Azure Unblogged - Replace your file server with a serverless Azure file share!
Published Feb 25 2020 10:05 PM 58.6K Views
Microsoft

You can already extend your on-premises file servers into Azure using Azure File Sync, but now you can completely decommission those old on-premises file servers and replace them with serverless Azure file shares. With the new capabilities, the Azure Files team announced this week; you can now integrate your Azure File share in Active Directory and your on-premises network.

 

In this video, I had the chance to talk to Will Gries from the Azure Files team, to give you a quick look at how to domain join your storage account to your on-premises domain, and configure Azure networking to access your Azure file share from on-premises.

 

 

If you want to learn more about Azure Files and how you can start using Azure Files to replace your on-premises file server, check out the following documentation:

 

I hope you enjoyed the video if you have any questions feel free to leave a comment. You can also watch previous Azure Unblogged videos here:

 

20 Comments
Copper Contributor

Hello,

Do you have a tools or script for transfert de data and Security from thé old on-promise serveur to azure file share ? (Ex: Azure migrator)

Thanks !

Copper Contributor

It is mentioned to use DNS forwarding for core.windows.net to be able to get the private IP of a share - however, what happens with the storage accounts and anything else under the core.windows.net namespace that we actually need the public IP resolved? Will the private DNS used for this forward the request to the upper Azure DNS to get a public IP?

 

Example:

 

fileshare.file.core.windows.net -- resolved to private IP (which is correct)

anotherstgacc.file.core.windows.net -- resolved to a public IP

 

Thank you

Brass Contributor

any plans for DFS on-prem pointing to Azure files

Microsoft

@Tim67 Thanks for the question, with the AD integration you should already be able to do that. You will basically add the Azure Files Share in the local AD and you can use DFS-N in front of it.

Microsoft

@Stephane Munger I would recommend that you look at Azure File Sync, to replicate data to an Azure Files share, later you can then remove the Sync and remove the on-prem server. You can find this here: https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide?WT.mc_id=it... 

Microsoft

@Stephane Munger, you can use standard tools like robocopy to do the migration. I would recommend against tools like AzCopy, as these don't preserve the ACLs and other file system attributes of a file/folder.

Microsoft

@Christian Echetto, if one of your storage accounts does not have any storage accounts registered, it won't be in your private DNS, so requests will go through to the public DNS automatically.

Copper Contributor

Great !!

Copper Contributor

Testing this over Expressroute, I have noticed it takes a lot of time to render the window where you assign permissions to folders to On-Prem AD groups. Also, the location keeps on flipping between the On-prem Domain name and Storage Account Name. Is this a limitation of the Preview?

Copper Contributor

I am prototyping a solution for remote users using Azure Guest accounts to access Azure Storage File shares. The prototype has hit a wall with the P2S VPN. The VPN indicates it is connected but the Test-netconnection fails and I can not ping any IPs on the azure side. In your ignite presentation there was a mention of adding an entry to the host file for the IP of the nic of the Private endpoint. Still no luck. The VPN was created using the Scripts located at:  https://docs.microsoft.com/en-us/azure/storage/files/storage-files-configure-p2s-vpn-windows

 

On another note the Script for the P2S to complete the Client setup fails when you are running it on the machine you are updating. There is contention on the copy step. That being said the process still created the VPN option and connects. 

 

One last item to note. for those running the client side script I had to turn off IPv6 to get the New-PSSession cmdlet to complete successfully.

 

Thanks in advance for your assistance 

Copper Contributor

This is awesome! - those ARM templates though?  - Deeplink please :) 

Copper Contributor

So when/where are these ARM templates available? I've searched high and low to find them....plz provide links ASAP

 

Additionally, I've found guidance which creates a primary DNS zone on premises for privatelink.core.windows.net and then creates an A record for the storage account to point at the IP of the private endpoint. There's a lot less obfuscation in this methods than in what your video shows...what are the benefits/drawbacks of either method? I usually go with the keep it simple way of things if I can....so not deploying multiple VMs to handle conditional DNS forwarding seems ideal in my way of thinking.

 

Thanks!

Copper Contributor

@Beamex did you ever track anything down on this? Just curious if you had, as I'm getting ready to embark on a deployment for a client and would love guidance from anyone who has more information on this.

Copper Contributor

I came up with a checklist that I used to migrate from an on-premise traditional file share to a pure Azure Files share. Check it out at https://docs.google.com/spreadsheets/d/e/2PACX-1vQXRbzYReH3gjNcX6K15lidIgMqwoD1TtfU4kS47zLb231ImfaGD...

Copper Contributor

Interesting. If we mount an Azure file share to an existing on premises file server, can we use robocopy to copy the files over along with the permissions automatically; this would really help with migration?

Copper Contributor

@Frank_Boyd  - yes, you can use Robocopy and it can maintain the NTFS permissions with the right parameters, see https://docs.microsoft.com/en-us/azure/storage/files/storage-files-migration-overview#migration-tool...

Copper Contributor

.@jcaplan - thank you, that is good to know. 

Copper Contributor

@thomasmaurer , great subject. We're running a POC (along with a Sharepoint migration project) for Azure File Shares in our environment as our on-premise storage for unstructured data is soon to be end of life. We'll need to implement DFS-N as we have around 12 file servers and around 40Tb of data that need to preserve their file paths. Is Azure File Share a viable product for this proof of concept? Are the templates available anywhere as I haven't been able to source them?

Copper Contributor

When will Azure files AD Authentication over SMB be available to Macbooks? We have a few Mac users in our organization and this is the last hurdle stopping us from making the move.

Copper Contributor

Hi , is there a possibility to leverage the AAD Conditional access on top of AAD Authentication ? I understood this feature is in private preview. While we are waiting for this feature to be released are there any workarounds for allowing users based on geolocation to access a file share ? 

Co-Authors
Version history
Last update:
‎May 11 2021 06:46 AM
Updated by: