Skilling tasks
- Create a storage account for the company private documents.
- Configure redundancy for the storage account.
- Configure a shared access signature so partners have restricted access to a file.
- Back up the public website storage.
- Implement lifecycle management to move content to the cool tier.
Table of content
Step 1: Create a storage account and configure high availability.
Step 2: Create a storage container, upload a file, and restrict access to the file.
Step 3: Configure storage access tiers and content replication.
Follow these basic steps to create private storage for internal company documents
Step 1: Create a storage account and configure high availability.
- Create a storage account for the internal private company documents.
- In the portal, search for and select Storage accounts.
- Select + Create.
- Select the Resource group created in the previous lab.
- Set the Storage account name to private. Add an identifier to the name to ensure the name is unique.
- Select Review, and then Create the storage account.
- Wait for the storage account to deploy, and then select Go to resource.
- This storage requires high availability if there’s a regional outage. Read access in the secondary region is not required. Configure the appropriate level of redundancy.
- In the storage account, in the Data management section, select the Redundancy blade.
- Ensure Geo-redundant storage (GRS) is selected.
- Refresh the page.
- Review the primary and secondary location information.
- Save your changes.
Step 2: Create a storage container, upload a file, and restrict access to the file.
- Create a private storage container for the corporate data.
- In the storage account, in the Data storage section, select the Containers blade.
- Select + Container.
- Ensure the Name of the container is private.
- Ensure the Public access level is Private (no anonymous access).
- As you have time, review the Advanced settings, but take the defaults.
- Select Create.
- For testing, upload a file to the privatecontainer. the type of file doesn’t matter. A small image or text file is a good choice. Test to ensure the file isn’t publically accessible.
- Select the container.
- Select Upload.
- Browse to files and select a file.
- Upload the file.
- Select the uploaded file.
- On the Overview tab, copy the URL.
- Paste the URL into a new browser tab.
- Verify the file doesn’t display and you receive an error.
- An external partner requires read and write access to the file for at least the next 24 hours. Configure and test a shared access signature (SAS).
- Select your uploaded blob file and move to the Generate SAS tab.
- In the Permissions drop-down, ensure the partner has only Read permissions.
- Verify the Start and expiry date/time is for the next 24 hours.
- Select Generate SAS token and URL.
- Copy the Blob SAS URL to a new browser tab.
- Verify you can access the file. If you have uploaded an image file it will display in the browser. Other file types will be downloaded.
Step 3: Configure storage access tiers and content replication.
- To save on costs, after 30 days, move blobs from the hot tier to the cool tier.
- Return to the storage account.
- In the Overview section, notice the Default access tier is set to Hot.
- In the Data management section, select the Lifecycle management blade.
- Select Add rule.
- Set the Rule name to movetocool.
- Set the Rule scope to Apply rule to all blobs in the storage account.
- Select Next.
- Ensure Last modified is selected.
- Set More than (days ago) to 30.
- In the Then drop-down select Move to cool storage.
- As you have time, review other lifecycle options in the drop-down.
- Add the rule.
- The public website files need to be backed up to another storage account.
- In your storage account, create a new container called backup. Use the default values. Refer back to Lab 02a if you need detailed instructions.
-
Navigate to your publicwebsite storage account. This storage account was created in the previous exercise.
- In the Data management section, select the Object replication blade.
- Select Create replication rules.
- Set the Destination storage account to the private storage account.
- Set the Source container to public and the Destination container to backup.
- Create the replication rule.
- Optionally, as you have time, upload a file to the public container. Return to the private storage account and refresh the backup container. Within a few minutes your public website file will appear in the backup folder.