Azure Class Notes

● Understanding Cloud Computing

○ Use of remote servers rather than

local or Personal Computer

○ Eg : Compute, Storage,

Database, Network.
● Understanding Service Modules of Cloud
Computing
○ IAAS (Infrastructure As A Service)

○ It is a service module that delivers computer

infrastructure (Servers, Storage, Processor)
on an outsourced basis to support enterprise
operations.
○ PAAS (Platform As A Service)
○ It is a services module that provides a
platform allows to develop, run, and manage
applications without the complexity of
building and maintaining the infrastructure.
○ SAAS (Software As A service)
○ It is a Service module that allows users to
connect and use cloud-based apps over the
Internet.
○ WAAS (Windows As A Service)
 ○ It is a service module which allows to use all
windows features in Windows 10 Client OS.
○ DAAS (Directory As A Service)
○ It is a service module in Microsoft Azure to
provide Directory Services in Many ways.
● Types of Cloud
○ Private Cloud

○ The private cloud is defined as computing

services offered either over the Internet or a
private internal network and only to select
users instead of the general public.
○ Public Cloud
○ The public cloud is defined as computing
services offered by third-party providers over
the public Internet, making them available to
anyone who wants to use or purchase them.
○ Hybrid Cloud
○ A hybrid cloud is a computing environment
which combines a public cloud and a private
cloud by allowing data and applications to be
shared between them.
● Advantages of Cloud Computing
○ Variable vs Capital Expense
 ○ Instead of having to invest heavily in data
centers and servers before knowing how you
are going to use them, you can pay only
when you consume computing resources and
pay only for how much you consume.
○ Economies of Scale
○ Organizations benefit from massive
economies of scale by using cloud computing
we can achieve a lower variable cost that you
would get on you own.
○ Stop Guessing Capacity
○ Organizations can access as much or as little
as they need and scale up or down as
required with only a few minutes notice.
○ Increase Speed and Agility
○ It allows organizations to reduce the time it
takes to make those resources available to
developers from weeks to just minutes. The
cost and time it takes to experiment and
develop is significantly lower.
○ Focus on Business Differentiators
○ It allows organizations to focus on their
business priorities, instead of on the heavy
lifting of racking, stacking and powering
servers.
 ○ Go Global in Minutes
○ Organization can easily deploy their
applications to multiple locations around the
world with just a few clicks. Going global
used to be something only the largest
enterprises could afford to do, but cloud
computing democratizes this ability making it
possible for any organization.
● Cloud Computing Deployment Models
○ Cloud-Based Deployment

○ It is fully deployed in cloud with all

components of application running in the
cloud.
○ Hybrid Deployment
○ It is a common approach taken by many
enterprises that connects infrastructure and
applications between cloud-based resources
and existing resources typically in an existing
data center.
● Azure Access Platform
○ Azure Portal

○ It is used to view and manage all of your

applications in one unified hub. It including
web apps, databases, virtual machines,
 virtual networks, storage, and Visual Studio
team projects.
○ Azure CLI
○ Azure Bash Shell
○ Azure Power shell
○ Azure SDK
● Azure Global Infrasturcture
● Azure Domains
○ Compute

○ Networking

○ Storage

○ Databases

○ Security and Identity

○ Monitoring and Management

● Services in Each Domain (Compute)

○ Linux Virtual Machines:

○ Provision virtual machines of Ubuntu, Red

hat and More Linux.
○ Windows Virtual Machines:
○ Provision virtual machines for SQL server,
share point and more Windows.
○ Virtual Machine Scale Sets:
 ○ Manage and scale 10s to 100s of Linux
Windows virtual machines.
○ Web Apps:
○ Quickly create and deploy mission critical
web apps at scale.
○ App Service:
○ Deploy web apps on Linux using Containers.
○ Functions:
○ Process events with server less code.
○ Azure Container Service (AKS):
○ Run containerized application at scale using
kubernetes.
○ Azure Container Instances:
○ Easily run containers with a single command.
○ Batch:
○ Cloud Scale job scheduling and compute
management.
○ Service fabric:
○ Develop microservices and orchestrate
containers on windows or Linux.
○ Cloud Services:
○ Create Highly available, infinitely scalable
cloud applications and APIs.
● Services in Each Domain (Networking)
○ Networking Overview:
○ An Integrated view of the networking
services in Azure.
○ Connectivity between Azure
Resources:
○ Connect Azure resources together in a
secure, private virtual network in the Cloud.
○ Internet Connectivity:
○ Communicate to and from Azure resources
over the internet.
○ On-Premises connectivity:
○ Connect an on-premises network to azure
resources through a virtual private network
(VPN) over the internet, or through a
dedicated connection to azure.
○ Load balancing and traffic
direction:
○ Load balance traffic to servers in the same
location and direct traffic to servers in
different locations.
○ Security:
○ Filter network traffic between network
subnets or individual virtual machines.
○ Routing:
 ○ Use default routing or fully control routing
between your Azure and on-premises
resources.
○ Manageability:
○ Monitor and manage your Azure networking
resources.
○ Deployment and Configuration
tools:
○ Use a web-based portal or cross-platform
command-line tool to deploy and configure
network resources.
○ Virtual Network:
○ Provision private networks, optionally
connect to on-premises datacenters.
○ Load Balancer:
○ Delivery high availability and network
performance to your applications.
○ Application Gateway:
○ Layer-7 load balancer with built in HTTP load
balancing and delivery control.
○ VPN Gateway:
○ Establish Secure, Cross-premises
connectivity.
○ Azure DNS:
 ○ Host your DNS Domain in Azure.
○ Content Delivery Network:
○ Deliver content to end users through a robust
network of global data centers.
○ Traffic Manager:
○ Route incoming traffic for high performance
and availability.
○ Express Route:
○ Dedicated private network fiber connection
to Azure.
○ DDOS Protection:
○ Protect your application from Distributed
Denial of Service (DDOS) attacks.
○ Network Watcher:
○ Monitor and diagnose conditions at a
network scenario level.
● Services in Each Domain (Storage)
○ St0rage:

○ Durable highly available and massively

scalable cloud storage.
○ Blob Storage:
○ Massively scalable object storage for
unstructured data.
○ Disk Storage:
 ○ Disk storage for VMs.
○ Queue Storage:
○ Durable queues for large-volume cloud
services.
○ File Storage:
○ Simple, distributed cross-platform file
system.
○ Data lake Store:
○ Hyperscale repository for big data analytics
workloads.
○ Store Simple:
○ Hybrid cloud storage for enterprises that
improves data security.
○ Backup:
○ Simple and reliable server backup to the
cloud.
○ Site Recovery:
○ Orchestrate disaster recovery of Azure VMs
and on-premises VMs and physical servers.
● Services in Each Domain (Databases)
○ SQL Database:

○ Managed relational database as a service.

○ Azure Database for MySQL:
 ○ Managed MySQL database service for app
developers.
○ Azure Database for PostgreSQL
○ Managed PostgreSQL database service for
app developers.
○ SQL Data Warehouse:
○ Elastic data warehouse as a service with
enterprise class features.
○ SQL server stretch Database:
○ Dynamically stretch on premises SQL Server
databases to Azure.
○ Azure Cosmos DB
○ Globally distributed multi model database for
any scale.
○ Redis Cache:
○ High throughput low latency data access to
build fast scalable applications.
● Services in Each Domain (Security and
Identity)
○ Security Center

○ Prevent detect and respond to threats with

increased visibility.
○ Azure Active Directory for
Developers:
 ○ Secure, cross platform authentication for
web, mobile and backend APIs.
○ Key Vault:
○ Learn how to manage cryptographic keys and
secrets.
○ Azure Active Directory:
○ Synchronize on-premises directories and
enable single sign-on.
○ Azure Active Directory B2C:
○ Consumer identity and access management
in the cloud.
○ Active Directory for Domain
Services:
○ Join Azure Virtual machines to a domain
without domain controllers.
○ Multi-Factory Authentication:
○ Safe guard access to your data and apps with
an extra level of authentication.
○ Security Information:
○ Learn how Azure provides a secure
infrastructure to build cloud solutions.
● Services in each Domain (Monitoring and
Management)
○ Azure Policy:
 ○ Create assign and manage policy definitions.
○ Azure Cost Management:
○ Track cloud usage and expenditures.
○ Azure Monitor:
○ Highly granular and real-time monitoring
data for any Azure resource.
○ Application Insights:
○ Detect, triage, and diagnose issues in your
web apps and services.
○ Log Analytics:
○ Learn how to transform machine data into
operational intelligence.
○ Backup
○ Simple and reliable server backup to the
cloud.
○ Site Recovery:
○ Orchestrate protection and recovery of
private clouds.
○ Automation:
○ Simplify cloud management with process
automation.
○ Scheduler:
○ Run your jobs on simple or complex recurring
schedules.
 ○ Billing
○ Learn how to read/understand the usage and
bill for your Azure Subscription.
○ Azure Advisor:
○ Improve the cost effectiveness, performance,
high availability and security of your Azure
resources.
○ Azure Service Health:
○ Provides personalized guidance and support
when issues in Azure services affect you.
○ Managed Applications:
○ Manage deployed solutions for your
customers.
● Azure Free Account
Products Period of
free
Avail
750hr of B1s VM for Win Server 12 months

750hr of B1s VM for Linux Server 12 months

128 GB of Managed Disks as a combination of 12 months

two 64GB
SSD storage, plus 1GB snapshot and 2 million 12 months
 I/O operations.
5GB of LRS-Hot Blob storage with 2 million 12 months
reads, 2 million write Operations.

250 GB of SQL Database standard 12 months

5GB of bandwidth for outbound data Always

transfer with free unlimited inbound Free
transfer
More Services Always
Free
● Azure Networking (Virtual Networks)
○ Overview of Azure Networking

○ Virtual Network Benefits

○ Understanding Network Resources

○ Create a VNet using Azure Portal

○ Create a Subnet

○ Create a Network Security Group

○ Create Network Interface Card and

Public IP
○ Understanding and using Azure

DNS
------------------------------------------------------
● Overview of Azure Networking

○ An Azure Virtual Network (VNet) is a

representation of your own network in the
cloud.
○ It is a logical isolation of the Azure cloud
dedicated to your subscription.
○ You can fully control the IP address blocks,
DNS settings, security polices, and tables with
in this network.
○ You can also further segment your VNet into
subnets and launch Azure IAAS VM and Cloud
Services (PaaS role Instances)
○ You can connect the virtual network to your
on-premises network using one of the
connectivity options available in Azure.
○ You can expand your network to Azure with
complete control on IP address blocks with
the benefit of enterprise scale Azure
Provides.
○ In Computer Networks a DMZ (Demilitarized
Zone) is a physical or logical sub-network that
separates an internal local area network
(LAN) from other untrusted networks usually
the Internet.
 ○ NOTICE:
○ How the Azure infrastructure takes on the

role of the router allowing access from your

Vnet to the public internet without the need
of any configuration.
○ Firewalls can be substituted by network

security groups(NSG) applied to each

individual subnet.
○ Physical Local balancers are substituted by

internet facing and internal local balancers in

Azure.
○ Azure Vnet Pricing:
○ There is no extra cost for using virtual

networks in Azure.
○ The compute instances launched with in the

Vnet will be charged the standard rates as

described in Azure VM pricing.
○ The VPN gateways and public IP addresses

used in the Vnet will also be charged

standard rates.
● Virtual Network Benefits
○ Isolation:

○ Vent's are completely isolated from one

another. That allows you to create disjoint
networks for development, testing and
 production that use the same CIDR address
blocks.
○ Access to the public Internet:
○ All IaaS VMs and PaaS role instances in a
Vnet can access the public internet by
default. You can control access by using
Network Security Group(NSGs)
○ Access to VMs within the Vnet:
○ PaaS role instances and IaaS VMs can be
launched in the same virtual network and
they can connect to each other using private
IP addresses even if they are in different
subnets without the need to configure a
gateway or use public IP addresses.
○ Name Resolution:
○ Azure provides internal name resolution for
IaaS VMs and PaaS role Instances deployed in
your Vnet you can also deploy your own DNS
Servers and configure the Vnet to use them.
○ Security:
○ Traffic entering and exiting the virtual
machines and PaaS role instances in a Vnet
can be controlled using (NSG)
○ Connectivity:
 ○ Vnet can be connected to each other, and
even to your on-premises datacenters by
using a site-to-site VPN connection or Express
Route Connection.
● Vnet-Peering
○ VNet peering is a mechanism that connects two
virtual networks (VNets) in the same or different
region through the Azure backbone network.
Once peered, the two virtual networks appear as
one for all connectivity purposes.
● Understanding Network Resources:
○ IP Addresses:
○ There are two types of IP addresses assigned

to resources in Azure.
○ Public IP:
○ It allows Azure resources to communicate

with internet and other Azure public facing

services like Azure Redis Cache.
● What is Cloud Storage
○ Cloud storage is service model in which data
is maintained, managed, backed up remotely,
made available to users over a network.
● Disadvantages of Traditional Storage
 ○ Storage is sitting idle in the
datacenter
○ On average nearly 40% of storage purchased
is not used.
○ Pay for infrastructure as you need it and no
upfront payment.
○ Inactive data is sitting on costly
storage
○ Up to 95% of data is cold.
○ Data reduction technique and archiving to
store inactive cold data.
○ Backup processes slow storage
during day.
○ Nearly 50% of organizations need to reduce
backup times.
○ Fast service with low cost and low risk.
○ Migrations are frequent, costly and
lengthy.
○ Plan for storage migration every 3 years.
○ Easy migration of Data.
● Common terms of Storage
○ SSD (Solid State Drive/Disk)
 ○ A disk that uses non-volatile memory as a
means of storing and accessing data like
computer RAM.
○ Performance
○ IOPS: (Input Output Operations Per Second):
Unit of measure representing input/output
operations per second
○ Used to characterize computer storage
devices like HDD, SSD etc.
○ Disk I/O
○ It displays what percentage of time a disk is
in use by a read or write command.
○ Memory
○ TiB (Tebibyte) = 1.10 TB = 1024 Gigabytes
○ GiB (Gibibyte) = 1.07 GB = 1024 Megabytes
○ MiB (Mebibyte) = 1.05 MB = 1024 Kilobytes
○ Volume
○ It is a storage device that is formatted to
store directories and files for frequent use.
○ Vault
○ A storage box or a container which stores the
archive data for longer period of time.
● Azure Storage services
○ Azure Blobs:
 ○ A massively scalable object store for text and
binary data.
○ Azure Files
○ Managed file shares for cloud or on-premises
deployments.
○ Azure Queues
○ A messaging store for reliable messaging
between application components.
○ Azure Tables
○ A NoSQL store for schema less storage of
structured data.
● Azure VM disk types are two types:
○ Standard disk

○ The most widely used storage accounts are

standard storage accounts, which can be
used for all types of data. Standard storage
accounts use magnetic media to store data.

○ Premium disk
○ Premium storage provides high-performance
storage for page blobs, which are primarily
used for VHD files. Premium storage accounts
use SSD to store data. Microsoft recommends
using Premium Storage for all of your VMs.
 ● Blob storage
○ Azure Blob storage is object storage solution for
the cloud. Blob storage is optimized for storing
massive amounts of unstructured data, such as
text or binary data.
○ Blob storage is ideal for:
○ Serving images or documents directly to a
browser.
○ Storing files for distributed access.

○ Streaming video and audio.

○ Storing data for backup and restore, disaster

recovery, and archiving.

○ Storing data for analysis by an on-premises or

Azure-hosted service.
Objects in Blob storage can be accessed from anywhere in the
world via HTTP or HTTPS. Users or client applications can
access blobs via URLs.

● Storage Account
○ Local-Redundant Storage: LRS

○ Locally redundant storage (LRS) is designed

to provide at least 99.999999999% (11 9's)
durability of objects over a given year by
replicating your data within a storage scale
unit.
 ○ A storage scale unit is hosted in a datacenter
in the region in which you created your
storage account.
○ A write request to an LRS storage account
returns successfully only after the data has
been written to all replicas.
○ These replicas each reside in separate fault
domains and update domains within one
storage scale unit.
○ If a datacenter-level disaster (for example, fire or
flooding) occurs, all replicas may be lost or
unrecoverable. To mitigate this risk, Microsoft
recommends using either zone-redundant storage (ZRS)
or geo-redundant storage (GRS).
○ Zone-redundant storage (ZRS)
○ Zone Redundant Storage (ZRS) synchronously
replicates your data across three (3) storage
clusters in a single region.
○ Each storage cluster is physically separated
from the others and resides in its own
availability zone (AZ).
○ Each availability zone, and the ZRS cluster
within it, is autonomous, with separate
utilities and networking capabilities.
○ Geo-Redundant Storage (GRS)
 ○ Geo-redundant storage (GRS) is designed to
provide at least 99.99999999999999% (16
9's) durability of objects over a given year by
replicating your data to a secondary region
that is hundreds of miles away from the
primary region.
○ If your storage account has GRS enabled,
then your data is durable even in the case of
a complete regional outage or a disaster in
which the primary region is not recoverable.
○ Read-access geo-redundant
storage
○ Read-access geo-redundant storage (RA-GRS)
maximizes availability for your storage
account. RA-GRS provides read-only access to
the data in the secondary location, in
addition to geo-replication across two
regions.
○ Azure Files
○ It enables you to set up highly available
network file shares that can be accessed by
using the standard Server Message Block
(SMB) protocol. That means that multiple
VMs can share the same files with both read
and write access.
○ Availability Sets
○ Logical Grouping Capability.
○ Azure ensures that the VMs you place within
an availability set run across multiple
physical servers, compute racks, storage
units, and network switches.
○ VMs are spread across fault and update
domains.
○ 99.95% SLA from Microsoft
○ Group similar VM together: Ex: Database
server, Web Servers.
○ Availability set can only have VMs.
○ Fault Domain:
○ A Fault Domain (FD) is essentially a rack of
servers. It consumes subsystems like
network, power, cooling etc. So, 2 VMs in the
same availability set means Azure will
provision them in to 2 different racks so that
if say, the network or the power failed, only
one rack would be affected.
○ Update Domain:
○ Logical boundary that controls how Microsoft
will deploy planned maintenance.
 ○ Microsoft will only perform planned
maintenance on one update domain at a
time. There will be several update domains
with a fault domain.
○ Is a group of VMs and underlying physical
hardware that can be rebooted at the same
time.
○ Logical unit of deployment does not exist
physically.
○ Used for patching.
○ Only one update domain is updated at a
time.
○ VM within that UD will reboot together.
○ VM is assigned to UD automatically, when
you put your VM into Availability set.
● Load Balancer
○ Azure Load Balancer use to scale your applications
and create high availability for your services. Load
Balancer supports inbound and outbound
scenarios, provides low latency and high
throughput, and scales up to millions of flows for
all TCP and UDP applications.
● Monitoring
● Azure Monitoring
 ○ Azure Monitoring is the platform service that
provides a single source for monitoring Azure
resources with Azure monitor,you can visualize
query,route,archive and take action on the metrics
and logs coming from resources in Azure.basic
service to monitor Azure resources only.
○ Log analytics is a service in operations management
suite(OMS) that monitors your cloud(the cloud could
be AWS or AZURE) and on-premises environments
to maintain their availability and performance.
(focus on infra & service side)much enhanced
version to monitor & collect data from any cloud or
on-premises
○ Application insights is an extensible analytics service
that monitors you live web application.it is designed
to help you continuously improve performance(it is
focus on web application) and usability.
● Automation:
● Microsoft Azure Automation provides a way for user to
automate the manual long running.error prone and
frequently repeated tasks that are generally performed
in the cloud and corporate environment.
● Advisor:
 ○ Monitoring is the act of collecting and analyzing
data to determine the performance, health, and
availability of your business application and the
resources that it depends on.
○ An effective monitoring strategy helps you
understand the detailed operation of the
components of your application
● Shared Capabilities
○ Alerts

○ Azure alerts proactively notify you of critical

conditions and potentially take corrective
action. Alert rules can use data from multiple
sources, including metrics and logs.
○ Dashboards
○ Use Azure dashboards to combine different
kinds of data into a single pane in the Azure
portal. You can then share the dashboard
with other Azure users
 ○ Metrics Explorer
○ Metrics are numerical values generated by an
Azure resource to help you understand the
operation and performance of the resource.
● Core monitoring
○ Azure Monitor

○ It enables core monitoring for Azure services

by allowing the collection of metrics, activity
logs, and diagnostic logs. For example, the
activity log tells you when new resources are
created or modified.
○ Azure Advisor
○ It constantly monitors your resource
configuration and usage telemetry. It then
gives you personalized recommendations
based on best practices.
○ Service Health
○ The health of your application relies on the
Azure services that it depends on. Azure
Service Healthidentifies any issues with Azure
services that might affect your application.
○ Activity Log
○ Activity Log provides data about the
operation of an Azure resource.
● Deep monitoring services
○ Deep application monitoring

○ Application Insights

○ You can use Azure Application Insights to

monitor availability, performance, and usage
of your application, whether it's hosted in
the cloud or on-premises.
○ Deep infrastructure monitoring
○ Log Analytics
○ Log Analytics plays a central role in Azure
monitoring by collecting data from a variety
of resources (including non-Microsoft tools)
into a single repository.
○ Management solutions
○ Management solutions are packaged sets of
logic that provide insights for a particular
application or service.
○ Network Monitoring
○ There are several tools that work together to
monitor various aspects of your network
○ Network Watcher

○ Network Performance Moniter

○ ExpressRoute Monitor

○ DNS Analytics
 ○ Service Map
○ Service Map provides insight into your IaaS
environment by analyzing virtual machines
with their different processes and
dependencies on other computers and
external processes.

○ Queue Storage
○

Queue storage
 The Azure Queue service is used to store and retrieve messages. Queue messages can be up to
64 KB in size, and a queue can contain millions of messages. Queues are generally used to store
lists of messages to be processed asynchronously.
For example, say you want your customers to be able to upload pictures, and you want to
create thumbnails for each picture. You could have your customer wait for you to create the
thumbnails while uploading the pictures. An alternative would be to use a queue. When the
customer finishes his upload, write a message to the queue. Then have an Azure Function
retrieve the message from the queue and create the thumbnails. Each of the parts of this
processing can be scaled separately, giving you more control when tuning it for your usage.
For more information about Azure Queues, see Introduction to Queues.
Table storage
Azure Table storage is now part of Azure Cosmos DB. To see Azure Table storage
documentation, see the Azure Table Storage Overview. In addition to the existing Azure Table
storage service, there is a new Azure Cosmos DB Table API offering that provides throughput-
optimized tables, global distribution, and automatic secondary indexes. To learn more and try
out the new premium experience, please check out Azure Cosmos DB Table API.
For more information about Table storage, see Overview of Azure Table storage.
Types of storage accounts
This table shows the various kinds of storage accounts and which objects can be used with
each.
● Type of
storage General-purpose Blob storage, hot and cool
account General-purpose StandardPremium access tiers
Services supported Blob, File, Queue Services Blob Service Blob Service

Types of blobs supported Block blobs, page blobs, Page blobs Block blobs and append
and append blobs blobs

General-purpose storage accounts

There are two kinds of general-purpose storage accounts.
Standard storage
The most widely used storage accounts are standard storage accounts, which can be used for
all types of data. Standard storage accounts use magnetic media to store data.
Premium storage
Premium storage provides high-performance storage for page blobs, which are primarily used
for VHD files. Premium storage accounts use SSD to store data. Microsoft recommends using
Premium Storage for all of your VMs.
Blob Storage accounts
The Blob Storage account is a specialized storage account used to store block blobs and append
blobs. You can't store page blobs in these accounts, therefore you can't store VHD files. These
accounts allow you to set an access tier to Hot or Cool; the tier can be changed at any time.
The hot access tier is used for files that are accessed frequently -- you pay a higher cost for
storage, but the cost of accessing the blobs is much lower. For blobs stored in the cool access
tier, you pay a higher cost for accessing the blobs, but the cost of storage is much lower.
Accessing your blobs, files, and queues
Each storage account has two authentication keys, either of which can be used for any
operation. There are two keys so you can roll over the keys occasionally to enhance security. It
is critical that these keys be kept secure because their possession, along with the account
name, allows unlimited access to all data in the storage account.
This section looks at two ways to secure the storage account and its data. For detailed
information about securing your storage account and your data, see the Azure Storage security
guide.
Securing access to storage accounts using Azure AD
One way to secure access to your storage data is by controlling access to the storage account
keys. With Resource Manager Role-Based Access Control (RBAC), you can assign roles to users,
groups, or applications. These roles are tied to a specific set of actions that are allowed or
disallowed. Using RBAC to grant access to a storage account only handles the management
operations for that storage account, such as changing the access tier. You can't use RBAC to
grant access to data objects like a specific container or file share. You can, however, use RBAC
to grant access to the storage account keys, which can then be used to read the data objects.
Securing access using shared access signatures
You can use shared access signatures and stored access policies to secure your data objects. A
shared access signature (SAS) is a string containing a security token that can be attached to the
URI for an asset that allows you to delegate access to specific storage objects and to specify
constraints such as permissions and the date/time range of access. This feature has extensive
capabilities. For detailed information, refer to Using Shared Access Signatures (SAS).
Public access to blobs
The Blob Service allows you to provide public access to a container and its blobs, or a specific
blob. When you indicate that a container or blob is public, anyone can read it anonymously; no
authentication is required. An example of when you would want to do this is when you have a
website that is using images, video, or documents from Blob storage. For more information, see
Manage anonymous read access to containers and blobs
Encryption
There are two basic kinds of encryption available for the Storage services. For more information
about security and encryption, see the Azure Storage security guide.
Encryption at rest
Azure Storage Service Encryption (SSE) at rest helps you protect and safeguard your data to
meet your organizational security and compliance commitments. With this feature, Azure
Storage automatically encrypts your data prior to persisting to storage and decrypts prior to
retrieval. The encryption, decryption, and key management are totally transparent to users.
SSE automatically encrypts data in all performance tiers (Standard and Premium), all
deployment models (Azure Resource Manager and Classic), and all of the Azure Storage services
(Blob, Queue, Table, and File). SSE does not affect Azure Storage performance.
For more information about SSE encryption at rest, see Azure Storage Service Encryption for
Data at Rest.
Client-side encryption
The storage client libraries have methods you can call to programmatically encrypt data before
sending it across the wire from the client to Azure. It is stored encrypted, which means it also is
encrypted at rest. When reading the data back, you decrypt the information after receiving it.
For more information about client-side encryption, see Client-Side Encryption with .NET for
Microsoft Azure Storage.
Replication
In order to ensure that your data is durable, Azure Storage replicates multiple copies of your
data. When you set up your storage account, you select a replication type. In most cases, this
setting can be modified after the storage account has been created.