Can the new Azure File Service be used from Azure WebSites? - azure

The title pretty much says it all...
Microsoft just launched the new File Services on Azure.
(http://blogs.msdn.com/b/windowsazurestorage/archive/2014/05/12/introducing-microsoft-azure-file-service.aspx)
Can I use it from within a Azure WebSite?
Or is it limited to use from VMs and CloudServices due to "net use" restrictions?
Thanks

Yes - use the REST API - the Azure website MUST be in the same region as the storage account.
Once your share is created, it can be accessed via the SMB or REST
protocol from any Azure node (VM/Worker/Web role) hosted in the same
region as the storage account hosting the share.

Related

Where can i find a simple resource on how to Migrate windows server AD to Azure cloud

I want to migrate my Organization's Windows Server AD to Azure cloud (Azure Active directory domain services)
I can't seem to find any good documentation from Microsoft.
You can migrate your on-prem physical servers to Azure as per the document
Azure AD Domain services and Azure Active directory services are two different things in Azure.
You will get more details from the document.

Azure Web API requesting for storage account blobs

We have multiple mobile apps which displays images, documents from azure blob storage. Right now these storage account blob containers are public, so our mobile apps can access. But now we want to restrict all these containers to private. I am looking for a generic solution where I will create .NET webapi's deploy to azure app service. This app service should talk to storage account and return the blobs/images/documents. All mobile apps should talk to app services instead of directly talking to Storage accounts.
If you could suggest the high-level overview on how to approach this?
We already have mobile apps directly talking to azure storage accounts.
Yes, it is a practicable plan. In this scenario, your container and blob could be private, and your web api can access them via Azure Storage SDK, and your mobile apps will be clients which need to get authorized to call your web api.
To utilize the Azure AD, you need to create two applications in Azure AD. One is a web application which represents the web api, and the other is a native application (or several apps) which represents the client.
There is an official sample for get-started with this: Samples, you may refer to it first.

Connecting to an Azure Subscription in Azure China using an application created in Azure General region gives "AADSTS70001" error

I have created a native application in an Azure AD in Azure General region. The application has been granted appropriate permissions (Sign in on user's behalf, execute Service Management API requests etc.). Using this application, I am able to connect to any Azure Subscription in Azure General region using this application.
However when I try to connect to an Azure Subscription in Azure China, after successful login, I am getting the following error:
AADSTS70001: Application with identifier '01234567-890a-bcde-ffff-fcc63fc150ea' was not
found in the directory 'xxx.yyy.onmschina.cn'.
So my questions are:
Is it possible to connect to an Azure Subscription in Azure China (or for that matter to any Azure Subscription in Azure Sovereign Cloud like Germany etc.) using an application created in Azure General region?
Or do I need to create a separate application for each Azure Sovereign region in an Azure AD in that region?
If I indeed need to create a separate application (i.e. answer is yes to above question), is it possible to create an Azure AD tenant in these Sovereign regions without having an Azure Subscription there?
I believe the answer to the last question is yes considering Azure AD and Azure Subscription are two different things, yet I would very much like to get a confirmation on the same.
No,
it is NOT possible to connect Azure "General" with any sovereign clouds - these are Azure US Government, Azure China, Azure Germany. All these clouds are completely separate deployments with their own Azure AD. You cannot use B2B inter clouds, you cannot use your multi-tenant applications across clouds.
For that case you have to have a subscription in every cloud you would like to support and separate application registration, and separate instructions for your users. Check for example how Azure CLI is handling this. You are always only connected to one cloud with cloud's specific account.
In Azure Germany you can create an Azure AD tenant - just create a free trial subscription and you will also get a tenant. For China and US Gov will be hard - they both have very strict requirements who can create subscriptions there.

How do I configure which storage account my Web Apps and Function Apps use?

Is this even possible? I have a couple web apps and a couple of Azure Functions running under the same App Service Plan. I'd like to (ideally) have them use a specific Storage plan, so I can keep everything in one place. I envision them in different containers under the same plan.
If that's not possible...then where are the files? Are they on the storage that's built into the App Service Plan itself? If so, can I connect to this somehow, so I can manage the files through something like Storage Explorer?
Today when playing with the Azure Az Powershell tool I found I was able to provision a Function App without a Azure Storage back-end. This cannot be done via the UI. An easy way to provision a Function App with a storage account backend is by leveraging the Azure UI for provisioning.
When a Function App is provisioned via command line, the bits seem to be stored within the function app itself. There is an FTP URL given if you download the publish profile. The files can be read and written to using an FTP tool like WinSCP (as alternative to Kudu)
I'd like to (ideally) have them use a specific Storage plan, so I can keep everything in one place. I envision them in different containers under the same plan. If that's not possible...then where are the files? 
Every Azure Web App has a home directory stored/backed by Azure Storage. More detail info please refer to Azure WebApp sandbox. It is owned by Azure WebApp Service, we are not able to choose Azure Storage to setup WebApp by ourselves currently. But we could config storage account for Azure WebApp Diagnostic logs.
Are they on the storage that's built into the App Service Plan itself? If so, can I connect to this somehow, so I can manage the files through something like Storage Explorer?
Different WebApp Service Plan has different volume of the storage. We could use Kudu tool (https://yoursite.scm.azurewebsites.net) to manage the files. More detail info about Kudu please refer to the document.
Update:
We could access the home directory with the Kudu tool. More details please refer to the snapshoot

Is it normal for Azure to create a web service with the same name when creating virtual machine?

I just created a windows 2012 datacenter VM in azure, however I notice in management portal that Azure also created a cloud service with same name. Is this normal?I don't want to be double charged..
This is normal. You are not charged for Cloud Services. You're only charged for actual VM's deployed in them. Cloud Service is just a record in a database and a concept that is used to group Azure resources together

Resources