Igor Valsichi 1 Reputation point

Hi guys!

For a scenario having VPN S2S / P2S using AZURE VM (Windows Server) and file share with ntfs permissions, what would be best option for cost X benefit ?


I think to use NTFS permissions on storage account, first you would have to join it to your domain, right?

but my question is regarding cost x benefit

thank you.

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,820 questions
Azure Disk Storage
Azure Disk Storage
A high-performance, durable block storage designed to be used with Azure Virtual Machines and Azure VMware Solution.
586 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Alan Kinane 16,796 Reputation points MVP

    Yes, you will need domain services to apply NTFS permissions in either scenario so either an accessible Active Directory environment or else to use Azure AD Domain Services. If you have an AD environment on premises already then with the S2S VPN this is your cheapest option.

    If you just require a fileshare then go with Azure Files, no need for a VM at all. This will give you a highly available serverless file share. If you need the Azure VM for something else then it may be cheaper to just add a disk to it but if the VM has any issues or requires maintenance then the files hare may go offline.

    The benefits of Azure files are more on high availability, scalability (up and down) and the fact it does not need to be maintained beyond permissions really.

    Exact pricing will depend on capacity requirements and performance tiers. Don't forget to factor in backup costs also. If you work it out by the GB a managed disk is cheaper in terms of cost but it really depends on the use case to make the right choice.

    0 comments No comments

  2. Igor Valsichi 1 Reputation point

    Hi Alan!

    lets say I do not have any on-premises server. Lets talk about using only AZURE structure.

    VM using or not AD with managed disk can do those NTFS permissions.... but to have them in the storage account(file share) I need to promote VM to a domain server to have the file shared joined to it and then apply NTFS permissions. OR to use AADDS.
    ...am I correct so far?

    attaching MANAGED DISK of 500gb to VM or mapping 500gb FILE SHARE to a VM would cost almost the same thing (i think so)
    is there any benefit of having one or another?

    another thing is, is it possible to have a storage account(file share) joined to AADDS and then mapped to a standalone pc (out of any VPN) by using \storageaccount.azure.windows...bla bla bla.net\file_share and using azure ad account to authenticate? without any VM?