File Integrity monitoring for blobs in Archive storage

Ruminski, Clayton - REE-ARS, Beltsville, MD 21 Reputation points
2022-08-23T18:43:32.117+00:00

We are looking at implementing Azure Blob Archive storage for digital preservation storage. One concern we have is monitoring blobs for file integrity to ensure no changes to the data over time. Is there such a feature built in? Or must this be done via a third party tool? Doing some digging I found this third-party tool on GitHub: BlobIM but have not done any testing. We are trying to avoid extracting data from Archive storage, running third party fixity checks, and then putting them back into Archive storage. The costs associated with pulling large amounts of data from archive storage is prohibitive.

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,408 questions
Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
908 questions
0 comments
Accepted answer
  1. SaiKishor-MSFT 17,171 Reputation points
    2022-09-01T06:34:22.877+00:00

    @Ruminski, Clayton - REE-ARS, Beltsville, MD I reached out to our internal team regarding this and here is more information regarding your question-

    "Archive storage validates data integrity in the backend as part of service compliance requirements. In any cases that customers want to validate explicitly, they need to rehydrate blobs to Hot, calculate hash, and compare with baseline hashes. The cost involved on rehydration is not avoidable."

    As you mentioned, if this does not work for you, please feel free to use the 3rd party integrity check. Hope this helps!
    Please let us know if you have any more questions and we will be glad to assist you further. Thank you!

    Remember:

    Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

    Want a reminder to come back and check responses? Here is how to subscribe to a notification.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. SaiKishor-MSFT 17,171 Reputation points
    2022-08-24T21:55:07.907+00:00

    @Ruminski, Clayton - REE-ARS, Beltsville, MD Thanks for reaching out to Microsoft Q&A. I understand that you want monitoring options for your Blobs to ensure no changes happen to the data.

    Here are some ways to protect your data using Azure resources-

    You can monitor this information using Azure Monitor- https://learn.microsoft.com/en-us/azure/storage/blobs/monitor-blob-storage?tabs=azure-portal

    You would first start with creating a Diagnostic Setting- https://learn.microsoft.com/en-us/azure/storage/blobs/monitor-blob-storage?tabs=azure-portal#creating-a-diagnostic-setting

    And then view logged activity by using a Log Analytics query or you can go the destination that you are forwarding the logs to as setup in the diagnostics settings.

    Here is a reference of Azure Blob Storage monitoring data collected using these steps - https://learn.microsoft.com/en-us/azure/storage/blobs/monitor-blob-storage-reference

    If you want to rather lock this data in a way that data cannot be modified or deleted for a user-specified interval, you can store the data in a WORM (Write Once, Read Many) state. Please refer this for more information- https://learn.microsoft.com/en-us/azure/storage/blobs/immutable-storage-overview#summary-of-immutability-scenarios

    Hope this helps. Please let us know if you have any more questions and we will be glad to assist you further. Thank you!

    Remember:

    Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

    Want a reminder to come back and check responses? Here is how to subscribe to a notification.

    1 person found this answer helpful.