As we continue to journey through 2023, one of the highlights in the tech world has been the evolution of Azure Storage, Microsoft’s cloud storage solution. Azure Storage, known for its robustness and adaptability, has rolled out several exciting updates this year, each of them designed to enhance user experience, improve security, and provide more flexibility and control over data management.
Azure Storage has always been a cornerstone of the Microsoft Azure platform. The service provides a scalable, durable, and highly available storage infrastructure to meet the demands of businesses of all sizes. However, in the spirit of continuous improvement, Azure Storage has introduced new features and changes, setting new standards for cloud storage.
A New Era of Security with Azure Storage
A significant update this year has been the disabling of anonymous access and cross-tenant replication on new storage accounts by default. This change, set to roll out from August 2023, is an important step in bolstering the security posture of Azure Storage.
Traditionally, Azure Storage has allowed customers to configure anonymous access to storage accounts or containers. Although anonymous access to containers was already disabled by default to protect customer data, this new rollout means anonymous access to storage accounts will also be disabled by default. This change is a testament to Azure’s commitment to reducing the risk of data exfiltration.
Moreover, Azure Storage is disabling cross-tenant replication by default. This move is aimed at minimizing the possibility of data exfiltration due to unintentional or malicious replication of data when the right permissions are given to a user. It’s important to note that existing storage accounts are not impacted by this change. However, Microsoft highly recommends users to follow these best practices for security and disable anonymous access and cross tenant replication settings if these capabilities are not required for their scenarios.
Azure Files: More Power to You
Azure Files, a core component of Azure Storage, has also seen some significant updates. With a focus on redundancy, performance, and identity-based authentication, the changes bring more power and control to the users.
One of the exciting updates is the public preview of geo-redundant storage for large file shares. This feature significantly improves capacity and performance for standard SMB file shares when using geo-redundant storage (GRS) and geo-zone redundant storage (GZRS) options. This preview is available only for standard SMB Azure file shares and is expected to make data replication across regions more efficient.
Another noteworthy update is the introduction of a 99.99 percent SLA per file share for all Azure Files Premium shares. This SLA is available regardless of protocol (SMB, NFS, and REST) or redundancy type, meaning users can benefit from this SLA immediately, without any configuration changes or extra costs. If the availability drops below the guaranteed 99.99 percent uptime, users are eligible for service credits.
Microsoft has also rolled out Azure Active Directory support for Azure Files REST API with OAuth authentication in public preview. This update enables share-level read and write access to SMB Azure file shares for users, groups, and managed identities when accessing file share data through the REST API. This means that cloud native and modern applications that use REST APIs can utilize identity-based authentication and authorization to access file shares.
A significant addition to Azure Files is AD Kerberos authentication for Linux clients (SMB), which is now generally available. Azure Files customers can now use identity-based Kerberos authentication for Linux clients over SMB using either on-premises Active Directory Domain Services (AD DS) or Azure Active Directory Domain Services (Azure AD DS).
Also, Azure File Sync, a service that centralizes your organization’s file shares in Azure Files, is now a zone-redundant service. This update means thatan outage in a zone has limited impact while improving the service resiliency to minimize customer impact. To fully leverage this improvement, Microsoft recommends users to configure their storage accounts to use zone-redundant storage (ZRS) or geo-zone redundant storage (GZRS) replication.
Another feature that Azure Files has made generally available is Nconnect for NFS Azure file shares. Nconnect is a client-side Linux mount option that increases performance at scale by allowing you to use more TCP connections between the Linux client and the Azure Premium Files service for NFSv4.1. With nconnect, users can increase performance at scale using fewer client machines, ultimately reducing the total cost of ownership.
Azure Blob Storage: More Flexibility and Control
Azure Blob Storage has also seen significant updates in 2023, with one of the highlights being the public preview of dynamic blob containers. This feature offers customers the flexibility to customize container names in Blob storage. This may seem like a small change, but it’s an important one as it provides enhanced organization and alignment with various customer scenarios and preferences. By partitioning their data into different blob containers based on data characteristics, users can streamline their data management processes.
Azure Storage - More Powerful than Ever
The 2023 updates to Azure Storage have further solidified its position as a leading cloud storage solution. With a focus on security, performance, flexibility, and control, these updates represent a significant step forward in how businesses can leverage Azure Storage to meet their unique needs.
The disabling of anonymous access and cross-tenant replication by default is a clear sign of Azure’s commitment to security and data protection. Meanwhile, the updates to Azure Files, including the introduction of a 99.99 percent SLA, AD Kerberos authentication for Linux clients, Azure Active Directory support for Azure Files REST API with OAuth authentication, and the rollout of Azure File Sync as a zone-redundant service, illustrate Microsoft’s dedication to improving user experience and performance.
The introduction of dynamic blob containers in Azure Blob Storage is another example of how Azure is continually evolving to meet customer needs and preferences. By allowing users to customize their container names, Azure has given them more control over their data organization and management.
Overall, the updates to Azure Storage in 2023 are a testament to Microsoft’s commitment to continually enhance its cloud storage offerings. They show that Azure is not just responding to the changing needs of businesses and the broader tech landscape, but also proactively shaping the future of cloud storage. As we continue to navigate 2023, it’s exciting to see what further innovations Azure Storage will bring.