Share via

End-to-end latency increase after transitioning from account key to Entra ID authentication

Sihan Zeng 20 Reputation points Microsoft Employee
2024-06-28T06:30:49.2633333+00:00

Our service recently transitioned from account-based to Entra ID authentication for blob uploads to our storage account. However, we noticed that the average end-to-end latency for blob operations increased from approximately 500ms to 2s after the authentication method change. Is this behavior expected? Could this be due to the extra authentication flow introduced with SNI adoption?

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,613 questions
0 comments
Accepted answer
  1. Amrinder Singh 4,270 Reputation points Microsoft Employee
    2024-07-01T05:27:28.9866667+00:00

    Hi Sihan Zeng - Thanks for reaching out.

    Azure Storage provides two latency metrics for block blobs. These metrics can be viewed in the Azure portal:

    End-to-end (E2E) latency measures the interval from when Azure Storage receives the first packet of the request until Azure Storage receives a client acknowledgment on the last packet of the response.

    Server latency measures the interval from when Azure Storage receives the last packet of the request until the first packet of the response is returned from Azure Storage.

    https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blobs-latency

    I would recommend enabling the diagnostic logging on the account to verify the latency values for E2E and server one.

    [https://learn.microsoft.com/en-us/azure/storage/blobs/monitor-blob-storage?tabs=azure-portal

    ](https://learn.microsoft.com/en-us/azure/storage/blobs/monitor-blob-storage?tabs=azure-portal

    )If the server-side latency is high as well, then the investigation might be required from the server side however if the E2E is high while the server side one remains low, the investigation will be required outside of storage on the client side.

    There might be some additional time for Auth via AD but not this much significant and should get reflected on the server latency side

    Hope that helps!

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Nehruji R 4,451 Reputation points Microsoft Vendor
    2024-07-01T05:48:27.74+00:00

    Hello Sihan Zeng,

    Greetings! Welcome to Microsoft Q&A Platform.

    Adding to above information, End-to-end (E2E) latency measures the interval from when Azure Storage receives the first packet of the request until Azure Storage receives a client acknowledgment on the last packet of the response. The average end-to-end latency of successful requests made to a storage service or the specified API operation. This value includes the required processing time within Azure Storage to read the request, send the response, and receive acknowledgment of the response.264862-image.png

    Refer to this troubleshooting article " How to isolate latency issue for Azure Storage Account"

    refer - https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blobs-latency,

    https://learn.microsoft.com/en-us/entra/architecture/authenticate-applications-and-users,

    https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory for detailed guidance.

    You can try single blobserviceclient. Also, azcopy and check for the status.

    Hope this answer helps! Please let us know if you have any further queries. I’m happy to assist you further.

    Please "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    1 person found this answer helpful.
    0 comments