Implementing Secure and Highly Available Storage Solutions for Company Data and Website Backup

INTRODUCTION

A vital component of any company's digital infrastructure is data storage, particularly for the safekeeping, high availability, and backup of sensitive information and website content. This article will walk you through the process of utilizing cloud-based technology to build up a backup solution for a company's public website and a highly accessible and secure storage solution for internal corporate data.

The intention is to guarantee that firm data is accessible, backed up, and securely stored—even in the event of regional outages. Additionally, we'll put security measures in place including limiting access and managing file upload permissions. Your company can safeguard important resources and guarantee continuity in the event of an interruption by adhering to this guidance.

Create a storage account and configure high-availability

Step 1: Setting Up an Internal Private Document Storage Account
First things first: open a cloud storage account. This account will be the main location for internal corporate documents.

1. Establish a Storage Account:

• Go to the portal, type "Storage accounts" into the search field, and click on it.

• To add a new storage account, click the + Create button.

• Either form a new resource group or choose an already-existing one from a prior lab.
  Make sure the name you enter for your storage account is globally unique. Put a label on it, such as "private," to set it apart from other accounts.

• After examining the parameters, click Review and then click Create. The process of deployment will start.

• Click Go to resource to open the storage account after it has been installed.

2. Set up High Availability:

• You will install Geo-Redundant Storage (GRS) because this storage account needs to be accessible even in the event of a regional outage, without necessitating read access in a backup area.
• Proceed to the Redundancy blade located in the Data management section.
• Make sure you use Geo-Redundant Storage (GRS), which duplicates data to a different location to guarantee high availability. Check the primary and secondary location details by refreshing the page.
• To validate your redundancy settings, save your modifications.

Create a storage container, upload a file, and restrict access to the file.

1. Establish a private data storage container for the company.

• Choose the Container blade located in the Data storage portion of the storage account. Choose + Container.
• Make sure the container's name is private. Achieve Private access for the Public (no anonymous access). As you have time, study the Advanced settings, but take the defaults.
• Choose "Create."

2. Upload a file to the private container for testing. The kind of file is irrelevant. A tiny picture or text document is a wise option. Verify that the file cannot be accessed by the general public.

• Choose the receptacle.
• Click on Upload.
• Choose a file by browsing the files.
• Transfer the file online.
• Choose the file that was uploaded.
• Copy the URL from the Overview tab.

• Open a new browser tab and paste the URL there. Make sure an error message appears and the file doesn't display.

3. For the next 24 hours at least, an external partner needs to be able to read and write to the file. Establish a shared access signature and test it (SAS).
>>>>>Click here to Learn more about Shared Access Signatures.

• Choose the blob file you uploaded, then select the Generate SAS tab.

• Make sure the partner only has Read access in the access drop-down.
• Confirm that the Start and expiry date/time pertain to the upcoming 24 hours.
• Choose Generate URL and SAS token.

• Open a new browser tab and copy the Blob SAS URL.
• Make sure you have access to the file. An image file that you have uploaded will show up in the browser. There will be downloads of other file kinds.

Configure storage access tiers and content replication.

1. To save on costs, after 30 days, move blobs from the hot tier to the cool tier.

Here you can learn more about how to manage the Azure Blob storage lifecycle.

• Return to the storage account.
• In the Overview section, notice the Default access tier is set to Hot.

• In the Data management section, select the Lifecycle management blade.
• Select Add rule.
• Set the Rule name to movetocool.
• Set the Rule scope to Apply rule to all blobs in the storage account.
• Select Next.
• Ensure Last modified is selected.
• Set More than (days ago) to 30.
• In the Then drop-down select Move to cool storage.
• As you have time, review other lifecycle options in the drop-down. Add the rule.

2. It's necessary to backup the files for the public website to an alternate storage account.
>>>>> Check out more resources to Study up on object replication.

• Make sure to establish a new container named backup in your storage account. Make use of the default settings. If you require more specific instructions, go back to Lab 02a.

• Access your publicwebsite storage account by navigating. The previous exercise generated this storage account.
• Choose the Blade for object replication under the Data management section.
• Click on Generate Replication Rules.
• A private storage account should be selected as the destination storage account.
• Assign the destination container to backup and the source container to public.
• Make the replication rule.
• Upload a file to the public container if you have the time. Go back to the account for private storage and update the backup container.