryption. Furthermore, with the soft-delete functionality you get advanced protection from any accidental and harmful attempts to delete backups.
  • Customizing retention policies: backups can be configured with data retention policies daily, weekly, monthly and yearly, based on your needs.
  • Built-in management capabilities: you can schedule your backups and specify the retention period you want in a way that is fully integrated into the platform.
  • Instant Restore: Azure File Share backup uses snapshots, this allows you to select only the files you want to restore instantly.
  • Alerts and reports: you can configure alerts for backup and restore operations that present errors. You can also use the reporting solution provided by Azure Backup to get detailed information about backup jobs.

Conclusions

Thanks to the adoption of Azure File Sync, it is possible to evolve traditional file servers with modern and functional features such as cloud tiering, synchronization between multiple sites, the quick DR, direct access in the cloud environment and integration with cloud backup.

Protect Azure File Sync through Azure Backup

Azure File Sync service allows you to centralize your infrastructure's network folders in Azure Files, allowing you to maintain the typical characteristics of a file server on-premises, in terms of performance, compatibility and flexibility and at the same time to benefit from the potential offered by cloud. Azure File Sync integrates with Azure Backup making it possible to centrally manage protection policies in the cloud. This article describes how these two solutions are integrated and what you need to consider to enable effective protection.

The main features of Azure File Sync are the following:

  • Cloud tiering: are maintained locally only recently accessed data.
  • Multi-site sync: you have the option to sync between different sites, allowing write access to the same data between different Windows Servers and Azure Files.
  • Integration with Azure backup: ability to enable content protection using Azure Backup.
  • Disaster recovery: you have the option to immediately restore metadata files and retrieve only the data you need, for faster service reactivation in Disaster Recovery scenarios.
  • Direct access to the cloud: you can directly access content on the File share from other Azure resources (IaaS and PaaS).

Azure File Sync can turn Windows Server into a "cache" to quickly access content on a given Azure File share. Local access to data can occur with any protocol available in Windows Server. You have the possibility to have multiple "cache" servers in different geographic locations.

The ability to enable the Cloud Tiering makes Azure File Sync an increasingly popular solution, but this aspect in particular requires you to make the necessary considerations in the strategy to be adopted for data protection. As well as antivirus solutions, backup solutions may cause files stored in the cloud to be recalled through the Cloud Tiering feature. Microsoft recommends a cloud backup solution to back up Azure File share instead of an on-premises backup solution. If you are using a local backup solution, backups must be performed on a server belonging to a sync group where cloud tiering is disabled.

How the backup job works

Azure File share security is done under the following architecture:

Figure 1 – Architecture for securing Azure File share

The Azure File Share security process involves the following steps::

  1. The presence of a Recovery Service Vault is required in order to configure backups. Therefore, you should proceed with the creation of it if it is not available.
  2. Azure Backup will perform a discovery required to complete the process of registering the storage account that hosts the Azure File shares to be protected.
  3. Completed the registration process, Azure Backup will store the list of File shares present on the storage account in its catalog.
  4. You can select the Azure File share to protect and associate them with its backup policies, specific scheduling and data retention policies.
  5. Based on the policies configured Azure Backup performs backups. A key aspect to consider is that the backup is currently being backed up by generating a snapshot of the Azure File share. Data in Azure File share are never transferred to the Recovery Service Vault, but Azure Backup simply creates and manages snapshots that are part of the storage account.
  1. In the event of a restore, snapshots will be used, the relative URL of the backups, is taken from the metadata store in the Recovery Service Vault.
  2. The backup and restore job monitor is sent to the Azure Backup Monitoring service. This allows you to get an overall view of all backups, including Azure File Share. Furthermore, you can also configure alerts or e-mail notifications if you have problems performing backups.

 

Benefits of adopting this security strategy

  • Zero infrastructure: no infrastructure is required to enable environmental protection.
  • Customizing retention policies: backups can be configured with data retention policies daily, weekly, monthly and yearly, based on your needs. Annual backups can now be kept up to 10 years.
  • Built-in management capabilities: you can schedule your backups and specify the retention period you want in a way that is fully integrated into the platform.
  • Instant Restore: Azure File Share backup uses snapshots, this allows you to select only the files you want to restore instantly.
  • Alerts and reports: you can configure alerts for backup and restore operations that present errors. You can also use the reporting solution provided by Azure Backup to get detailed information about backup jobs.

Protect against accidental deletion of Azure File shares

To provide greater protection against cyberattacks and accidental deletion, Azure Backup recently added an extra layer of security to the Azure File shares snapshot management solution. If you delete the File shares, content and its recovery points (Snapshots) are retained for a configurable period of time, enabling full recovery without data loss. When you configure protection for a File share, Azure Backup enables soft-delete functionality at the account storage level with a retention period of 14 days, which is configurable according to your needs. This setting determines the time window in which File Share content and snapshots can be restored after any accidental deletion operations. Once the File share is restored, backups resume working without the need for additional configurations.

Conclusions

This solution allows in very simple, reliable and secure way to configure protection for Azure File shares and easily recover data when needed. The integration between Azure File Sync and Azure Backup will surely see the release of several new features in the coming months, including, very much heard, the ability to configure data transfer to the Recovery Service Vault instead of keeping snapshots in the same storage account where the data resides. To understand all the support scopes and limits in using the Azure Backup service to protect Azure File shares, you can see this Microsoft article.