Recently I have seen more and more people looking at ways to operate in this new normal of having everyone working from different locations. It does present an interesting challenge from the sysadmin perspective. How will you provide updates to users and computers when you cannot use GPO to reliable push those updates? In a previous article, we talked about using Intune to do that. Which solves one problem, so we move on to the next. How do we allow users in different areas to access files? Traditionally, we would have files located in a centralized system like a file server. Now since we are all working remotely, that would require that we use a VPN to connect to the file server. This brings up other expenses to make that work. Now you have to have a firewall, licensing, and enough bandwidth to support all your users. Azure provides us with another means to do this.
Azure Files allows us to have structured or unstructured data available to our users. One of the things I have been asked about lately is how to utilize this to make things easier for remote users. There are actually more than just 2 options for storing data in Azure storage accounts. We are going to focus on 2 of the options today.
Containers allow you to have a scalable cost-effective solution for unstructured data. Sounds great right? What does that actually mean though? Containers are a great place if you need to just dump data so you can access it. This works really well if you need to access common files for reference or need some storage for DevOps. For me, I use some containers for when I am running scripts and need to reach out and download a required file or call another script. You can make the containers public or private, basically, you can make it available without a password or require one. With a container, there are no folders or structure to the data. It is just one big folder you can put your data. If you are working DevOps, then great you can use this all day long. If you want a way for your remote users to access data they would normally have on the file server. Then this is not really a great option for that.
File Shares are a much better option. This allows you to have an SMB file share that will reside in Azure and can be accessed over the internet. This is a way to have your file shares in Azure while not needing to maintain a server. Using Azure file shares allows you to have structured data, meaning you can create your folders and give it the same look as your traditional file server. You can even have them backed up and get shadow copies or previous versions of files. The data is encrypted at rest and in transit using SMB 3.0 and HTTPS. When we add Azure Domain Services into the mix, we get the ability to have file share permissions. Then we can set the permissions we want on a per-folder or per share basis. You can even add in dynamic security groups into the mix to make the administration easier. When you are ready to deploy this out to your users, you can use Intune or Group Policy to run the PowerShell script to map the drive for them.
Make sure you have port 445 available.
This can sometimes be blocked by your internet provider.
If that is the case, you can use a Point to Site or Site to Site VPN to route the traffic over a different port.
This does provide you another way you can have your files accessible for your end-users. There are even options for syncing your Azure files to your on-premises server making it the best of both worlds.
Azure provides a lot of uses that many of us would never have considered in the past. With changing times come changing ideas. I would never have thought about not having a file server or a domain controller 10 years ago. However, with Azure, there are a lot more of these roles being taken over in the cloud. With getting rid of the need for a server to host the services, we can increase our high availability and DR considerations.
My suggestion is to take a look and see if moving some of your infrastructure into a cloud platform would benefit you and how you can leverage the cloud to take some of the load off of your staff and users.Report this