I'm exploring the use of Azure File Share in combination with Entra Kerberos for our organization. The plan is to provide global secure access to all users, so we can bypass the usual port 445 block. However, I'm worried about the speed, especially since half our users will be based at a single location. Here are some thoughts I've had: - One option is to implement cloud sync to an on-prem server, so remote users can tunnel into the main office, but that kinda shifts Azure into a backup role, which isn't really what I'm aiming for. - Another idea is setting up a VPN gateway site-to-site link on our router to Azure. But, I've learned that GSA doesn't support location-based tunneling, meaning we'll need to handle CA signing issues. - Lastly, I could give every user GSA access and treat everyone like they're working from home, even if they're in the office. I'm trying to find better solutions for faster access for our onsite users. Any advice or feedback would really help!
1 Answer
It really depends on how much data you're transferring. I’ve found that Azure cloud sync/file sync doesn’t always perform as well as advertised. In my experience, when setting up a fresh environment, we ended up using a Windows file server in Azure behind a site-to-site VPN. This way, it functions like a regular VPN tunnel without performance issues. You might also want to check out Tailscale for easier access.
I’m dealing with about 8TB of data, so not a ton. I’m also leaning towards the site-to-site VPN idea. It seems unnecessary to tunnel everything through GSA when we already have a stable VPN in place.