Azure, Access File Shares from On-Campus
Overview
With the use of Azure Files, you can operate fully managed file shares in the cloud that support Microsoft’s industry standard SMB protocol.
If you need to create an Azure file share, you can refer to this Microsoft Guide: Quickstart for creating and using Azure file shares | Microsoft Learn. If you need to request an Azure subscription, please fill out this form: Request Azure Subscription . Please ensure that when creating the storage account, you choose the “North Central US” location.
In order to access this Azure file share from any campus IP address, additional network configuration steps are required.
Connection to ExpressRoute
The first prerequisite for connecting to an Azure Files share is to have a vNet created in your subscription that is joined to the Azure ExpressRoute connection. This process will allow resources in your Azure subscription to have the ability to reach resources and services on campus.
Information on how to get an ExpressRoute connection configured in your subscription can be found here: Azure Networking: ExpressRoute
Azure Private Endpoint Overview
Once your ExpressRoute joined network and subnet are in place, the next step is to create the Private Endpoint on the appropriate storage account.
A Private Endpoint is a network interface attached to an Azure resource, that is assigned an IP address from a subnet contained in your Azure vNet. This network interface will effectively act as a bridge that connects your Azure Files share to your ExpressRoute network.
Through the combination of the ExpressRoute connection and this private endpoint, it is possible to access resources hosted in Azure from on campus.
This article focuses on Private Link for the Azure Files Storage Service. Please contact the Azure Support team if you have a different use case for the Private Link service: azure-support@illinois.edu
Private Endpoint creation process:
Ensure storage account kind is set to StorageV2
For the Private Link settings to be available, the storage account must be configured as a “StorageV2”. If this is not the case, there should be an upgrade button that lets you upgrade the account kind.
Click on the Networking Blade:
Select the Private endpoint connections tab, then + Private endpoint
Next, fill in the information below to give your Private Endpoint connection a name. The Region should be North Central US, just like your storage account.
On the next tab, ensure the Target sub-resource Type is set to file.
Select the Network and Subnet that are configured with the ExpressRoute connection. Then select the radio button next to “Statically allocate IP address”. Enter a name for the connection and select an available IP address from the subnet you chose.
Once this is finished, click on the “Next: DNS >” button.
Select “NO” for the radio button on Private DNS Integration
This will be done by Tech Services in a later step.
Click on the “Create” button to complete the Private Link Connection wizard.
Once this is finished, you should notice a connection is now listed on the “Private endpoint connections” tab
The Final step is performed by Technology Services.
Please send us the name of your storage account as well as the IP address that has been assigned to your Private Endpoint. We will use this information to create an “A” record in the privatelink.file.core.windows.net Azure Private DNS namespace.
Create DNS Records: