Remove From My Forums

Azure Files - scope?

Question
0

Sign in to vote

Hello,

We want to make use of Azure files as a common share for multiple servers in 2 different regions, 2 different subscription (North EU and South Central).

I have created a storage account in NE region was able to mount in NE region VM and same is failing on server in SC region.

Is azure files region specific? or am I missing something?

please help.

Regards

Thahif

Saturday, May 30, 2020 10:24 AM

All replies

0

Sign in to vote

Hello Thahif,

The Azure Storage forum is being migrated to the new Microsoft Q&A platform (check the announcement HERE), I suggest you ask over at the new forums instead:
https://docs.microsoft.com/en-us/answers/topics/azure-file-storage.html

(Please don't forget to mark helpful replies as answer)

Best regards,
Leon
Blog: https://thesystemcenterblog.com LinkedIn:

Saturday, May 30, 2020 10:58 AM
2

Sign in to vote
Hi Thahif,

You should absolutely be able to access Azure file shares cross region. The one restriction we place on this is that if you access over the public endpoint, you must use SMB 3.0 with encryption to do the mount outside of the Azure region. So a VM within the same region could mount an Azure file share with SMB 2.1 or SMB 3.0 without encryption, but a VM on-premises or in different Azure region would need to use SMB 3.0 with encryption. If you setup peering between vnets, or a private endpoint for your storage account in the other region, you should be able to work around this limitation.

If you are using a modern version of Windows Server (i.e. not Windows Server 2008 R2), SMB 3.0 with encryption should be the default negotiated choice - you'd have to try to get it to fall back.

If you're using a Linux distribution, you may need to check a few things. First, make sure you're using the newest version of your distribution of your version possible. Older versions won't have all the fixes we've contributed to the Linux kernel, and ancient versions may not support SMB 3.0 (or even SMB 2.1!). RHEL is a particularly bad offender here because they backport security and stablility changes to ancient kernels. You can see our Linux page for information on the minimum distribution versions you need to use SMB 3.0: https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-linux. The other big thing you should check on Linux is that your mount is not hardcoding 2.1 - the Linux page I just shared also shows a mount command with the 3.0 version mount option specified.

If you're in a position of needing to use SMB 2.1 due an application (such as an application that only works on Windows Server 2008 R2), you can take the networking suggestion I made above. Also, you must disable encryption on your storage account since SMB 2.1 does not support encryption but the storage account requires it.

If you're still not able to get this to work after looking into these suggestions, don't hesitate to reach out to AzureFiles@microsoft.com.

Thanks,

Will Gries
Program Manager, Azure Files
- Proposed as answer by Malleswara Reddy [MCTS, MCP] Sunday, May 31, 2020 4:24 AM
- Marked as answer by Mohammad Thahif Sunday, May 31, 2020 8:53 AM
- Unmarked as answer by Mohammad Thahif Monday, June 8, 2020 1:20 PM
Saturday, May 30, 2020 10:24 PM
0

Sign in to vote

Hello Will, Thanks much for your detailed explanation. we have only windows servers and all are 2016 DC.

so let me try the vnet peering/private endpoint options. It would be very helpful if you can share any document related to these implementation.

Sunday, May 31, 2020 8:51 AM
0

Sign in to vote

Hello Will,

We are not able get this working, what else I need to check , can you please guide us?

Our storage account "firewall setting" is set to "all public network", anything else do we need to do?
Also, how do I ensure the SMB encryption is enabled at server level.

Regards

Thahif

Monday, June 8, 2020 1:24 PM