1
00:00:01,140 --> 00:00:04,050
In this demonstration, I'm going to show you how to use AFS.

2
00:00:04,050 --> 00:00:06,240
We're going to deploy and configure the service,

3
00:00:06,240 --> 00:00:09,870
and then we're going to carry on this discussion into the next module.

4
00:00:09,870 --> 00:00:14,070
You're looking at the desktop of a Windows Server 2022 machine named

5
00:00:14,070 --> 00:00:17,870
localdc1. And if I use universal naming convention,

6
00:00:17,870 --> 00:00:21,740
or UNC syntax, in other words double backslash hostname,

7
00:00:21,740 --> 00:00:24,670
we can see I have a shared folder called scripts that

8
00:00:24,670 --> 00:00:26,860
contains a bunch of PowerShell scripts.

9
00:00:26,860 --> 00:00:29,580
This is the test case for AFS.

10
00:00:29,580 --> 00:00:34,180
We're going to synchronize this scripts shared folder up into AFS.

11
00:00:34,180 --> 00:00:35,950
Now again, if you're thinking wait a minute now.

12
00:00:35,950 --> 00:00:39,100
I'm already confused, Tim. Hang on because you know with a shared

13
00:00:39,100 --> 00:00:43,410
folder you have your typical shared folder permissions and NTFS

14
00:00:43,410 --> 00:00:45,840
permissions to govern authorization.

15
00:00:45,840 --> 00:00:48,700
And then when we shift context to the storage account,

16
00:00:48,700 --> 00:00:53,050
I've created a storage account called contosofiles001.

17
00:00:53,050 --> 00:00:56,930
There is Azure Active Directory authentication and authorization,

18
00:00:56,930 --> 00:00:59,110
and there's‑‑‑ Well, there's other methods too,

19
00:00:59,110 --> 00:01:00,890
but still don't get confused.

20
00:01:00,890 --> 00:01:01,940
Don't overthink it.

21
00:01:01,940 --> 00:01:06,940
With AFS, you're going to still have those resources accessed 100% locally,

22
00:01:06,940 --> 00:01:10,630
so your NTFS file security and your shared folder

23
00:01:10,630 --> 00:01:12,560
permissions will be what's important.

24
00:01:12,560 --> 00:01:16,500
Now, in my contosofiles001 storage account,

25
00:01:16,500 --> 00:01:19,050
I better create a matching file share,

26
00:01:19,050 --> 00:01:21,960
which I'll do right now for that scripts directory.

27
00:01:21,960 --> 00:01:24,740
Let's click Create, File share, or + File share.

28
00:01:24,740 --> 00:01:26,660
I'm going to give it the same name, scripts.

29
00:01:26,660 --> 00:01:29,940
I'll leave the tier and everything at the default.

30
00:01:29,940 --> 00:01:32,390
So let's click Create to build that share,

31
00:01:32,390 --> 00:01:37,230
and now we're ready to create our instance of the Storage Sync Service.

32
00:01:37,230 --> 00:01:40,210
Now let's head on over there. Again, I've already created one.

33
00:01:40,210 --> 00:01:43,310
The soufflé is already baked and ready to come out of the oven.

34
00:01:43,310 --> 00:01:46,720
But if I go to the create screen, we can just look at the workflow.

35
00:01:46,720 --> 00:01:47,840
It's pretty simple.

36
00:01:47,840 --> 00:01:50,950
You just have your traditional Azure resource metadata,

37
00:01:50,950 --> 00:01:54,120
subscription, resource, group, name, and region.

38
00:01:54,120 --> 00:01:59,240
You can either use the public internet endpoint, or you could use private link.

39
00:01:59,240 --> 00:02:03,030
This would constrain the Azure File Sync Service to a virtual network,

40
00:02:03,030 --> 00:02:06,150
and you'd communicate with it using private IP addresses.

41
00:02:06,150 --> 00:02:08,640
Then we have taxonomic tags as we normally do,

42
00:02:08,640 --> 00:02:12,020
so no big surprises from that standpoint.

43
00:02:12,020 --> 00:02:14,330
So I've already created the Sync Service.

44
00:02:14,330 --> 00:02:16,240
Next, we'll come into its properties,

45
00:02:16,240 --> 00:02:20,010
and you can see I've already created one sync group called,

46
00:02:20,010 --> 00:02:22,340
appropriately enough, syncgroup1.

47
00:02:22,340 --> 00:02:25,370
Well, just to demonstrate the one‑to‑many relationship,

48
00:02:25,370 --> 00:02:27,810
I mentioned that the typical pattern I see is that a

49
00:02:27,810 --> 00:02:30,370
business will have one Storage Sync Service,

50
00:02:30,370 --> 00:02:32,350
and then you'll deploy sync groups.

51
00:02:32,350 --> 00:02:36,450
And again, the topologies here can go all sorts of different ways.

52
00:02:36,450 --> 00:02:39,730
You might want to create a sync group for each shared folder,

53
00:02:39,730 --> 00:02:41,630
for each server, each location.

54
00:02:41,630 --> 00:02:45,530
There's many possible ways that you can do that separation.

55
00:02:45,530 --> 00:02:47,910
I'm just going to do a simple one‑to‑one here.

56
00:02:47,910 --> 00:02:50,000
I'm going to create a sync group called

57
00:02:50,000 --> 00:02:52,730
nashville‑scripts because I'm in Nashville,

58
00:02:52,730 --> 00:02:54,410
and this is the scripts folder.

59
00:02:54,410 --> 00:02:56,170
Sponsorship subscription is right.

60
00:02:56,170 --> 00:02:59,040
We have to choose our storage account and file share.

61
00:02:59,040 --> 00:03:00,450
We have our contosofiles.

62
00:03:00,450 --> 00:03:03,730
Now notice here that there is a region dependency here.

63
00:03:03,730 --> 00:03:05,860
These are the storage accounts in the selected

64
00:03:05,860 --> 00:03:08,240
subscription and location East US.

65
00:03:08,240 --> 00:03:10,710
That's the location of my Storage Sync Service.

66
00:03:10,710 --> 00:03:15,670
So let's bring that in, and then we have to specify an existing file share.

67
00:03:15,670 --> 00:03:19,320
If I were an engineer at Microsoft, I would have to create new link here,

68
00:03:19,320 --> 00:03:20,240
but I'm not.

69
00:03:20,240 --> 00:03:22,720
I'll select the scripts and then click Create.

70
00:03:22,720 --> 00:03:25,000
So that creates two things, the sink group,

71
00:03:25,000 --> 00:03:27,140
and it also creates the cloud endpoint.

72
00:03:27,140 --> 00:03:29,070
So let's go into nashville‑scripts.

73
00:03:29,070 --> 00:03:32,550
And eventually, it looks like the job status has been accepted,

74
00:03:32,550 --> 00:03:34,360
and it's provisioning right now.

75
00:03:34,360 --> 00:03:38,060
We have our one and only one Azure file share here,

76
00:03:38,060 --> 00:03:42,860
and then we can get to work on the next to last step of the deployment,

77
00:03:42,860 --> 00:03:44,860
and that is bringing in server endpoint.

78
00:03:44,860 --> 00:03:49,610
So why don't we, while this is provisioning, go ahead and add a server endpoint.

79
00:03:49,610 --> 00:03:52,460
However, this button you'll see is going to dead end us.

80
00:03:52,460 --> 00:03:55,970
This interface assumes that you've already registered a server.

81
00:03:55,970 --> 00:03:58,970
And, of course, we haven't registered the local server yet.

82
00:03:58,970 --> 00:04:02,950
So, what I want to do is come out of this dialog,

83
00:04:02,950 --> 00:04:04,800
come down to Registered servers,

84
00:04:04,800 --> 00:04:08,800
and there is a download link right up here for the Azure File Sync agent.

85
00:04:08,800 --> 00:04:09,360
Now, of course,

86
00:04:09,360 --> 00:04:12,630
we could download that by browsing to this page at the

87
00:04:12,630 --> 00:04:15,190
Microsoft Download Center ourselves.

88
00:04:15,190 --> 00:04:17,930
That's all this link in the Azure portal is after

89
00:04:17,930 --> 00:04:19,990
all is a hyperlink to this page.

90
00:04:19,990 --> 00:04:21,930
Let me click Download to bring it down.

91
00:04:21,930 --> 00:04:24,700
It looks like we have several different versions,

92
00:04:24,700 --> 00:04:27,260
one per operating system version.

93
00:04:27,260 --> 00:04:30,440
We've got Server 2022, which is what I want,

94
00:04:30,440 --> 00:04:36,470
2019, 2012R2, and 2016, about 55 MB MSI package.

95
00:04:36,470 --> 00:04:37,560
Let's bring this down.

96
00:04:37,560 --> 00:04:41,000
This is just a standard MSI package, so let's launch the wizard.

97
00:04:41,000 --> 00:04:42,660
Accept the license agreement.

98
00:04:42,660 --> 00:04:45,110
We're going to install the Storage Sync Agent.

99
00:04:45,110 --> 00:04:47,130
I'll leave the default path there.

100
00:04:47,130 --> 00:04:48,080
Click Next.

101
00:04:48,080 --> 00:04:51,540
I'm not using a proxy, so again I'll click Next.

102
00:04:51,540 --> 00:04:56,260
A nice convenience I've seen as a trend with these Azure agents is that you can

103
00:04:56,260 --> 00:05:00,550
integrate their update into Microsoft Update, which is a super useful thing to

104
00:05:00,550 --> 00:05:03,390
do because I know in the past, I've had occasions,

105
00:05:03,390 --> 00:05:05,500
particularly with the Log Analytics agent,

106
00:05:05,500 --> 00:05:09,130
of it falling out of date quite a bit because I and my

107
00:05:09,130 --> 00:05:12,880
colleagues forget frankly to verify that the log agent

108
00:05:12,880 --> 00:05:14,910
version is the most recent one.

109
00:05:14,910 --> 00:05:16,640
So I'm going to do that integration.

110
00:05:16,640 --> 00:05:21,150
We can optionally schedule an automatic update and a window for that.

111
00:05:21,150 --> 00:05:24,370
We can do data collection and then lastly install.

112
00:05:24,370 --> 00:05:29,440
Because this process doesn't require anything like authentication to Azure,

113
00:05:29,440 --> 00:05:33,050
it seems to me you could take that MSI and deploy it automatically,

114
00:05:33,050 --> 00:05:37,540
even with something lightweight like Group Policy‑based software installation.

115
00:05:37,540 --> 00:05:40,980
We'll find it's at first run of the Storage Sync Agent that we

116
00:05:40,980 --> 00:05:43,740
hook in and become a member of a sync group.

117
00:05:43,740 --> 00:05:47,920
All right, let's click Finish, and the Azure File Sync client starts up.

118
00:05:47,920 --> 00:05:51,650
We can always get to it from the Start menu here if you need it in the future.

119
00:05:51,650 --> 00:05:55,950
Click OK, and we're going to sign into not gov cloud or a sovereign cloud,

120
00:05:55,950 --> 00:05:57,000
but the public cloud.

121
00:05:57,000 --> 00:05:58,940
I'm not a cloud service provider.

122
00:05:58,940 --> 00:05:59,510
Sign in.

123
00:05:59,510 --> 00:06:01,890
We get our standard sign‑in flow here.

124
00:06:01,890 --> 00:06:04,960
I'll sign in with my administrative credentials.

125
00:06:04,960 --> 00:06:07,290
I'll answer this MFA request.

126
00:06:07,290 --> 00:06:11,240
All right, here's where I can patch into my Storage Sync Service.

127
00:06:11,240 --> 00:06:12,920
Let me choose my subscription,

128
00:06:12,920 --> 00:06:17,370
my resource group, and lastly, the Storage Sync Service. We'll click Register.

129
00:06:17,370 --> 00:06:19,390
Great. Registration was successful.

130
00:06:19,390 --> 00:06:23,410
Let me close out of here. And I have a PowerShell session running

131
00:06:23,410 --> 00:06:26,890
here, and you can see if I do a get‑service, the name of the Storage

132
00:06:26,890 --> 00:06:31,610
Sync agent window service, the short name is FileSyncSvc Just wanted

133
00:06:31,610 --> 00:06:35,650
to let you know that. We'll also want to make a note of the local path

134
00:06:35,650 --> 00:06:36,860
to our shared folder.

135
00:06:36,860 --> 00:06:40,740
In my case, it looks like it's C:\shares\script. And again,

136
00:06:40,740 --> 00:06:44,490
Azure File Sync allows you to share an entire volume, but Microsoft

137
00:06:44,490 --> 00:06:47,740
recommends that you use a discrete shared folder instead.

138
00:06:47,740 --> 00:06:51,910
Let's come back to the portal where we left off. Let's go to Sync groups,

139
00:06:51,910 --> 00:06:56,190
and let's head on over to nashville‑scripts. And now we will, in fact,

140
00:06:56,190 --> 00:07:00,810
click the Add server endpoint button because now we have our registered

141
00:07:00,810 --> 00:07:06,330
server right here, localdc1.contososolocal.int, and then we have our path.

142
00:07:06,330 --> 00:07:08,120
Again, when I first saw this,

143
00:07:08,120 --> 00:07:11,140
I was a little surprised because it wanted a local path

144
00:07:11,140 --> 00:07:13,350
and not a UNC path. But there you go.

145
00:07:13,350 --> 00:07:17,070
We're going to get into some of these other options in the next module.

146
00:07:17,070 --> 00:07:21,110
So for now, I'm just going to click Create and wait for this job to complete.

147
00:07:21,110 --> 00:07:25,310
Ultimately, our server endpoint shows with a green check for health, and

148
00:07:25,310 --> 00:07:29,540
we'll begin to see these metric displays down here that will eventually

149
00:07:29,540 --> 00:07:33,480
show files synced and bytes synced data over time.

150
00:07:33,480 --> 00:07:34,480
And as you'd expect,

151
00:07:34,480 --> 00:07:38,430
I think, if we head on over to the contosofiles001 storage account,

152
00:07:38,430 --> 00:07:42,100
File shares blade, and investigate our scripts share, we see

153
00:07:42,100 --> 00:07:48,000
that those files have, in fact, been synchronized from our local file share into the cloud.