Azure Applied Skills: Providing private storage for internal company documents

In today’s digital landscape, secure and highly available storage is essential for businesses that manage private data while ensuring backup solutions for critical assets. This guide walks through setting up a robust cloud storage architecture that provides high availability, restricted access, cost efficiency, and seamless backup mechanisms.

By completing this task, you will have developed essential skills in:

• Creating a storage account for private company documents.
• Configuring redundancy to ensure high availability.
• Setting up shared access signatures (SAS) for restricted file access.
• Implementing backup solutions for public website storage.
• Managing storage lifecycle policies to transition content to the cool tier efficiently.

Setting Up High-Availability Storage

To begin, we create a storage account tailored for internal private company documents. This ensures secure storage with redundancy to withstand potential regional outages.

Steps to Create a Storage Account

• In the portal, search for and select Storage accounts.
• Select + Create.
• Set the Storage account name to a unique name
• Select Review, and then Create the storage account.

Configuring Redundancy for High Availability
Since business continuity is a priority, we enable Geo-Redundant Storage (GRS):

• Within the Data management section, select Redundancy.
• Choose Geo-redundant storage (GRS) to replicate data to a secondary region.
• Refresh and verify the primary and secondary locations.

Restricting Access to Corporate Data

Access control is essential when handling private documents. We configure a private storage container with limited access.

Creating a Private Storage Container

• Under Data storage, navigate to Containers.

• Click + Container
  

• Name it private.

• Set Public access level to Private (no anonymous access).

• Click Create.
  

Uploading and Testing Access Control

• Open the private container.
• Click Upload, select a file, and upload it.

• Copy the file’s URL and attempt to access it in a browser. A restricted access error should appear.

Providing Limited Partner Access Using SAS

For external partners requiring temporary access, we generate a Shared Access Signature (SAS).

Generating a SAS Token

• Open the uploaded file and navigate to Generate SAS.
• Assign only Read permissions.
• Set the expiration time to 24 hours.
• Generate and copy the SAS URL.
• Test access by opening the SAS URL in a new browser tab.

Optimizing Costs with Storage Tiers

To minimize storage costs, we move data from the hot tier to the cool tier after 30 days.

Implementing Lifecycle Management

• In the Data management section, select Lifecycle management.
• Click Add rule and name it movetocool.
• Apply the rule to all blobs in the storage account and click next.
• Set Last modified to More than 30 days ago.
• Choose Move to cool storage.
• Save the rule.

Backing Up Public Website Data

To protect website files, we create a backup mechanism.

Creating a Backup Storage Container

• In the private storage account, create a new container named backup using default settings.

Enabling Object Replication for Automated Backup

• Navigate to the publicwebsite storage account.
• Select Object replication under Data management.
• Click Create replication rule.
• Set the Destination storage account to the private storage account.
• Choose Source container as public and Destination container as backup.
• Create the rule.

Final Thoughts

Implementing these storage strategies ensures a secure, highly available, cost-efficient, and automated backup system for company assets. By leveraging Azure Storage capabilities, businesses can enhance data security, streamline partner collaboration, and optimize storage costs effectively.