- Article
- 9 minutes to read
Network architecture planning is a key element of designing any application infrastructure. This article helps you design an effective network architecture for your workloads to benefit from the rich capabilities of Azure NetApp Files.
Azure NetApp Files volumes are designed to be contained in a special purpose subnet called a delegated subnet within your Azure Virtual Network. Therefore, you can access the volumes directly from within Azure over VNet peering or from on-premises over a Virtual Network Gateway (ExpressRoute or VPN Gateway). The subnet is dedicated to Azure NetApp Files and there's no connectivity to the Internet.
Configurable network features
You can create new volumes choosing Standard or Basic network features in supported regions. In regions where the Standard network features aren't supported, the volume defaults to using the Basic network features. For more information, see Configure network features.
Standard
Selecting this setting enables higher IP limits and standard VNet features such as network security groups and user-defined routes on delegated subnets, and additional connectivity patterns as indicated in this article.Basic
Selecting this setting enables selective connectivity patterns and limited IP scale as mentioned in the Considerations section. All the constraints apply in this setting.
Supported regions
Azure NetApp Files Standard network features are supported for the following regions:
- Australia Central
- Australia Central 2
- Australia East
- Australia Southeast
- Brazil South
- Canada Central
- Central US
- East Asia
- East US
- East US 2
- France Central
- Germany North
- Germany West Central
- Japan East
- Japan West
- Korea Central
- North Central US
- North Europe
- Norway East
- Norway West
- South Africa North
- South Central US
- South India
- Southeast Asia
- Sweden Central
- Switzerland North
- UAE Central
- UAE North
- UK South
- West Europe
- West US
- West US 2
- West US 3
Considerations
You should understand a few considerations when you plan for Azure NetApp Files network.
Constraints
The following table describes what’s supported for each network features configuration:
| Features | Standard network features | Basic network features |
|---|---|---|
| Number of IPs in a VNet (including immediately peered VNets) accessing volumes in an Azure NetApp Files hosting VNet | Same standard limits as VMs | 1000 |
| Azure NetApp Files delegated subnets per VNet | 1 | 1 |
| Network Security Groups (NSGs) on Azure NetApp Files delegated subnets | Yes | No |
| User-defined routes (UDRs) on Azure NetApp Files delegated subnets | Yes | No |
| Connectivity to Private Endpoints | No | No |
| Connectivity to Service Endpoints | No | No |
| Azure policies (for example, custom naming policies) on the Azure NetApp Files interface | No | No |
| Load balancers for Azure NetApp Files traffic | No | No |
| Dual stack (IPv4 and IPv6) VNet | No (IPv4 only supported) | No (IPv4 only supported) |
Important
Conversion between Basic and Standard networking features in either direction is not currently supported.
Additionally, you can create Basic volumes from Basic volume snapshots and Standard volumes from Standard volume snapshots. Creating a Basic volume from a Standard volume snapshot is not supported. Creating a Standard volume from a Basic volume snapshot is not supported.
Supported network topologies
The following table describes the network topologies supported by each network features configuration of Azure NetApp Files.
| Topologies | Standard network features | Basic network features |
|---|---|---|
| Connectivity to volume in a local VNet | Yes | Yes |
| Connectivity to volume in a peered VNet (Same region) | Yes | Yes |
| Connectivity to volume in a peered VNet (Cross region or global peering) | Yes* | No |
| Connectivity to a volume over ExpressRoute gateway | Yes | Yes |
| ExpressRoute (ER) FastPath | Yes | No |
| Connectivity from on-premises to a volume in a spoke VNet over ExpressRoute gateway and VNet peering with gateway transit | Yes | Yes |
| Connectivity from on-premises to a volume in a spoke VNet over VPN gateway | Yes | Yes |
| Connectivity from on-premises to a volume in a spoke VNet over VPN gateway and VNet peering with gateway transit | Yes | Yes |
| Connectivity over Active/Passive VPN gateways | Yes | Yes |
| Connectivity over Active/Active VPN gateways | Yes | No |
| Connectivity over Active/Active Zone Redundant gateways | Yes | No |
| Connectivity over Active/Passive Zone Redundant gateways | Yes | Yes |
| Connectivity over Virtual WAN (VWAN) | Yes | No |
* This option will incur a charge on ingress and egress traffic that uses a virtual network peering connection. For more information, see Virtual Network pricing. For more general information, see Virtual network peering.
Virtual network for Azure NetApp Files volumes
This section explains concepts that help you with virtual network planning.
Azure virtual networks
Before provisioning an Azure NetApp Files volume, you need to create an Azure virtual network (VNet) or use one that already exists in your subscription. The VNet defines the network boundary of the volume. For more information on creating virtual networks, see the Azure Virtual Network documentation.
Subnets
Subnets segment the virtual network into separate address spaces that are usable by the Azure resources in them. Azure NetApp Files volumes are contained in a special-purpose subnet called a delegated subnet.
Subnet delegation gives explicit permissions to the Azure NetApp Files service to create service-specific resources in the subnet. It uses a unique identifier in deploying the service. In this case, a network interface is created to enable connectivity to Azure NetApp Files.
If you use a new VNet, you can create a subnet and delegate the subnet to Azure NetApp Files by following instructions in Delegate a subnet to Azure NetApp Files. You can also delegate an existing empty subnet that's not delegated to other services.
If the VNet is peered with another VNet, you can't expand the VNet address space. For that reason, the new delegated subnet needs to be created within the VNet address space. If you need to extend the address space, you must delete the VNet peering before expanding the address space.
UDRs and NSGs
If the subnet has a combination of volumes with the Standard and Basic network features, user-defined routes (UDRs) and network security groups (NSGs) applied on the delegated subnets will only apply to the volumes with the Standard network features.
Note
Associating NSGs at the network interface level is not supported for the Azure NetApp Files network interfaces.
Configuring UDRs on the source VM subnets with the address prefix of delegated subnet and next hop as NVA isn't supported for volumes with the Basic network features. Such a setting will result in connectivity issues.
Note
To access an Azure NetApp Files volume from an on-premises network via a VNet gateway (ExpressRoute or VPN) and firewall, configure the route table assigned to the VNet gateway to include the /32 IPv4 address of the Azure NetApp Files volume listed and point to the firewall as the next hop. Using an aggregate address space that includes the Azure NetApp Files volume IP address will not forward the Azure NetApp Files traffic to the firewall.
Azure native environments
The following diagram illustrates an Azure-native environment:
Local VNet
A basic scenario is to create or connect to an Azure NetApp Files volume from a VM in the same VNet. For VNet 2 in the diagram, Volume 1 is created in a delegated subnet and can be mounted on VM 1 in the default subnet.
VNet peering
If you have other VNets in the same region that need access to each other’s resources, the VNets can be connected using VNet peering to enable secure connectivity through the Azure infrastructure.
Consider VNet 2 and VNet 3 in the diagram above. If VM 1 needs to connect to VM 2 or Volume 2, or if VM 2 needs to connect to VM 1 or Volume 1, then you need to enable VNet peering between VNet 2 and VNet 3.
Also, consider a scenario where VNet 1 is peered with VNet 2, and VNet 2 is peered with VNet 3 in the same region. The resources from VNet 1 can connect to resources in VNet 2 but can't connect to resources in VNet 3 unless VNet 1 and VNet 3 are peered.
In the diagram above, although VM 3 can connect to Volume 1, VM 4 can't connect to Volume 2. The reason for this is that the spoke VNets aren't peered, and transit routing isn't supported over VNet peering.
Global or cross-region VNet peering
The following diagram illustrates an Azure-native environment with cross-region VNet peering.
With Standard network features, VMs are able to connect to volumes in another region via global or cross-region VNet peering. The above diagram adds a second region to the configuration in the local VNet peering section. For VNet 4 in this diagram, an Azure NetApp Files volume is created in a delegated subnet and can be mounted on VM5 in the application subnet.
In the diagram, VM2 in Region 1 can connect to Volume 3 in Region 2. VM5 in Region 2 can connect to Volume 2 in Region 1 via VNet peering between Region 1 and Region 2.
Hybrid environments
The following diagram illustrates a hybrid environment:
In the hybrid scenario, applications from on-premises datacenters need access to the resources in Azure. This is the case whether you want to extend your datacenter to Azure or you want to use Azure native services or for disaster recovery. See VPN Gateway planning options for information on how to connect multiple resources on-premises to resources in Azure through a site-to-site VPN or an ExpressRoute.
In a hybrid hub-spoke topology, the hub VNet in Azure acts as a central point of connectivity to your on-premises network. The spokes are VNets peered with the hub, and they can be used to isolate workloads.
Depending on the configuration, you can connect on-premises resources to resources in the hub and the spokes.
In the topology illustrated above, the on-premises network is connected to a hub VNet in Azure, and there are 2 spoke VNets in the same region peered with the hub VNet. In this scenario, the connectivity options supported for Azure NetApp Files volumes are as follows:
- On-premises resources VM 1 and VM 2 can connect to Volume 1 in the hub over a site-to-site VPN or ExpressRoute circuit.
- On-premises resources VM 1 and VM 2 can connect to Volume 2 or Volume 3 over a site-to-site VPN and regional VNet peering.
- VM 3 in the hub VNet can connect to Volume 2 in spoke VNet 1 and Volume 3 in spoke VNet 2.
- VM 4 from spoke VNet 1 and VM 5 from spoke VNet 2 can connect to Volume 1 in the hub VNet.
- VM 4 in spoke VNet 1 can't connect to Volume 3 in spoke VNet 2. Also, VM 5 in spoke VNet2 can't connect to Volume 2 in spoke VNet 1. This is the case because the spoke VNets aren't peered and transit routing isn't supported over VNet peering.
- In the above architecture if there's a gateway in the spoke VNet as well, the connectivity to the ANF volume from on-premises connecting over the gateway in the Hub will be lost. By design, preference would be given to the gateway in the spoke VNet and so only machines connecting over that gateway can connect to the ANF volume.
Next steps
- Delegate a subnet to Azure NetApp Files
- Configure network features for an Azure NetApp Files volume
- Virtual network peering
FAQs
What protocols does Azure NetApp files support? ›
Protocols: Azure NetApp Files supports both SMB, NFSv3/NFSv4. 1, and dual-protocol volumes, which are the most common protocols used in enterprise environments. This functionality allows you to use the same protocols and tools that you use on-premises, which helps to ensure compatibility and ease of use.
What are two elements of the Azure NetApp files hierarchy? ›Azure NetApp Files provides two QoS types of capacity pools: auto (default) and manual.
What is the difference between Azure files and Azure NetApp files? ›Azure Files is built on the same Azure storage platform as other services like Azure Blobs. Azure NetApp Files is a fully managed, highly available, enterprise-grade NAS service that can handle the most demanding, high-performance, low-latency workloads requiring advanced data management capabilities.
How do I configure Azure NetApp files? ›- From the Azure NetApp Files management blade, select your NetApp account (myaccount1).
- From the Azure NetApp Files management blade of your NetApp account, click Capacity pools.
- Click + Add pools.
- Provide information for the capacity pool: Enter mypool1 as the pool name. ...
- Click Create.
Benefits. Azure NetApp Files is built for simplicity, performance, and compliance. You gain a better understanding of your infrastructure, achieve high performance and reliability requirements, and protect and optimize your services.
What is the throughput of Azure NetApp Files? ›Azure NetApp Files supports three service levels: Ultra, Premium, and Standard. The Ultra storage tier provides up to 128 MiB/s of throughput per 1 TiB of capacity provisioned. The Premium storage tier provides up to 64 MiB/s of throughput per 1 TiB of capacity provisioned.
What are the 3 types of data that can be stored in Azure? ›Microsoft Azure and most other cloud providers offer several different types of storage, each with its own unique pricing structure and preferred use. Azure storage types include objects, managed files and managed disks.
What are the 3 tiers for Azure storage? ›Hot, cool, and archive access tiers for blob data - Azure Storage | Microsoft Learn. This browser is no longer supported. Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
How do I monitor Azure NetApp Files? ›- Prerequisites.
- Enable monitoring. To enable monitoring for this service, you first need to set up integration with Azure Monitor.
- Add the service to monitoring. ...
- Monitor resources based on tags. ...
- Configure service metrics. ...
- View service metrics. ...
- Azure NetApp Files.
- Azure NetApp Files - Volumes.
Azure Files can be used to replace or supplement traditional on-premises file servers or network-attached storage (NAS) devices.
What are the 2 types of disk storage in Azure? ›
- Ultra disks.
- Premium SSD v2.
- Premium SSDs (solid-state drives)
- Standard SSDs.
- Standard HDDs (hard disk drives)
Azure NetApp Files makes it easy for enterprise line-of-business (LOB) and storage professionals to migrate and run complex, file-based applications with no code change. Azure NetApp Files is widely used as the underlying shared file-storage service in various scenarios.
What are the options for Azure NetApp? ›Azure NetApp Files comes with three performance tiers: Standard, Premium, and Ultra. These can be provisioned with a simple click, allowing unmatched flexibility.
Which three storage protocols does NetApp cloud volumes ontap support? ›ONTAP allows you to provision both NAS and SAN storage for your application environment with SMB, NFS, and iSCSI support.
What is the difference between Azure Files and blob storage? ›Azure Blob is an object storage solution. It allows you to store a large amount of unstructured data, whereas Azure files permit you to develop managed file share for the cloud. Moreover, Azure file share can also be mounted by the on premises deployment of Windows, Linux, and macOS.
What is the difference between Azure Files and Azure disks? ›Azure Managed Disk are used as block-level storage volumes that are managed by Azure and used with Azure VMs (It will be stored as a . VHD file). You have 3 options, Standard HDD/SSD, Premium SSD and Ultra Disks. Azure File offers fully managed file shares in the cloud that are accessible via SMB protocol.
What is the difference between Azure file storage and blob storage? ›What is the difference between blob and file storage? Azure Blob Storage is an object store used for storing vast amounts unstructured data, while Azure File Storage is a fully managed distributed file system based on the SMB protocol and looks like a typical hard drive once mounted.
What is the minimum size for an Azure NetApp files capacity pool? ›The minimum capacity pool size is 2 TiB. You can change the size of a capacity pool in 1-TiB increments.
How fast is Azure file storage? ›The rate of performance is 80 objects per second.
What is the maximum size of volume in NetApp? ›| Limit | Native storage | Virtual storage (Data ONTAP-v) |
|---|---|---|
| Files Maximum size | 16 TB | 16 TB |
| Files Maximum per volume | Volume size dependent, up to 2 billion | Volume size dependent, up to 2 billion |
| FlexCache volumes Maximum per system | 100 | N/A |
| FlexClone volumes Hierarchical clone depth | 499 | 499 |
What type of storage is Azure files? ›
Disk Storage
An Azure managed disk is a virtual hard disk (VHD). You can think of it like a physical disk in an on-premises server but, virtualized. Azure-managed disks are stored as page blobs, which are a random IO storage object in Azure.
- File.
- Blob.
- Queue.
- Table.
- Select the storage account from your dashboard.
- On the storage account page, in the Data storage section, select File shares.
- On the menu at the top of the File shares page, select + File share. ...
- In Name, type myshare. ...
- Select Create to create the Azure file share.
For over 30 years, NetApp has been the leading innovator in data storage, offering the only portfolio in the market with a single unified operating system – NetApp ONTAP – for file, block, and object storage running on performance flash, capacity flash, and hybrid flash.
How many data disks can I attach to an Azure VM? ›Using managed disks, you can create up to 50,000 VM disks of a type in a subscription per region, allowing you to create thousands of VMs in a single subscription.
What is the difference between Azure files Premium and Standard? ›Standard Azure file shares up to 5-TiB support all four redundancy types. Standard file shares larger than 5-TiB only support LRS and ZRS. Premium Azure file shares only support LRS and ZRS.
What is Tier 1 Tier 2 and Tier 3 storage? ›Tier 1. Tier 1 includes fast disks, all-flash storage, hybrid flash storage. You can use Tier 1 for mission-critical or highly sensitive files. Tier 2/3. Tier 2 and Tier 3 include Slow-spinning HDD, disk-based backup appliance, cloud storage, tape.
What are the differences between Tier 1 and Tier 3 storage? ›Tier 3 is used for hot data such as ERP and CRM data which users must access often without too much delay. Compared to Tier 1 and Tier 2, this usually means medium to high performance, high capacity hard drives at a low cost per Gigabyte stored and substantially more data.
What is the difference between hot and cool Azure files? ›Hot file shares offer storage optimized for general purpose file sharing scenarios such as team shares and Azure File Sync. Cool file shares offer cost-efficient storage optimized for online archive storage scenarios. Azure File Sync may also be a good fit for lower churn workloads.
Which storage software is Azure NetApp files running on? ›Azure NetApp Files is a native Azure storage service that provides enterprise-grade NFS and SMB/CIFS storage volumes for mission-critical applications, SAP HANA, databases, high-performance computing, web-applications, and user files.
Which three types of resources can NetApp Cloud Insights Monitor? ›
- Compliance. Ensure corporate compliance by auditing access and usage patterns to your critical corporate data on -premises or in the cloud. ...
- Detect ransomware. ...
- IP protection. ...
- Compliance. ...
- Detect ransomware.
- Sign in to the Azure portal.
- Navigate to the storage account that contains the file share you'd like to mount.
- Select File shares.
- Select the file share you'd like to mount.
- Select Connect.
- Select the drive letter to mount the share to.
- Copy the provided script.
Azure File Share requires VPN on certain networks - Microsoft Q&A.
What are the disadvantages of a file server? ›| Advantages of a file server (compared to local storage) | Disadvantage of a file server |
|---|---|
| Easy to manage files centrally, for example someone joining the company can be set up quickly | They are quite expensive, so may not be the best solution for two or three people in a small company. |
Azure NetApp Files now supports cross-region replication. With this new disaster recovery capability, you can replicate your Azure NetApp Files volumes from one Azure region to another in a fast and cost-effective way. It helps you protect your data from unforeseeable regional failures.
Does Azure use SSD or HDD? ›If you haven't heard, Microsoft now offers three types of storage for your Azure Virtual Machines and they include Standard HDD Storage, Standard SSD Storage, and Premium SSD Storage.
What is the difference between SSD and HDD in Azure? ›Standard HDD Storage is based on the traditional hard disk model, Standard SSD and Premium SSD Storage are both based on Solid State Storage but offer different performance characteristics.
What is the difference between managed disk and storage in Azure? ›Difference Between Managed Disks and Unmanaged Disks
In Unmanaged Disk storage, you must create a storage account in resources to hold the disks (VHD files) for your Virtual Machines. With Managed Disk Storage, you are no longer limited by the storage account limits. You can have one storage account per region.
Azure Files is built on the same Azure storage platform as other services like Azure Blobs. Azure NetApp Files is a fully managed, highly available, enterprise-grade NAS service that can handle the most demanding, high-performance, low-latency workloads requiring advanced data management capabilities.
How does Azure NetApp Files work? ›Azure NetApp Files is an Azure native, first-party, enterprise-class, high-performance file storage service. It provides NAS volumes as a service for which you can create NetApp accounts, capacity pools, select service and performance levels, create volumes, and manage data protection.
What are two elements of the Azure NetApp Files hierarchy? ›
Azure NetApp Files provides two QoS types of capacity pools: auto (default) and manual.
What are the three primary benefits of Azure NetApp files? ›Benefits. Azure NetApp Files is built for simplicity, performance, and compliance. You gain a better understanding of your infrastructure, achieve high performance and reliability requirements, and protect and optimize your services.
What is the difference between AFF and FAS in NetApp? ›They both run exactly the same ONTAP operating system and are managed exactly the same way. The difference between them is that FAS systems are hybrid storage. That means that they support both SSD disks and spinning disks, your SAS drives and SATA drives as well. AFF systems, on the other hand, support SSD only.
What are three NetApp ONTAP storage efficiencies? ›In ONTAP, these include the following: Data compression. Data compaction. Data deduplication.
Does NetApp use CIFS or SMB? ›NetApp NAS Implementation
NFS and CIFS are configured on a per Storage Virtual Machine (SVM) basis.
Cloud disaster recovery (DR) and cloud backup
Deploying Cloud Volumes ONTAP can help dramatically simplify the solution implementation for both of these requirements.
LUN is a large file inside the volume. You can have multiple LUNs in the same volume. Total Volume size= data space + Snapshot reserve . Note that, if the snapshot copies grow to be bigger than the Snapshot reserve size, the volume data space will be used for extra snapshot space.
Does Azure Files support NTFS? ›Azure Files supports the full set of NTFS basic and advanced permissions. You can view and configure NTFS permissions on directories and files in an Azure file share by mounting the share and then using Windows File Explorer or running the Windows icacls or Set-ACL command.
Which two protocol groups are supported natively on NetApp storage? ›SMB/CIFS support.
Does Azure Files support SFTP? ›SFTP permission model
Azure Blob Storage doesn't support Azure Active Directory (Azure AD) authentication or authorization via SFTP. Instead, SFTP utilizes a new form of identity management called local users. Local users must use either a password or a Secure Shell (SSH) private key credential for authentication.
What protocols does Azure use? ›
Azure AD supports many standardized protocols for authentication and authorization, such as SAML 2.0, OpenID Connect, OAuth 2.0, and WS-Federation. Azure AD also supports password vaulting and automated sign-in capabilities for apps that only support forms-based authentication.
Which storage software is Azure NetApp Files running on? ›Azure NetApp Files is a native Azure storage service that provides enterprise-grade NFS and SMB/CIFS storage volumes for mission-critical applications, SAP HANA, databases, high-performance computing, web-applications, and user files.
What is the difference between NetApp NFS and CIFS? ›The main difference between these two types of communication systems are CIFS can used only in Windows operating system, whereas NFS can be used in UNIX and LINUX based systems. In terms of security, CIFS provides better network security than NFS. On the other hand, NFS offers higher scalability features than CIFS.
What is NFS protocol in NetApp? ›Network File System (NFS) is used by UNIX clients for file access. NFS uses port 2049. NFSv3 and NFSv2 use the portmapper service on TCP or UDP port 111. The portmapper service is consulted to get the port numbers for services used with NFSv3 or NFSv2 protocols such as mountd, statd, and nlm.
What is the limitation of Azure SFTP? ›Maximum file upload size via the SFTP endpoint is 100 GB.
Is Azure files a file server? ›Unlike SharePoint, Azure Files (not to be confused, incidentally, with Azure Blob Storage) is essentially a cloud version of traditional WDFS/SMB/CIFS file servers.
What port does Azure files use? ›Ensure port 445 is open: The SMB protocol requires TCP port 445 to be open. Connections will fail if port 445 is blocked.
What are the 3 deployment modes that can be used for Azure? ›Azure supports three approaches to deploying cloud resources - public, private, and the hybrid cloud. Selecting between them will change several factors of the services you move into Azure including cost, maintenance requirements, and security.
Are there VLANs in Azure? ›Azure Virtual Networks don't need to be connected to on-premises networking; you can use VLANs to build and manage cloud-native infrastructures and resources. They can then link between different Azure regions, using Azure's private networking to manage transits without using the public internet.
What are the two type of IP address we use in Azure? ›IP address assignment
Public IPs have two types of assignments: Static - The resource is assigned an IP address at the time it's created. The IP address is released when the resource is deleted. Dynamic - The IP address isn't given to the resource at the time of creation when selecting dynamic.