Azure Blob Container Storage Operation Notes - NETSEC


Learning, Sharing, Creating

Cybersecurity Memo

Saturday, October 30, 2021

Azure Blob Container Storage Operation Notes

This post is to show you the methods to access your Azure Blob storages, especially under Windows. 

You will be able to use NFS 3.0 protocol to mount Blob storage container. 

Azure Blog Storage vs Azure File Share

Azure Files and Azure Blob storage both offer ways to store large amounts of data in the cloud, but they are useful for slightly different purposes.

Azure Blob storage is useful for massive-scale, cloud-native applications that need to store unstructured data. To maximize performance and scale, Azure Blob storage is a simpler storage abstraction than a true file system. You can access Azure Blob storage only through REST-based client libraries (or directly through the REST-based protocol).

Azure Files is specifically a file system. Azure Files has all the file abstracts that you know and love from years of working with on-premises operating systems. Like Azure Blob storage, Azure Files offers a REST interface and REST-based client libraries. Unlike Azure Blob storage, Azure Files offers SMB or NFS access to Azure file shares. File shares can be mounted directly on Windows, Linux, or macOS, either on-premises or in cloud VMs, without writing any code or attaching any special drivers to the file system. You also can cache Azure SMB file shares on on-premises file servers by using Azure File Sync for quick access, close to where the data is used.

Azure Storage Explorer

Azure Portal, from storage accounts page, you can click "Open in Explorer":

You can use Azure Storage Explorer (Free tool to easily manage your Azure cloud storage resources anywhere, from Windows, macOS, or Linux)

Download link:

More details can be found from this link: Manage Azure Blob Storage resources with Storage Explorer

Connect to Blob container:

Anonymously access:

Enter your blob container URL:
teststorage51sec is storage account name
testcontainer2 is container name

Download an Archived file will be failed, but hot/cool will be ok. Cool download has no delay based on testing.

Change access layer for archive file. It is dehydrate process. 

You can choose to upload to a new folder to create a folder under Blob container when uploading files. You also can choose multiple files to upload at one time. 

Access Blob Storage Using Linux

References: Mount Blob storage by using the Network File System (NFS) 3.0 protocol

Mounting on Linux is simple, but you’ll need to have an NFS client install first. Some distros have this automatically installed, but others will need to install it.

Once it’s installed, create a mountpoint with mkdir. You may need sudo if you aren’t a root user or don’t have permissions.

mkdir /mnt/mystuff

After creating the mountpoint, mount the Storage Account with the mount command.

mount -o sec=sys,vers=3,nolock,proto=tcp /mnt/mystuff

Reference: Mount SMB Azure file share on Linux

Access Blob Storage in Windows

Mounting Blob Storage using NFS 3.0

Reference link:

Enable cloud shell ( will cause a small charges since it will requires a storage account with a new resource group to store some information. 
Requesting a Cloud Shell.Succeeded.
Connecting terminal...

Welcome to Azure Cloud Shell

Type "az" to use Azure CLI
Type "help" to learn about Cloud Shell

MOTD: Save files to $home/clouddrive for persistence across sessions

VERBOSE: Authenticating to Azure ...
VERBOSE: Building your Azure drive ...
PS /home/netsec>
PS /home/netsec> Register-AzProviderFeature -FeatureName AllowNFSV3 -ProviderNamespace Microsoft.Storage

FeatureName ProviderName      RegistrationState
----------- ------------      -----------------
AllowNFSV3  Microsoft.Storage Registering

PS /home/netsec>
PS /home/netsec> Register-AzResourceProvider -ProviderNamespace Microsoft.Storage

ProviderNamespace : Microsoft.Storage
RegistrationState : Registered
ResourceTypes     : {storageAccounts/encryptionScopes, deletedAccounts, locations/deletedAccounts, storageAccounts…}
Locations         : {East US, East US 2, West US, West Europe…}

PS /home/netsec>
Verify that NFS is registered
PS /home/netsec> Get-AzProviderFeature -ProviderNamespace Microsoft.Storage -FeatureName AllowNFSV3

FeatureName ProviderName      RegistrationState
----------- ------------      -----------------
AllowNFSV3  Microsoft.Storage Registering

PS /home/netsec>
Create a storage account:
Please make sure using premium performance settings with block blobs.

You might wondering why we are not using Standard performance with Locally-redundant storage (LRS), which is also supporting NFS v3 protocol. That is because of speed. The speed is only able to reach around 90 Mbps as shown below screenshot. 

Advanced configuration:

Please make sure virtual network is same as your Windows VM's network. 

On your VM, install client for NFS.

You will need to enable write access to the NFS share by creating two registry settings. You can do this by launching PowerShell and running the following two commands. Once this is done, you need to reboot or restart the NFS service. Failed to do this step, you will only be able to mount the NFS container, but not able to access it. It will show you error to say no permission.

New-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\ClientForNFS\CurrentVersion\Default -Name AnonymousUid -PropertyType DWord -Value 0

New-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\ClientForNFS\CurrentVersion\Default -Name AnonymousGid -PropertyType DWord -Value 0

Restart client VM.

C:\Users\netsec>mount -o nolock *
Z: is now successfully connected to

The command completed successfully.



The uploading speed is about 120Mbps from local to mounted NFS share. 

But when using Azure Storage Explorer, it can reach around 430Mbps.

Automatically Mount Local Drive to the Shared Server Folder upon System Startup

The next step is to automatically mount the shared folder in the Shared Server to your local drive upon system startup.

Create a Script

  1. Create a batch file and put it in C:\mount.bat.

  2. Open the file in a text editor and enter the following command(s) that mounts the sessions-storage or manager-storage folder in the shared server, whose IP address is, This folder is configured when setting up your Shared Server Directory to a local drive name S:


    mount -o fileaccess=777 S: 
    mount -o fileaccess=777 S:
  3. Save and close the file when you are done.

Create a Task to Execute the Batch File at System Startup

Next, you will create a task from the Task Scheduler that will execute your batch file at system startup.

  1. Open the Task Scheduler application and select Create Basic Task in the right panel.

  2. In Create a Basic Task screen, enter a name for our task, e.g. "Mount shared storage to S drive", then click Next.

  3. In Task Trigger screen, select option 'When the computer starts', then click Next.

  4. In Action screen, select the option Start a program and click Next.

  5. In Start a Program screen, enter 'C:\mount.bat' to Program/script field then click Next.

  6. In Summary screen, click Finish.

Edit the Task Properties

  1. From Task Scheduler, select Task Scheduler Library folder in the left panel.

  2. Look for your newly created task in the middle panel, and right click on it.

  3. Select Properties in the popup menu.

  4. In the Properties window, perform following actions:

    • Check the checkbox 'Run with highest privileges'

    • Click on 'Change User or Group...'

  5. In the Select User or Group window, do the following:

    • Enter 'system' to the field Enter the object to select

    • Select Check Names

    • Select OK 

  6. The property window now will look like below. Click OK to finish setting up the task property.


No comments:

Post a Comment