Providing Storage for a New Company App

onyemachi_doris

Onyemachi Doris

Posted on October 4, 2024

Providing Storage for a New Company App

Table of Contents

  • Introduction
  • Types of Storage Options
  • Importance of Storage in App Development
  • Step-by-Step Guide to Creating a Storage Account for a new Company App
  • Conclusion

Introduction

Apps are currently an essential component of our everyday life. They meet a multitude of requirements and preferences, ranging from social networking to productivity tools. It's important for new businesses entering the app development space to comprehend the importance of storage.

Storage offers the tools needed to effectively manage, save, and retrieve data; it is the backbone of any application. A well-thought-out and reliable storage solution can make a big difference in an application's performance, scalability, and functionality.

Types of Storage Options

  • Relational databases: This is used for structured data with well-defined relationships, such as customer information or product catalogs. Examples include MySQL, PostgreSQL, and Oracle.

  • NoSQL databases: Suitable for unstructured or semi-structured data, such as JSON or XML documents. Examples include MongoDB, Cassandra, and Redis.

  • Object storage: Designed for storing large amounts of unstructured data, such as images, videos, and documents. Examples include Amazon S3, Google Cloud Storage, and Azure Blob Storage.

  • File storage: This is primarily used for storing files, such as documents, images, and audio files. Examples include NFS and SMB.

  • Hybrid storage approaches: This involves combining multiple storage solutions to meet specific requirements, such as using a relational database for transactional data and object storage for large media files.

Importance of Storage in App Development

  • Data Persistence: Storage guarantees that information is kept safe even after an app is closed or the device is restarted, giving consumers access to their data whenever they choose.

  • Scalability: With a scalable storage system, an application can increase and change over time in response to rising data volumes and user loads.

  • Performance: An app speed may be greatly enhanced by effective storage management, which also guarantees a seamless user experience by cutting down on loading times.

  • Data Security: Sensitive user data is protected against breaches and unwanted access with the aid of appropriate storage procedures, such as encryption and access controls.

  • Integration with Other Systems: To promote data exchange and interoperability, storage solutions can be connected with other systems, including databases, cloud computing platforms, and external services.

Step-by-Step Guide to Creating a Storage Account for a new Company App

Assuming a company is designing and developing a new app. The developers wants to ensure that storage is only accessed using keys and managed identities. They also want to use role-based access control. To help with testing, protected immutable storage is needed. A step-by-step guide on how to achieve this is illustrated as follows;

Step 1: Create the storage account and managed identity

Provide a storage account for the web app

  • In the Azure portal, search for and select Storage accounts.

Image description

  • Select + Create.

Image description

  • For Resource group select Create new. Give your resource group a name and select OK to save your changes.

  • Provide a Storage account name. Ensure the name is unique and meets the naming requirements.

Image description

  • Move to the Encryption tab.

  • Check the box for Enable infrastructure encryption.

  • Notice the warning, This option cannot be changed after this storage account is created.

  • Select Review + Create.

  • Wait for the resource to deploy.

Image description

Provide a managed identity for the web app to use.

  • Search for and select Managed identities.

Image description

  • Select Create.

Image description

  • Select your resource group.

Image description

  • Give your managed identity a name.

  • Select Review and create, and then Create.

Image description

Assign the correct permissions to the managed identity. The identity only needs to read and list containers and blobs.

  • Search for and select your storage account.

  • Select the Access Control (IAM) blade.

  • Select Add role assignment (center of the page).

Image description

  • On the Job functions roles page.

Image description

Search for and select the Storage Blob Data Reader role.

Image description

  • On the Members page, select Managed identity.

Image description

  • Select Select members, in the Managed identity drop-down select User-assigned managed identity.

  • Select the managed identity you created in the previous step.

  • Click Select and then Review + assign the role.

Image description

  • Select Review + assign a second time to add the role assignment.

Image description

  • Your storage account can now be accessed by a managed identity with the Storage Data Blob Reader permissions.

Step 2: Secure access to the storage account with a key vault and key.

To create the key vault and key needed for this part of the lab, your user account must have Key Vault Administrator permissions.

  • In the portal, search for and select Resource groups.

  • Select your resource group, and then the Access Control (IAM) blade.

  • Select Add role assignment (center of the page).

Image description

  • On the Job functions roles page, search for and select the Key Vault Administrator role.

Image description

  • On the Members page, select User, group, or service principal.

Image description

  • Select Select members.

  • Search for and select your user account. Your user account is shown in the top right of the portal.

  • Click Select and then Review + assign.

Image description

  • Select Review + assign a second time to add the role assignment.

Image description

  • You are now ready to continue with the lab.

Create a key vault to store the access keys.

  • In the portal, search for and select Key vaults.

Image description

  • Select Create.

Image description

  • Select your resource group.

Image description

  • Provide the name for the key vault. The name must be unique.

Image description

  • Ensure on the Access configuration tab that Azure role-based access control (recommended) is selected.

  • Select Review + create.

Image description

  • Wait for the validation checks to complete and then select Create.

Image description

  • After the deployment, select Go to resource.

Image description

  • On the Overview blade ensure both Soft-delete and Purge protection are enabled.

Image description

Create a customer-managed key in the key vault.

  • In your key vault, in the Objects section, select the Keys blade.

  • Select Generate/Import.

Image description

  • Name the key. Take the defaults for the rest of the parameters, and Create the key.

Image description

Step 3: Configure the storage account to use the customer managed key in the key vault

Before you can complete the next steps, you must assign the Key Vault Crypto Service Encryption User role to the managed identity.

  • In the portal, search for and select Resource groups.

  • Select your resource group, and then the Access Control (IAM) blade.

  • Select Add role assignment (center of the page).

Image description

  • On the Job functions roles page, search for and select the Key Vault Crypto Service Encryption User role.

Image description

  • On the Members page, select Managed identity.

Image description

  • Select Select members, in the Managed identity drop-down select User-assigned managed identity.

  • Select your managed identity.

Image description

  • Click Select and then Review + assign.

Image description

  • Select Review + assign a second time to add the role assignment.

Configure the storage account to use the customer managed key in your key vault.

  • Return to your the storage account.

  • In the Security + networking section, select the Encryption blade.

  • Select Customer-managed keys.

Image description

  • Select a key vault and key. Select your key vault and key.

  • Select to confirm your choices.

Image description

  • Ensure the Identity type is User-assigned.

Image description

  • Select an identity.

  • Select your managed identity then select Add.

Image description

  • Save your changes.

Image description

  • If you receive an error that your identity does not have the correct permissions, wait a minute and try again.

Step 4: Configure a time-based retention policy and an encryption scope.

The developers require a storage container where files can’t be modified, even by the administrator.

  • Navigate to your storage account.

  • In the Data storage section, select the Containers blade.

Image description

  • Create a container called hold. Take the defaults. Be sure to Create the container.

Image description

  • Upload a file to the container.

Image description

  • In the Settings section, select the Access policy blade.

  • In the Immutable blob storage section, select + Add policy.

Image description

  • For the Policy type, select time-based retention.

  • Set the Retention period to 5 days.

  • Be sure to Save your changes.

Image description

  • Try to delete the file in the container.

  • Verify you are notified failed to delete blobs due to policy.

Image description

The developers require an encryption scope that enables infrastructure encryption.

  • Navigate back to your storage account.

  • In the Security + networking blade, select Encryption.

  • In the Encryption scopes tab, select Add.

Image description

  • Give your encryption scope a name.

  • The Encryption type is Microsoft-managed key.

  • Set Infrastructure encryption to Enable.

  • Create the encryption scope.

Image description

  • Return to your storage account and create a new container.

  • Notice on the New container page, there is the Name and Public access level.

  • Notice in the Advanced section you can select the Encryption scope you created and apply it to all blobs in the container.

Image description

Conclusion

In conclusion, the cost-effectiveness, scalability, and performance of a new company app will all be greatly impacted by the storage solution you choose. You may determine which storage option is best for you by carefully assessing your needs, including data volume, access patterns, data sensitivity, and financial limits.

Don't forget to like, comment, share and subscribe!

💖 💪 🙅 🚩
onyemachi_doris
Onyemachi Doris

Posted on October 4, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

Providing Storage for a New Company App
beginners Providing Storage for a New Company App

October 4, 2024