-
Notifications
You must be signed in to change notification settings - Fork 0
Best Practices
Azure Storage has three access tiers that are balanced on the frequency of access and storage price:
- Hot: fastest, frequent data access, most expensive. This tier is usually used by applications and services for their real-time operation.
- Cool: slow, infrequent data access, less expensive. This tier is usually used for storing logs or recent backups that are used rarely.
- Archive: slowest (hours), no data access for years, super cheap. This tier is usually used to store long-term backups or logs that have to be stored but may be never needed, or when needed it is not needed immediately.
Azure Storage has multiple redundancy modes, the two applicable ones for this scenario:
- LRS: local redundancy, your data is stored in at least 3 copies in a single region. This option provides 11 9's durability.
- GRS: geo-redundancy, your data is also replicated to a peer region on Earth at least 300 miles away and stored there as well. With this option your data is protected against a major disaster even if a whole data center collapses. This is basically 2xLRS. This option provides the highest 16 9's durability.
With this tool, you can upload your raw photos and videos as blobs and move them to the Archive tier, so you can store them in the cheapest tier, in some regions a TB of data for $1/mo in at least 3 copies.
Set your storage account to GRS to prevent data loss in case of a disaster.
As you won't be able to look into your archived photos, you can generate thumbnails of them so you can easily pick which ones to rehydrate. Thumbnails are small and as you usually download a lot of them at once, you can keep them in the Hot tier, they won't cost too much.
As you won't be able to look into your archived photos, to make search easier, you can also use Azure's AI capabilities to create descriptions of your photos and add rich metadata.
You can configure the default access tier to your storage account, so whenever you upload something and forget to archive, it is not stored as hot, which is the most expensive tier.
If you have lots of photos, or you archive photos taken with your phone, or you travel a lot and take lots of photos on each day, then use the directory format year/month/day.
If you have less photos, you can change the default scheme to year/month.
If you are reuploading your photos, you can turn on deduplication for faster matching and force thumbnail generation if you didn't generated them earlier.
To prevent accidental deletion of your individual blobs.
To prevent accidental deletion of your whole storage account, lock it with a Delete lock.
Configure your storage account to require secure data transfer, so you can be sure your data transfers are always secure.
Restrict access to your storage account from all networks, and allow only your specific network.
This identifies suspicious activities or a potential breach attempt. This is low cost, so it is worth to use the most advanced defense techniques.
Blob storage already encrypts your files at storage level. So, if somebody would gain access to any of the storage devices of Azure, all the data would be useless as it is encrypted by the service. This is completely transparent to users.
But if somebody has access to your storage account as a user, like you, he/she is going to be able to read the data, as the service transparently decrypts it. If you want to add an additional layer of security, and encrypt your data at user level, you can leverage the Key Vault support.
Warning: if you loose your keys, you won't be able to read your data anymore.
As storage is so cheap, sometimes it doesn't even worth to select the best photos to store, you can archive all of them.
Data ingress is free. But you have to pay for the data transfer cost of geo-replication if you choose GRS redundancy. You can spare this cost, if you create two separate storage account with LRS redundancy and upload your data to each of them one by one. In this case, you have to upload the same data multiple times, and you have to maintain consistency across your storage accounts as well.
If you let your credit card expire, your Azure subscription may be deleted after a few months effectively loosing your data eventually.