Azure, Access File Shares from On-Campus

Instructions on how to connect to Azure File Shares from campus IP Addresses

Overview

With the use of Azure Files, you can operate fully managed file shares in the cloud that support Microsoft’s industry standard SMB protocol.

If you need to create an Azure file share, you can refer to this Microsoft Guide: Quickstart for creating and using Azure file shares | Microsoft Learn. If you need to request an Azure subscription, please fill out this form: Request Azure Subscription . Please ensure that when creating the storage account, you choose the “North Central US” location.

In order to access this Azure file share from any campus IP address, additional network configuration steps are required.

Connection to ExpressRoute

The first prerequisite for connecting to an Azure Files share is to have a vNet created in your subscription that is joined to the Azure ExpressRoute connection. This process will allow resources in your Azure subscription to have the ability to reach resources and services on campus.

Information on how to get an ExpressRoute connection configured in your subscription can be found here: Azure Networking: ExpressRoute

Azure Private Endpoint Overview

Once your ExpressRoute joined network and subnet are in place, the next step is to create the Private Endpoint on the appropriate storage account.

A Private Endpoint is a network interface attached to an Azure resource, that is assigned an IP address from a subnet contained in your Azure vNet. This network interface will effectively act as a bridge that connects your Azure Files share to your ExpressRoute network.

Through the combination of the ExpressRoute connection and this private endpoint, it is possible to access resources hosted in Azure from on campus.

This article focuses on Private Link for the Azure Files Storage Service. Please contact the Azure Support team if you have a different use case for the Private Link service: azure-support@illinois.edu

Private Endpoint creation process:

Ensure storage account kind is set to StorageV2
Azure Storage Kind

For the Private Link settings to be available, the storage account must be configured as a “StorageV2”. If this is not the case, there should be an upgrade button that lets you upgrade the account kind.

Click on the Networking Blade:
Storage Account Network Blade

Select the Private endpoint connections tab, then + Private endpointCreate Private Endpoint

Next, fill in the information below to give your Private Endpoint connection a name. The Region should be North Central US, just like your storage account.
Specifying Name and Location

On the next tab, ensure the Target sub-resource Type is set to file.
Specify Target Resource is set to File

Select the Network and Subnet that are configured with the ExpressRoute connection. Then select the radio button next to “Statically allocate IP address”. Enter a name for the connection and select an available IP address from the subnet you chose.
Entering IP Address Information

Once this is finished, click on the “Next: DNS >” button.

Select “NO” for the radio button on Private DNS Integration
This will be done by Tech Services in a later step.
Select No for Private DNS integration

Click on the “Create” button to complete the Private Link Connection wizard.

Once this is finished, you should notice a connection is now listed on the “Private endpoint connections” tab
Private Endpoint Creation Complete

The Final step is performed by Technology Services.

Please send us the name of your storage account as well as the IP address that has been assigned to your Private Endpoint. We will use this information to create an “A” record in the privatelink.file.core.windows.net Azure Private DNS namespace.

Create DNS Records:
Create DNS A Record



Keywords:
Azure, cloud, file share, smb, ExpressRoute, storage 
Doc ID:
121477
Owned by:
Amazon C. in University of Illinois Technology Services
Created:
2022-09-21
Updated:
2023-07-07
Sites:
University of Illinois Technology Services