Mount Blob storage by using the Network File System (NFS) 3.0 protocol (preview)
You can mount a container in Blob storage from a Windows or Linux-based Azure Virtual Machine (VM) or a Windows or Linux system that runs on-premises by using the NFS 3.0 protocol. This article provides step-by-step guidance. To learn more about NFS 3.0 protocol support in Blob storage, see Network File System (NFS) 3.0 protocol support in Azure Blob storage (preview).
Step 1: Register the NFS 3.0 protocol feature with your subscription
Open a PowerShell command window.
Sign in to your Azure subscription with the
Connect-AzAccountcommand and follow the on-screen directions.Connect-AzAccountIf your identity is associated with more than one subscription, then set your active subscription.
$context = Get-AzSubscription -SubscriptionId <subscription-id> Set-AzContext $contextReplace the
<subscription-id>placeholder value with the ID of your subscription.Register the
AllowNFSV3feature by using the following command.Register-AzProviderFeature -FeatureName AllowNFSV3 -ProviderNamespace Microsoft.StorageRegister the resource provider by using the following command.
Register-AzResourceProvider -ProviderNamespace Microsoft.Storage
Step 2: Verify that the feature is registered
Registration approval can take up to an hour. To verify that the registration is complete, use the following commands.
Get-AzProviderFeature -ProviderNamespace Microsoft.Storage -FeatureName AllowNFSV3
Step 3: Create an Azure Virtual Network (VNet)
Your storage account must be contained within a VNet. A VNet enables clients to securely connect to your storage account. To learn more about VNet, and how to create one, see the Virtual Network documentation.
Note
Clients in the same VNet can mount containers in your account. You can also mount a container from a client that runs in an on-premises network, but you'll have to first connect your on-premises network to your VNet. See Supported network connections.
Step 4: Configure network security
The only way to secure the data in your account is by using a VNet and other network security settings. Any other tool used to secure data including account key authorization, Azure Active Directory (AD) security, and access control lists (ACLs) are not yet supported in accounts that have the NFS 3.0 protocol support enabled on them.
To secure the data in your account, see these recommendations: Network security recommendations for Blob storage.
Step 5: Create and configure a storage account
To mount a container by using NFS 3.0, You must create a storage account after you register the feature with your subscription. You can't enable accounts that existed before you registered the feature.
In the preview release of this feature, NFS 3.0 protocol is supported in BlockBlobStorage and general-purpose V2 accounts.
As you configure the account, choose these values:
| Setting | Premium performance | Standard performance |
|---|---|---|
| Location | All available regions | One of the following regions: Australia East, Korea Central, and South Central US |
| Performance | Premium | Standard |
| Account kind | BlockBlobStorage | General-purpose V2 |
| Replication | Locally-redundant storage (LRS) | Locally-redundant storage (LRS) |
| Connectivity method | Public endpoint (selected networks) or Private endpoint | Public endpoint (selected networks) or Private endpoint |
| Secure transfer required | Disabled | Disabled |
| Hierarchical namespace | Enabled | Enabled |
| NFS V3 | Enabled | Enabled |
You can accept the default values for all other settings.
Step 6: Create a container
Create a container in your storage account by using any of these tools or SDKs:
| Tools | SDKs |
|---|---|
| Azure portal | .NET |
| AzCopy | Java |
| PowerShell | Python |
| Azure CLI | JavaScript |
| REST |
Step 7: Mount the container
Create a directory on your Windows or Linux system, and then mount a container in the storage account.
On a Linux system, create a directory.
mkdir -p /mnt/testMount a container by using the following command.
mount -o sec=sys,vers=3,nolock,proto=tcp <storage-account-name>.blob.core.windows.net:/<storage-account-name>/<container-name> /mnt/testReplace the
<storage-account-name>placeholder that appears in this command with the name of your storage account.Replace the
<container-name>placeholder with the name of your container.
Resolve common issues
| Issue / error | Resolution |
|---|---|
Access denied by server while mounting |
Ensure that your client is running within a supported subnet. See the Supported network locations. |
No such file or directory |
Ensure sure that the container that you're mounting was created after you verified that the feature was registered. See Step 2: Verify that the feature is registered.Also, make sure to type the mount command and it's parameters directly into the terminal. If you copy and paste any part of this command into the terminal from another application, hidden characters in the pasted information might cause this error to appear. |
See also
Network File System (NFS) 3.0 protocol support in Azure Blob storage (preview)