Microsoft Azure Storage and Database Part 3 – Azure Blob Storage
Hope you all are doing good !!! 🙂 .
After a long gap (almost 4 month), again I am continuing with my Azure journey with all of you. During those 4 months, many times, I have tried to start but due to the health issue in my family, could not make it happen. Today I am very happy to share this knowledge with you in this Knowledge Junction platform. Hope you would learn something from this article.
In our last article we have discussed on Azure Storage Account. Today in this article we will continue our journey with Blob Storage. The Blob storage service is one of the finest service provided by Azure.
Previous Azure series :
- Learn Basics Of Azure Networking In 60 Hours
- Learn Basic Of Azure Active Directory And Azure Identity And Access Management
- Azure DevOps – Learn at one place
If you have missed our previous articles on Azure Storage and Database Series, please check it in following links.
What Is Blob Storage :
Azure Blob Storage is a scalable cloud storage designed to store huge amounts of unstructured data. Azure Blob is a flat-namespace system and is the go-to-storage for storing massive amounts of unstructured data. It can be accessible from anywhere in world.
Resources for Blob Storage :
When we talk about Azure Blob storage, it comes with following three Azure resources and they all have bond with a relation.
Storage Account :In our last article , we discussed an Azure storage account contains all of our Azure Storage data objects: blobs, files, queues, tables, and disks. The storage account provides a unique namespace for our Azure Storage data that is accessible from anywhere in the world over HTTP or HTTPS.
Container :A container is a logical directory for a set of blobs. An Azure storage account can have unlimited number of containers, in turn a container can have an unlimited number of blobs. A container name must be in lower case
Blob :A Blob is the final endpoint of the storage path. Following three types of blob can be found in Azure storage. As per the requirement we can chose which one is good for our business.
- Block blobs : It store text and binary data that can be managed individually and it can store up to about 190.7 TiB.
- Append blobs : It made up of blocks like block blobs, but it allow to append with exiting content such as logging data from virtual machines.
- Page blobs : Page blobs store random access files up to 8 TiB in size. It store virtual hard drive (VHD) files and serve as disks for Azure virtual machines.
Following image showing, how they are structured in Azure.
Uses of Blob Storage :
Azure Blob storage is a perfect fit if we have any or more of the following requirements:
- Need to work with unstructured data like images, audio, video, documents, back-up data, disaster recovery data, logs.
- Need low-cost storage system with making sure the data is highly available from anywhere in world.
- Need to store data for analysis.
Note : We should not user Blob storage if we need to store relational data or to perform advanced real-time querying.
Azure Data Lake Storage Gen2 :
Azure Data Lake Storage Gen2 is build on top of Azure Blob Storage. So it provides same benefits as Blob storage added with additional functionalities. Azure Blob Storage is a flat namespace storage where the users were able to create virtual directories, while Azure Data Lake Storage Gen2 offers a hierarchical file system. So all together it provides following benefits with god Performance, Security and easy Management processes.
File system Semantics
Disaster Recovery Capabilities
Scale targets for Blob storage :
|Maximum size of single blob container||Same as maximum storage account capacity|
|Maximum number of blocks in a block blob or append blob||50,000 blocks|
|Maximum size of a block in a block blob||4000 MiB|
|Maximum size of a block blob||50,000 X 4000 MiB (approximately 190.7 TiB)|
|Maximum size of a block in an append blob||4 MiB|
|Maximum size of an append blob||50,000 x 4 MiB (approximately 195 GiB)|
|Maximum size of a page blob||8 TiB2|
|Maximum number of stored access policies per blob container||5|
|Target request rate for a single blob||Up to 500 requests per second|
|Target throughput for a single page blob||Up to 60 MiB per second2|
|Target throughput for a single block blob||Up to storage account ingress/egress limits1|
Access tiers for Azure Blob Storage :
Different access tiers, allowing us to store blob data in the most cost-effective manner. Following are the e access tiers provided by Microsoft Azure. We can configure in storage account level or in blob level.
- Hot – Optimized for storing data that is accessed frequently. The hot access tier has higher storage costs than cool and archive tiers, but the lowest access costs. For example, data to be read from and written to frequently .
- Cool – Optimized for storing data that is infrequently accessed and stored for at least 30 days. The cool access tier has lower storage costs and higher access costs compared to hot storage. For example, Short-term backup or disaster recovery.
- Archive – Optimized for storing data that is rarely accessed and stored for at least 180 days with flexible latency requirements, on the order of hours. The archive access tier has the lowest storage cost but higher data retrieval costs compared to hot and cool tiers. For example Long-term backup or secondary backup.
Protection Of Azure Blob Storage:
In Microsoft Azure Storage documentation, data protection refers to strategies for protecting the storage account and data within it from being deleted or modified, or for restoring data after it has been deleted or modified. The following table from Microsoft document, summarizes the options available in Azure Storage for common data protection scenarios.
|Prevent a storage account from being deleted or modified.||Azure Resource Manager lock|
|Prevent a container and its blobs from being deleted or modified for an interval that you control.||Immutability policy on a container|
|Restore a deleted container within a specified interval.||Container soft delete (preview)|
|Automatically save the state of a blob in a previous version when it is overwritten or deleted.||Blob versioning|
|Restore a deleted blob or blob version within a specified interval.||Blob soft delete|
|Restore a set of block blobs to a previous point in time.||Point-in-time restore|
|Manually save the state of a blob at a given point in time.||Blob snapshot|
|A blob can be deleted or overwritten, but the data is regularly copied to a second storage account.||Roll-your-own solution for copying data to a second account by using Azure Storage object replication or a tool like AzCopy or Azure Data Factory.|
Azure Storage always maintains multiple copies of our data to protect it from planned and unplanned events, including transient hardware failures, network or power outages, and massive natural disasters. Redundancy ensuring that our storage account meets its availability and durability targets even in the face of failures.
Security Of Azure Blob Storage:
Security of our Azure Blob storage data is very crucial so that unwanted access can be restricted. Following are the security recommends from Microsoft, which needs to be taken care. Those security recommendations are categorized into following 4 different categories.
- Data protection :
- Use the Azure Resource Manager deployment model.
- Enable Azure Defender for all of your storage accounts.
- Turn on soft delete for containers.
- Lock storage account to prevent accidental or malicious deletion or configuration changes.
- Store business-critical data in immutable blobs.
- Require secure transfer (HTTPS) to the storage account.
- Limit shared access signature (SAS) tokens to HTTPS connections only.
- Identity and access management :
- Use Azure Active Directory (Azure AD) to authorize access to blob data.
- Keep in mind the principal of least privilege when assigning permissions to an Azure AD security principal via Azure RBAC.
- Use a user delegation SAS to grant limited access to blob data to clients.
- Secure your account access keys with Azure Key Vault.
- Regenerate your account keys periodically.
- Disallow Shared Key authorization.
- Keep in mind the principal of least privilege when assigning permissions to a SAS.
- Have a revocation plan in place for any SAS that you issue to clients.
- If a service SAS is not associated with a stored access policy, then set the expiry time to one hour or less.
- Disable anonymous public read access to containers and blobs.
- Networking :
- Configure the minimum required version of Transport Layer Security (TLS) for a storage account.
- Enable the Secure transfer required option on all of your storage accounts.
- Enable firewall rules.
- Allow trusted Microsoft services to access the storage account.
- Use private endpoints.
- Use VNet service tags.
- Limit network access to specific networks.
- Configure network routing preference.
- Logging And Monitoring :
- Track how requests are authorized.
- Set up alerts in Azure Monitor.
Blob Storage is used for streaming and storing documents, videos, pictures, backups and other unstructured text or binary data. Total cost of Blob Storage depends on following points.
- Volume of data stored per month.
- Quantity and types of operations performed, along with any data transfer costs.
- Data redundancy option selected.
- Selected Access tier.
Interact with Azure Blob Storage :
We can communicate with our Blob Storage using any of the below option.
- Azure portal interface.
- Azure Storage Explorer (which we can install on our laptop).
- AzCopy – a command-line interface to be downloaded locally
- Azure Data Factory
- Azure Databricks
- Azure SDKs (.NET, Java, Python etc.) – allowing us to interact with Azure Storage directly within Python.
- Azure Data Box Disk
- Azure Import/Export service
With the above information, I am concluding this article. I hope this is informative to you. Please let me know if I missed anything important or if my understanding is not up to the mark.
Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more.
If you have any suggestion / feedback / doubt, you are most welcome. Stay tuned on Knowledge-Junction, will come up with more such articles.
Thanks for reading 🙂 .