Access tiers

Azure Blob Storage supports four access tiers: Hot, Cool, Cold, and Archive. Each represents a trade-off of availability and cost. There is no trade-off on the durability (probability of data loss), which is defined by the SKU and replication, not the access tier.

The tiers are as follows:

Hot This access tier is used to store frequently accessed objects. Relative to other tiers,data access costs are low while storage costs are higher.
Cool This access tier is used to store large amounts of data that is not accessed fre- quently and that is stored for at least 30 days. The availability SLA can vary depending on the replication model selected. Relative to the Hot tier, data access costs are higher and storage costs are lower.
Cold This access tier is used for data that is rarely accessed or modified but needs to be accessible without delay. Data in this tier should be stored for at least 90 days. The Cold tier pricing model has lower storage capacity costs but higher access costs compared to cool and hot tiers.
Archive This access tier is used to archive data for long-term storage that is accessed rarely, can tolerate several hours of retrieval latency, and will remain in the Archive tier for at least 180 days. This tier is the most cost-effective option for storing data, but accessing that data is more expensive than accessing data in other tiers. Blob rehydra- tion might take up to 15 hours before the blob is accessible.

New blobs will default to the access tier that is set at the storage account level, though you can override that at the blob level by setting a different access tier, including the archive tier.

Create an Azure storage account

To create a storage account using the Azure portal, type storage accounts in the search box. On the Storage Accounts blade, click Create to open the Create A Storage Account blade (see Figure 2-1). You must choose a unique name for the storage account. Storage account names must be globally unique and may only contain lowercase characters and digits. Select the Azure region (Location), the performance tier, and replication mode for the account. The blade adjusts based on the settings you choose so that you cannot select an unsupported feature combination.

FIGURE 2-1 Creating an Azure storage account using the Azure portal

The Advanced tab of the Create A Storage Account blade is shown in Figure 2-2. This tab defines additional security settings, hierarchical namespace support, and access protocols.

FIGURE 2-2 The advanced settings that can be set when creating an Azure storage account using the portal

The Networking tab of the Create A Storage Account blade is shown in Figure 2-3. On this tab, choose to maintain storage account access either publicly by choosing Enable Public Access From All Networks or privately by choosing Disable Public Access And Use Private Access.

FIGURE 2-3 The networking properties that can be set when creating an Azure storage account using the portal

The Data Protection tab provides options for configuring the recovery, tracking, and access control of the storage account. This includes soft delete options, retention periods, blob versioning, and version-level immutability support. Figure 2-4 shows the Data Protection tab.

The Encryption tab provides options for configuring the encryption type, support for customer-managed keys, and infrastructure encryption. By default, storage accounts are encrypted using Microsoft-managed keys. However, you can configure customer-managed keys to encrypt data using your own keys. Figure 2-5 shows the Encryption tab.