Azure File Sync is a great platform as a service (PaaS) solution, which can help you to centralize your files in the cloud and then install a sync agent on Windows Server on-premises or in Azure (IaaS VM) to provide fast local access to your files. The local file server and Azure are constantly syncing and replicating, so you have one centralized location for your files with multi-site access powered by fast local caches and cloud tiering.
Cloud tiering enables frequently accessed files to be cached locally such that the full file content is present on the server, whereas less frequently accessed files are tiered to the cloud. This is desirable for those files that you are not using very often but you still want them to be around.
Before Azure File Sync was introduced back in July 2018, we used to rely on DFS-Replication (DFS-R) solution to synchronize our files across multiple servers whether for multi-site access or as a disaster recovery solution. While Distributed File System Replication (DFS-R) might be appropriate for basic needs, however, the high-volume environment can expose problems with the solution for maintaining adequate storage capacity, replication issues, as well as high operational overhead.
In this article, we will share with you how Azure File Sync can replace your DFS-R solution to minimize the storage footprint on-premises, operation cost, and provide secure protection for your files against any malicious attack or accidental deletion.
DFS Replication Replacement
As mentioned in the introduction, Azure File Sync and DFS-R are both replication solutions used for the same purpose, however, in most cases, we recommend replacing DFS-R with Azure File Sync for the following added values:
- Cloud tiering (optional) – store only recently accessed data on local file servers and free up storage space by moving low frequently accessed data to the cloud.
- Quick scale with multi-site access – provide write access to the same data across Windows Server in different branch offices and Azure Files.
- Fast disaster recovery – Replace on-premises file server(s) within a couple of minutes when disaster strikes, restore file metadata immediately, and recall data as needed.
- No complicated network is required, you just need internet connectivity to access the replicated files from anywhere.
- Full support of your existing Active Directory (NTFS ACLs) on-premises without any extra steps.
- Get detailed reporting and monitoring (alerting) by leveraging the power of Azure Files and Azure Monitor.
- Azure Backup integration – no need to back up your data on-premises, you can save a lot on storage management, and reduce operational/licensing costs.
- Optimize and reduce storage cost in the cloud by leveraging the new “Transaction Optimized”, “Hot”, and “Cool” tier for your workload.
There are a few scenarios where you would want to use DFS-R and Azure File Sync together, such as:
- Not every on-premises file server needs a copy of your file data to be connected directly to the internet.
- You need to consolidate branch office server’s data onto a single hub file server, for which you would like to use Azure File Sync.
- Migrating from a DFS-R deployment to an Azure File Sync deployment. In this scenario, you will have both solutions running side by side for a short period until the data is fully migrated to Azure File Sync, and then retire DFS-R.
Azure File Sync is more than capable to replace the replication/synchronization portion of DFS-R while adding additional value with several significant features that make an Information Technology department’s job easier.
Protection against Ransomware
As we are seeing today, Ransomware has evolved, and it is targeting file shares, shadow copies, and backups whether the data is on-premises or in the cloud. The good news is you can leverage the power of Azure Backup (PaaS) service to integrate with Azure Files (Sync) to lock down your file share which gives you an extra level of protection against tampering and deletion.
As of writing this article, enabling Azure Backup for Azure File Shares gives you an additional copy in the snapshot (Azure file share). Please remember that Azure File Sync alone is NOT a backup solution, if your data gets encrypted by a Ransomware or deleted, Azure File Sync will be happy to sync your corrupted data to Azure as well. However, when you enable Azure Backup you can effectively go back point in time without worrying about cleaning on-premises resources, reinstalling a backup software, and restoring. Also, you get prioritized access to the data in the share via SMB connection to the Azure File Share directly if needed.
Additionally, Microsoft is working on enabling Azure File shares (backup) transfer to Recovery Services Vault instead of relying on share snapshots which remain within the same file share, this will also give you an additional copy and layer of protection against scenarios where ransomware is taking down the file share because the data will remain protected outside of the file share/storage account, and even if someone (intentionally or not) deleted the snapshots, the data will remain in the Recovery Services Vault to restore from.
Azure File Sync extends on-premises file servers into Azure by providing cloud benefits while maintaining performance and compatibility with your existing applications and infrastructure.
We hope this article gave you a broad overview of how Azure Files (Sync) can help you overcome high volume data management and security threats. If you would like to discuss this solution in more detail, please contact your account manager at itnetX to help you with your cloud transformation journey in a well-governed and secure design.
Thank you for reading!
Microsoft MVP, Microsoft Azure