- Distributed File system, Sync’s data across your on-premises file servers.
- The files are stored in Azure file Share.
- The data can then be cached on your on-premises servers.
Features and Benefits
- Multiple File Servers at multiple locations. Sync all to single Azure File Storage.
- Commonly used files are cached on local server.
- The older, rarely accessed files will move to Azure thus freeing your local file server.
- A disaster Recovery Solutions for File Server. If local File Server is Destroyed, set up a VM or Physical server, join to the previous sync group and you get ‘’rapid restore’’
- A Storage Account with Azure file share.
- Ensure that Azure file sync is available in the desired region.
- Deploy the Azure sync service in your resource group.
- Create a sync Group. Here you need to specify a storage account.
Preparing your server
- Your on-premise Windows server is running Windows server 2012 R2 or higher.
- Ensure PowerShell 5.1 running on your system.
- Install the Azure RM module.
- Internet Explorer Enhance security is off for Administrators and Users
- Download and install Azure File Sync agent
Lab Azure File Sync
- First create a storage account
- Create a file share
- Deploy the sync service in your resource group
- Create a Sync group with file shares. This creates an entity known as a cloud endpoint.
- On the Windows server
- Check the pre-requisites
- Download and install the Azure File Sync Agent
- Register the server in the portal
- Once the server has been registered, in the Sync group, add the server endpoint
- When you add the server endpoint, you have to decide on the local folder on the windows server which you want to sync
- Once the server endpoint is created, wait for the status of the server endpoint to change to healthy
- Then let’s place a file on one server and see it sync to the cloud
- Let’s then register a second server
- And then see the file being available on the second server
Steps 1 Create Azure Storage Account.
Steps 2 Create Azure File Share.
We can create a file share with storage quota ranging from 1GB to 5TB.
Steps 3 you can see Azure File Share.
Steps 4 Create Azure Storage File Sync.
Steps 5 Create Sync Group and Select the storage account that we created in the first step.
Steps 6 You can see Sync Groups.
Steps 7 Turn off Internet Explorer Enhanced Security Configuration on both VM’s.
Steps 8 This Is File-Server01 with location set as London.
Steps 8 This is File Server02 with location set as Singapore.
Steps 9 Click on registered Server.
Steps 10 You can download Azure File Sync Agent through link Given below.
Steps 11 Download StorageSyncAgent_V4_WS2016.msi.
Steps 12 Before Installing the Sync Agent Please install PowerShell Module on both VM’S, Click On Install.
Steps 13 Click on Run.
Steps 14 Click on Next Button.
Steps 15 Click on Next ( End user license Agreement).
Steps 17 Click on next button.
Steps 18 Click on Next button.
Steps 19 Click on next Button.
Steps 20 Click on Install Agent Button.
Steps 21 Setup Completed Click on finish Button.
Steps 21 Click on Update.
Steps 22 Click on Azure file Sync -Server Registration.
Steps 23 Enter Your credentials.
Steps 24 Choose your Azure Subscription, Resource Group and Storage Sync Services.
Steps 25 Enter Your Credentials.
Steps 26 Azure File Sync Server Registration has been Completed.
Steps 27 Click on Add server Endpoint.
Steps 28 Add server Endpoint one by one for both File Server01 and File Server02.
Steps 29 You can see both server endpoint have been added.
Steps 30 If you create folders on the FileServer01 (London), as shown below.
You will be able to see the exact data being replicated on File-server02 (Singapore).
Steps 31 All the data that is shared between the two vm’s with location London and Singapore is stored on Azure File Share as shown below.
I hope this will help you setup Azure File Sync for your needs. If you have any queries, Please feel free to contact us here https://www.mismosystems.com/contact-us/
Information, as defined by Oxford Dictionary, is facts provided or learned about something or someone. These facts can range from something very minute that no one gives a damn about to something, not to sound utterly naïve, that has the power to change the world. But then, you are not here to talk about the world, are you? Nope; we are here to talk about how you can protect the data that might end you company if it were to fall in the wrong hands.
Most managers would agree that information is the key to an organisation’s success. Since time immemorial, information has helped empires grow in stature and has also resulted in the fall of some. So, in todays day and age where almost all our information is stored/accessed online, the protection part takes centre stage. The huge sums of money invested in Information Protection systems worldwide annually give credence to the fact that companies have started to investigate the information protection part seriously.
Data travels everywhere. Customers, employees, partners and vendors collaborate continuously on different devices and applications. But is the data always shared safely? Probably not. You can’t hold data in a corporate database at a single location anymore. Vendors, partners and consultants send millions of documents across corporate boundaries every day.
To fully understand the importance of information security, there is need to appreciate both the value of information and the consequences of such information being compromised. The days when thieves would only steal laptops and desktops are long gone. Nowadays, they steal critical data and information contained in insurable hardware including mobile phones, giving rise to cyber-crime. The thieves are now called hackers. It’s not just about malicious data breaches, either. Information leakage, whether on purpose or inadvertently, can also compromise sensitive company data. Security specialists have found it useful to place potential security violations in three categories:
- Unauthorized information release: an unauthorized person is able to read and take advantage of information stored in the computer. This category of concern sometimes extends to “traffic analysis,” in which the intruder observes only the patterns of information use and from those patterns can infer some information content. It also includes unauthorized use of a proprietary program.
- Unauthorized information modification: an unauthorized person is able to make changes in stored information–a form of sabotage. Note that this kind of violation does not require that the intruder see the information he has changed.
- Unauthorized denial of use: an intruder can prevent an authorized user from referring to or modifying information, even though the intruder may not be able to refer to or modify the information. Causing a system “crash,” disrupting a scheduling algorithm, or firing a bullet into a computer are examples of denial of use. This is another form of sabotage.
The term “unauthorized” in the three categories listed above means that release, modification, or denial of use occurs contrary to the desire of the person who controls the information.
Examples of security techniques sometimes applied to computer systems are the following:
- labelling files with lists of authorized users,
- verifying the identity of a prospective user by demanding a password,
- controlling who is allowed to make changes to the computer system.
Information protection solutions used over the years have focused on control. Firewalls and proxies kept sensitive information within corporate boundaries, and device security services protected data contained on managed devices and apps. But that only works for internal users. With the world getting ever so interconnected daily and data being shared with customers, vendors and business partners this approach doesn’t work.
Traditional boundaries fall short of today’s security needs. With rapidly shifting collaboration scenarios, security measures need to change from organization centric to a data-centric focus, protecting the data wherever it goes. And this is where “Azure Information Protection” comes in.
Azure Information Protection is a cloud-based application that classifies, labels and protects documents and emails within as well as outside an organization. It’s a universal way to identify data across disparate locations and apply the appropriate security measures. Azure Protection Information’s classification labels use headers, footers and watermarks to identify documents with sensitive information. The service adds metadata in clear text to files and email headers so other data loss prevention services can take action if necessary. Although it’s cloud-based, Azure Information Protection supports on-premises and hybrid scenarios. We will be focussing on the cloud-based part only.
Every document protection part contains the following 4 parts:
- Identify Sensitive Data
- Classify the Data
- Protect Data and Control Usage Rights
- Track and Report Document Usage
Data is critical to organizations and to users. One of the first tasks that systems designers must do is identify sensitive data and determine how to protect it appropriately. Many deployed systems over the years have failed to protect data appropriately. This can happen when designers fail to identify data as sensitive, or when designers do not identify all the ways in which data could be manipulated or exposed.
After identifying the type of data that is present, you need to classify it. Azure Information Protection by default provides the user will 5 security labels that help classify documents. Labels are what define the type of document, think of them as genre in movies/songs. These include:
- Highly confidential
Once you categorize data, you also need to protect it. Azure Information Protection uses Azure Rights Management (Azure RMS) to encrypt sensitive data and manage access. Azure RMS integrates with other Microsoft cloud services and third-party applications to safeguard your data on the move.
Apart from the default labels present in AIP, one can also create custom policies according to our needs. This is usually done in big companies where the default labels aren’t enough to keep the things safe.
After implementing controls, you need to monitor the protected data. Azure Information Protection has tracking and reporting capabilities to manage document access, detect and respond to risky behaviour and prevent data misuse. The tool also offers detailed reporting and logs to support compliance and regulatory requirements. The tool also helps in revoking access to the document is and when it is deemed to be in the wrong hands.
Below, I will be walking you through the steps required to enabling Azure Information Protection in your tenant but first we need to configure the labels that will be applied to the documents.
To access the Azure Information Protection blade for the first time
- Sign in to the Azure portal.
- On the hub menu, select “Create a resource”, and then, from the search box for the Marketplace, type “Azure Information Protection”.
- From the results list, select “Azure Information Protection”. On the “Azure Information Protection” blade, click “Create”.
- Click “Create” again.
Next time you access the “Azure Information Protection” blade, it automatically selects the “Labels” option so that you can view and configure labels for all users.
As mentioned earlier, by default, Microsoft provides us with 5 labels, namely:
- Personal: Non-business data, for personal use only. No physical marking or protection is provided to documents that have “Personal” label applied to them.
- Public: Business data that is specifically prepared and approved for public consumption. The documents that have been labelled “Public” are provided with physical markings but no protection.
- General: Business data that is not intended for public consumption. However, this can be shared with external partners, as required. Examples include a company internal telephone directory, organizational charts, internal standards, and most internal communication. The documents that have been labelled “General” are provided with physical markings but no protection.
- Confidential: Sensitive business data that could cause damage to the business if shared with unauthorized people. Examples include contracts, security reports, forecast summaries, and sales account data. The documents that have been labelled “Confidential” are provided with both, physical markings and protection.
- Highly Confidential: Very sensitive business data that would cause damage to the business if it was shared with unauthorized people. Examples include employee and customer information, passwords, source code, and pre-announced financial reports. The documents that have been labelled “Highly Confidential” are provided with both, physical markings and protection.
Now these default labels may not work for you or your business needs. You may have different security scenarios that you have to take care of for document protection. Microsoft provides you with the option of creating your own customs policies which will contains your custom labels that can be assigned to users/groups.
Creating Customs Labels
- Sign in to Azure Portal.
- In the search dialogue box, search for “Azure Information Protection”. Click on the first result in the list. You will be taken to the Azure Information Protection blade.
- From the “Classifications” to “Labels” menu option.
- To create a new label: Click “Add a new label”.
- On the Label, select the options that you want for this new label.
You are presented with the following options:
- a. Label Display Name
- b. Label Description
- c. permissions for documents and emails containing this label
- d. Set visual marking (such as header or footer)
- e. Configure conditions for automatically applying this label
- Once you select the options that suit your security needs the best, click “Save”.
Once you create the label, to make your new label available to users, go through the following steps
- From the “Classifications” go to “Policies” menu option.
- Select the policy to contain the new label.
- Select “Add or remove labels”.
- Select the label from the “Policy: Add or remove labels” blade.
- Select “OK”.
- Select “Save”.
Azure Information Protection is available as a single service and through Microsoft’s EM+S. Still have questions? Send us your Queries here or learn how managed services from Mismo Systems LLP can help secure your data and devices.