Network File System (NFS) 3.0 protocol support in Azure Blob storage (preview)
Blob storage now supports the Network File System (NFS) 3.0 protocol. This support enables Linux clients to mount a container in Blob storage from an Azure Virtual Machine (VM) or a computer on-premises.
NFS 3.0 protocol support in Azure Blob storage is in public preview and is available in the following regions: US East, US Central, and Canada Central.
General workflow: Mounting a storage account container
To mount a storage account container, you'll have to do these things.
Register NFS 3.0 protocol feature with your subscription.
Verify that the feature is registered.
Create an Azure Virtual Network (VNet).
Configure network security.
Create and configure storage account that accepts traffic only from the VNet.
Create a container in the storage account.
Mount the container.
For step-by-step guidance, see Mount Blob storage on Linux by using the Network File System (NFS) 3.0 protocol (preview).
It's important to complete these tasks in order. You can't mount containers that you create before you enable the NFS 3.0 protocol on your account. Also, after you've enabled the NFS 3.0 protocol on your account, you can't disable it.
Your storage account must be contained within a VNet. A VNet enables clients to securely connect to your storage account. The only way to secure the data in your account is by using a VNet and other network security settings. Any other tool used to secure data including account key authorization, Azure Active Directory (AD) security, and access control lists (ACLs) are not yet supported in accounts that have the NFS 3.0 protocol support enabled on them.
To learn more, see Network security recommendations for Blob storage.
Supported network connections
A client can connect over a public or a private endpoint, and can connect from any of the following network locations:
The VNet that you configure for your storage account.
For the purpose of this article, we'll refer to that VNet as the primary VNet. To learn more, see Grant access from a virtual network.
A peered VNet that is in the same region as the primary VNet.
You'll have to configure your storage account to allow access to this peered VNet. To learn more, see Grant access from a virtual network.
To learn more, see Configuring access from on-premises networks.
An on-premises network that is connected to a peered network.
If you're connecting from an on-premises network, make sure that your client allows outgoing communication through ports 111 and 2048. The NFS 3.0 protocol uses these ports.
Azure Storage features not yet supported
The following Azure Storage features aren't supported when you enable the NFS 3.0 protocol on your account.
Azure Active Directory (AD) security
POSIX-like access control lists (ACLs)
The ability to enable NFS 3.0 support on existing storage accounts
The ability to disable NFS 3.0 support in a storage account (after you've enabled it)
Ability to write to blobs by using REST APIs or SDKs.
NFS 3.0 features not yet supported
The following NFS 3.0 features aren't yet supported with Azure Data Lake Storage Gen2.
NFS 3.0 over UDP. Only NFS 3.0 over TCP is supported.
Locking files with Network Lock Manager (NLM). Mount commands must include the
Mounting sub-directories. You can only mount the root directory (Container).
Listing mounts (For example: by using the command
Listing exports (For example: by using the command
Exporting a container as read-only
During the preview, the data stored in your storage account is billed at the same capacity rate that blob storage charges per GB per month.
A transaction is not charged during the preview. Pricing for transactions is subject to change and will be determined when it is generally available.