|Category: Contribution||Author: bha 2020-11-02|
Drawing Sylbek 2020
|Today we are creating storage in Azure Cloud and binding it to an existing virtual machine, in this case to Windows 10 Enterprise for Virtual Desktops. If the question asks why this, is there SharePoint Online for that?|
Sure, but SharePoint storage is limited to 25 TB, and SharePoint storage expansion is very expensive. E.g. a company with 100 employees only receives 2 TB of SharePoint storage, 1 TB for account creation + 10 GB per employee. The costs to buy 23 TB are currently 17 cents/GB, would be 4003.84 EUR per month (23 x 1024 x 0.17). In contrast, 23 TB via Azure Storage Account (in West Europe Standard Hot GPv2 FileStorage) costs around 562 EUR. There are also data transmission costs, which should still remain below 10%. See Azure price calculator and select Storage Accounts.
As can be seen in the picture, Windows clients connect to Windows Virtual Desktop (VWD) and can access network drives. Users log in as usual with their own Microsoft 365 or Office 365 account, which is verified by AzureAD.
Create storage account
It assumes you already have an Azure account and have created a virtual machine.
Log in to Azure Portal and search for 'storage accounts', then 'Add' to create an account. I recommend the following settings:
Location -> West Europe, Performance -> Standard, Account kind -> StorageV2, Replication -> LRS, Blob access tier -> Hot
Other sections such as: Networking (we want to adapt later), Data protection, Tags are not changed here, and finally click on Create Button to create a storage account.
We should only allow storage accounts for our private Azure VM network, click on the Storage Account that has just been created under Settings on Firewalls and virtual networks -> Selected networks -> Add existing virtual network. This allows you to only allow your subnet to access storage. You should also enter your IP or subnet under Address range, e.g. fixed and public IP from your company.
Under File service click on File share -> Add File share. Under Quota you enter at least 1 GB and under Tiers -> Hot, although you can change that here at any time to optimize costs. Danger! Before you reduce quota, you must first backup data.
Click on the file share name you have just created, under Connect -> Windows, there is a PowerShell script that you run on Azure VM with user rights. This script can also be distributed via Intune or Endpoint Manager.
Storage performance comparison Premium vs. default
Below you will find a comparison of standard SAS storage versus about 6x higher price with premium storage, SSD hard drives. As the test device is: Azure VM, Windows 10 Enterprise mit 128 GB Premium (4320 Max IOPS) SystemDisk, 8x Intel Xeon E5-2673 CPU, 32 GB RAM.
These values are average values, 4 measurements were made in each case. 'Hot' was selected for standard storage. 'Cool' costs approx. 60% less, has not been tested.
You can also connect storage to on-prem server or directly to clients. If you access from the Office network, you should enter Office IP under Firewalls and virtual networks -> Address range. For home office clients with dynamic IPs, the best way to set up a point-to-site VPN is via OpenVPN with MFA.