Azure Files Transactions Part 1

There is not a lot of information on Azure Files Transactions, so I thought id try my best to explain my understanding of the transactions, the costs and some other useful information.

This will be a 2 part blog, the first part covering the transactions and how they are broken down. The 2nd part will include how to view all the transactions.

What are Azure File Transactions?

Microsoft defines transactions as:

“Transactions are operations or requests against Azure Files to upload, download, or otherwise manipulate the contents of the file share. Every action taken on a file share translates to one or more transactions, and on standard shares that use the pay-as-you-go billing model, that translates to transaction costs.”

Looking at the Azure Price Calculator, selecting File Storage you will notice a little drop down section under “Transactions and data transfer”, which lists the following transactions:

  • Write transactions
  • List transactions
  • Read transactions
  • All other operations except for delete

Prices above are for UK South region.

Looking at the above, the Azure charges for transactions appear very reasonable at £0.0572 per 10 0000 write transactions. However we need to uderstand what is considered a Write, Read, and Other transaction.

Below we can see each of these transactions broken down into there various sections. Currently delete transactions are not charged.

Operation typeWrite transactionsList transactionsRead transactionsOther transactionsDelete transactions
Management operationsCreateShare SetFileServiceProperties SetShareMetadata SetSharePropertiesListSharesGetFileServiceProperties GetShareAcl GetShareMetadata GetShareProperties GetShareStats DeleteShare  
     
Data operationsCopyFile Create CreateDirectory CreateFile PutRange PutRangeFromURL SetDirectoryMetadata SetFileMetadata SetFileProperties SetInfo SetShareACL Write PutFilePermission  ListFileRanges ListFiles ListHandles  FilePreflightRequest GetDirectoryMetadata GetDirectoryProperties GetFile GetFileCopyInformation GetFileMetadata GetFileProperties QueryDirectory QueryInfo Read GetFilePermission  AbortCopyFile Cancel ChangeNotify Close Echo Ioctl Lock Logoff Negotiate OplockBreak SessionSetup TreeConnect TreeDisconnect CloseHandles AcquireFileLease BreakFileLease ChangeFileLease ReleaseFileLease  ClearRange DeleteDirectoryDeleteFile  

In part 2 ill create some files, and upload some data and show you how we can view the transactions that are created, and try

Azure File Sync for a Hybrid Environment

I’ve configured Azure File Sync in my home lab quite a few times, and the setup is pretty straightforward. By default Azure File Sync will send data over the internet, which although it is encrypted (if you have set it up) is not ideal. Below is a step by step guide in setting up Azure File Sync with private endpoints and to ensure the data flows over a VPN.

In the following scenario we already have the following setup:

  • VPN from on-premise into Azure
  • Storage account to and Azure file
  • Subnet for the Private Link Endpoints
  • Storage account to and Azure file share
  • On-Premise file share

Storage Sync Service

First we need to create a Storage Sync Service, which in itself is a little strange as you need to go to the marketplace and its called Azure File Sync:

Click create, and add the resource group, stroage sync service name and region, add any tags and create:

Add a sync group, this will contain the cloud endpoint (File share) and server endpoint (on -premise file server). Give the sync group and name and select the storage account and file share created previously, and click create.

Once the sync group has been created, you will notice the cloud endpoint has already been created.

Before installing the server endpoint we are going to create the Private Link Endpoints, which will associate an IP address with the storage account and each of the File Sync services..

At the top of the screen type Private Link Center, once the page loads, click on the Private Endpoints on the left hand side.

We will be adding 2 Private endpoints, one for the storage account and one for the storage sync service. For the first you add the resource group, name and region.

Next we need to add the resource type, resource and target sub-resource. In the below screenshot you can see I have selected Microsoft.Storage/storageAccounts as the resource type. It is important to make sure you select the correct storage account and target sub-resource.

On te configuration page, select the VNet and subnet which will contain the Private Endpoint IP addresses.

Once you have added any tags you can click create.

Next is to create another Private endpoint for the Storage Sync Service,. The steps are the same as above except on the resource page you select Microsoft.StorageSync/storaageSyncService as the resource type, select the Storage Sync Service as the resource and AFS as the target sub-resource.

Before moving to the server endpoints we have two last steps, first is to obtain the FQDN and IP address for the storage endpoint and each of the Storage Sync Service services. The best place to get these is to Private DNS Zones:

First we will get the Storage private endpoint FQDN and IP address. Click on Privatelink.file.core.windows.net, and then the storage account name:

Take a note of the name and IP address:

Do the same for the Private Link Endpoint services, note there will be 4 of these, so make sure you capture the name and IP details of each one.

Before adding the details captured above as DNS entries you need to remove “privatelink” from the FQDN.

Before:

  • acuksstorage001.privatelink.file.core.windows.net 10.0.1.4
  • ac-uks-storagesyncservmanagement.uksouth.privatelink.afs.azure.net 10.0.1.5
  • ac-uks-storagesyncservmonitoring.uksouth.privatelink.afs.azure.net 10.0.1.8
  • ac-uks-storagesyncservsyncp.uksouth.privatelink.afs.azure.net 10.0.1.6
  • ac-uks-storagesyncservsyncs.uksouth.privatelink.afs.azure.net 10.0.1.7

After:

  • acuksstorage001.file.core.windows.net 10.0.1.4
  • ac-uks-storagesyncservmanagement.uksouth.afs.azure.net 10.0.1.5
  • ac-uks-storagesyncservmonitoring.uksouth.afs.azure.net 10.0.1.8
  • ac-uks-storagesyncservsyncp.uksouth.afs.azure.net 10.0.1.6
  • ac-uks-storagesyncservsyncs.uksouth.afs.azure.net 10.0.1.7

We can now go to the storage account, networking and Private endpoint to ensure the Private Endpoint has been created.

Going to the Firewall and Virtual Networks on the storage account, select “Selected Networks” but do not add any networks.

Lastly step is to run the following script in Azure Powershell which forces all traffic over the VPN and not the internet, replacing the resource group name and Storage Sync Service in the top 2 lines.

$storageSyncServiceResourceGroupName = "<storage-sync-service-resource-group>"
$storageSyncServiceName = "<storage-sync-service>"

$storageSyncService = Get-AzResource `
        -ResourceGroupName $storageSyncServiceResourceGroupName `
        -ResourceName $storageSyncServiceName `
        -ResourceType "Microsoft.StorageSync/storageSyncServices"

$storageSyncService.Properties.incomingTrafficPolicy = "AllowVirtualNetworksOnly"
$storageSyncService = $storageSyncService | Set-AzResource -Confirm:$false -Force -UsePatchSemantics

Finally on to the Server Endpoint. Download the FileSync agent from here, and run the installer. During the installation you can select automatic updates, and a proxy if required. Once the installation is complete, log in with your Azure credentials.

Select the Azure Subscription, Resource Group and Storage Sync Service created previously.

Final step is to go back to the Storage Sync Service in Azure, and to the Sync group. Select Add Server Endpoint at the top of the screen.

Add the registered server, share path and cloud tiering requirements.

Once its finished processing, the health should turn green, and thats it all done.

Setting up File Sync to run over a VPN/ExpressRoute does take a bit of configuration, but its well worth it to ensure the data is not synced over the internet.

Below is some additional Microsoft documentation.

Deploy Azure File Sync

Planning for an Azure File Sync Deployment

Azure File Sync Networking Considerations

Azure Private Endpoint DNS Configuration

Troubleshoot Azure File Sync