Large files can be transferred to clients and editors faster than using DropBox or WeTransfer by uploading to Microsoft Azure storage and granting access to the storage. You will need access to the CT Azure account added to your Okta login.
Creating Storage
Log in to the Azure portal at portal.azure.com
Navigate to Resource Groups and click Create. Resource Groups allow for services and their attached charges to be grouped together and reported so that the correct projects pay for the resources used.
Name the new Resource Group in the format ProjectName-PMinitials. For example, StorageExample-JH
Select an appropriate region for the storage, this is likely based on where most uploads or downloads will be happening. It is possible to move the storage once it is created but it will cost more as it involves duplicating the storage, rather than moving it.
Click Review + Create, then click Create
Now we need to create storage to use and attach it to the Resource Group we just created. Navigate to Storage Accounts and click Create
Select the Resource Group you just created. Give the storage account a name. This name will appear in the URL of the download links and therefore must be unique across all accounts. Leave all the other fields as default.
Click Next: Networking >
Assuming this storage will need to be accessible on the internet so clients or editors can download files, these two settings can be left as default.
Click Next: Data protection >
Review these data settings carefully as the PM may want some enabled. Soft delete for blobs allows undelete of files accidentally deleted, versioning might be useful to the client for change tracking. Soft delete will not have a huge effect on the monthly costs as the files are just kept where they were but hidden unless that space is needed for new files, versioning will take up considerably more storage as incremental copies of the files are stored.
Click Next: Advanced >
Most settings here can be left as default. The Blob access tier should be set depending on the use of the storage, it can be changed later. If the storage needs to be as fast as it can be because it is being used on a live show, select Hot. If it’s just library storage after the show with occasional access to specific files, the Cool will be enough.
Click Next: Tags >
Select ProjectCode from the drop-down list and enter the J-Number that the billing should be charged to.
Click Next: Review + create >
Check the settings and click Create
Now navigate to Storage accounts and select the account you have just created.
From the left-hand menu, select Containers and then add a Container. Give the container a name. Again this will appear in the download URLs and set the access level to Private.
Click Create. Files and folders can now be uploaded to this container through the portal using the Upload button.
Sharing Individual Files with Clients
From the portal navigate to the Storage account you need to share a file from either by heading to Storage accounts or searching for the name.
From the left-hand menu, click Containers, then select the container that has the file you need to share in it. Navigate to the file.
Click on the three dots to the right of the file and select Generate SAS.
Leave the signing method and key as default, and the permission as Read. Set a suitable start and expiry time for the link. Leave the Allowed IP addresses field blank unless there is a security concern. If there is, enter the public IP address that the client will be using when they download the file. Leave the Allowed protocol option as HTTPS.
Click Generate SAS token and URL. Copy the Blob SAS URL (not the Blob SAS token) and send this to the client. Once a link is generated it cannot be revoked, so expiry times should be set carefully.
Sharing/Uploading Files from Engineers/Editors
Navigate to Storage accounts and select the account you want to add access to.
From the left-hand menu select Shared Access Signature. Set the appropriate permissions and start/expiry times leaving the other fields as default. Select all three options in the Allowed resource types.
Click Generate SAS and connection string. Once this string is created it cannot be revoked so expiry times should be set carefully.
Copy the Connection string URL that is generated. This URL can be used multiple times but cannot be recovered or revoked once you navigate away from the page.
Anyone requiring access should download Microsoft Azure Storage Explorer.
Full instructions for the clients or editors to use the link you created are available here
Leave a Reply