General availability of Azure Files on-premises Active Directory Domain Services authentication

Publikováno dne 11 června, 2020

Principal Program Manager

Today we're announcing the general availability of Azure Files support for authentication with on-premises Active Directory Domain Services (AD DS).

Since preview in February 2020, we’ve received great feedback and growing interest from our customers, especially because of increased work from home scenarios. With file shares migrated to the cloud, maintaining access using Active Directory credentials greatly simplifies the IT management experience and provide better mobility for remote work. Most importantly, you do not need to reconfigure your clients. As long as your on-premises servers or user laptops are domain-joined to AD DS, you can sync Active Directory to Azure AD, enable AD DS authentication on the storage account, and mount the file share directly. It makes the migration from on-premises to cloud extremely simple as the existing Windows ACLs can be seamlessly carried over to Azure Files and continue to be enforced for authorization. Along with private endpoint support of Azure Files, you can access data in Azure Files just like you would in an on-premises file server within the secure network boundary.

On-premises AD DS integration also simplifies the setup experience of using Azure Files as the user profile storage for Virtual Desktop scenarios. Leveraging Azure Files for Virtual Desktop Infrastructure (VDI) environments eliminates the need for self-hosting file servers. With AD DS integration, it extends the same authentication and authorization as traditional file servers to Azure. User profiles will be loaded from the file share to the desktop session supporting a single sign-on login experience. You can continue to use the existing AD DS setup and carry over Windows access control lists (ACLs) if needed. Beyond that, Azure Files as a cloud-native file service provides dynamic scaling to better accommodate the change of capacity and traffic patterns. For example, your VDI farm may have started with supporting 500 users, but with more people working remotely you need to scale up to 5000 users (10x increase). Azure Files premium tier allows you to scale up your capability along with performance on the fly to handle the increase in capacity. This will also reduce the management overhead to deploy additional file servers and manage the reconfigurations.

To help with your setup, we have collaborated with first and third-party VDI providers to provide detailed guidance. You can follow this step-by-step walkthrough to configure Windows Virtual Desktop FSLogix profile containers with Azure Files. Citrix has partnered with Microsoft to provide day-one support for Azure Files as a certified storage solution for both User Profile Management and User Personalization Layer technologies. Leveraging Azure Files provides a simple and cost-effective persistent storage solution for user data in your VDI environment. Detailed configuration information for integrating Azure Files with Citrix technologies is available in Citrix Tech Zone.

In addition, we want to share with you the recent updates on Azure Files:

  • Enhanced data protection with soft delete. To protect your Azure file shares from accidental deletion, we released the preview of soft delete for Azure file shares. Think of soft delete like a recycle bin for your file shares. When a file share is deleted, it transitions to a soft deleted state in the form of a soft deleted snapshot. You get to configure how long soft deleted data is recoverable for before it is permanently erased.
  • Better scaling with max file size increased to 4 TiB. We have increased the max size supported on a single file from 1TiB to 4 TiB on premium files. If you are using file share to store engineering files or virtual hard disks (VHDs), this would address your concerns on the size limitations. As you grow your data footprint, you can also scale up the share size at runtime. Larger file sizes are supported over Server Message Block (SMB) protocol and will be enabled for REST access along with standard files in the upcoming weeks.
  • Private endpoint support for Azure File Sync. Starting with version 10.1 of the Azure File Sync agent, you can create private endpoints for your Storage Sync Services. Private endpoints enable you to securely connect to your Azure resources from on-premises using an ExpressRoute with private peering or a Site-to-Site VPN connection.

Getting started

You can deploy a file share and mount it for your data storage within 5 minutes. Here are some materials to help you get started:

You can share your feedback via Azure Storage forum or just send us an email at AzureFiles@microsoft.com.