VM + MANAGED DATA DISK or VM + STORAGE ACCOUNT(File Share)

Igor Valsichi 1 Reputation point
2021-09-08T11:53:08.793+00:00

Hi guys!

For a scenario having VPN S2S / P2S using AZURE VM (Windows Server) and file share with ntfs permissions, what would be best option for cost X benefit ?

VM + MANAGED DATA DISK or VM + STORAGE ACCOUNT(FILE SHARE)?

I think to use NTFS permissions on storage account, first you would have to join it to your domain, right?

but my question is regarding cost x benefit

thank you.
Igor

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,714 questions
Azure Disk Storage
Azure Disk Storage
A high-performance, durable block storage designed to be used with Azure Virtual Machines and Azure VMware Solution.
572 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alan Kinane 16,786 Reputation points MVP
    2021-09-08T13:18:31.78+00:00

    Yes, you will need domain services to apply NTFS permissions in either scenario so either an accessible Active Directory environment or else to use Azure AD Domain Services. If you have an AD environment on premises already then with the S2S VPN this is your cheapest option.

    If you just require a fileshare then go with Azure Files, no need for a VM at all. This will give you a highly available serverless file share. If you need the Azure VM for something else then it may be cheaper to just add a disk to it but if the VM has any issues or requires maintenance then the files hare may go offline.

    The benefits of Azure files are more on high availability, scalability (up and down) and the fact it does not need to be maintained beyond permissions really.

    Exact pricing will depend on capacity requirements and performance tiers. Don't forget to factor in backup costs also. If you work it out by the GB a managed disk is cheaper in terms of cost but it really depends on the use case to make the right choice.

    0 comments
  2. Igor Valsichi 1 Reputation point
    2021-09-08T19:44:10.827+00:00

    Hi Alan!

    lets say I do not have any on-premises server. Lets talk about using only AZURE structure.

    VM using or not AD with managed disk can do those NTFS permissions.... but to have them in the storage account(file share) I need to promote VM to a domain server to have the file shared joined to it and then apply NTFS permissions. OR to use AADDS.
    ...am I correct so far?

    attaching MANAGED DISK of 500gb to VM or mapping 500gb FILE SHARE to a VM would cost almost the same thing (i think so)
    is there any benefit of having one or another?

    another thing is, is it possible to have a storage account(file share) joined to AADDS and then mapped to a standalone pc (out of any VPN) by using \storageaccount.azure.windows...bla bla bla.net\file_share and using azure ad account to authenticate? without any VM?