Azure Course Labs

Azure Storage Accounts

Storage Accounts are a managed storage service for data which you can make publicly accessible, or restricted to users or other Azure services. Data is replicated in multiple locations for high availability, and you can choose different levels of performance.

In this lab we’ll expolore the basics of Storage Accounts, uploading small and large files.

Reference

• Storage Account overview

• Data redundancy in Azure

• az storage commands

• az storage account commands

Explore Storage Account options

Create a new resource in the Portal, search for Storage Account. Look at the options you have:

• the name needs to be globally unique - and the naming rules are strict
• region is important, it’s where the data is physically stored
• choose performance and redundancy levels

The redundancy level sets how the data is replicated:

• Locally Redundant Storage (LRS) means the data is replicated in a single datacentre
• Zone Redundant Storage (ZRS) replicates across datacentres in a single region
• Geo-Redundant Storage (GRS) replicates across regions

Your data is more secure with wider replication, but that comes at higher cost.

Create a storage account

We’ll use the CLI to create a new Storage Account. Start with a Resource Group and then check the hel text for new accounts:

az group create -n labs-storage  -l westeurope --tags courselabs=azure

az storage account create --help

📋 Create a zone-redundant storage account with standard performance.

Not sure how?</summary>

The SKU parameter includes performance and redundancy settings, e.g:

• Premium_LRS is premium performance (SSD-backed storage) with local redundancy

• Standard_GRS is standard performance (spinning HDDs) with geo redundancy

az storage account create -g labs-storage  -l westeurope --sku Standard_ZRS -n <sa-name>

</details>

Open the new resource in the Portal - one storage account can support multiple types of storage. Blob storage (Binary Large OBjects) is a simple file storage option, where you can store files in containers, which are like folders.

📋 Upload the file document.txt in this folder as a blob in a container called drops.

Not sure how?</summary>

The Storage Account blade has an Upload option in the main menu. Select that and you can browse to your local file and upload it.

You can create a new container from that menu, and supply a container name.

</details>

Blob storage is not hierarchical - you can’t have containers in other containers - but blob names can include forward slashes e.g. my/blob/file.txt which lets you approximate nested storage

Upload and download blobs

You can manage storage with a nice UI from within the portal. Click Storage browser from the left nav and open Blob containers.

Open the drops and you’ll see document.txt. Click and you’ll get an overview which includes the URL. What is the URL of the file? Is is publicly accessible?

Use curl to download it:

# you won't get any errors here:
curl -o download2.txt https://<sa-name>.blob.core.windows.net/drops/document.txt

It looks like the file has been downloaded. But check the contents:

cat download2.txt

It’s an XML error message… New blob containers default to private access.

📋 Change the access level of the container so you can download the blob.

Not sure how?</summary>

Browse to the drops container in the Portal and select Change access level:

• blob access means anyone with the URL can download the file
• container access means anyone can list the container contents and download all blobs

</details>

Once you’ve set a public access level, you can download the file:

curl -o download3.txt https://<sa-name>.blob.core.windows.net/drops/document.txt

cat download3.txt

Now the correct contents are there.

Storage for VM disks

Blob storage can also be used for VM disks, which is useful if you want to manage disks alongside other data.

Blob storage isn’t used by default though. Managed disks aren’t contained in a storage account.

You can use unmanaged disks if you want to control the storage, which you can specify when you create the VM.

📋 Create a premium storage account and a VM with the OS disk stored in that account - check the VM types to see which support premium storage.

Not sure how?</summary>

The Storage Account is the same command with a different SKU:

az storage account create -g labs-storage  -l westeurope --sku Premium_LRS -n <disk-sa-name>

You also need a container for the disk to be stored as a blob:

az storage container create -n vm-disks --account-name <disk-sa-name>

Then in the VM create command, specify the SA and container:

az vm create -l westeurope -g labs-storage -n vm04 --image UbuntuLTS --size Standard_D2as_v5  --use-unmanaged-disk --storage-container-name vm-disks --storage-account <disk-sa-name>

</details>

Now browse to the new storage account - how is the disk stored?

It is a VHD blob in the storage container. These sorts of disks don’t show in the Portal as a separate resource, like managed disks do.

Lab

Storage Accounts have a firewall option, similar to SQL Server in Azure. Use it to secure your original SA so it can only be accessed from your own IP address. Confirm you can download the document.txt file; then login to your VM and confirm that it can’t download the file.

Stuck? Try hints or check the solution.

---

Cleanup

Delete the lab RG:

az group delete -y -n labs-storage --no-wait

This site is open source. Improve this page.