Search This Blog

2020-09-19

LAB 07 : Manage Azure Storage

 1.     Deploy a azure VM

Upload \Allfiles\Module_07\az104-07-vm-template.json and \Allfiles\Module_07\az104-07-vm-parameters.json and run the following commands

$location = 'eastus'

$rgName = 'az104-07-rg0'

New-AzResourceGroup -Name $rgName -Location $location

New-AzResourceGroupDeployment `
   -ResourceGroupName $rgName `
   -TemplateFile $HOME/az104-07-vm-template.json `
   -TemplateParameterFile $HOME/az104-07-vm-parameters.json `
   -AsJob


2.    Create and configure Azure Storage accounts

In the Azure portal, search for and select Storage accounts, and then click + Add.

Choose default option for Networking
Choose default option for Networking
Choose default option for Advanced

Upgrade Storage account to  StorageV2 (general purpose v2).



When the replication is RA-GRS, check the storage account endpoints and it will contain both primary and secondary endpoints


Change the replication to GRS
Now, if you check Geo replication, it will contains only the primary endpoints
Change the replication to LRS

Check the GEO replication endpoints, it will contains only the primary endpoints

Change the access tier to cool.The cool access tier is optimal for data which is not accessed frequently.

3. Create a blob container and upload a blob into it.
In the Blob service create a new container



Upload the license in the newly created container within a folder license




On the licenses/LICENSE blade, review the available options.
 You have the option to download the blob, change its access tier (it is currently set to Hot), acquire a lease, which would change its lease status to Locked (it is currently set to Unlocked) and protect the blob from being modified or deleted, as well as assign custom metadata (by specifying an arbitrary key and value pairs). You also have the ability to Edit the file directly within the Azure portal interface, without downloading it first. You can also create snapshots, as well as generate a SAS token (you will explore this option in the next task).

4. Manage authentication and authorization for Azure Storage
Will configure authentication and authorization for Azure Storage.

Copy the URL of the License
If you try the URL in other browser, you will see the XML containing the message "ResourceNotFound". This is expected, since the container you created has the public access level set to Private (no anonymous access).

Configure Generate SAS with the following values
ettingValue
PermissionsRead
Start dateyesterday's date
Start timecurrent time
Expiry datetomorrow's date
Expiry timecurrent time
Allowed IP addressesleave blank
Allowed protocolsHTTP
Signing keyKey 1





Copy the Blob SAS URL and open it in another browser and you can see or able to download the license file
This is expected, since now your access is authorized based on the newly generated the SAS token.



Click on "Switch to Azure AD User Account"
At this point, you no longer have access to the container.

click Access Control (IAM).


On the Add role assignment blade, specify the following settings:

  1. SettingValue
    RoleStorage Blob Data Owner
    Assign access toAzure AD user, group, or service principal
    Selectthe name of your user account



Now you would be able to Switch to Azure AD Account or switch back to Access Key
5. create and configure Azure Files shares
Go to the storage account you created in the first task of this lab and, in the File service section, click File shares and Create a new file share


Create connect to the newly created file share

Click Copy to Clipboard
Open the VM created in Step 1 and run the powser shell script with the copied text


Once done, Replace the content of the PowerShell Script pane with the following script and click Run:
New-Item -Type Directory -Path 'Z:\az104-07-folder'

New-Item -Type File -Path 'Z:\az104-07-folder\az-104-07-file.txt'
Navigate back to the az104-07-share file share blade, click Refresh, and verify that az104-07-folder appears in the list of folders. Click az104-07-folder and verify that az104-07-file.txt appears in the list of files.


6.    Configure network access for Azure Storage.
In the Azure portal, navigate back to the blade of the storage account you created in the first task of this lab and, in the Settings section, click Firewalls and virtual networks.



Open another browser window by using InPrivate mode and navigate to the blob SAS URL you generated in the previous task.
You should be presented with the content of The MIT License (MIT) page.
This is expected, since you are connecting from your client IP address.

From the Cloud Shell pane, run the following to attempt downloading of the LICENSE blob from the az104-07-container container of the storage account (replace the [blob SAS URL] placeholder with the blob SAS URL you generated in the previous task):
Invoke-WebRequest -URI '[blob SAS URL]'

Verify that the download attempt failed.

Note: You should receive the message stating AuthorizationFailure: This request is not authorized to perform this operation. This is expected, since you are connecting from the IP address assigned to an Azure VM hosting the Cloud Shell instance.



Clean Up Resource
Get-AzResourceGroup -Name 'az104-07*' | Remove-AzResourceGroup -Force -AsJob







No comments: