migrate file server to azure files

Question

Hi team,

i have a file server that i want to migrate to azure files and i need a couple of clarifications from the experts:

1. at the moment, on premises file shares are configured via mapped drive using GPO. Will i be able to do the same when i migrate to azure files? or i have to mount manually on each device the drive
2. VPN and private link will be configured for private connectivity and i checked that we need to configure a dns forwarding on azure dns default IP which will require a DNS Vm on azure. My question is can i use my on prem DC to do that in order to save cost? or i am required to launch a secondary DNS on azure VM
3. regarding NTFS permissions, robocopy will maintain the same permissions that i am using on premises right? same procedure we used to do between 2 on prem file servers
4. regarding the structure, assuming that i have a file server on prem with 10 file shares and i want to provide the same structure on azure files. the procedure would be to create 10 azure file shares and then do robocopy 10 times, one time for each source and destination folder?
5. i checked that the recommended approach to use one azure file share per storage account? but what in the case of point 4? because creating new storage accounts for each file share will need a private endpoint for each storage account which will be expensive. what is your advise here?
6. assuming that i have multiple shares under one storage account, will the performance of the azure file storage account be divided between all file shares?

thank you in advance experts

Answer 1

@eg1995 Thank you for time and co-operation!

1. On-premises file shares are configured via mapped drive using GPO. Will I be able to do the same when I migrate to azure files? or I must mount manually on each device the drive?
   Yes, you can use GPO
2. VPN and private link will be configured for private connectivity, and I checked that we need to configure a dns forwarding on azure dns default IP which will require a DNS Vm on azure. My question is can I use my on prem DC to do that in order to save cost? or I am required to launch a secondary DNS on azure VM
   I believe there must be something on the Azure side and there are multiple options. A small VM is probably the cheapest. You may refer to other networking options for routing private IPs. If you are already using something like Azure Firewall there could be a way to leverage

You will still need DNS forwarding on prem to ensure local traffic on prem routes to the correct VNET where the private endpoint is hosted, additionally before it can be routed to the private endpoints the request will need to be resolved to Azure DNS private zones once inside the vNet. For this the following options exist.
Azure VM configured with DNS conditional forwarding
Azure Firewall, which is the most expensive if not already being leveraged.
Private DNS Resolver (Private Preview) enables users to query Azure DNS private zones from on prem without the need of Azure VM running DNS. The exact cost is TBD, but it will certainly be less expensive

3. Regarding NTFS permissions, robocopy will maintain the same permissions that I am using on premises, right? same procedure we used to do between 2 on prem file servers
   Yes, just make sure you use the right robocopy parameters to copy over ACLs.
   Migrate to Azure file shares using RoboCopy | Microsoft Learn
4. Regarding the structure, if I have a file server on prem with 10 file shares and I want to provide the same structure on azure files. the procedure would be to create 10 azure file shares and then do robocopy 10 times, one time for each source and destination folder?
   It depends. You may want to split or merge file shares. Having more shares gives more flexibility and more room to grow given shares have capacity and perf limits. Also, there is the one share per storage account guidance given there are storage account limits to consider. The flexibility comes from the fact that there are many share level settings: SMB Permissions, Tier (Tx Opt/Hot/Cool), Azure File Sync Group, etc.
5. I checked that the recommended approach to use one azure file share per storage account? but what in the case of point 4? because creating new storage accounts for each file share will need a private endpoint for each storage account which will be expensive. what is your advice here?
   The hourly private endpoint charge is $0.01 I believe. So that comes to <$90 per year. If you have to weigh the benefits of flexibility and storage account limitations over that cost. Storage account settings for things like joining to different AD domains and redundancy level (LRS/ZRS/GRS). I’d consider the cost in IT Pro time, end user downtime, and end user support issues (connecting to the new place) to move some shares out into their own storage accounts in the future.
6. Assuming that I have multiple shares under one storage account, will the performance of the azure file storage account be divided between all file shares? No

Please let us know if you have any further queries. I’m happy to assist you further.

----------

Please do not forget to and wherever the information provided helps you, this can be beneficial to other community members.

Answer 2

any updates on the last clarification?