Body
Overview
Pitt Information Technology offers a wealth of enterprise cloud storage options to University departments, faculty, staff, and researchers through Azure, Microsoft's enterprise cloud computing solution.
How Might You Use Azure Storage?
Azure is reliable, customizable, scalable, and redundant. It is ideal if you want to:
- Archive Data Inexpensively: Do you have data that is infrequently accessed that you need to store for long periods of time? Secure, redundant archival storage is available through Azure.
- Provide Shared File Storage without the Need for a Server: Store all of your data securely and redundantly in the cloud.
- Store and Compute with Data: Take advantage of an environment with protections for data privacy, legal/regulatory, and contractual compliance.
- Other uses for Azure...
Detail
Storage Options
Blob Storage
Blob storage is optimized for storing massive amounts of unstructured data. Blob storage is scalable, and you pay only for what you use. You can choose from among three storage tiers: Hot for frequently accessed data, Cool for infrequently accessed data, and Archive for rarely accessed data.
Learn more...
Data Lake Storage
Azure Data Lake Storage is a highly scalable and cost-effective solution for big data analytics. It allows you to easily manage massive amounts of data. It is built on Azure Blob storage, but it also adds a hierarchical namespace. The hierarchical namespace organizes objects/files into a hierarchy of directories for efficient data access.
Learn more...
Azure Files
Azure Files offers fully managed file shares in the cloud that are accessible via the industry-standard Server Message Block (SMB) protocol. You can mount Azure file shares concurrently on cloud or on-premises deployments of Windows, Linux, and macOS. You also can cache Azure file shares on Windows Server machines by using Azure File Sync for fast access close to where the data is used.
Learn more...
Storage Tiers
Azure provides different storage tiers for your data depending upon how frequently you plan to access it:
|
Tier
|
Best Use
|
Cost Comparison
|
Special Considerations
|
|
Hot
|
Frequently accessed data
|
Most expensive to store; least expensive to retrieve
|
|
|
Cold
|
Infrequently accessed data
|
Less expensive to store; slightly more expensive to retrieve
|
Penalties apply for data accessed before 30 days
|
|
Archival
|
Data that does not need to be accessed for at least six months
|
Least expensive to store; most expensive to retrieve
|
Penalties apply for data accessed before 180 days, and data retrieve could take up to 15 hours
|
Blob storage also provides data lifecycle management, which means you can transition blobs to a cooler storage tier (hot to cool, hot to archive, or cool to archive) to optimize for performance and cost. You can even set up policies to automatically transition data between different tiers.
Learn more…
Redundancy Options
Azure offers six different redundancy options: Locally redundant storage (LRS), Zone-redundant storage (ZRS), Geo-redundant storage (GRS), Read-access geo-redundant storage (RA-GRS), Geo-zone-redundant storage (GZRS), and Read-access geo-zone-redundant storage (RA-GZRS).
Learn more…
Sample Pricing Per TB
|
Storage Type
|
Redundancy
|
Access Tier
|
Monthly Cost per TB
|
Annual Cost per TB
|
|
Blob/Data Lake
|
LRS
|
Hot
Cool
Archival
|
$16
$9
$2
|
$198
$108
$26
|
|
Blob/Data Lake
|
ZRS
|
Hot
Cool
|
$21
$11
|
$248
$134
|
|
Blob/Data Lake
|
GRS
|
Hot
Cool
|
$33
$18
|
$416
$236
|
|
Azure Files
|
LRS
ZRS
GRS
|
Hot
Hot
Hot
|
$67
$79
$129
|
$804
$946
$1,545
|
Baseline Compliance with NIST 800-171
The University of Pittsburgh’s Azure environment meets the stringent security requirements set forth in NIST 800-171, a standard security framework that ensures information systems and networks are set up and operated in a secure manner.
NIST 800-171 establishes key security controls that address factors such as:
- Administrative privileges
- Access management
- Authentication
- Logging and monitoring
- Firewalls
All data stored in the University’s Azure environment is protected by security controls that ensure strong encryption, limit unsuccessful logins, and prohibit password reuse. For example, cryptographic mechanisms protect the confidentiality of remote access sessions, and passwords are stored as one-way hashes constructed from passwords using AES256 or stronger encryption.
Enhanced Security for Sensitive Data
Some data, including data protected by the Health Insurance Portability and Accountability Act (HIPAA), requires security controls that go beyond those established by NIST 800-181.
If you have especially sensitive data, the University’s Azure environment can likely be customized to accommodate your specific needs. Please contact us, and we’ll follow up to discuss a solution.
Automated Patching
Windows Servers deployed in the Azure environment are protected by an automated patching process that ensures critical security updates are installed as soon as they become available. Automated patching frees departmental server administrators from the traditional task of managing security patches, allowing them to focus their time and expertise where it is needed most. Standardizing the patch management process is also essential to enable the University to provide cloud-based virtualization at scale.
If your department’s servers have unique patching needs (for example, if you need to test certain systems before applying the latest security patches), please contact us so that we can discuss what on-premise options might be available.
Get Started
Ready to take advantage of enterprise cloud storage? Contact the Technology Help Desk. We'll follow up with the information you need to get started right away. We can even help you determine what storage solutions best meet your unique needs.