Azure Microsoft Cloud Account Purchase: A Beginner's Guide to Azure Object Storage BlobStorage
Many brothers who have just transferred from major domestic factories (such as Aliyun OSS and Tengxun Cloud COS) to Microsoft Cloud, or who have just started to take over the development and operation of multinational businesses, will mutter in their hearts when they first open Azure and see the name "Blob Storage (Data Block Storage):
"People call it Object Storage (Object Storage). You have to call it Blob (Binary Big Object). It sounds like an antique from the last century. How does this stuff work?"
Don't be scared by the name. In fact, it is the same as the well-known network disk and OSS in the underlying logic, and is used to "store large-capacity pictures, videos, backups and static files in the cloud. Today, the old bird also uses the most down-to-earth and unpretentious vernacular to show you the Azure Blob Storage from beginning to end.
Part I: Tearing apart the academic nouns, the big vernacular dismantling the three-tier structure of the Blob
In Microsoft's setting, the organizational structure of Blob storage is like a "three-level administrative division". As long as you sort out the three-level relationship, you will be half successful:
Level 1: Storage Account (Storage Account) This is your "big manager". In Azure, you must first set up a storage account, which provides you with a unique access domain name. You can think of it as an office building.
Level 2: Containers (Container) In the storage account, you can create many containers. The containers are the rooms in the office building. It is similar to a "bucket" in Alibaba Cloud. All files must be stuffed into a container. You can build a room called public-images for public pictures and a room called db-backups for private backups.
Level 3: Blob (that is, your documents) This is the goods stacked in the room. Whether it is a picture, a 10G video, or a log file, it is uniformly called a Blob in Azure.
Old bird vernacular: don't look for any "new folder" button! The essence of blob Storage is flat. If you see that the path of a file is images/2026/logo.png, it is just that Microsoft has made images/2026/a virtual prefix to take care of human habits. On the bottom line, it is still an "object" lying independently in the container ".
The second part: four "heat" level, the wrong choice is to send money to Microsoft
In Azure, file storage is not static, and Microsoft has very finely linked storage costs to access frequency.
The most easy mistake for novices is to use the default highest specification regardless of the three, seven and twenty-one. As a result, they are slapped in the face by traffic and storage bills at the end of the month.
When creating a container or uploading a file, you must recognize these four "access layers (Ac
cess Tiers) ":
1. Thermal storage layer (Hot)
Big vernacular: "24-hour convenience store in the city center".
Features: Rent (storage fee) is the most expensive, but in the past, the running fees (reading requests and traffic fees) for taking things are the cheapest.
Suitable for scenarios: web page pictures currently used by the website, avatars just uploaded by App users, JS/CSS files refreshed at high frequency every day.
2. Cold storage layer (Cool)
Big vernacular: "storeroom at home".
Features: The rent is much cheaper than the heat layer, but there is a slight "pick-up fee" when reading ".
Note: There is a minimum storage period of 30 days for stored files. If you delete files within 30 days, you will also deduct money for 30 days.
Suitable for scenarios: historical bills that have just completed one month, data that is not commonly used but is presented in seconds in case the user opens it.
3. Extremely cold storage layer (Cold)
Big vernacular: "big, affordable warehouse in the suburbs".
Features: The storage fee is extremely cheap, but the reading fee is high.
Note: The minimum storage period is extended to 90 days.
Suitable for scenarios: quarterly audit reports, system operation logs that will not be seen in the short term but must be kept.
4. Archive Storage Tier (Archive)
Big vernacular: "bomb shelter safe deep underground".
Features: The storage fee is negligible. But in a frozen state, can not be read directly! If you want to see this file, you must first click "unfreeze (Rehydrate)" in the background, and then wait a few hours until Microsoft moves it back to "hot layer" or "cold layer" before you can download it.
Note: The minimum storage period is 180 days.
Suitable for scenarios: legal compliance requirements must retain more than 5 years of bone-level backup, medical history images.
The third part: operation and maintenance actual combat: executives saw all praise's automatic money-saving black technology.
If your team's servers are generating a large number of monitoring logs and backups every day, do you want operations and maintenance to manually move files from the "hot layer" to the "cold layer" and then to the "archive layer" every day?
Azure has already helped you think it over. This function is called
Lifecycle Management
. You only need to configure a few lines of rules in the background, and the file itself will "get old and save money":
Gold configuration example: when the blob has not been modified for more than 30 days: automatically downgrade from [hot layer] to [cold layer] (the storage fee is cut off by a large amount). When the blob has not been modified for more than 90 days: it will automatically enter the [archive layer] from the [cold layer] (the cost will completely fall to the bottom). When Blob exceeds 365 days: automatically [completely destroyed], never taking up more than a dime of space.
Without writing a single line of code, the entire stored bill curve is automatically adjusted to the most perfect and economical state.
Part 4: Novice Life Saver: Never let your Blob run naked!
Object storage due to direct exposure on the public network, if not do a good job of security protection,
The company was maliciously brushed by its peers to cause "sky-high bills", or the company's secrets were leaked. Remember these two safety laws:
Don't blindly open "anonymous access"
When you create a container, you are asked about the public access level.
Dedicated (no anonymous access): Default and highly recommended! Anyone who wants to see a file must have a password or a temporary signature.
Blob/Container: Allows anyone to download directly via URL. If you want to make a map bed for a public website, you can open Blob level. But remember, never make the container of internal backup and customer privacy public!
2. Meet Your Ultimate Shield: SAS (Shared Key Signature)
If the container is "private (private)", how does the back-end business code show the picture to the user?
The answer is to use
SAS(Shared Access Signatures)
.
When a user requests a private image, your back-end server requests a "temporary pass" from Azure with code to generate a URL with a long string of small tails:
You can precisely control this pass:
Permission: Can only read, cannot modify or delete.
Validity period: only allowed to visit within the next 5 minutes, expired directly void. In this way, both to ensure the absolute privacy of data, but also flexible to complete the business delivery.
Summary
For newcomers, Azure Blob Storage stripped away Microsoft's slightly more serious academic coat, it's a
A super-large hard disk with global distribution, unlimited capacity, automatic life cycle savings, and extremely tight security lines.
.
Understand the triple jump of "storage account $\rightarrow $container $\rightarrow $file", select the Hot/Cool access layer according to the access frequency, and finally weld the security gate with SAS signature. With these three axes, you can easily play with large-scale data storage at the multinational level in the architecture of Microsoft Cloud.