DEV Community

Cover image for Secure, Private Storage Solutions for Confidential Company Documents
Oluwatobiloba Akinbobola
Oluwatobiloba Akinbobola

Posted on

Secure, Private Storage Solutions for Confidential Company Documents

Introduction

Secure data storage is not just useful; it’s essential for companies. Each department relies on it to protect sensitive documents, strategies, and personnel records. This private storage ensures data remains confidential and accessible only to those who need it, even during regional outages.

With highly available storage, teams can operate without disruption, while backups for public websites ensure we are prepared for any situation. This solution is not just about data; it’s about keeping the company resilient and ready for the future.
Architecture diagram
Architecture diagram

Create a storage account and configure high availability.

1.Create a storage account for the internal private company documents.

  • In the portal, search for and select Storage accounts. Storage accounts
  • Select + Create. + Create
  • Select the Resource group created in the previous lab.
  • Set the Storage account name to private. Add an identifier to the name to ensure the name is unique.
  • Select Review, and then Create the storage account. Review create
  • Wait for the storage account to deploy, and then select Go to resource. Go to resource

2.This storage requires high availability if there’s a regional outage. Read access in the secondary region is not required. Configure the appropriate level of redundancy.

  • In the storage account, in the Data management section, select the Redundancy blade.
  • Ensure Geo-redundant storage (GRS) is selected.
  • Refresh the page.
  • Review the primary and secondary location information.
  • Save your changes. redundancy

Create a storage container, upload a file, and restrict access to the file.

1.Create a private storage container for the corporate data.

  • In the storage account, in the Data storage section, select the Containers blade.
  • Select + Container.
  • Ensure the Name of the container is private.
  • Ensure the Public access level is Private (no anonymous access).
  • As you have time, review the Advanced settings, but take the defaults.
  • Select Create. Container

2.For testing, upload a file to the private container. The type of file doesn’t matter. A small image or text file is a good choice. Test to ensure the file isn’t publically accessible.

  • Select the container. Scontainer
  • Select Upload.
  • Browse to files and select a file.
  • Upload the file. Upload
  • Select the uploaded file. uploaded file
  • On the Overview tab, copy the URL. URL Overview
  • Paste the URL into a new browser tab. URL display
  • Verify the file doesn’t display and you receive an error.

3.An external partner requires read and write access to the file for at least the next 24 hours. Configure and test a shared access signature (SAS). Learn more about Shared Access Signatures.

  • Select your uploaded blob file and move to the Generate SAS tab.
  • In the Permissions drop-down, ensure the partner has only Read permissions.
  • Verify the Start and expiry date/time is for the next 24 hours.
  • Select Generate SAS token and URL. Generate SAS token
  • Copy the Blob SAS URL to a new browser tab. Blob SAS URL
  • Verify you can access the file. If you have uploaded an image file it will display in the browser. Other file types will be downloaded. Upload file

Configure storage access tiers and content replication.

1.To save on costs, after 30 days, move blobs from the hot tier to the cool tier. Learn more how manage the Azure Blob storage lifecycle.

  • Return to the storage account.
  • In the Overview section, notice the Default access tier is set to Hot. Default access tier
  • In the Data management section, select the Lifecycle management blade.
  • Select Add rule. Add rule
  • Set the Rule name to movetocool.
  • Set the Rule scope to Apply rule to all blobs in the storage account.
  • Select Next. rule name
  • Ensure Last modified is selected.
  • Set More than (days ago) to 30.
  • In the Then drop-down select Move to cool storage.
  • As you have time, review other lifecycle options in the drop-down.
  • Add the rule. Last modified

2.The public website files need to be backed up to another storage account.[Learn more about object replication.

  • In your storage account, create a new container called backup. Use the default values. Refer back to Lab 02a if you need detailed instructions. create
  • Navigate to your publicwebsite storage account. This storage account was created in the previous exercise. publicwebsite
    • In the Data management section, select the Object replication blade.
    • Select Create replication rules. Create replication rules
    • Set the Destination storage account to the private storage account.
    • Set the Source container to public and the Destination container to backup.
    • Create the replication rule. Source container
  • Optionally, as you have time, public upload a file to the public container. public Return to the private storage account private and refresh the backup container. backup backup link Within a few minutes your public website file will appear in the backup folder. backup folder

Top comments (0)