Azure cloud storage

- [Instructor] One of your cloud tasks as a CIS admin will be to migrate storage from on-premises storage into the Azure or other cloud. I'm going to choose the Azure cloud as an example. And once I'm done creating the virtual storage, I'm going to go ahead and show you how I can map to it to a windows client so users can start using it without having to do anything other than just click on a drive letter, like they may be already used to. I'm going to go to where it says storage accounts at portal.azure.com. If you don't see it here, you can just type in storage accounts under search. So I'll click in storage accounts. In order to set up a special map to a client we can't create just any type of storage, we have to create a V2 storage. That's the only one that we're going to be able to use to map to a drive letter, to a windows 10 or 11 client. You should already have an Azure subscription, otherwise go ahead and sign up for it. And under the resource group you can choose a new one or anyone you've already created. Here's our storage account name. I'm going to type in LinkedIn storage or abbreviate it, and you cannot use something that's already been used before. So I'll just go ahead and just type in some random numbers afterwards and next I'm going to choose my region. So the region is going to be whatever's closest to you for the best response time. Next, you have the option for standard or premium performance. Of course the premium is going to cost more but it's going to be faster. Then if you'd like to have redundancy you can see you have the options for geo-redundant storage, local zone and geo zone, and they each have their own explanation of what those are. The least expensive is going to be the locally redundant storage, but it's also going to give you the least amount of additional protection because if there is some sort of an earthquake or something like that that brings down the data center, then you're going to not have that redundancy. I'll click on next. We want to leave the boxes checked that you see here by default. And here you have an option for either using the Azure active directory authorization in the portal, or you can leave it blank. And there's a different type of authorization that we'll be using. I'm going to choose to leave that blank, but you can certainly check that if you'd like. Under the TLS version, you see the options for 1.0, 1.1, and 1.2. 1.2's going to give you the best security. Under the access tier you can choose either hot or cool. Cool's going to be less expensive because it's data that's infrequently accessed. However, if this is for user data that's going to be used on a regular basis, you'll want to choose hot. If you want to have file shares that are more than a hundred terabytes, you can check this box that you see here. I'm not going to be doing that. I'll click networking for next. Now we have connectivity method. You can choose the public endpoint. You can choose selected networks, which is more secure. So you can select which public networks can have access or you can choose private endpoint. If you have a VPN tunnel between you and Azure. Now for demonstration purposes I don't have selected networks or private endpoints. I'm going to choose the public option. However, it's going to end up the same look and feel in the client, they won't be able to tell the difference between how you did this. So if you do have that VPN tunnel to Azure then the private endpoint is the best way to go. I'm going to choose the internet routing rather than the Microsoft routing. The Microsoft routing preference is going to be from known Microsoft networks. So I'm not going to choose that, I'm going to go ahead and click next since I'm totally in a public network myself. You'll definitely want to enable the soft delete for blobs if you delete something and want to be able to get it back easily. Otherwise, you just have to make sure you have things backed up. I'm going to click on next for encryption. Here you can choose Microsoft managed keys or customer managed keys. It's much better if you choose the Microsoft managed keys as far as management goes. However, you can choose whichever one makes sense to you. And if you have more than just basic blobs, which are unorganized storage or files, then you may want to check the all service types, which includes blobs, files, tables for things like databases, as well as queues. I'm not going to be using those, so I'll just choose the blobs and I'll choose next. Tags are basically for billing purposes, so I'll just choose review and create. And we see that the deployment is in progress and you can click on the little notification at the top to see how you're doing. We were successful, so I'll go to click on Go to Resource, and here is our LinkedIn storage. I'm going to click on Open in Explorer and you want to choose to download the Azure Storage Explorer and it'll open it up in a new client. I'll choose to download and then install. It gives me the option to install only for me or for all users. I'll choose all users, but you can choose whatever's right for you. Accept the agreement, install, click next. I'm just choosing the defaults that you see here. The Azure Storage Explorer has installed, and now it's giving the option of what I would like to do. So I'd like to sign in to my Azure subscription, so I'll just click on that. It says Azure. And if that's your environment, go ahead and click next. Now I'm getting the option to sign in. And then once I'm signed in I should have access to all of my different resources. I've typed in my username and password, and now it says I'm signed in. Now it's showing all my different resources and I'm going to click on open Explorer. And there's my storage accounts. And after a refresh, we see the storage accounts appearing. And what I want to do is I want to create a file share. So I'm going to go to where it says file shares under my LinkedIn storage account. You can see I have other storage accounts as well, but I just want to focus on this one. So I'll right click and choose create file share. And we get a box that appears, and I'll just call this one. LI Share for LinkedIn Share. Now, the reason you see these in lowercase is because there are some rules about starting with a capital letter or with a number. You have to start out with the lowercase letters. Now at this point, I can go ahead and start copying data up using the Explorer. However, for clients that's not the easiest way to get them to use it. So I'm going to go back into the Azure portal. I'm back in the Azure portal, under storage accounts I'm going to click on my LinkedIn storage, and then I'm going to go to where it says file share. So I'll click on file share and we should see the new file share here, and we do. So I'll click on the LinkedIn share and then I'll go to properties. Now here we see the URL. This is the URL to the share. So I'm going to copy that location and go back in to my Storage Explorer computer. I'm going to minimize Storage Explorer and open up a Notepad, and now I'm going to paste in this particular link. Now I need to replace some things. I'm going to replace the forward slash with back slashes, and then remove the HTTPS colon. So I'm going to need that in order to map to a drive letter. Next, I'll go to File Explorer and I'll click on Computer and Map a Network Drive, and then I'll paste in that path. And now I'll choose to connect using different credentials or you'll never end up seeing that data, and click finish. So now we need to add in a username, so I'm going to go back to the Azure portal. I'm in the Azure portal in my LinkedIn storage account, and now I need to click on where it says access keys. Now my username is going to be the storage account name that you see here, so I'm just going to right click and choose copy. And my password is going to be one of these keys here. So I'll click on show keys, and I'll need to copy any one of these keys, either key one or key two, and then paste it as my password. I'll choose to remember my credentials and click okay. And there it is, we see my storage and it's the Z drive. So now what I can do is I can copy data from my C drive and put it into my Z drive. So I'll just go ahead and take the shared data folder, for instance, and then I'll just take my test file and drag it over. Now it's copied up. I should be able to see that now in my Azure Explorer. And after clicking refresh we see my test.txt file is now there, so we know that it's definitely copied up into Azure. And you can do this with many different terabytes and then you can map it to many different people and you can use a script to automatically map that through group policies if you'd like. Knowing how to migrate data to Azure may be a necessary step for many new CIS admins. Mapping the storage to a drive letter will make it easier for users to utilize this service.