Enterprise File Shares on Azure

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.

My customer has a large on-premises file share environment based on Windows Server File Shares with petabytes of data. The maintenance and operations of those servers sounds like a simple task – but having this in a large and complex infrastructure can be challenging. If the file shares are run by multiple teams, then the overall SLA could be heavily impacted, and the run cost are very high.

Azure has viable alternatives to host files shares – in this post, I want to compare the different services – we will compare Azure Files (AZF) and Azure NetApp Files (ANF) to make the right choice when we migrate to Azure. In this post, I am comparing only the SSD tiers, AZF has additional HDD tiers.

 

I discussed the scenario with Sebastian Brack – thanks a lot for providing the tables below and providing lots of insights!

Features

Feature

Azure NetApp Files

Azure Files Premium

Native Azure Service, fully managed

Yes

Yes

Protocol Compatibility

SMB 2.1/3.0/3.1.1, NFS 3/4.1
Multiprocotol: SMB+NFSv3

FileREST, SMB 2.1/3.0, NFS 4.1 (Preview)

Min Size

4 TiB

100 GiB

Max Volume Size

100 TiB

100 TiB

Max File Size

16 TiB

4 TiB

Service Levels / Tiering

Standard 0.124354€/GiB
Premium 0.248091€/GiB
Ultra 0.331198€/GiB

Premium 0.162€/GiB

+ 0.1375€/GiB Snapshots

please note: there are more HDD-based tiers available!

Shape Capacity/Performance independently

Yes (Manual-QoS)

No

On-Prem Access (Hybrid)

Yes (Express Route, VPN)

Yes (ExpressRoute, VPN, Internet)


Private Link ready (pricing) for VPN/ExpressRoute (Private Peering):
€0.009 per GB In-/Outbound Data Processing

Or ExpressRoute (Microsoft Peering).

Regional Availability

22+ regions

32+ regions

Regional Redundancy

LRS equivalent (99.99% SLA)

LRS (99.9% SLA)
ZRS (Asia Southeast, Australia East, Europe North, Europe West, US East, US East 2, US West 2)  (99.9% SLA)

Geo Redundancy

Yes, Cross-Region Replication (Preview)

No

Storage at-rest encryption

Yes (AES 256)

Yes (AES 256)

Backup

Incremental Snapshots (4k block), Cross-Region Replication, 3rd party

Incremental Snapshots (file), Azure Backup Integration

Snapshot Integration into SMB Client

Yes (Previous Versions + ~snapshot)

Yes (Previous Versions)

Snapshot Integration into NFS Client

Yes (.snapshot)

No

Snapshot Restore via Portal

Restore to new volume

Yes

Integrated Snapshot Scheduling

Yes (Snapshot Policies)

Yes (via Azure Backup)

Identity-based authentication and authorization

Azure Active Directory Domain Services (Azure AD DS),

On-premises Active Directory Domain Services (AD DS)

Azure Active Directory (Azure AD)
Azure Active Directory Domain Services (Azure AD DS)
On-premises Active Directory Domain Services (AD DS) via AD Connect (see Supported scenarios and restrictions)

please note: the prices are taken from Azure West Europe region for comparison – they may vary depending on the service/region.

 

The features table looks quite similar – but the details make this more interesting:

Protocol compatibility is a strength of ANF – more protocols and SMB combined with NFSv3: Some applications require both protocols, especially in an integration scenario. As of writing this, NFS is in Preview for Azure Files.

As of now, you must start with at least 4 TiB for ANF, for AZF it is only 100 GiB – if you only have a small scenario, then AZF scores here.

Hybrid connectivity is another important point for my customer – ANF is fully private with no way to expose it to the internet, AZF is accessible via the internet, privately via Private Link (additional cost!) or via ExpressRoute Microsoft Peering. Internet access can be disabled for AZF, too.

Performance, Throughput

Feature

Azure NetApp Files

Azure Files Premium

Transaction & data transfer prices

Included

Included

Throughput (single volume/share)

Ultra: 128MiB/s per provisioned TiB (auto)

Premium: 64 MiB/s per provisioned TiB (auto)

Standard: 16MiB/s per provisioned TiB (auto)

Egress: 60MiB/s + 61.44 MiB/s per provisioned TiB
Ingress: 40MiB/s + 40.96 MiB/s per provisioned TiB

Shape capacity & performance independently

Yes, Manual-QoS (preview)

No

IOPS (single volume/share)

Not limited explicitly, dependent on throughput & IO Size (benchmark ~460.000)

Example:

1 IOPS @ 64kb per provisioned GiB Premium

16 IOPS @ 4k per provisioned GiB Premium

Baseline: 1 IOPS per provisioned GiB up to 100.000

Burst: 3 IOPS per provisioned GiB up to 100.000

File level throughput limit

Unlimited (volume throughput limit)

Egress 300MiB/s

Ingress 200MiB/s

File level IOPS limit

Unlimited (volume throughput limit)

5000 IOPS

Volume/Share Size adjustable

Yes

Yes, cooldown for decrease @ 24h

Service Level changeable

Yes, cooldown for decrease @ 7 days (Preview)

No

NFS nconnect

Yes (NFSv3)

No

SMB Multichannel

Yes

No

Please note: Features and performance may have changed since publishing this post – please verify! For ANF there is a “What’s new page”, for AZF you can check Azure Update.

 

Now let us look at the service level. ANF is more flexible, file shares can be divided in 3 performance tiers, AZF has two tiers. If you provision large, 100 TB shares with ANF, you get 1600 MiB/s throughput with the standard tier – even for single files (file level throughput depending on volume size or manual quota). The flexibility on the ANF side is a big benefit.

Changing the service level on ANF can be done – please be aware of the cooldown period. Doing the same for AZF is possible, but its not as easy as with ANF.

The last two rows are very important regarding performance – both nconnect and multichannel allow to have multiple connections to the same to ANF drastically improving the bandwidth. Great stuff.

 

Hybrid Connectivity & Encryption

 

Feature

Azure NetApp Files

Azure Files Premium

SMB signing

Yes

 

SMB in-flight encryption

No

Yes

NFS in-flight encryption

Yes

No

Active Directory Integration

Yes

Yes

Azure Active Directory Independent

Yes

No (AD-Connect required)

AD Kerberos Authentication

Yes (AES 256, AES128, DES)

Yes (AES 256)

AD LDAP Signing

Yes

 

 

Comparing the identity aspects, then both integrate into a on-premises Active Directory. AZF requires to have the identities synced to Azure Active Directory (AAD), ANF directly integrates into Active Directory. 

Encryption-wise, AZF supports SMB encryption – ANF does not have this yet.

 

Hopefully, this comparison helps you to make decisions.

Hope it helps,
Max

REMEMBER: these articles are REPUBLISHED. Your best bet to get a reply is to follow the link at the top of the post to the ORIGINAL post! BUT you're more than welcome to start discussions here:

This site uses Akismet to reduce spam. Learn how your comment data is processed.