Deploy Azure File Sync (preview)
Use Azure File Sync (preview) to centralize your organization's file shares in Azure Files, while keeping the flexibility, performance, and compatibility of an on-premises file server. Azure File Sync transforms Windows Server into a quick cache of your Azure file share. You can use any protocol that's available on Windows Server to access your data locally, including SMB, NFS, and FTPS. You can have as many caches as you need across the world.
- An Azure Storage account and an Azure file share in the same region that you want to deploy Azure File Sync. For more information, see:
- At least one supported instance of Windows Server or Windows Server cluster to sync with Azure File Sync. For more information about supported versions of Windows Server, see Interoperability with Windows Server.
Deploy the Storage Sync Service
The Storage Sync Service is the top-level Azure resource for Azure File Sync. To deploy a Storage Sync Service, go to the Azure portal, click New and then search for Azure File Sync. In the search results, select Azure File Sync (preview), and then select Create to open the Deploy Storage Sync tab.
On the pane that opens, enter the following information:
- Name: A unique name (per subscription) for the Storage Sync Service.
- Subscription: The subscription in which you want to create the Storage Sync Service. Depending on your organization's configuration strategy, you might have access to one or more subscriptions. An Azure subscription is the most basic container for billing for each cloud service (such as Azure Files).
- Resource group: A resource group is a logical group of Azure resources, such as a storage account or a Storage Sync Service. You can create a new resource group or use an existing resource group for Azure File Sync. (We recommend using resource groups as containers to isolate resources logically for your organization, such as grouping HR resources or resources for a specific project.)
- Location: The region in which you want to deploy Azure File Sync. Only supported regions are available in this list.
When you are finished, select Create to deploy the Storage Sync Service.
Prepare Windows Server to use with Azure File Sync
For each server that you intend to use with Azure File Sync, including server nodes in a Failover Cluster, complete the following steps:
Disable Internet Explorer Enhanced Security Configuration. This is required only for initial server registration. You can re-enable it after the server has been registered.
- Open Server Manager.
- Click Local Server:
- On the Properties subpane, select the link for IE Enhanced Security Configuration.
- In the Internet Explorer Enhanced Security Configuration dialog box, select Off for Administrators and Users:
Ensure that you are running at least PowerShell 5.1.* (PowerShell 5.1 is the default on Windows Server 2016). You can verify that you are running PowerShell 5.1.* by looking at the value of the PSVersion property of the $PSVersionTable object:
If your PSVersion value is less than 5.1.*, as will be the case with most installations of Windows Server 2012 R2, you can easily upgrade by downloading and installing Windows Management Framework (WMF) 5.1. The appropriate package to download and install for Windows Server 2012 R2 is Win8.1AndW2K12R2-KB*******-x64.msu.
Install and configure Azure PowerShell. We recommend using the latest version of the Azure PowerShell modules.
Install the Azure File Sync agent
The Azure File Sync agent is a downloadable package that enables Windows Server to be synced with an Azure file share. You can download the agent from the Microsoft Download Center. When the download is finished, double-click the MSI package to start the Azure File Sync agent installation.
If you intend to use Azure File Sync with a Failover Cluster, the Azure File Sync agent must be installed on every node in the cluster.
The Azure File Sync agent installation package should install relatively quickly, and without too many additional prompts. We recommend that you do the following:
- Leave the default installation path (C:\Program Files\Azure\StorageSyncAgent), to simplify troubleshooting and server maintenance.
- Enable Microsoft Update to keep Azure File Sync up to date. All updates, to the Azure File Sync agent, including feature updates and hotfixes, occur from Microsoft Update. We recommend installing the latest update to Azure File Sync. For more information, see Azure File Sync update policy.
When the Azure File Sync agent installation is finished, the Server Registration UI automatically opens. To learn how to register this server with Azure File Sync, see the next section.
Register Windows Server with Storage Sync Service
Registering Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service. The Server Registration UI should open automatically after installation of the Azure File Sync agent. If it doesn't, you can open it manually from its file location: C:\Program Files\Azure\StorageSyncAgent\ServerRegistration.exe. When the Server Registration UI opens, select Sign-in to begin.
After you sign in, you are prompted for the following information:
- Azure Subscription: The subscription that contains the Storage Sync Service (see Deploy the Storage Sync Service).
- Resource Group: The resource group that contains the Storage Sync Service.
- Storage Sync Service: The name of the Storage Sync Service with which you want to register.
After you have selected the appropriate information, select Register to complete the server registration. As part of the registration process, you are prompted for an additional sign-in.
Create a sync group
A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain at least one cloud endpoint, which represents an Azure file share, and one server endpoint, which represents a path on Windows Server. To create a sync group, in the Azure portal, go to your Storage Sync Service, and then select + Sync group:
In the pane that opens, enter the following information to create a sync group with a cloud endpoint:
- Sync group name: The name of the sync group to be created. This name must be unique within the Storage Sync Service, but can be any name that is logical for you.
- Subscription: The subscription where you deployed the Storage Sync Service in Deploy the Storage Sync Service.
- Storage account: If you select Select storage account, another pane appears in which you can select the storage account that has the Azure file share that you want to sync with.
- Azure File Share: The name of the Azure file share with which you want to sync.
To add a server endpoint, go to the newly created sync group and then select Add server endpoint.
In the Add server endpoint pane, enter the following information to create a server endpoint:
- Registered server: The name of the server or cluster where you want to create the server endpoint.
- Path: The Windows Server path to be synced as part of the sync group.
- Cloud Tiering: A switch to enable or disable cloud tiering. With cloud tiering, infrequently used or accessed files can be tiered to Azure Files.
- Volume Free Space: The amount of free space to reserve on the volume on which the server endpoint is located. For example, if volume free space is set to 50% on a volume that has a single server endpoint, roughly half the amount of data is tiered to Azure Files. Regardless of whether cloud tiering is enabled, your Azure file share always has a complete copy of the data in the sync group.
To add the server endpoint, select Create. Your files are now kept in sync across your Azure file share and Windows Server.
You can make changes to any cloud endpoint or server endpoint in the sync group and have your files synced to the other endpoints in the sync group. If you make a change to the cloud endpoint (Azure file share) directly, changes first need to be discovered by an Azure File Sync change detection job. A change detection job is initiated for a cloud endpoint only once every 24 hours. For more information, see Azure Files frequently asked questions.
Onboarding with Azure File Sync
The recommended steps to onboard on Azure File Sync for the first with zero downtime while preserving full file fidelity and access control list (ACL) are as follows:
- Deploy a Storage Sync Service.
- Create a sync group.
- Install Azure File Sync agent on the server with the full data set.
- Register that server and create a server endpoint on the share.
- Let sync do the full upload to the Azure file share (cloud endpoint).
- After the initial upload is complete, install Azure File Sync agent on each of the remaining servers.
- Create new file shares on each of the remaining servers.
- Create server endpoints on new file shares with cloud tiering policy, if desired. (This step requires additional storage to be available for the initial setup.)
- Let Azure File Sync agent to do a rapid restore of the full namespace without the actual data transfer. After the full namespace sync, sync engine will fill the local disk space based on the cloud tiering policy for the server endpoint.
- Ensure sync completes and test your topology as desired.
- Redirect users and applications to this new share.
- You can optionally delete any duplicate shares on the servers.
If you don't have extra storage for initial onboarding and would like to attach to the existing shares, you can pre-seed the data in the Azure files shares. This approach is suggested, if and only if you can accept downtime and absolutely guarantee no data changes on the server shares during the initial onboarding process.
- Ensure that data on any of the server can't change during the onboarding process.
- Pre-seed Azure file shares with the server data using any data transfer tool over the SMB e.g. Robocopy, direct SMB copy. Since AzCopy does not upload data over the SMB so it can’t be used for pre-seeding.
- Create Azure File Sync topology with the desired server endpoints pointing to the existing shares.
- Let sync finish reconciliation process on all endpoints.
- Once reconciliation is complete, you can open shares for changes.
Please be aware that currently, pre-seeding approach has a few limitations -
- Full fidelity on files is not preserved. For example, files lose ACLs and timestamps.
- Data changes on the server before sync topology is fully up and running can cause conflicts on the server endpoints.
- After the cloud endpoint is created, Azure File Sync runs a process to detect the files in the cloud before starting the initial sync. The time taken to complete this process varies depending on the various factors like network speed, available bandwidth, and number of files and folders. For the rough estimation in the preview release, detection process runs approximately at 10 files/sec. Hence, even if pre-seeding runs fast, the overall time to get a fully running system may be significantly longer when data is pre-seeded in the cloud.
Migrate a DFS Replication (DFS-R) deployment to Azure File Sync
To migrate a DFS-R deployment to Azure File Sync:
- Create a sync group to represent the DFS-R topology you are replacing.
- Start on the server that has the full set of data in your DFS-R topology to migrate. Install Azure File Sync on that server.
- Register that server and create a server endpoint for the first server to be migrated. Do not enable cloud tiering.
- Let all of the data sync to your Azure file share (cloud endpoint).
- Install and register the Azure File Sync agent on each of the remaining DFS-R servers.
- Disable DFS-R.
- Create a server endpoint on each of the DFS-R servers. Do not enable cloud tiering.
- Ensure sync completes and test your topology as desired.
- Retire DFS-R.
- Cloud tiering may now be enabled on any server endpoint as desired.
For more information, see Azure File Sync interop with Distributed File System (DFS).