Design 9: File Share Sync (Hybrid Storage)

Summary

This design implements Azure File Sync.

Topology: The Storage Account is in a Spoke VNet. The Sync Service syncs data between On-Prem and Cloud.

1. Key Design Decisions (ADR)

ADR-01: Protocol

Decision: SMB.
Rationale: Standard Windows file sharing.

2. High-Level Design (HLD)

+--------------+           +--------------------------+           +--------------+
|  On-Prem     |           |        HUB VNet          |           |  SPOKE VNet  |
|  User        |           |      (VPN Gateway)       |           |  (Storage)   |
+------+-------+           +------------+-------------+           +------+-------+
       |                                |                                |
       v                                | (Peering)                      |
+------+-------+                        v                                v
|  File Server |           +------------+-------------+           +------+-------+
|  (Agent)     |---------->| Private Endpoint         |<--------->|  Azure Files |
+--------------+           | (Sync Traffic)           |           |  (Cloud Tier)|
                           +--------------------------+           +------+-------+

3. Low-Level Design (LLD)

                               PRIMARY REGION (East US)
+-----------------------------------------------------------------------+
| HUB VNet: vnet-hub (10.0.0.0/16)                                      |
|   +-----------------------+                                           |
|   | VPN Gateway           |                                           |
|   +-----------|-----------+                                           |
|               |                                                       |
|               v (Peering)                                             |
+---------------|-------------------------------------------------------+
                |
+---------------|-------------------------------------------------------+
| SPOKE VNet: vnet-files-spoke (10.1.0.0/16)                            |
|   +-----------------------+                                           |
|   | Storage Account       |                                           |
|   | (Azure Files)         |                                           |
|   +-----------------------+                                           |
|   | Storage Sync Service  |                                           |
|   +-----------------------+                                           |
+-----------------------------------------------------------------------+

                               SECONDARY REGION (West US)
+-----------------------------------------------------------------------+
| DR STRATEGY                                                           |
|   +-----------------------+                                           |
|   | Storage Account (DR)  |                                           |
|   | (GRS)                 |                                           |
|   +-----------------------+                                           |
+-----------------------------------------------------------------------+

4. Component Rationale

Cloud Tiering: Keep hot data on-prem, move cold data to cloud.

5. Strategy: High Availability (HA)

SLA: 99.9%.

6. Strategy: Disaster Recovery (DR)

Implementation: GRS.
Process: Failover Storage Account.

7. Strategy: Backup

Implementation: Azure Backup.

8. Strategy: Security

Private Link: Sync traffic goes over VPN/Private Link.

9. Well-Architected Framework Analysis

Reliability: High.
Security: High.
Cost Optimization: High.
Operational Excellence: High.
Performance Efficiency: High.

10. Detailed Traffic Flow

1. User: Saves file to On-Prem Server.

2. Agent: Detects change.

3. Sync: Uploads file to Azure Files.

4. Tier: If file is old, replace with pointer (stub).

11. Runbook: Deployment Guide (Azure Portal)

Phase 1: Create Resource Group & VNet

1. Create Resource Group: rg-design09-files. Region: East US.

2. Create VNet:

* Name: vnet-files-spoke.

* Address space: 10.1.0.0/16.

* Subnet: snet-storage (10.1.1.0/24).

3. Peering: Peer vnet-files-spoke to vnet-hub.

Phase 2: Create Storage Account & Share

1. Search: "Storage accounts" -> + Create.

2. Resource Group: rg-design09-files.

3. Name: stfilescorp[uniqueid].

4. Region: East US.

5. Performance: Standard (or Premium for high IOPS).

6. Redundancy: LRS or GRS.

7. Create.

8. Create Share:

* Go to Storage Account -> File shares.

* + File share. Name: share-hr-docs. Tier: Transaction optimized.

* Create.

Phase 3: Create Storage Sync Service

1. Search: "Azure File Sync" -> + Create.

2. Resource Group: rg-design09-files.

3. Name: sync-service-corp.

4. Region: East US.

5. Create.

Phase 4: Configure Sync Group

1. Go to sync-service-corp.

2. Sync groups -> + Sync group.

3. Sync group name: sg-hr-docs.

4. Storage account: Select stfilescorp[uniqueid].

5. Azure File Share: Select share-hr-docs.

6. Create.

Phase 5: Register Server (Simulated On-Prem)

1. Deploy a Windows Server VM vm-onprem-file (simulate on-prem).

2. Download Agent: Inside VM, download "Azure File Sync Agent".

3. Install: Run installer.

4. Sign in: Sign in with Azure credentials.

5. Choose Subscription/Resource Group: Select rg-design09-files / sync-service-corp.

6. Register.

Phase 6: Add Server Endpoint

1. Go back to Azure Portal -> sync-service-corp -> sg-hr-docs.

2. Add server endpoint.

3. Registered server: Select vm-onprem-file.

4. Path: C:\Data\HR (Create this folder on VM first).

5. Cloud Tiering: Enabled.

6. Create.

7. *Verification*: Create a file in C:\Data\HR on VM. Check Azure Portal File Share. It should appear.