Log in to the Azure portal at portal.azure.com
Navigate to Resource Groups and click Create
Name the new Resource Group in the format ProjectName-PMinitials. For example, StorageExample-JH
Select an appropriate region for the storage, this is likely based on where most uploads or downloads will be happening.
Click Tags
Click Review + Create, then click Create
Next navigate to Storage Accounts and click Create
Select the Resource Group you just created. Give the storage account a name. This name will appear in the URL of the download links and therefore must be unique across all accounts. Leave all the other fields as default.
Click Next: Advanced >
Most settings here can be left as default. The Blob access tier should be set depending on the use of the storage, it can be changed later. If the storage needs to be as fast as it can be because it is being used on a live show, select Hot. If it’s just library storage after the show with occasional access to specific files, the Cool will be enough.
Click Next: Networking >
Assuming this storage will need to be accessible on the internet so clients or editors can download files, these two settings can be left as default.
Click Next: Data protection >
Review these data settings carefully as the PM may want some enabled. Soft delete for blobs allows undelete of files accidentally deleted, versioning might be useful to the client for change tracking. Soft delete will not have a huge effect on the monthly costs as the files are just kept where they were but hidden unless that space is needed for new files, versioning will take up considerably more storage as incremental copies of the files are stored.
Click Next: Tags >
Select ProjectCode from the drop-down list and enter the J-Number that the billing should be charged to, and select Expire On and give a month and year after which it will be safe to delete the container.
Click Next: Review + create >
Check the settings and click Create. This may take a couple of minutes to complete.
Now navigate to Storage accounts and select the account you have just created.
From the left-hand menu, select Containers and then add a Container. Give the container a name which again will appear in the download URLs and set the access level to Private.
Click Create. Files and folders can now be uploaded to this container through the portal using the Upload button.
Sharing Individual Files with Clients
From the portal navigate to the Storage account you need to share a file from either by heading to Storage accounts or searching for the name.
From the left-hand menu, click Containers, then select the container that has the file you need to share in it. Navigate to the file.
Click on the three dots to the right of the file and select Generate SAS.
Leave the signing method and key as default, and the permission as Read. Set a suitable start and expiry time for the link. Leave the Allowed IP addresses field blank unless there is a security concern. If there is, enter the public IP address that the client will be using when they download the file. Leave the Allowed protocol option as HTTPS.
Click Generate SAS token and URL. Copy the Blob SAS URL (not the Blob SAS token) and send this to the client. Once a link is generated it cannot be revoked, so expiry times should be set carefully.
Sharing/Uploading Files from Engineers/Editors
Navigate to Storage accounts and select the account you want to add access to.
From the left-hand menu select Shared access signature. Set the appropriate permissions and start/expiry times leaving the other fields as default. Select all three options in the Allowed resource types.
Click Generate SAS and connection string. Once this string is created it cannot be revoked so expiry times should be set carefully.
Copy the Blob service SAS URL that is generated. This URL can be used multiple times but cannot be recovered or revoked once you navigate away from the page.
Anyone requiring access should download Microsoft Azure Storage Explorer.
Once installed, open the program and right click on Storage Accounts from the left-hand menu. Select Connect to Azure Storage.
Select Storage account from the list of resources that appears and choose the option that you want to authenticate using the Shared access signature (SAS). Paste the Connection URL that was generated into the field and click Next/Connect.
Leave a Reply