What is a Storage Account?
Azure Storage includes three services: Blob storage, Table storage, and Queue storage. These services are included in every storage account. A storage account provides your unique namespace for working with blobs, queues, and tables.
For information about storage account limits, see Azure Storage Scalability and Performance Targets.
All of the information about your storage account, including when it was created, is available in the Management Portal, on the Dashboard page for Storage.
Storage costs are based on four factors: storage capacity, replication scheme, storage transactions, and data egress. Storage capacity refers to how much of your storage account allotment you are using to store data. The cost of simply storing your data is determined by how much data you are storing, and how it is replicated. Transactions refer to all read and write operations to Azure Storage. Data egress refers to data transferred out of an Azure region. When the data in your storage account is accessed by an application that is not running in the same region, whether that application is a cloud service or some other type of application, then you are charged for data egress. (For Azure services, you can take steps to group your data and services in the same data centers to reduce or eliminate data egress charges.)
The Storage Pricing Details page provides detailed pricing information for storage capacity, replication, and transactions. The Data Transfers Pricing Details provides detailed pricing information for data egress.
Storage Account Concepts
Storage account replication options
Data in your storage account is replicated to ensure durability that is also highly available, meeting the Azure Storage SLA even in the face of transient hardware failures. Azure Storage is deployed in 15 regions around the world and also includes support for replicating data between regions. You have several options for replicating the data in your storage account:
Locally redundant storage (LRS) is replicated three times within a single facility in a single region. LRS protects your data from normal hardware failures.
Locally redundant storage is offered at a discount. For enhanced durability, we recommend that you use zone-redundant storage or geo-redundant storage, both described below.
Zone-redundant storage (ZRS) is replicated three times across two to three facilities, either within a single region or across two regions, providing higher durability than LRS. In the event of a failure at the primary facility, Azure Storage will failover to another facility.
ZRS provides a higher level of durability than LRS; however, for maximum durability, we recommend that you use geo-redundant storage, described below.
ZRS is currently available only for block blobs. Note that once you have created your storage account and selected zone-redundant replication, you cannot convert it to use to any other type of replication, or vice versa.
Geo-redundant storage (GRS) is the default replication option when you create a new storage account. With GRS, your data is replicated three times within the primary region, and is also replicated three times to a second region hundreds of miles away from the primary region, providing the highest level of durability. In the event of a failure at the primary region, Azure Storage will failover to the secondary region.
GRS is recommended over ZRS or LRS for maximum durability.
Read-access geo-redundant storage (RA-GRS) provides all of the benefits of geo-redundant storage noted above, and also allows read access to data at the secondary region in the event that the primary region becomes unavailable. Read-access geo-redundant storage is recommended for maximum availability in addition to durability.
For more details about replication options, see the Azure Storage Team Blog and Azure Storage Redundancy Options.
The pricing differences between the various replication options can be found on the Storage Pricing Details page.
Storage account endpoints
The endpoints for a storage account represent the highest level of the namespace for accessing blobs, tables, queues, or files. The default endpoints for a storage account have the following formats:
Blob service: http://mystorageaccount.blob.core.windows.net
Table service: http://mystorageaccount.table.core.windows.net
Queue service: http://mystorageaccount.queue.core.windows.net
File service: http://mystorageaccount.file.core.windows.net
The URL for accessing an object in a storage account is built by appending the object's location in the storage account to the endpoint. For example, a blob address might have this format: http://mystorageaccount.blob.core.windows.net/mycontainer/myblob.
Storage account security
When you create a storage account, Azure generates two 512-bit storage access keys, which are used for authentication when the storage account is accessed. By providing two storage access keys, Azure enables you to regenerate the keys with no interruption to your storage service or access to that service.
We recommend that you avoid sharing your storage account access keys with anyone else. If you feel that your account has been compromised, you can regenerate your access keys from within the portal. Select your storage account and choose Manage Access Keys.
To permit access to storage resources without giving out your access keys, you can use a shared access signature. A shared access signature provides access to a resource in your account for an interval that you define and with the permissions that you specify. See the shared access signature tutorial for more information.
Storage account metrics and logging
minimal vs. verbose metrics You can configure minimal or verbose metrics in the monitoring settings for your storage account. Minimal metrics collects metrics on data such as ingress/egress, availability, latency, and success percentages, which are aggregated for the Blob, Table, and Queue services. Verbose metrics collects operations-level detail in addition to service-level aggregates for the same metrics. Verbose metrics enable closer analysis of issues that occur during application operations. For the full list of available metrics, see Storage Analytics Metrics Table Schema. For more information about storage monitoring, see About Storage Analytics Metrics.
logging Logging is a configurable feature of storage accounts that enables logging of requests to read, write, and delete blobs, tables, and queues. You configure logging in the Azure Management Portal, but you can't view the logs in the Management Portal. The logs are stored and accessed in the storage account, in the $logs container. For more information, see Storage Analytics Overview.
Affinity groups for co-locating Azure Storage and other services
An affinity group is a geographic grouping of your Azure services and VMs with your Azure storage account. An affinity group can improve service performance by locating computer workloads in the same data center or near the target user audience. Also, no billing charges are incurred for egress when data in a storage account is accessed from another service that is part of the same affinity group.