Search results provided by Azure Search - read how I built it in this post.
Max Melcher

5 minute read

Enterprise File Shares on Azure

Please see official documentation - this blog post might be outdated!: Azure Files and Azure NetApp Files comparison

My customer has a large on-premises file share environment based on Windows Server File Shares with petabytes of data. The maintenance and operations of those servers sounds like a simple task – but having this in a large and complex infrastructure can be challenging. If the file shares are run by multiple teams, then the overall SLA could be heavily impacted, and the run cost are very high.

Azure has viable alternatives to host files shares – in this post, I want to compare the different services – we will compare Azure Files (AZF) and Azure NetApp Files (ANF) to make the right choice when we migrate to Azure. In this post, I am comparing only the SSD tiers, AZF has additional HDD tiers.

I discussed the scenario with Sebastian Brack – thanks a lot for providing the tables below and providing lots of insights!


Feature Azure NetApp Files Azure Files Premium
Native Azure Service, fully managed Yes Yes
Protocol Compatibility SMB 2.1/3.0/3.1.1, NFS 3/4.1 Multiprocotol: SMB+NFSv3 FileREST, SMB 2.1/3.0, NFS 4.1 (Preview)
Min Size 4 TiB 100 GiB
Max Volume Size 100 TiB 100 TiB
Max File Size 16 TiB 4 TiB
Service Levels / Tiering Standard 0.124354€/GiB
Premium 0.248091€/GiB
Ultra 0.331198€/GiB
Premium 0.162€/GiB+ 0.1375€/GiB Snapshots.
Additionally, there are Transaction Optimized, Hot and Cool tiers available.
Shape Capacity/Performance independently Yes (Manual-QoS) No
On-Prem Access (Hybrid) Yes (Express Route, VPN) Yes (ExpressRoute, VPN, Internet)
Private Link ready (pricing) for VPN/ExpressRoute (Private Peering): €0.009 per GB In-/Outbound Data Processing
Or ExpressRoute (Microsoft Peering).
Regional Availability 22+ regions 32+ regions
Regional Redundancy LRS equivalent (99.99% SLA) LRS (99.9% SLA)
ZRS (Asia Southeast, Australia East, Europe North, Europe West, US East, US East 2, US West 2)(99.9% SLA)
Geo Redundancy Yes, Cross-Region Replication (Preview) No
Storage at-rest encryption Yes (AES 256) Yes (AES 256)
Backup Incremental Snapshots (4k block), Cross-Region Replication, 3rd party Incremental Snapshots (file), Azure Backup Integration
Snapshot Integration into SMB Client Yes (Previous Versions + ~snapshot) Yes (Previous Versions)
Snapshot Integration into NFS Client Yes (.snapshot) No
Snapshot Restore via Portal Restore to new volume Yes
Integrated Snapshot Scheduling Yes (Snapshot Policies) No
Identity-based authentication and authorization Azure Active Directory Domain Services (Azure AD DS),On-premises Active Directory Domain Services (AD DS) Azure Active Directory (Azure AD)
Azure Active Directory Domain Services (Azure AD DS)
On-premises Active Directory Domain Services (AD DS) via AD Connect (see full documentation)

please note: the prices are taken from Azure West Europe region for comparison – they may vary depending on the service/region.

The features table looks quite similar – but the details make this more interesting:

Protocol compatibility is a strength of ANF – more protocols and SMB combined with NFSv3: Some applications require both protocols, especially in an integration scenario. As of writing this, NFS is in Preview for Azure Files.

As of now, you must start with at least 4 TiB for ANF, for AZF it is only 100 GiB – if you only have a small scenario, then AZF scores here.

Hybrid connectivity is another important point for my customer – ANF is fully private with no way to expose it to the internet, AZF is accessible also via internet, privately via Private Link (additional cost!) or via ExpressRoute Microsoft Peering - Internet access can be disabled, too.

Performance, Throughput

Feature Azure NetApp Files Azure Files Premium
Transaction & data transfer prices Included Included
Throughput (single volume/share) Ultra: 128MiB/s per provisioned TiB (auto)
Premium: 64 MiB/s per provisioned TiB (auto)
Standard: 16MiB/s per provisioned TiB (auto)
Egress: 60MiB/s + 61.44 MiB/s per provisioned TiB
Ingress: 40MiB/s + 40.96 MiB/s per provisioned TiB
Shape capacity & performance independently Yes, Manual-QoS (preview) No
IOPS (single volume/share) Not limited explicitly, dependent on throughput & IO Size (benchmark ~460.000)Example:1 IOPS @ 64kb per provisioned GiB Premium16 IOPS @ 4k per provisioned GiB Premium Baseline: 1 IOPS per provisioned GiB up to 100.000Burst: 3 IOPS per provisioned GiB up to 100.000
File level throughput limit Unlimited (volume throughput limit) Egress 300MiB/sIngress 200MiB/s
File level IOPS limit Unlimited (volume throughput limit) 5000 IOPS
Volume/Share Size adjustable Yes Yes, cooldown for decrease @ 24h
Service Level changeable Yes, cooldown for decrease @ 7 days (Preview) No
NFS nconnect Yes (NFSv3) No
SMB Multichannel Yes No

Please note: Features and performance may have changed since publishing this post – please verify! For ANF there is a "What's new page", for AZF you can check Azure Update.

Now let us look at the service level. ANF is more flexible, file shares can be divided in 3 performance tiers, AZF has two tiers. If you provision large, 100 TB shares with ANF, you get 1600 MiB/s throughput with the standard tier – even for single files (file level throughput depending on volume size or manual quota). The flexibility on the ANF side is a big benefit.

Changing the service level on ANF can be done – please be aware of the cooldown period. Doing the same for AZF is possible, but its not as easy as with ANF.

The last two rows are very important regarding performance – both nconnect and multichannel allow to have multiple connections to the same to ANF drastically improving the bandwidth. Great stuff.

Hybrid Connectivity & Encryption

Feature Azure NetApp Files Azure Files Premium
SMB signing Yes
SMB in-flight encryption Yes Yes
NFS in-flight encryption Yes No
Active Directory Integration Yes Yes
Azure Active Directory Independent Yes No (AD-Connect required)
AD Kerberos Authentication Yes (AES 256, AES128, DES) Yes (AES 256)
AD LDAP Signing Yes

Comparing the identity aspects, then both integrate into a on-premises Active Directory. AZF requires to have the identities synced to Azure Active Directory (AAD), ANF directly integrates into Active Directory.

Encryption-wise, AZF supports SMB encryption – ANF does not have this yet.

Many things to consider - if you have questions, please don’t hesitate to ask.

Hope it helps,

comments powered by Disqus