How to create an NFS share

Azure file shares are fully managed file shares that live in the cloud. This article covers creating a file share that uses the NFS protocol. For more information on both protocols, see Azure file share protocols.

Limitations

While in preview, NFS has the following limitations:

  • NFS 4.1 currently only supports most features from the protocol specification. Some features such as delegations and callback of all kinds, lock upgrades and downgrades, Kerberos authentication, and encryption are not supported.
  • If the majority of your requests are metadata-centric, then the latency will be worse when compared to read/write/update operations.
  • NFS Shares can only be enabled/created on new storage account/s and not the existing ones
  • Only the management plane REST APIs are supported. Data plane REST APIs are not available, which means that tools like Storage Explorer will not work with NFS shares nor will you be able to browse NFS share data in the Azure portal.
  • AzCopy is not currently supported.
  • Only available for the premium tier.
  • NFS shares only accept numeric UID/GID. To avoid your clients sending alphanumeric UID/GID, you should disable ID mapping.
  • Shares can only be mounted from one storage account on an individual VM, when using private links. Attempting to mount shares from other storage accounts will fail.
  • It is best to rely on the permissions assigned to primary group. Sometimes, permissions allocated to the non-primary group of the user may result in access denied due to a known bug.

Azure Storage features not yet supported

Also, the following Azure Files features are not available with NFS shares:

  • Identity-based authentication
  • Azure Backup support
  • Snapshots
  • Soft delete
  • Full encryption-in-transit support (for details see NFS security)
  • Azure File Sync (only available for Windows clients, which NFS 4.1 does not support)

Regional availability

NFS is supported in ALL 30+ regions where Premium Files Storage is available.

We are continuously adding regions. For the most up-to-date list, use the sample below to query the list of regions with NFS support. You can also check for your region support at Azure Products available by region page under Premium Files Storage.

# Log in first with Connect-AzAccount if not using Cloud Shell

$azContext = Get-AzContext
$azProfile = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile
$profileClient = New-Object -TypeName Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient -ArgumentList ($azProfile)
$token = $profileClient.AcquireAccessToken($azContext.Subscription.TenantId)
$authHeader = @{
    'Content-Type'='application/json'
    'Authorization'='Bearer ' + $token.AccessToken
}

# Provide specific subscription id if you want  list for a different subscription
$subscription = $azContext.Subscription.Id

# Invoke the REST API
$restUri = "https://management.azure.com/subscriptions/$subscription/providers/Microsoft.Storage/skus?api-version=2019-06-01"
$response = Invoke-RestMethod -Uri $restUri -Method Get -Headers $authHeader

# List of all regions that has NFS support.
$response.value| Where-Object -FilterScript {$_.capabilities| Where-Object { $_.name -eq 'supportsNfsShare' -and $_.value -eq 'true'}}| Select-Object locations, kind, name

# List of regions that support NFS Zonal redundancy.
$response.value| Where-Object -FilterScript {($_.name -EQ 'Premium_ZRS') -and ($_.capabilities| Where-Object { $_.name -eq 'supportsNfsShare' -and $_.value -eq 'true'})}| Select-Object locations

Sample response

List of regions that support NFS Zonal redundancy
locations
---------
{eastus}
{eastus2}
{westeurope}
{southeastasia}
{japaneast}
{northeurope}
{australiaeast}
{westus2}
{uksouth}
{eastus2euap}
{francecentral}

Prerequisites

Register the NFS 4.1 protocol

If you're using the Azure PowerShell module or the Azure CLI, register your feature using the following commands:

Use either Azure PowerShell or Azure CLI to register the NFS 4.1 feature for Azure Files.

Registration approval can take up to an hour. To verify that the registration is complete, use the following commands:

Use either Azure PowerShell or Azure CLI to check on the registration of the NFS 4.1 feature for Azure Files.

Create a FileStorage storage account

Currently, NFS 4.1 shares are only available as premium file shares. To deploy a premium file share with NFS 4.1 protocol support, you must first create a FileStorage storage account. A storage account is a top-level object in Azure that represents a shared pool of storage which can be used to deploy multiple Azure file shares.

To create a FileStorage storage account, navigate to the Azure portal.

  1. In the Azure portal, select Storage Accounts on the left menu.

    Azure portal main page select storage account.

  2. On the Storage Accounts window that appears, choose Add.

  3. Select the subscription in which to create the storage account.

  4. Select the resource group in which to create the storage account

  5. Next, enter a name for your storage account. The name you choose must be unique across Azure. The name also must be between 3 and 24 characters in length, and can include numbers and lowercase letters only.

  6. Select a location for your storage account, or use the default location.

  7. For Performance select Premium.

    You must select Premium for Fileshares to be an available option in the Account kind dropdown.

  8. For Premium account type choose Fileshares.

    Screenshot of premium performance selected.

  9. Leave Replication set to its default value of Locally-redundant storage (LRS).

  10. Select Review + Create to review your storage account settings and create the account.

  11. Select Create.

Once your storage account resource has been created, navigate to it.

Create an NFS share

Now that you have created a FileStorage account and configured the networking, you can create an NFS file share. The process is similar to creating an SMB share, you select NFS instead of SMB when creating the share.

  1. Navigate to your storage account and select File shares.

  2. Select + File share to create a new file share.

  3. Name your file share, select a provisioned capacity.

  4. For Protocol select NFS (preview).

  5. For Root Squash make a selection.

    • Root squash (default) - Access for the remote superuser (root) is mapped to UID (65534) and GID (65534).
    • No root squash - Remote superuser (root) receives access as root.
    • All squash - All user access is mapped to UID (65534) and GID (65534).
  6. Select Create.

    Screenshot of file share creation blade.

Next steps

Now that you've created an NFS share, to use it you have to mount it on your Linux client. For details, see How to mount an NFS share.

If you experience any issues, see Troubleshoot Azure NFS file shares.