Azure 文件共享协议Azure file share protocols

Azure 文件存储提供了两种用于连接和装载 Azure 文件共享的协议。Azure Files offers two protocols for connecting and mounting your Azure file shares. 服务器消息块 (SMB) 协议网络文件系统 (NFS) 协议(预览版)。Server Message Block (SMB) protocol and Network File System (NFS) protocol (preview). Azure 文件存储目前不支持多协议访问,因此只能是 NFS 共享或 SMB 共享中的一种。Azure Files does not currently support multi-protocol access, so a share can only be either an NFS share, or an SMB share. 因此,我们建议在创建 Azure 文件共享之前,先确定哪种协议最适合你的需求。Due to this, we recommend determining which protocol best suits your needs before creating Azure file shares.

差异概览Differences at a glance

功能Feature NFS(预览版)NFS (preview) SMBSMB
访问协议Access protocols NFS 4.1NFS 4.1 SMB 2.1、SMB 3.0SMB 2.1, SMB 3.0
推荐的 OSRecommended OS Linux 内核版本 4.3+Linux kernel version 4.3+ Windows 2008 R2+、Linux 内核版本 4.11+Windows 2008 R2+, Linux kernel version 4.11+
可用层Available tiers 高级存储Premium storage 高级存储、事务优化、热、冷Premium storage, transaction optimized, hot, cool
计费模型Billing Model 为预配的容量付费Pay for provisioned capacity 为高级层的预配容量付费,提前支付标准层的费用Pay for provisioned capacity for Premium Tier, Pay-in-advance for Standard Tier
冗余Redundancy LRS、LRS, LRS、GRSLRS, GRS
身份验证Authentication 仅限基于主机的身份验证Host-based authentication only 基于标识的身份验证、基于用户的身份验证Identity-based authentication, user-based authentication
权限Permissions UNIX 样式权限UNIX-style permissions NTFS 样式权限NTFS-style permissions
文件系统语义File system semantics 符合 POSIX 标准POSIX compliant 不符合 POSIX 标准Not POSIX compliant
事例敏感性Case sensitivity 区分大小写Case sensitive 不区分大小写Not case sensitive
硬链接支持Hard link support 支持Supported 不支持Not supported
符号链接支持Symbolic links support 支持Supported 不支持Not supported
删除或修改打开的文件Deleting or modifying open files 支持Supported 不支持Not supported
锁定Locking 字节范围公告网络锁定管理器Byte-range advisory network lock manager 支持Supported
公共 IP 安全列表Public IP safe listing 不支持Not supported 支持Supported
协议互操作Protocol interop 不支持Not supported FileRESTFileREST

NFS 共享(预览版)NFS shares (preview)

将 Azure 文件共享与 NFS 4.1 一起装载目前处于预览阶段。Mounting Azure file shares with NFS 4.1 is currently in preview. 它提供与 Linux 更紧密的集成。It offers a tighter integration with Linux. 这是完全符合 POSIX 标准的产品/服务,是 Unix 和其他基于 *nix 的操作系统的变体的标准。This is a fully POSIX-compliant offer that is a standard across variants of Unix and other *nix based operating systems. 这种企业级文件存储服务可进行纵向扩展以满足你的存储需求,并可由数千个计算实例同时访问。This enterprise-grade file storage service scales up to meet your storage needs and can be accessed concurrently by thousands of compute instances.

限制Limitations

在预览版阶段,NFS 具有以下限制:While in preview, NFS has the following limitations:

  • NFS 4.1 目前只支持协议规范中的大部分功能。NFS 4.1 currently only supports most features from the protocol specification. 有些功能(如所有类型的委托和回叫、锁定升级和降级、Kerberos 身份验证和加密)不受支持。Some features such as delegations and callback of all kinds, lock upgrades and downgrades, Kerberos authentication, and encryption are not supported.
  • 如果大多数请求是以元数据为中心的,那么,与读取/写入/更新操作相比,延迟将会更加严重。If the majority of your requests are metadata-centric, then the latency will be worse when compared to read/write/update operations.
  • 必须创建新的存储帐户才能创建 NFS 共享。Must create a new storage account in order to create an NFS share.
  • 只支持管理平面 REST API。Only the management plane REST APIs are supported. 数据平面 REST API 不可用,这意味着存储资源管理器之类的工具将无法用于 NFS 共享,你也无法在 Azure 门户中浏览 NFS 共享数据。Data plane REST APIs are not available, which means that tools like Storage Explorer will not work with NFS shares nor will you be able to browse NFS share data in the Azure portal.
  • 目前不支持 AzCopy。AzCopy is not currently supported.
  • 只适用于高级层。Only available for the premium tier.
  • NFS 共享只接受数字 UID/GID。NFS shares only accept numeric UID/GID. 为了避免客户端发送字母数字 UID/GID,应禁用 ID 映射。To avoid your clients sending alphanumeric UID/GID, you should disable ID mapping.
  • 在使用专用链接时,只能从单个 VM 上的一个存储帐户装载共享。Shares can only be mounted from one storage account on an individual VM, when using private links. 尝试从其他存储帐户装载共享将会失败。Attempting to mount shares from other storage accounts will fail.
  • 最好依赖于分配到主要组的权限。It is best to rely on the permissions assigned to primary group. 由于一个已知的 bug,分配到非主要组用户的权限有时可能会导致访问被拒绝。Sometimes, permissions allocated to the non-primary group of the user may result in access denied due to a known bug.

尚不支持 Azure 存储功能Azure Storage features not yet supported

另外,以下 Azure 文件存储功能也不可与 NFS 共享配合使用:Also, the following Azure Files features are not available with NFS shares:

  • 基于标识的身份验证Identity-based authentication
  • Azure 备份支持Azure Backup support
  • 快照Snapshots
  • 软删除Soft delete
  • 完全支持传输中加密(有关详细信息,请参阅 NFS 安全性Full encryption-in-transit support (for details see NFS security)

区域可用性Regional availability

可使用高级文件存储的所有区域都支持 NFS。NFS is supported in ALL regions where Premium Files Storage is available.

我们会继续添加区域。We are continuously adding regions. 有关最新列表,请使用下面的示例查询具有 NFS 支持的区域列表。For the most up-to-date list, use the sample below to query the list of regions with NFS support. 还可以在“高级文件存储”下的各区域的 Azure 产品可用性页面中检查区域支持。You can also check for your region support at Azure Products available by region page under Premium Files Storage.

# Log in first with Connect-AzAccount -Environment AzureChinaCloud

$azContext = Get-AzContext
$azProfile = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile
$profileClient = New-Object -TypeName Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient -ArgumentList ($azProfile)
$token = $profileClient.AcquireAccessToken($azContext.Subscription.TenantId)
$authHeader = @{
    'Content-Type'='application/json'
    'Authorization'='Bearer ' + $token.AccessToken
}

# Provide specific subscription id if you want  list for a different subscription
$subscription = $azContext.Subscription.Id

# Invoke the REST API
$restUri = "https://management.chinacloudapi.cn/subscriptions/$subscription/providers/Microsoft.Storage/skus?api-version=2019-06-01"
$response = Invoke-RestMethod -Uri $restUri -Method Get -Headers $authHeader

# List of all regions that has NFS support.
$response.value| Where-Object -FilterScript {$_.capabilities| Where-Object { $_.name -eq 'supportsNfsShare' -and $_.value -eq 'true'}}| Select-Object locations, kind, name

示例响应Sample response

List of regions that support NFS
locations
---------
{chinanorth2}
{chinaeast2}

最适用于Best suited

Azure 文件存储的 NFS 适用于:NFS with Azure Files is ideal for:

  • 需要符合 POSIX 标准的文件共享、区分大小写或 Unix 样式权限 (UID/GID) 的工作负载。Workloads that require POSIX-compliant file shares, case sensitivity, or Unix style permissions(UID/GID).
  • 不需要 Windows 访问的以 Linux 为中心的工作负载。Linux-centric workloads that do not require Windows access.

安全性Security

所有 Azure 文件存储数据均进行静态加密。All Azure Files data is encrypted at rest. 对于传输中加密,Azure 为使用 MACSec 在 Azure 数据中心之间传输的所有数据提供加密层。For encryption in transit, Azure provides a layer of encryption for all data in transit between Azure Datacenters using MACSec. 这样,在 Azure 数据中心之间传输数据时即会进行加密。Through this, encryption exists when data is transferred between Azure datacenters. 不同于使用 SMB 协议的 Azure 文件存储,使用 NFS 协议的文件共享不提供基于用户的身份验证。Unlike Azure Files using the SMB protocol, file shares using the NFS protocol do not offer user-based authentication. NFS 共享的身份验证基于配置的网络安全规则。Authentication for NFS shares is based on the configured network security rules. 因此,为了确保仅建立与 NFS 共享的安全连接,你必须使用服务终结点或专用终结点。Due to this, to ensure only secure connections are established to your NFS share, you must use either service endpoints or private endpoints. 如果要从本地访问共享,则除了专用终结点外,还必须设置 VPN 或 ExpressRoute。If you want to access shares from on-premises then, in addition to a private endpoint, you must setup a VPN or ExpressRoute. 来自以下源之外的请求将被拒绝:Requests that do not originate from the following sources will be rejected:

有关可用网络选项的详细信息,请参阅 Azure 文件存储的网络注意事项For more details on the available networking options, see Azure Files networking considerations.

SMB 共享SMB shares

装载有 SMB 的 Azure 文件共享可提供更多的 Azure 文件存储功能,并且没有 Azure 文件存储功能限制,因为它已正式发布。Azure file shares mounted with SMB offer more Azure Files features and have no Azure Files feature restrictions since it is generally available.

功能Features

  • 基于标识的身份验证Identity-based authentication
  • 快照Snapshots
  • 软删除Soft delete
  • 传输中加密和静态加密Encryption-in-transit and encryption-at-rest

最适用于Best suited

Azure 文件存储的 SMB 适用于:SMB with Azure Files is ideal for:

  • 生产环境Production environments
  • 需要功能中列出的任何功能的客户Customers that require any of the features listed in Features

后续步骤Next steps