Azure for Architects
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Storage features

Azure storage is elastic. It means that you can store as little as a few megabytes to as large as petabytes of data. You do not need to pre-block the capacity and it will grow and shrink automatically. Consumers just need to pay for the actual usage of storage.

Azure storage is secure. It can only be accessed using the SSL protocol. Moreover, access should be authenticated. Azure storage provides the facility to generate an account level Secure Access Signature (SAS) token that can be used by storage clients to authenticate themselves. It is also possible to generate individual service level SAS tokens for blobs, queues, table, and files. Data stored in Azure storage can be encrypted. This is known as secure data at rest. Azure disk encryption is used to encrypt the OS and data disks in IaaS virtual machines. Client-side Encryption (CSE) and Storage Service Encryption (SSE)--are both used to encrypt data in the Azure storage. SSE is a storage account-wide setting that ensures that data is encrypted while writing data to storage and is decrypted while reading by storage engine. This ensures that no application changes are required to enable SSE. In CSE, client applications can use storage SDK to encrypt data before sending and writing to Azure storage. The client application can later decrypt it while reading. This provides both data in transit and data at rest security. CSE is dependent on secrets from the Azure key vault. There is another service Azure disk encryption used to encrypt the OS and data disks in IaaS virtual machines.

Azure storage is highly available and durable. What this means is that Azure always maintains multiple copies of Azure accounts. The location and number of copies depend on the replication configuration. Azure provides four replication settings. These settings have implications on both cost as well as availability during disaster. Locally redundant storage is cheapest and provides least availability compared to others while Read access geo-redundant is costliest and provides high availability. 

  • Locally redundant storage: Locally redundant storage (LRS) replicates and maintains three copies of storage within same data center of a region. It means data is highly available within a data center only. Storage will be lost or unavailable if for any reason this data center goes down. It follows the synchronous pattern for write operations meaning write to all replicas is regarded as a success. A write request is successful only after it is written to all three replicas. However, Azure ensures fault tolerance from storage disk and rack perspective. It does so by placing the three replicas in different fault and upgrade domains. Fault and upgrade domains are discussed in detail in the next chapter.
  • Zone-redundant storage: Zone-redundant storage (ZRS) is costlier than locally redundant storage because apart from three copies in the same data center, it also stores data into another data center as well within a region. Since multiple data center is involved, to maintain performance and latency SLA writes to all storages happens asynchronously.
  • Geo-redundant storage: Geo-redundant storage (GRS) provides better durability and availability compared to zone redundancy by replicating storage to another region apart from local redundancy. This is also one of the costliest options but provides disaster recovery at the region level.
  • Read-access geo-redundant storage: Read-access geo-redundant storage (RAGRS) is similar to Geo-redundancy but it additionally provides read-only access to replicas. 
上一章目录下一章