Network File System (NFS) 3.0 protocol support in Azure Blob Storage (preview)
Blob storage now supports the Network File System (NFS) 3.0 protocol. This support provides Linux file system compatibility at object storage scale and prices and enables Linux clients to mount a container in Blob storage from an Azure Virtual Machine (VM) or a computer on-premises.
NFS 3.0 protocol support in Azure Blob Storage is in public preview. It supports GPV2 storage accounts with standard tier performance and block blob storage accounts with premium performance tier in all public regions.
It's always been a challenge to run large-scale legacy workloads, such as High Performance Computing (HPC) in the cloud. One reason is that applications often use traditional file protocols such as NFS or Server Message Block (SMB) to access data. Also, native cloud storage services focused on object storage that have a flat namespace and extensive metadata instead of file systems that provide a hierarchical namespace and efficient metadata operations.
Blob Storage now supports a hierarchical namespace, and when combined with NFS 3.0 protocol support, Azure makes it much easier to run legacy applications on top of large-scale cloud object storage.
Applications and workloads suited for this feature
The NFS 3.0 protocol feature is best suited for processing high throughput, high scale, read heavy workloads such as media processing, risk simulations, and genomics sequencing. You should consider using this feature for any other type of workload that uses multiple readers and many threads, which require high bandwidth.
NFS 3.0 and the hierarchical namespace
NFS 3.0 protocol support requires blobs to be organized into on a hierarchical namespace. You can enable a hierarchical namespace when you create a storage account. The ability to use a hierarchical namespace was introduced by Azure Data Lake Storage Gen2. It organizes objects (files) into a hierarchy of directories and subdirectories in the same way that the file system on your computer is organized. The hierarchical namespace scales linearly and doesn't degrade data capacity or performance. Different protocols extend from the hierarchical namespace. The NFS 3.0 protocol is one of the these available protocols.
Data stored as block blobs
If you enable NFS 3.0 protocol support, all of the data in your storage account will be stored as block blobs. Block blobs are optimized to efficiently process large amounts of read-heavy data. Block blobs are composed of blocks. Each block is identified by a block ID. A block blob can include up to 50,000 blocks. Each block in a block blob can be a different size, up to the maximum size permitted for the service version that your account uses.
When your application makes a request by using the NFS 3.0 protocol, that request is translated into combination of block blob operations. For example, NFS 3.0 read Remote Procedure Call (RPC) requests are translated into Get Blob operation. NFS 3.0 write RPC requests are translated into a combination of Get Block List, Put Block, and Put Block List.
General workflow: Mounting a storage account container
Your Linux clients can mount a container in Blob storage from an Azure Virtual Machine (VM) or a computer on-premises. To mount a storage account container, you'll have to do these things.
Register NFS 3.0 protocol feature with your subscription.
Verify that the feature is registered.
Create an Azure Virtual Network (VNet).
Configure network security.
Create and configure storage account that accepts traffic only from the VNet.
Create a container in the storage account.
Mount the container.
For step-by-step guidance, see Mount Blob storage by using the Network File System (NFS) 3.0 protocol (preview).
It's important to complete these tasks in order. You can't mount containers that you create before you enable the NFS 3.0 protocol on your account. Also, after you've enabled the NFS 3.0 protocol on your account, you can't disable it.
Your storage account must be contained within a VNet. A VNet enables clients to securely connect to your storage account. The only way to secure the data in your account is by using a VNet and other network security settings. Any other tool used to secure data including account key authorization, Azure Active Directory (AD) security, and access control lists (ACLs) are not yet supported in accounts that have the NFS 3.0 protocol support enabled on them.
To learn more, see Network security recommendations for Blob storage.
Supported network connections
A client can connect over a public or a private endpoint, and can connect from any of the following network locations:
The VNet that you configure for your storage account.
In this article, we'll refer to that VNet as the primary VNet. To learn more, see Grant access from a virtual network.
A peered VNet that is in the same region as the primary VNet.
You'll have to configure your storage account to allow access to this peered VNet. To learn more, see Grant access from a virtual network.
To learn more, see Configuring access from on-premises networks.
An on-premises network that is connected to a peered network.
If you're connecting from an on-premises network, make sure that your client allows outgoing communication through ports 111 and 2048. The NFS 3.0 protocol uses these ports.
Support for Azure Storage features
The following table shows the current level of support for Azure Storage features in accounts that have the NFS 3.0 feature enabled.
The status of items that appear in this tables will change over time as support continues to expand.
NFS 3.0 support can't be enabled on existing storage accounts.
NFS 3.0 support can't be disabled in a storage account after you've enabled it.
NFS 3.0 features not yet supported
The following NFS 3.0 features aren't yet supported.
NFS 3.0 over UDP. Only NFS 3.0 over TCP is supported.
Locking files with Network Lock Manager (NLM). Mount commands must include the
Mounting subdirectories. You can only mount the root directory (Container).
Listing mounts (For example: by using the command
Listing exports (For example: by using the command
Exporting a container as read-only
NFS 3.0 clients not yet supported
The following NFS 3.0 clients aren't yet supported.
- Windows client for NFS
During the preview, the data stored in your storage account is billed at the same capacity rate that blob storage charges per GB per month.
A transaction is not charged during the preview. Pricing for transactions is subject to change and will be determined when it is generally available.
To get started, see Mount Blob storage by using the Network File System (NFS) 3.0 protocol (preview).
To optimize performance, see Network File System (NFS) 3.0 performance considerations in Azure Blob Storage (preview).