Azure File Shares in a Hybrid Environment
Project Overview
This project guides you through the process of deploying Azure file shares and including them in a hybrid environment. By integrating serverless Azure file shares with Active Directory Directory Services, you can control and limit access to AD DS users. Azure file shares then can replace traditional file servers. The estimated time to completion for this project is 2 hours.
- Part 1: Deploy Azure AD Connect & Sync On-Prem AD Users to an Existing Azure AD
- Part 2: Deploy Site-to-Site VPN between on-prem Network and an Existing Azure vNet
- Part 3: Deploy a General V2 Storage Account and Provision an Azure File Share
- Part 4: Deploy a Recovery Services Vault and Configure Azure File Share Backups
- Part 5: Grant Users Access to File Share
- Part 6: Validate SMB 3.0 Access to File Share via VPN and via Internet (port 445)
Click here to download a diagram of what the finished lab will look like.
Use Cases
Replace or supplement on-premises file servers. Azure Files can completely replace or supplement traditional on-premises file servers or network-attached storage devices. With Azure file shares and AD DS authentication, you can migrate data to Azure Files. This migration can take the advantage of high availability and scalability while minimizing client changes.
Lift and shift. Azure Files makes it easy to “lift and shift” applications that expect a file share to store application or user data to the cloud.
Backup and disaster recovery. You can use Azure Files as storage for backups or for disaster recovery to improve business continuity. You can use Azure Files to back up your data from existing file servers while preserving configured Windows discretionary access control lists. Data that’s stored on Azure file shares isn’t affected by disasters that might affect on-premises locations.
Azure File Sync. With Azure File Sync, Azure file shares can replicate to Windows Server, either on-premises or in the cloud. This replication improves performance and distributes caching of data to where it’s being used.
Products and Services
You will work with the following products and services in this lab:
Azure Active Directory tenant. This component is an instance of Azure Active Directory (Azure AD) that’s created by your organization. It acts as a directory service for cloud applications, by storing objects that are copied from the on-premises Active Directory. It also provides identity services when accessing Azure file shares.
AD DS server. This component is an on-premises directory and identity service. The AD DS directory is synchronized with Azure AD to enable it to authenticate on-premises users.
Azure AD Connect sync server. This component is an on-premises server that runs the Azure AD Connect sync service. This service synchronizes information held in the on-premises Active Directory to Azure AD.
Virtual network gateway. This optional component is used to send encrypted traffic between a Virtual Network NAT and an on-premises location over the internet.
Azure file shares. Azure file shares provide storage for files and folders that you can access over Server Message Block (SMB), Network File System (NFS), and Hypertext Transfer Protocol (HTTP) protocols. File shares are deployed into Azure storage accounts.
Recovery Services Vault. This optional component provides Azure file shares backup.
Clients. These components are AD DS member computers, from which users can access Azure file shares.u