Azure Files NFS
Required Roles for VM
| Role | Scope | When to Use |
|---|---|---|
| Storage File Data Privileged Contributor | Storage Account | Read/write access to NFS share |
| Storage File Data Privileged Reader | Storage Account | Read-only access |
| Storage Account Contributor | Storage Account | If VM needs to manage the storage account itself |
Enable Managed Identity on VM
# System-assigned
az vm identity assign \
--resource-group <rg> \
--name <vm-name>
Assign RBAC Role via Azure CLI
# Get VM's managed identity principal ID
PRINCIPAL_ID=$(az vm show \
--resource-group <rg> \
--name <vm-name> \
--query identity.principalId -o tsv)
# Get Storage Account resource ID
SA_ID=$(az storage account show \
--resource-group <rg> \
--name <storage-account> \
--query id -o tsv)
# Assign role
az role assignment create \
--assignee $PRINCIPAL_ID \
--role "Storage File Data Privileged Contributor" \
--scope $SA_ID
Prerequisites Checklist
| Requirement | Detail |
|---|---|
| Storage tier | Premium FileStorage only (NFS not on standard) |
| Hierarchical namespace | Not required (unlike Blob NFS) |
| Secure transfer | Must be disabled (NFS doesn’t support HTTPS) |
| Network | Private endpoint or VNet service endpoint required |
| Protocol | NFSv4.1 only |
| OS | Linux VM only |
Mount on the VM
# Install NFS client
sudo apt-get install nfs-common # Ubuntu/Debian
sudo yum install nfs-utils # RHEL/CentOS
# Mount
sudo mount -t nfs \
<storage-account>.file.core.windows.net:/<storage-account>/<share-name> \
/mount/point \
-o vers=4,minorversion=1,sec=sys
Key Points
- No Kerberos — Azure Files NFS uses
sec=sys(UID/GID based), not identity-based auth - RBAC controls management plane access; actual file permissions are POSIX/chmod on the share
- No SMB/Windows — NFS shares can’t be accessed via SMB simultaneously
- Private endpoint is strongly recommended over service endpoint for production
Task:
Follow above steps and create 2 vm and mount azurefileshare, upload files and check in 2nd vm
Databases Overview
A database offers a structured approach for:
- Storing and retrieving data
- User management
- Connection management
Types of Databases
- Relational Databases
- NoSQL Databases
- Key-Value Stores
- Document Databases
- Column Databases
- Graph Databases
- Blockchain Ledger
- Cache Servers
- Data Warehouses
Relational Databases
- Data is organized in tables with rows and columns
- Each row represents a record
- Tables have relations between them
- Interactions use a formal language based on standard SQL
Examples
| Database | Notes |
|---|---|
| SQL Server | Microsoft enterprise RDBMS |
| Oracle | Large enterprise, high-volume |
| PostgreSQL | Open-source, extensible |
| MySQL | Web apps, high read workloads |
| DB2 | IBM enterprise database |
Self-Hosted (On-Premise) Setup
Server Side
- Install the Database Engine (Server side of DBMS)
- Configure users
- Any additional configurations required
Client Side
- Install database client software for users
- Install database client libraries for applications
Ongoing Administrative Activities
| Activity | Description |
|---|---|
| User Management | Adding and managing users |
| Backup | Regular database backups |
| Replication | Read-only and write-supported replicas |
| Performance Tuning | Query and index optimization |
| Patching | Applying security and version updates |
On-premise: You are responsible for ALL of the above activities.
Database as a Service (Cloud)
Public cloud platforms offer managed databases where administrative overhead is dramatically reduced:
| Activity | Self-Hosted | Cloud (DBaaS) |
|---|---|---|
| Backup | Manual setup | Single click |
| Replication | Manual config | Single click |
| Patching | Manual | Automated (set time window) |
| Performance Tuning | Fully manual | Partially automated |
Cloud Database Offerings
AWS
- MySQL (MariaDB)
- PostgreSQL
- SQL Server
- Oracle
- DB2
- Aurora (MySQL and PostgreSQL compatible — AWS native)
Azure
- Microsoft SQL Server
- MySQL (MariaDB)
- PostgreSQL
Practical Difference: Self-Hosted vs DBaaS
Self-Hosted MySQL (on Linux VM)
- Install the database manually
- Create users manually
- Grant permissions manually
- All administrative activities remain your responsibility
MySQL as a Service (Cloud)
- Set parameters → database is up and ready
- Connect and start using immediately
- Most administrative activities available as easy one-click operations
