How to create an NFS share

Azure file shares are fully managed file shares that live in the cloud. They can be accessed using either the Server Message Block protocol or the Network File System (NFS) protocol. This article covers creating a file share that uses the NFS protocol. For more information on both protocols, see Azure file share protocols.

Limitations

While in preview, NFS has the following limitations:

  • NFS 4.1 currently only supports most features from the protocol specification. Some features such as delegations and callback of all kinds, lock upgrades and downgrades, Kerberos authentication, and encryption are not supported.
  • If the majority of your requests are metadata-centric, then the latency will be worse when compared to read/write/update operations.
  • Must create a new storage account in order to create an NFS share.
  • Only the management plane REST APIs are supported. Data plane REST APIs are not available, which means that tools like Storage Explorer will not work with NFS shares nor will you be able to browse NFS share data in the Azure portal.
  • AzCopy is not currently supported.
  • Only available for the premium tier.
  • NFS shares only accept numeric UID/GID. To avoid your clients sending alphanumeric UID/GID, you should disable ID mapping.
  • Shares can only be mounted from one storage account on an individual VM, when using private links. Attempting to mount shares from other storage accounts will fail.

Azure Storage features not yet supported

Also, the following Azure Files features are not available with NFS shares:

  • Identity-based authentication
  • Azure Backup support
  • Snapshots
  • Soft delete
  • Full encryption-in-transit support (for details see NFS security)
  • Azure File Sync (only available for Windows clients, which NFS 4.1 does not support)

Regional availability

  • East US (LRS and ZRS)
  • East US 2
  • West US 2
  • West Europe
  • Southeast Asia
  • UK South
  • Australia East (LRS and ZRS)
  • France Central
  • KoreaCentral
  • KoreaSouth

Prerequisites

Register the NFS 4.1 protocol

If you're using the Azure PowerShell module or the Azure CLI, register your feature using the following commands:

PowerShell

Connect-AzAccount
$context = Get-AzSubscription -SubscriptionId <yourSubscriptionIDHere>
Set-AzContext $context
Register-AzProviderFeature -FeatureName AllowNfsFileShares -ProviderNamespace Microsoft.Storage
Register-AzResourceProvider -ProviderNamespace Microsoft.Storage

Azure CLI

az login
az feature register --name AllowNfsFileShares \
                    --namespace Microsoft.Storage \
                    --subscription <yourSubscriptionIDHere>
az provider register --namespace Microsoft.Storage

Verify feature registration

Registration approval can take up to an hour. To verify that the registration is complete, use the following commands:

PowerShell

Get-AzProviderFeature -ProviderNamespace Microsoft.Storage -FeatureName AllowNfsFileShares

Azure CLI

az feature show --name AllowNfsFileShares --namespace Microsoft.Storage --subscription <yourSubscriptionIDHere>

Verify storage account kind

Currently, only FileStorage accounts can create NFS shares.

To verify what kind of storage account you have, navigate to it in the Azure portal. Then, from your storage account, select Properties. From the properties blade, examine the value under Account kind, the value should be FileStorage.

Create an NFS share

Now that you have created a FileStorage account and configured the networking, you can create an NFS file share. The process is similar to creating an SMB share, you select NFS instead of SMB when creating the share.

  1. Navigate to your storage account and select File shares.

  2. Select + File share to create a new file share.

  3. Name your file share, select a provisioned capacity.

  4. For Protocol select NFS (preview).

  5. For Root Squash make a selection.

    • Root squash (default) - Access for the remote superuser (root) is mapped to UID (65534) and GID (65534).
    • No root squash - Remote superuser (root) receives access as root.
    • All squash - All user access is mapped to UID (65534) and GID (65534).
  6. Select Create.

    Screenshot of file share creation blade

Next steps

Now that you've created an NFS share, to use it you have to mount it on your Linux client. For details, see How to mount an NFS share.

If you experience any issues, see Troubleshoot Azure NFS file shares.