I'm gearing up to set up Azure Files for a client and migrate their on-premise files to Azure File Share, which will be accessed from both the main and site offices. Here's the plan:
The main office has an AD server that's also acting as a file server, with around 8 TB of data to move to Azure Files. We're adding a new server and transferring the AD role from the existing file server. There's already a file share for the main office, and we'll also create a new share for the site office file sync.
The site office is a fresh setup with two servers: one for AD and another for the File Sync server. AD replication will occur through a site-to-site VPN connecting both offices. We'll set up a new file share on the site office File Sync server.
In Azure, we plan to create two folders—one for each office—ensuring that main office users have access to both folders, while site office users can access only their own files. We'll establish two server endpoints in the main office for file sync, and just one endpoint in the site office.
The goal is to provide a LAN-like access experience for users at both locations. Permissions will be managed by the respective AD servers. Since site office users primarily deal with large CAD files, performance is crucial. We're also considering cloud tiering for historical files.
I'm looking for feedback on a few points:
1. Does this setup seem solid? Any potential drawbacks?
2. Should we use VPN Gateway and Private Endpoint for Azure? Will they enhance performance, especially since the site office is on 5G?
3. For remote users, is direct SMB access better, or should they connect through the main office's VPN client?
4. Do we need to consider Entra Connect sync here? The client uses Google Workspace, and we want to simplify logging in, especially for senior staff.
5. Any other potential bottlenecks we should keep in mind? Thanks for any insights based on your experiences!
4 Answers
Just a heads-up: files can take up to 24 hours to sync back to the cloud via Azure File Sync. So, it won't have the instant updates like OneDrive. That's worth considering for your workflow, especially if many users rely on real-time access.
It's great to see such a detailed plan! I'd advise against having users access the cloud storage directly while others are on the sync server since files on the sync server sync out everywhere but the cloud changes can take up to 24 hours to reflect. It's safer and faster for users to VPN into the closer site and use the sync server directly. Also, keep in mind that SMB over an open internet connection can lead to issues with latency, especially when handling large files, which isn't ideal. So, ensuring that users have a stable connection to the sync server could save a lot of headaches!
Totally agree—direct SMB over the internet could be a bad experience. In our case, most users just use sync servers for serious work, so that works fine for us.
Consider using a self-hosted solution like CentreStack on an Azure VM coupled with Wasabi storage to save on bandwidth costs while still ensuring a good experience! This could be way cheaper and offer nearly the same functionality at a fraction of the cost.
I have a setup similar to yours with cloud tiering. We host our file server on Azure, syncing each department's Azure Files share. Access is through private endpoints, and while the speed isn’t fantastic, it’s manageable. Just keep an eye on the data throughput as it can be a bottleneck when transferring large amounts of data. We're slowly moving away from this configuration due to the limitations, though.
Are you hosting the file server as an Azure VM? That could change how data flows!
That's not an issue for us since users mainly work on the local sync servers and rarely need direct access to Azure files.