![]() ![]() The SMB, NFS, and FileREST protocols have slightly different behavior with respect to the require secure transfer setting: In the Azure portal, you may also see this setting labeled as require secure transfer for REST API operations. You can disable the require secure transfer setting to allow unencrypted traffic. For Azure Files, the require secure transfer setting is enforced for all protocol access to the data stored on Azure file shares, including SMB, NFS, and FileREST. Premium file shares (FileStorage), LRS/ZRSīy default, Azure storage accounts require secure transfer, regardless of whether data is accessed over the public or private endpoint. The sections below provide links and additional context to the documentation referenced in the video. This video is a guide and demo for how to securely expose Azure file shares directly to information workers and apps in five simple steps. A storage account is a management construct that represents a shared pool of storage in which you can deploy multiple Azure file shares, as well as the storage resources for other Azure storage services, such as blob containers or queues. Using an NFS file share always requires some level of networking configuration.Ĭonfiguring public and private endpoints for Azure Files is done on the top-level management object for Azure Files, the Azure storage account. NFS file shares rely on network-level authentication and are therefore only accessible via restricted networks. Therefore, mounting an SMB file share often requires additional networking configuration to use outside of Azure. Although SMB 3.x is an internet-safe protocol, organizational or ISP policies may not be possible to change. This practice originates from legacy security guidance about deprecated and non-internet safe versions of the SMB protocol. SMB file shares communicate over port 445, which many organizations and internet service providers (ISPs) block for outbound (internet) traffic. We recommend reading Planning for an Azure Files deployment prior to reading this conceptual guide.ĭirectly accessing the Azure file share often requires additional thought with respect to networking: To learn how to cache your Azure file share on-premises with Azure File Sync, see Introduction to Azure File Sync. This article focuses on how to configure Azure Files for direct access over public and/or private endpoints. You can access your Azure file shares over the public internet accessible endpoint, over one or more private endpoints on your network(s), or by caching your Azure file share on-premises with Azure File Sync (SMB file shares only). ![]()
0 Comments
Leave a Reply. |