Storage

Azure Storage

Azure Storage can be used to provide an alternative to FTP/SFTP, and provides secure access to data held in Containers/Blobs, File Shares, or Tables.

Shared Access Signatures should be used to validate access to storage.

Container and Blob

These are maintained on geo-replicated file servers to provide a high availability design. Storage Service Encryption should be enabled, and Access Type should be "private" where possible.

Regular offsite backups should be taken to meet the Disaster Recovery – Recovery Point Objective (RPO), and transferred into geo-replicated Azure Cloud Storage. Great Ideaz preferred schedule is a weekly full backup with daily differentials.

File Shares

These are maintained on geo-replicated file servers to provide a high availability design.

Regular offsite backups should be taken to meet the Disaster Recovery – Recovery Point Objective (RPO), and transferred into secure cloud storage. Great Ideaz preferred schedule is a weekly full backup with daily differentials.

Queue

Queues can be used by many senders to transfer data to a single target application. Each Message on a Storage.Queue can hold up to 64kb of data in any format, and is normally formatted as either XML or JSON.

Applications should be decoupled from sending to message Storage.Queues directly to stop the application hanging when the network is slow, or the service is down. Instead, the application should send outbound messages to a database table for transmission to the queue via a windows service.

You can read messages from a Storage.Queue using Azure Functions, and add Authorization headers to Queue REST API calls.

Tables

Tables store structured NoSQL data based on a schemaless Key/Attribute design. They are useful for creating simple datasets such as audit and event logs that don’t need complex joins, foreign keys, etc.

Tables are accessed via a Connection String and an Access Key available from the Azure Portal

Local Databases

These are deployed on clustered database servers to provide a high availability design, or within Always On availability groups. Production, Test and Development databases should be maintained on separate infrastructure.

The disks housing the database files should be encrypted. The database files should also be encrypted by the database server.

Regular offsite backups should be taken to meet the Disaster Recovery – Recovery Point Objective (RPO). Great Ideaz preferred schedule is a daily full backup with hourly transaction log backups into Geo-Replicated Azure Cloud Storage.

Local File Stores

These are maintained on geo-replicated file servers to provide a high availability design.

Access control lists and Group Policies should be used to regulate data access, and the discs housing the file shares should be encrypted.

Regular offsite backups should be taken to meet the Disaster Recovery – Recovery Point Objective (RPO) and transferred into Geo-Replicated Azure Cloud Storage.