Search Tutorials


AZ-305 - Design a Storage Strategy | JavaInUse

AZ-305 - Design a Storage Strategy

Azure Storage Account Types

Azure Storage provides a variety of storage account types to meet different performance, feature, and pricing requirements. Selecting the right storage account type is a foundational decision that affects available services, redundancy options, and cost.

General-purpose v2 (GPv2)

GPv2 - The Default Choice

General-purpose v2 is the recommended storage account type for most scenarios. It supports all Azure Storage services including Blob, File, Queue, Table, and Data Lake Storage Gen2. GPv2 accounts deliver the lowest per-gigabyte capacity prices and industry-competitive transaction prices. They support all redundancy options and access tiers (Hot, Cool, Cold, Archive).

Premium Storage Accounts

Premium Block Blobs

Premium block blob accounts use solid-state drives (SSDs) and are optimized for workloads requiring low and consistent storage latency. Ideal for IoT analytics, AI/ML workloads, and interactive scenarios. They do not support access tiers - all data is stored at the premium performance level. Only LRS and ZRS redundancy are available.

Premium File Shares

Premium file shares accounts store data on SSDs and are designed for enterprise or high-performance file share applications. They support both SMB and NFS protocols. Use premium file shares for I/O-intensive workloads, database hosting, and high-performance computing. Only LRS and ZRS redundancy are supported.

Premium Page Blobs

Premium page blob accounts are optimized for storing page blobs, which are the underlying storage format for Azure VM unmanaged disks. These accounts provide consistent low-latency and high IOPS for page blob workloads.

Storage Access Tiers

Azure Blob Storage offers multiple access tiers that allow you to optimize costs based on data access patterns. Choosing the right tier significantly impacts storage costs because each tier has different storage and access costs.

Tier Comparison

TierStorage CostAccess CostMinimum RetentionBest For
HotHighestLowestNoneFrequently accessed data
CoolLowerHigher30 daysInfrequently accessed data stored for at least 30 days
ColdEven lowerEven higher90 daysRarely accessed data stored for at least 90 days
ArchiveLowestHighest180 daysOffline data with flexible retrieval (hours)

Access Tier Considerations

Lifecycle Management

Azure Blob Storage lifecycle management policies automatically transition blobs to cooler tiers or delete them based on rules you define. For example, you can create a rule that moves blobs to Cool after 30 days, to Archive after 90 days, and deletes them after 365 days. This automation helps optimize costs without manual intervention.

The Archive tier is offline - data must be rehydrated to Hot or Cool tier before it can be accessed. Rehydration can take up to 15 hours with standard priority or up to 1 hour with high priority (at additional cost). Hot and Cool tiers can be set at the account level, while all tiers can be set at the blob level.

Storage Redundancy Options

Azure Storage always stores multiple copies of your data to protect against planned and unplanned events. Choosing the right redundancy option depends on your durability, availability, and disaster recovery requirements.

Redundancy Comparison

OptionCopiesRegionsRead Access During OutageDurability (nines)
LRS (Locally Redundant Storage)3Single region, single datacenterNo11 nines
ZRS (Zone-Redundant Storage)3Single region, across 3 availability zonesNo12 nines
GRS (Geo-Redundant Storage)6Two regions (LRS in each)No (failover required)16 nines
RA-GRS (Read-Access GRS)6Two regions (LRS in each)Yes (read-only secondary)16 nines
GZRS (Geo-Zone-Redundant Storage)6Two regions (ZRS primary, LRS secondary)No (failover required)16 nines
RA-GZRS (Read-Access GZRS)6Two regions (ZRS primary, LRS secondary)Yes (read-only secondary)16 nines

Choosing Redundancy

LRS: Lowest cost, protects against server rack and drive failures. Use for non-critical data or data that can be easily recreated.

ZRS: Protects against datacenter-level failures within a region. Recommended for high-availability scenarios within a single region.

GRS/RA-GRS: Protects against regional outages by replicating to a secondary region. Choose RA-GRS when you need read access to the secondary region without a failover.

GZRS/RA-GZRS: Combines zone-level protection in the primary region with geo-replication. Provides the highest level of durability and availability.

Azure Managed Disks

Azure Managed Disks are block-level storage volumes managed by Azure and used with Azure Virtual Machines. They simplify disk management by handling storage account creation, sizing, and replication automatically.

Managed Disk Types

Ultra Disks

Ultra Disks deliver the highest throughput, highest IOPS, and lowest latency for Azure VMs. They support up to 160,000 IOPS and 4,000 MBps throughput per disk. Ideal for data-intensive workloads such as SAP HANA, top-tier databases, and transaction-heavy applications. Disk size, IOPS, and throughput can be adjusted dynamically without detaching the disk.

Premium SSD v2

Premium SSD v2 offers individually adjustable IOPS, throughput, and capacity without the constraints of fixed performance tiers. It provides sub-millisecond latency and is suited for enterprise workloads like SQL Server, Oracle, and other mission-critical systems that need granular performance tuning.

Premium SSD

Premium SSDs provide high-performance, low-latency disk support for I/O-intensive applications. They are backed by SSDs and offer performance tiers (P1 through P80) with fixed IOPS and throughput per tier. Suitable for production workloads and latency-sensitive applications.

Standard SSD

Standard SSDs are a cost-effective storage option for workloads that need consistent performance at lower IOPS levels. Suitable for web servers, lightly used enterprise applications, and dev/test environments. They offer better reliability than Standard HDDs.

Standard HDD

Standard HDDs are backed by magnetic drives and provide the lowest cost per GB for managed disks. Best suited for backup, non-critical, and infrequent access workloads where performance is not a priority.

Azure Files vs Azure Blob vs Azure Disk

Each Azure Storage service is designed for different use cases. Choosing between Azure Files, Azure Blob Storage, and Azure Disks depends on the access protocol, sharing requirements, and workload type.

Service Comparison

Azure Files

Azure Files provides fully managed file shares accessible via SMB and NFS protocols. Ideal for lift-and-shift migrations that rely on file shares, shared application settings, diagnostic logs, and tools/utilities. Supports identity-based authentication with Microsoft Entra ID and on-premises Active Directory. Azure File Sync enables caching on Windows Server for fast local access.

Azure Blob Storage

Azure Blob Storage is optimized for storing massive amounts of unstructured data such as text, binary data, images, video, and documents. Supports REST access and client library access. Includes access tiers for cost optimization and lifecycle management for automatic tiering. Best for streaming, content delivery, backup, and big data analytics.

Azure Disks

Azure Managed Disks are block-level storage volumes attached to Azure VMs. Each disk is accessible by only one VM at a time (except shared disks). Best for workloads that require persistent, high-performance block storage such as databases and operating system disks. Support snapshots and Azure Backup integration.

Storage Security

SAS Tokens and Stored Access Policies

Shared Access Signatures (SAS)

Account SAS: Delegates access to resources in one or more Azure Storage services (Blob, File, Queue, Table). Signed with the storage account key.

Service SAS: Delegates access to a specific resource in a single storage service. Can be associated with a stored access policy for centralized management.

User Delegation SAS: Secured with Microsoft Entra credentials instead of the storage account key. This is the most secure SAS type and is recommended for Blob and Data Lake Storage.

Stored Access Policies

Stored access policies provide an additional level of control over service-level SAS tokens. A stored access policy defines the start time, expiry time, and permissions for a SAS. You can modify or revoke a stored access policy at any time, which immediately affects all SAS tokens referencing it. This eliminates the need to regenerate storage account keys to revoke access.

Key Terms

TermDefinition
General-purpose v2 (GPv2)The recommended storage account type that supports all Azure Storage services, access tiers, and redundancy options at competitive pricing.
Access TierA classification (Hot, Cool, Cold, Archive) that determines storage and access costs based on how frequently data is accessed.
Lifecycle Management PolicyAn automated rule-based mechanism that transitions blobs between access tiers or deletes them based on age or last access time.
LRS / ZRS / GRSStorage redundancy options providing different levels of data protection: local (LRS), zone (ZRS), and geo (GRS) redundancy.
Ultra DiskThe highest-performance Azure managed disk type, offering up to 160,000 IOPS and dynamic IOPS/throughput adjustment.
Shared Access Signature (SAS)A URI that grants restricted access to Azure Storage resources with a defined time range, permissions, and optional IP restrictions.
User Delegation SASThe most secure SAS type, signed with Microsoft Entra credentials rather than storage account keys, available for Blob and Data Lake Storage.
Azure File SyncA service that caches Azure Files shares on Windows Servers, enabling fast local access with cloud tiering capabilities.

Exam Tips

  • GPv2 is the default: For the exam, General-purpose v2 is almost always the correct storage account type unless the question specifically requires premium performance features.
  • Know the access tiers: Hot for frequent access, Cool for 30-day retention, Cold for 90-day retention, Archive for 180-day retention. Archive is offline and requires rehydration. Remember the minimum retention periods - early deletion incurs charges.
  • Redundancy decision tree: LRS is cheapest but single-datacenter. ZRS protects across zones. GRS/GZRS adds geo-replication. RA-GRS/RA-GZRS adds read access to the secondary. Premium storage only supports LRS and ZRS.
  • User Delegation SAS is preferred: When asked about the most secure SAS option, User Delegation SAS is the answer because it uses Microsoft Entra credentials instead of storage account keys.
  • Azure Files vs. Blob Storage: Azure Files for shared access via SMB/NFS (lift-and-shift). Blob Storage for unstructured data and REST access. Know when to recommend each.
  • Managed Disk selection: Ultra Disk for maximum IOPS. Premium SSD for production workloads. Standard SSD for dev/test. Standard HDD for backup. The exam tests matching disk types to workload requirements.

Practice Questions

Question 1

Your company stores large volumes of log data in Azure Blob Storage. The data is accessed frequently during the first week, occasionally during the next 60 days, and rarely after that. Data must be retained for one year. Which combination of access tiers and features should you use to minimize costs?

A. Store all data in the Hot tier for the entire year
B. Use lifecycle management to move data from Hot to Cool after 7 days, and to Archive after 90 days
C. Store all data in the Archive tier and rehydrate when needed
D. Use Premium block blob storage for all data

Answer: B

Explanation: Lifecycle management policies automatically transition data between tiers based on age. Moving data to Cool after 7 days and to Archive after 90 days optimizes costs by matching the access tier to the data access pattern. Storing everything in Hot is most expensive, while Archive-only requires frequent rehydration costs.

Question 2

You need to design a storage solution that provides read access to data even during a regional outage in the primary region. Which redundancy option should you select?

A. LRS
B. ZRS
C. GRS
D. RA-GRS

Answer: D

Explanation: RA-GRS (Read-Access Geo-Redundant Storage) replicates data to a secondary region and provides read-only access to the secondary endpoint without requiring a failover. GRS also replicates to a secondary region but does not provide read access until a failover occurs.

Question 3

An application team needs to grant temporary access to a specific blob container for an external partner. The access must be revocable without regenerating storage account keys. What is the recommended approach?

A. Create an account SAS token with a short expiry time
B. Create a service SAS token linked to a stored access policy
C. Share the storage account access key with the partner
D. Create an Azure AD user for the partner with Storage Blob Data Reader role

Answer: B

Explanation: A service SAS linked to a stored access policy allows you to revoke access at any time by modifying or deleting the policy. This provides granular, revocable access without needing to regenerate storage account keys. Sharing account keys directly is a security risk.

Question 4

You are deploying a SAP HANA database on Azure VMs that requires sub-millisecond latency and at least 80,000 IOPS per disk. Which managed disk type should you use?

A. Standard HDD
B. Standard SSD
C. Premium SSD
D. Ultra Disk

Answer: D

Explanation: Ultra Disks provide the highest performance with up to 160,000 IOPS, sub-millisecond latency, and 4,000 MBps throughput per disk. They are specifically designed for data-intensive workloads like SAP HANA. Premium SSDs have a maximum of 20,000 IOPS per disk, which does not meet the 80,000 IOPS requirement.

Question 5

Your organization is migrating a legacy application that uses Windows shared folders (SMB protocol) to Azure. The application requires shared access from multiple Azure VMs simultaneously. Which Azure Storage service should you recommend?

A. Azure Blob Storage
B. Azure Managed Disks
C. Azure Files
D. Azure Queue Storage

Answer: C

Explanation: Azure Files provides fully managed file shares accessible via SMB protocol, making it the ideal service for migrating applications that depend on Windows shared folders. Multiple VMs can access the same Azure file share concurrently. Azure Managed Disks are typically attached to a single VM, and Blob Storage uses REST rather than SMB.

AZ-305 Designing Azure Infrastructure Solutions - Table of Contents

Master all exam topics with comprehensive study guides and practice questions.

Design a Solution for Logging and Monitoring Azure Monitor, App Insights, Log Analytics, Sentinel Design Authentication and Authorization Solutions RBAC, Identity Management Design Authentication Azure AD, MFA, Password Reset, AD Sync Design Authorization JIT Access, Azure Resource Graph, AD Groups Design Governance Azure Policy, Template Specs, Deployment Stacks Design a Data Management Strategy DTUs, RUs, Relational/NoSQL, Data Retention Design a Data Protection Strategy Geo-Replication, Encryption, Scaling, DLP Design a Monitoring Strategy for the Data Platform Data Monitoring Strategy Design a Site Recovery Strategy ASR, Failover, Paired Regions, BCDR Design for High Availability Redundancy, Zone-Redundant, HA Storage/SQL Design a Data Archiving Strategy Access Tiers, Archiving, SLAs Design Deployments Compute, Container, Database, Web App Deployments Design Migrations Cloud Adoption Framework, IaaS/PaaS Migration Design an API Integration Strategy API Management, API Policies Design a Storage Strategy Access Tiers, Requirements, Storage Management Design a Compute Strategy Compute Options, HPC, Windows Virtual Desktop Design a Networking Strategy Hub-Spoke, vWAN, DNS, Private Endpoints, Load Balancing

Popular Posts

1Z0-830 Java SE 21 Developer Certification Prepare with Notes and Real Time Practice Tests 1Z0-819 Java SE 11 Developer Certification Prepare with Notes and Real Time Practice Tests 1Z0-829 Java SE 17 Developer Certification Prepare with Notes and Real Time Practice Tests AWS AI Practitioner Certification Prepare with Notes and Real Time Practice Tests AZ-204 Azure Developer Associate Certification Prepare with Notes and Real Time Practice Tests AZ-305 Azure Solutions Architect Expert Certification Prepare with Notes and Real Time Practice Tests AZ-400 Azure DevOps Engineer Expert Certification Prepare with Notes and Real Time Practice Tests DP-100 Azure Data Scientist Associate Certification Prepare with Notes and Real Time Practice Tests AZ-900 Azure Fundamentals Certification Prepare with Notes and Real Time Practice Tests PL-300 Power BI Data Analyst Certification Prepare with Notes and Real Time Practice Tests Spring Professional Certification Prepare with Notes and Real Time Practice Tests Azure AI Foundry Hello World What is Azure AI Foundry Azure AI Agent Hello World Set up and run your first agent Foundry vs Hub Projects When to choose Foundry or hub-based Build Agents with SDK Threads, messages, runs in Python Bing Web Search Agent Ground agents with real-time data Function Calling Agent Custom functions & tool integration Spring Boot + Azure Key Vault Hello World Example Fetch secrets from Azure Key Vault in Spring Boot Spring Boot + Elasticsearch + Azure Key Vault Example Secure Elasticsearch config using Azure Key Vault Spring Boot Azure AD (Entra ID) OAuth 2.0 Authentication Connect Spring Boot to Azure AD using OAuth2 Deploy Spring Boot App to Azure App Service Host Spring Boot application on Azure App Service Secure Azure App Service using Azure API Management Protect deployed Spring Boot app with API Management Deploy Spring Boot JAR to Azure App Service Deploy executable JAR directly to Azure Deploy Spring Boot + MySQL to Azure App Service Host Spring Boot with MySQL database on Azure Spring Boot + Azure Managed Identity Example Access Azure Key Vault using Managed Identity Secure Spring Boot Azure Web App with Managed Identity + App Registration Secure Spring Boot app via Azure Portal configuration Elasticsearch 8 Security - Integrate Azure AD OIDC Integrate Azure AD OIDC with Elasticsearch & Kibana