Azure Elastic SAN Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Storage

1. Introduction

Azure Elastic SAN is a managed block storage service that provides SAN-like (Storage Area Network) capabilities in Azure using iSCSI. It is designed for workloads that want shared, high-performance block volumes without you having to build and operate traditional SAN infrastructure.

In simple terms: you create an Elastic SAN, carve it into volumes, and attach those volumes to servers over the network—similar to how an on‑prem SAN presents LUNs to hosts, but delivered as a managed Azure service.

Technically, Azure Elastic SAN is an Azure resource that contains provisioned capacity and performance, then exposes one or more volume groups with network connectivity to your virtual network. Within a volume group, you create volumes that are accessed by clients (for example, Azure VMs) using the iSCSI protocol over private networking. Control-plane operations are handled through Azure Resource Manager (ARM), while data-plane traffic flows directly between your hosts and the iSCSI target endpoints.

The main problem it solves is: shared, centrally managed block storage at scale. Compared to attaching many individual managed disks across many VMs, Elastic SAN gives you pooled capacity, consolidated performance management, and SAN-style operations (volume creation, resizing, access control) in a single service.

Service status / naming: As of this writing, the official product name is Azure Elastic SAN in Azure Storage. If Microsoft renames or rebrands the service, verify the latest name and features in the official documentation: https://learn.microsoft.com/azure/storage/elastic-san/

2. What is Azure Elastic SAN?

Azure Elastic SAN is a managed Azure Storage service that delivers SAN-like, network-attached block storage to compute resources in Azure using iSCSI.

Official purpose (what it’s for)

Provide centrally managed, scalable block storage volumes that can be attached over the network to one or more hosts.
Reduce operational complexity compared to self-managed iSCSI targets or traditional SAN appliances.
Offer pooled capacity/performance and flexible volume provisioning for enterprise-style workloads.

Core capabilities

Provision an Elastic SAN instance (capacity + performance) and subdivide it into volumes.
Organize volumes into volume groups, which represent a network-accessible iSCSI target boundary and access configuration.
Attach volumes to hosts using iSCSI initiators (commonly Linux or Windows VMs).
Resize volumes and manage lifecycle via Azure Portal, ARM, Azure CLI, PowerShell, and APIs (availability depends on current tooling support—verify in docs).

Major components

Elastic SAN: The top-level resource where you provision overall capacity/performance.
Volume group: A container for volumes that also defines how volumes are exposed to your network (iSCSI target endpoints and access/network rules).
Volume: The block device presented to hosts (similar to a LUN).
(Optional/feature-dependent) Snapshots / backups: Some SAN products support snapshots; Azure Elastic SAN has evolving capabilities. Verify the current snapshot/backup support and limitations in the official docs for your region and SKU.

Service type

Managed block storage over the network (iSCSI).
Control plane: Azure Resource Manager.
Data plane: iSCSI traffic from initiators to target endpoints in/through your Azure virtual network.

Scope: regional/global, subscription, etc.

Regional service: You deploy an Elastic SAN into an Azure region. Hosts typically need to be in the same region for best latency and to avoid cross-region complexity/cost. (Verify any cross-region access guidance in official docs.)
Azure subscription/resource group scoped: Managed like other Azure resources with RBAC, tags, policies, and locks.

How it fits into the Azure ecosystem

Azure Elastic SAN complements other Azure Storage offerings:

Azure Managed Disks: Per-VM block disks (simple, common default).
Azure Files: SMB/NFS file shares (file storage).
Azure NetApp Files: Enterprise NFS/SMB with NetApp features (file storage and some block-style workflows through NetApp capabilities).
Azure Elastic SAN: A SAN-style, shared, pooled block storage service for architectures that benefit from centralized volume management and iSCSI connectivity.

3. Why use Azure Elastic SAN?

Business reasons

Reduced operational burden: No need to deploy, patch, and manage iSCSI target servers or third-party SAN VMs.
Faster provisioning: Storage teams can provision volumes quickly without complex infrastructure lead time.
Better cost governance: Pooled capacity/performance can reduce overprovisioning compared to “one managed disk per workload” sprawl (depending on usage patterns).

Technical reasons

Shared block storage model: For workloads and clustering patterns that require SAN-like behavior.
Centralized capacity and performance: Provision capacity once at the SAN level, then allocate volumes to applications as needed.
Network-based attachment: Hosts connect over iSCSI; volumes aren’t tied to one VM the way a managed disk typically is.

Operational reasons

Standardized storage operations: Volume creation, resizing, access boundaries via volume groups.
Easier fleet management: Large environments can manage many volumes under fewer top-level resources.
Separation of duties: Storage admins can manage SAN/volume lifecycle while app teams manage OS/filesystems.

Security/compliance reasons

Private networking patterns: Data traffic can stay within Azure VNets/private connectivity (implementation depends on current Elastic SAN networking model—verify in docs).
Azure RBAC and governance: Use resource-level access control, tags, policies, and activity logs.
Encryption at rest: Azure Storage services generally encrypt data at rest by default; confirm Elastic SAN specifics in the service documentation.

Scalability/performance reasons

Scale by pooling: Add capacity and performance to the SAN, then distribute to volumes.
Multi-host access patterns: iSCSI supports multi-pathing and redundant connectivity patterns (host configuration required).

When teams should choose it

Choose Azure Elastic SAN when you need: – SAN-style shared block storage patterns – Centralized management of many volumes – iSCSI connectivity in Azure – Predictable performance planning at a pool level

When teams should not choose it

Avoid Azure Elastic SAN when: – You only need simple per-VM storage: Azure Managed Disks are usually simpler. – You need file protocols (SMB/NFS): use Azure Files or Azure NetApp Files. – You require features not supported by Elastic SAN (advanced snapshot/replication/backup integrations, cross-region replication, etc.). Verify current feature support. – You need Kubernetes-native persistent volumes without custom iSCSI workflows. (Most AKS users use Azure Disk CSI or Azure Files CSI; iSCSI is possible but adds operational complexity.)

4. Where is Azure Elastic SAN used?

Industries

Finance and trading (latency-sensitive databases, standardized storage governance)
Healthcare (regulated environments, centralized control)
Manufacturing (ERP workloads, plant systems migrating to Azure)
Retail/e-commerce (databases, analytics staging)
Media and gaming (build pipelines, asset processing requiring fast block storage)
Government (centralized governance and compliance patterns)

Team types

Platform engineering teams building shared infrastructure
Storage/infra teams migrating SAN workflows to cloud
SRE/operations teams standardizing block storage provisioning
DevOps teams supporting stateful services at scale (outside of purely cloud-native patterns)

Workloads

Databases and transactional systems that prefer block devices (verify best practices for your specific database)
Legacy enterprise applications that expect SAN-backed LUNs
Clustering solutions that use shared block storage (compatibility and support matrices must be verified)
Build systems needing many volumes across many build agents
Large fleets of VMs where per-VM disk management is cumbersome

Architectures

Hub-and-spoke networks where shared services live in hub VNets (networking model must be verified against Elastic SAN requirements)
Multi-tier apps with a storage tier providing block volumes to app/data tier VMs
“Storage platform” internal service where storage is offered to multiple app teams via volume groups

Real-world deployment contexts

Production: central SAN per environment (prod/non-prod) with strict access boundaries and monitoring
Dev/test: smaller SANs used to reproduce SAN-based workloads with lower cost controls (capacity/performance kept minimal)

5. Top Use Cases and Scenarios

Below are realistic scenarios where Azure Elastic SAN is a strong fit. Always validate workload support (OS, clustering, multipath, filesystem, and any vendor requirements).

1) Shared block volumes for VM clusters

Problem: Multiple VMs need access to shared block storage for clustering or coordinated access patterns.
Why it fits: iSCSI SAN model is designed for shared LUN workflows (with proper host-side coordination).
Example: A Windows Server cluster that requires shared disks for specific roles (verify supported architectures).

2) Consolidating “disk sprawl” across hundreds of VMs

Problem: Large environments create and manage thousands of managed disks, making lifecycle and governance complex.
Why it fits: Elastic SAN provides pooled capacity and centralized volume management.
Example: A CI fleet with many ephemeral worker VMs that need fast scratch volumes.

3) Lift-and-shift of SAN-backed enterprise apps

Problem: An on-prem app is tightly coupled to SAN volumes and expects SAN-like operational processes.
Why it fits: Similar operational model (LUNs/volumes, access controls, centralized provisioning).
Example: Migrating a line-of-business application that documents “iSCSI LUN required.”

4) Database storage modernization (SAN model)

Problem: Database teams want dedicated volumes with predictable performance and centralized monitoring.
Why it fits: You can allocate volumes from a performance pool and manage changes centrally.
Example: A SQL Server VM deployment using separate volumes for data, logs, and temp (validate vendor guidance).

5) High-performance scratch or staging for ETL

Problem: ETL jobs need fast block storage for intermediate data sets, not long-term file sharing.
Why it fits: Block volumes can deliver consistent performance; volumes can be created and destroyed as pipelines change.
Example: Nightly batch ETL stages data on Elastic SAN volumes, then writes results to a data lake.

6) Standardized storage service for internal platform teams

Problem: App teams need storage, but platform team wants a consistent model and guardrails.
Why it fits: Volume groups can represent tenants/environments; RBAC and policy can enforce standards.
Example: Platform team creates “prod” and “nonprod” volume groups and allocates volumes to teams.

7) Rapid provisioning of many small block volumes

Problem: Per-disk overhead makes it tedious to manage many small disks across VMs.
Why it fits: SAN pooling and volume creation workflows are designed for high volume.
Example: A lab environment that spins up dozens of training VMs, each with one dedicated volume.

8) Migration off self-managed iSCSI target VMs

Problem: Teams run iSCSI targets on Linux/Windows VMs, causing patching, HA, and operational overhead.
Why it fits: Managed service removes target server management burden.
Example: Replace a pair of Linux iSCSI target VMs with Elastic SAN volume groups.

9) Separate capacity planning from VM lifecycle

Problem: Storage planning is hard when each VM owns its disks; resizing is frequent.
Why it fits: Capacity is pooled at SAN level; you can resize volumes without touching VM definitions.
Example: A microservices platform where stateful components come and go, but storage pool stays.

10) Controlled multi-tenant storage boundaries

Problem: Multiple teams need storage, but you must prevent accidental cross-access.
Why it fits: Use separate volume groups (and RBAC) to isolate teams/environments.
Example: One Elastic SAN per department, one volume group per application domain.

11) Performance isolation by design

Problem: Mixed workloads interfere with each other’s disk performance.
Why it fits: Allocate performance at the SAN/volume group level (exact controls depend on current product capabilities—verify).
Example: Separate volume groups for latency-sensitive OLTP vs batch processing.

12) Consistent iSCSI connectivity for specialized appliances

Problem: Some third-party VM appliances support iSCSI and are easier to integrate with LUNs than with cloud-native disk models.
Why it fits: iSCSI is widely supported across OSes and appliances.
Example: A vendor VM that only documents iSCSI LUN attachment for data storage.

6. Core Features

This section focuses on practical, commonly used capabilities of Azure Elastic SAN. Exact feature availability can vary by region or service updates—verify in official docs.

Feature 1: Elastic SAN resource (pooled provisioning)

What it does: Lets you provision storage capacity (and performance) once, then allocate volumes from that pool.
Why it matters: Avoids managing capacity/performance per disk across many VMs.
Practical benefit: Faster provisioning and easier capacity planning.
Caveats: You still need to plan for headroom, growth, and performance allocation. Pricing is based on provisioned dimensions (see Pricing section).

Feature 2: Volume groups (network + administrative boundary)

What it does: Groups volumes and defines how they’re exposed over the network (iSCSI target endpoints) and managed as a unit.
Why it matters: Clean separation of environments/tenants and networking configuration.
Practical benefit: Create “prod” vs “dev” boundaries; isolate teams/apps.
Caveats: Volume group networking may require specific subnet/delegation/private connectivity patterns. Confirm requirements in docs.

Feature 3: Volumes (block devices/LUNs)

What it does: Provides block storage devices that hosts can format with filesystems (XFS/ext4/NTFS/ReFS, etc.) or use as raw devices.
Why it matters: Enables enterprise and legacy apps that expect block devices.
Practical benefit: Familiar storage operations: partition, format, mount, resize (host steps required).
Caveats: Multi-host access requires correct clustering/filesystem coordination. Block devices are not inherently “shared file systems.”

Feature 4: iSCSI-based data plane

What it does: Hosts connect using iSCSI initiators to iSCSI target endpoints provided by the volume group.
Why it matters: Standard protocol, widely supported; works across many OS types.
Practical benefit: Straightforward connectivity from Linux/Windows; supports multipath with proper configuration.
Caveats: iSCSI security is heavily reliant on private networking and correct access controls. If CHAP or other auth features are supported, configure them—verify current options.

Feature 5: Host-side multipath support (architecture pattern)

What it does: iSCSI typically supports multiple paths/portals for redundancy and performance (host configuration).
Why it matters: Reduces impact of a single network path failure and can improve throughput.
Practical benefit: Better resilience for critical workloads.
Caveats: Multipath is configured on the host OS (e.g., multipath-tools on Linux, MPIO on Windows). Misconfiguration can cause data corruption or inconsistent device names.

Feature 6: Resizing volumes (capacity changes)

What it does: Increase volume size as needs grow (and potentially adjust SAN pool capacity).
Why it matters: Avoids migrations when storage needs expand.
Practical benefit: Scale up with minimal disruption (host filesystem resize still required).
Caveats: Shrinking volumes is often restricted in block storage systems; confirm what Elastic SAN supports. Always validate app/filesystem procedure.

Feature 7: Azure RBAC and ARM governance

What it does: Control management-plane actions (create/delete/resize volumes, change volume groups) through Azure roles.
Why it matters: Prevents unauthorized changes and supports separation of duties.
Practical benefit: Least privilege, auditability, policy enforcement.
Caveats: RBAC protects control plane; you still must enforce data-plane access via network and iSCSI configuration.

Feature 8: Monitoring via Azure Monitor (metrics/logging)

What it does: Exposes metrics and (depending on support) diagnostic logs for operational visibility.
Why it matters: Storage issues often manifest as latency, IOPS saturation, and connectivity problems.
Practical benefit: Alert on key SLO indicators like latency and throughput, and correlate with VM metrics.
Caveats: Confirm which metrics/logs are available for Elastic SAN in your region and how to route them to Log Analytics/Event Hub/Storage.

Feature 9: Private networking patterns (typical deployment)

What it does: Keep iSCSI endpoints reachable only via your Azure virtual network(s) using private addressing/private access.
Why it matters: iSCSI should not be exposed broadly.
Practical benefit: Reduces attack surface and data exfiltration risk.
Caveats: Exact networking implementation (delegated subnet, private endpoints, allowed subnets, DNS) must follow current Elastic SAN docs.

Feature 10: Automation support (CLI/PowerShell/ARM/Bicep)

What it does: Enables infrastructure-as-code for provisioning SANs, volume groups, and volumes.
Why it matters: Storage should be reproducible and governed like other infrastructure.
Practical benefit: Standardized environments, safer changes, CI/CD integration.
Caveats: Tooling evolves; verify the latest Azure CLI/PowerShell modules and API versions.

7. Architecture and How It Works

High-level service architecture

Azure Elastic SAN has two major planes:

Control plane (management)
– You create and manage Elastic SAN resources via Azure Portal/CLI/ARM. – Operations include provisioning capacity, creating volume groups and volumes, setting access/network configurations, and monitoring.
Data plane (I/O path)
– Your hosts (e.g., Azure VMs) connect using iSCSI to the SAN’s target endpoints. – Reads/writes traverse your Azure network path to the iSCSI target and storage backend.

Request/data/control flow

Provisioning:
User → Azure Resource Manager → Elastic SAN resource provider → Elastic SAN created/updated.
Attachment/IO:
VM (iSCSI initiator) → VNet → iSCSI target endpoints (volume group) → Volume storage.
Monitoring:
Elastic SAN emits metrics/logs → Azure Monitor → alerts/dashboards → ITSM/incident workflows.

Integrations with related Azure services

Common integrations include: – Azure Virtual Network (VNet): required for private connectivity patterns. – Azure VMs: typical compute initiators for iSCSI volumes. – Azure Monitor + Log Analytics: monitoring and diagnostics aggregation. – Azure Policy: enforce tags, allowed regions, required diagnostic settings (policy coverage varies; validate). – Microsoft Defender for Cloud: posture management (coverage depends on resource type support).

Dependency services

Azure Resource Manager for provisioning and governance.
Azure networking for connectivity and isolation.
Azure Monitor for metrics/logging.

Security/authentication model

Management plane: Azure AD + Azure RBAC controls who can create/modify SAN resources.
Data plane: iSCSI connectivity is typically protected by private networking and access rules. If iSCSI authentication (e.g., CHAP) is supported, use it—verify in current Elastic SAN docs.

Networking model (practical view)

Most designs follow these principles: – Keep Elastic SAN endpoints private in a dedicated subnet. – Restrict which subnets/hosts can reach the iSCSI target endpoints. – Allow required traffic (typically TCP 3260 for iSCSI) within trusted VNets.

Because the exact Elastic SAN network configuration model can change (delegated subnet vs private endpoint vs network rules), follow the current “Networking” section of the official docs: https://learn.microsoft.com/azure/storage/elastic-san/

Monitoring/logging/governance considerations

Track latency, IOPS, throughput, queue depth indicators (as provided).
Use Azure Activity Log for who changed what (RBAC-protected operations).
Configure diagnostic settings (if supported) to Log Analytics.
Enforce tags (cost center, environment, owner, data classification).

Simple architecture diagram

flowchart LR
  subgraph AzureVNet[Azure Virtual Network]
    VM[Azure VM\n(iSCSI initiator)]
  end

  subgraph ElasticSAN[Azure Elastic SAN]
    VG[Volume Group\n(iSCSI target endpoints)]
    VOL[Volume (LUN)]
  end

  VM -- "iSCSI (TCP 3260)\nread/write" --> VG --> VOL
  Admin[Admin/CI Pipeline] -- "ARM/Portal/CLI" --> ElasticSAN

Production-style architecture diagram

flowchart TB
  subgraph Mgmt[Management Plane]
    AAD[Azure AD]
    RBAC[Azure RBAC]
    ARM[Azure Resource Manager]
    Policy[Azure Policy]
  end

  subgraph Net[Azure Networking]
    Hub[Hub VNet]
    Spoke1[Spoke VNet: App/Data]
    DNS[Private DNS (if required)]
  end

  subgraph Compute[Compute Layer]
    VM1[VMs / Cluster Nodes\nLinux/Windows iSCSI initiators]
    VM2[Batch/ETL Workers]
  end

  subgraph Storage[Storage Layer]
    ESAN[Azure Elastic SAN]
    VG1[Volume Group: prod]
    VG2[Volume Group: nonprod]
    V1[Volumes: data/log/temp]
    V2[Volumes: scratch]
  end

  subgraph Ops[Operations]
    Mon[Azure Monitor Metrics]
    LA[Log Analytics Workspace]
    Alert[Alerts/Action Groups]
  end

  AAD --> RBAC --> ARM --> ESAN
  Policy --> ESAN

  Hub --- Spoke1
  Spoke1 --- Compute
  Compute -- "iSCSI (TCP 3260)\nMultipath recommended" --> VG1 --> V1
  Compute -- "iSCSI (TCP 3260)" --> VG2 --> V2

  ESAN --> Mon --> Alert
  ESAN --> LA
  DNS --- Spoke1

8. Prerequisites

Account/subscription/tenant requirements

An active Azure subscription.
Ability to create resources in a resource group in a region that supports Azure Elastic SAN.

Permissions / IAM roles

At minimum, you typically need: – Contributor on the resource group (for creating SAN, networks, and VM), or more scoped roles: – Roles that can create/manage Elastic SAN resources (service-specific roles may exist—verify). – Network Contributor for VNet/subnet changes. – Virtual Machine Contributor for VM creation.

Principle of least privilege: – Storage admins: can manage Elastic SAN and volume groups/volumes. – App/ops teams: can connect and format volumes inside the OS but not delete SAN resources.

Billing requirements

Azure Elastic SAN is a paid service. Ensure your subscription is allowed to create it (no policy blocks) and has a valid billing method.

CLI/SDK/tools

Azure Portal (web)
Azure CLI (recommended for scripting): https://learn.microsoft.com/cli/azure/install-azure-cli
If az elastic-san commands aren’t available in your CLI version, you may need an extension or an update. Verify via: bash az version az elastic-san -h
SSH client (for Linux VM access)
On the VM:
Linux: open-iscsi package; optionally multipath-tools.
Windows: iSCSI Initiator + (optionally) MPIO.

Region availability

Azure Elastic SAN is not available in every region. Check:
Product availability: https://azure.microsoft.com/explore/global-infrastructure/products-by-region/
Elastic SAN documentation region notes: https://learn.microsoft.com/azure/storage/elastic-san/

Quotas/limits

Expect limits such as max SANs per subscription/region, max volume groups, max volumes, max capacity, and performance ceilings.
Quotas can change; verify current limits in the official docs and in Azure Portal quota pages for your subscription/region.

Prerequisite services

Azure Virtual Network (VNet) and subnets for compute and Elastic SAN connectivity.
Azure VM(s) (for this lab) to act as iSCSI initiators.

9. Pricing / Cost

Azure Elastic SAN pricing is usage- and provisioning-based. Exact rates vary by region and may change over time, so use official sources for current numbers.

Official pricing page: https://azure.microsoft.com/pricing/details/elastic-san/
Azure Pricing Calculator: https://azure.microsoft.com/pricing/calculator/

Pricing dimensions (what you pay for)

Typical cost dimensions for managed SAN-style services include (verify exact Elastic SAN meters on the pricing page): 1. Provisioned capacity (how much SAN storage you allocate) 2. Provisioned performance (IOPS and/or throughput capacity, often configurable separately from capacity) 3. Snapshots / backup capacity (if snapshot features are enabled and billed) 4. Networking components that your architecture requires (indirect): – Private Link / private endpoints (if used) – VNet peering (if spanning VNets) – NAT gateways, firewalls, or routing appliances (if used)

Free tier

Azure Elastic SAN generally does not have a meaningful free tier for production usage. You might get limited free Azure credits via trials, Visual Studio subscriptions, or training subscriptions, but the service itself is billed.

Primary cost drivers

Provisioned SAN size: Larger pools increase cost even if not fully used.
Provisioned performance: Higher IOPS/throughput allocations increase cost.
Number of environments: Multiple SANs (prod/nonprod) multiply fixed provisioning charges.
Operational design: If you add Private Link, firewalls, or complex routing, networking costs can exceed storage costs.

Hidden or indirect costs to plan for

Compute: VMs that consume Elastic SAN volumes are billed separately.
Backups: If you implement backups via app-level tools or snapshots + copy workflows, storage and data movement costs add up.
Monitoring: Log Analytics ingestion/retention can be significant if diagnostics are verbose.
Cross-zone or cross-region traffic: If your design causes inter-zone or inter-region data transfer, you may incur bandwidth charges and latency penalties (verify Azure bandwidth pricing).

Network/data transfer implications

In-region VNet traffic patterns are usually the cheapest and lowest latency.
If you connect from a different VNet via peering, verify:
Whether Elastic SAN supports your desired topology.
Whether peering/egress charges apply.
Whether additional DNS/private endpoint configurations are needed.

How to optimize cost (practical guidance)

Right-size capacity: Don’t provision large pools “just in case” without growth plans.
Right-size performance: Increase IOPS/throughput only when metrics show sustained saturation.
Separate environments: Use smaller SAN for dev/test with strict auto-shutdown for VMs.
Use tagging and budgets:
Tags: env, app, costCenter, owner, dataClassification
Azure Budgets + alerts for storage and monitoring spend

Example low-cost starter estimate (how to think about it)

A minimal lab typically includes: – 1 small Elastic SAN with minimal provisioned capacity/performance (service minimums apply) – 1 small Linux VM for a few hours – Minimal logging retention

Because exact prices are region- and meter-dependent, build an estimate with the Azure Pricing Calculator using: – Your target region – Expected provisioned capacity – Expected performance units (IOPS/throughput as applicable) – Expected runtime (for VM) – Monitoring retention (Log Analytics)

Example production cost considerations

For production, estimate: – SAN provisioned capacity for 12–24 months growth – Performance headroom for peak workloads – Redundant host connectivity (may require extra networking components) – Backup strategy costs (snapshot storage, backup vaults, or app-native replication) – Monitoring and alerting (Log Analytics volume, retention, dashboards)

10. Step-by-Step Hands-On Tutorial

This lab provisions a small Azure environment and attaches an Azure Elastic SAN volume to a Linux VM over iSCSI, formats it, mounts it, and validates I/O.

Objective

Create an Azure Elastic SAN, volume group, and volume
Connect a Linux VM to the volume using iSCSI
Format and mount the block device
Validate read/write
Clean up resources safely

Lab Overview

You will build: – Resource group – VNet with: – subnet-vm (VM lives here) – subnet-esan (used for Elastic SAN volume group connectivity; may require delegation per current docs) – Ubuntu VM – Azure Elastic SAN + volume group + volume – iSCSI connection from VM to Elastic SAN

Cost control tips: – Use one small VM size – Keep SAN capacity/performance minimal – Delete everything at the end

Step 1: Create a resource group and network (Azure CLI)

1) Sign in and select your subscription:

az login
az account show
az account set --subscription "<SUBSCRIPTION_ID_OR_NAME>"

2) Set variables:

LOCATION="eastus"              # choose a region that supports Azure Elastic SAN
RG="rg-elasticsan-lab"
VNET="vnet-elasticsan-lab"
SUBNET_VM="subnet-vm"
SUBNET_ESAN="subnet-esan"

3) Create the resource group:

az group create --name "$RG" --location "$LOCATION"

Expected outcome: – Resource group exists in your chosen region.

4) Create the VNet and VM subnet:

az network vnet create \
  --resource-group "$RG" \
  --name "$VNET" \
  --address-prefixes 10.50.0.0/16 \
  --subnet-name "$SUBNET_VM" \
  --subnet-prefixes 10.50.1.0/24

5) Create the Elastic SAN subnet:

az network vnet subnet create \
  --resource-group "$RG" \
  --vnet-name "$VNET" \
  --name "$SUBNET_ESAN" \
  --address-prefixes 10.50.2.0/24

Expected outcome: – VNet with two subnets is ready.

Note: Elastic SAN volume group networking may require a delegated subnet and/or specific network settings. The safest approach is to apply the required delegation in the Azure Portal during volume group creation (it will show the exact delegation name). Follow current docs: https://learn.microsoft.com/azure/storage/elastic-san/

Step 2: Create a Linux VM (Azure CLI)

1) Create an Ubuntu VM:

VM_NAME="vm-iscsi-initiator-01"
ADMIN_USER="azureuser"

az vm create \
  --resource-group "$RG" \
  --name "$VM_NAME" \
  --image Ubuntu2204 \
  --admin-username "$ADMIN_USER" \
  --generate-ssh-keys \
  --vnet-name "$VNET" \
  --subnet "$SUBNET_VM" \
  --public-ip-sku Standard

Expected outcome: – VM is created and you receive public IP info in the output.

2) Capture the VM public IP:

VM_IP=$(az vm show -d -g "$RG" -n "$VM_NAME" --query publicIps -o tsv)
echo "$VM_IP"

3) SSH to the VM:

ssh ${ADMIN_USER}@${VM_IP}

Expected outcome: – You have a shell on the VM.

Step 3: Create Azure Elastic SAN, volume group, and volume (Azure Portal)

Because Elastic SAN fields and CLI parameters can evolve, this lab uses the Azure Portal for the service-specific provisioning steps to keep the workflow executable.

1) In the Azure Portal, go to Create a resource → search for Azure Elastic SAN → Create.

2) In Basics: – Subscription: your subscription – Resource group: rg-elasticsan-lab – Name: esanlab01 (must be unique in the RG) – Region: same region as the VM (e.g., East US) – Configure capacity and performance at minimal values allowed in the portal.

3) Create a volume group: – Go to your Elastic SAN → Volume groups → + Create – Name: vg-lab-01 – Network: – Select your VNet: vnet-elasticsan-lab – Select subnet: subnet-esan – If the portal prompts for subnet delegation or requires changes, allow it (this is common for managed service endpoint injection patterns).
– Restrict access to only required VNets/subnets as recommended by the portal/docs.

4) Create a volume in the volume group: – Go to volume group vg-lab-01 → Volumes → + Create – Volume name: vol-lab-01 – Size: choose a small size for the lab (e.g., tens of GiB; use portal minimums) – Keep defaults unless you have a specific need.

Expected outcome: – You have one Elastic SAN, one volume group, and one volume in a Succeeded provisioning state.

Step 4: Obtain iSCSI connection details (Azure Portal)

1) In the Azure Portal, open: – Elastic SAN → Volume group vg-lab-01 → Volume vol-lab-01

2) Find the Connect / iSCSI connection panel (naming can differ slightly). Capture: – One or more target portal IPs/FQDNs – The target IQN (iSCSI Qualified Name) – The LUN identifier if shown (often 0 for a single volume)

Expected outcome: – You have the connection details required for iscsiadm on Linux.

Step 5: Connect from Linux to the Elastic SAN volume (Linux commands)

Run the following on the VM (SSH session).

1) Install iSCSI tools:

sudo apt-get update
sudo apt-get install -y open-iscsi
sudo systemctl enable --now iscsid

Expected outcome: – iscsid service is running.

2) (Optional but recommended) Install multipath tools:

sudo apt-get install -y multipath-tools
sudo systemctl enable --now multipathd

3) Discover targets (use one portal IP from the portal):

# Replace with one target portal IP/FQDN from Azure Portal:
PORTAL="<TARGET_PORTAL_IP_OR_FQDN>"

sudo iscsiadm -m discovery -t sendtargets -p "$PORTAL"

Expected outcome: – Output lists one or more targets including an IQN.

4) Log in to the target (replace IQN with your target IQN):

IQN="<TARGET_IQN_FROM_PORTAL>"

sudo iscsiadm -m node -T "$IQN" -p "$PORTAL" --login

Expected outcome: – Successful login message; a new block device appears.

5) Make the login persistent across reboots:

sudo iscsiadm -m node -T "$IQN" -p "$PORTAL" --op update -n node.startup -v automatic

6) Identify the new disk:

lsblk -o NAME,SIZE,TYPE,MOUNTPOINT,MODEL

Look for a new disk (often sdb or similar) with the size you created.

If multipath is enabled, check:

sudo multipath -ll || true
ls -l /dev/mapper/ || true

Expected outcome: – You can identify the device path to format (either /dev/sdX or /dev/mapper/mpathX).

Step 6: Partition, format, and mount the volume

Choose one device path carefully. Formatting the wrong disk will destroy data.

1) Set a variable for the device (examples shown; pick the correct one):

# Example if the new disk is /dev/sdb (single path)
DEV="/dev/sdb"

# Example if multipath created a device like /dev/mapper/mpatha
# DEV="/dev/mapper/mpatha"

2) Create a GPT partition table and a single partition:

sudo parted -s "$DEV" mklabel gpt
sudo parted -s "$DEV" mkpart primary 0% 100%

3) Format it (XFS is common for data volumes; ext4 is also fine):

PART="${DEV}1"
sudo mkfs.xfs -f "$PART"

Expected outcome: – Filesystem created successfully.

4) Mount the filesystem:

sudo mkdir -p /mnt/esan
sudo mount "$PART" /mnt/esan
df -h /mnt/esan

Expected outcome: – /mnt/esan shows mounted capacity.

5) Make it persistent in /etc/fstab:

UUID=$(sudo blkid -s UUID -o value "$PART")
echo "UUID=$UUID /mnt/esan xfs defaults,_netdev,nofail 0 2" | sudo tee -a /etc/fstab

Expected outcome: – VM will remount after reboot ( _netdev helps ensure network is up before mounting).

Validation

Run these checks on the VM:

1) Confirm iSCSI session:

sudo iscsiadm -m session

2) Confirm mount is writable:

sudo sh -c 'echo "hello from Elastic SAN $(date)" > /mnt/esan/hello.txt'
cat /mnt/esan/hello.txt

3) (Optional) Quick I/O test (small and safe):

sudo apt-get install -y fio
fio --name=quicktest --directory=/mnt/esan --size=256M --bs=64k --rw=write --iodepth=8 --numjobs=1 --time_based --runtime=30

Expected outcome: – Write test completes without I/O errors.

Troubleshooting

Common problems and fixes:

1) Discovery returns nothing / cannot reach portal – Verify the VM and Elastic SAN are in the same region (recommended). – Verify volume group networking is correctly configured (subnet selection and any required delegation). – Ensure no NSG/route table blocks traffic from subnet-vm to subnet-esan. – Confirm you used the correct portal IP/FQDN from the Connect panel.

2) iscsiadm --login fails – Re-check the target IQN. – If authentication (e.g., CHAP) is configured, ensure credentials match (verify whether Elastic SAN supports and how to configure it). – Check system logs: bash sudo journalctl -u iscsid --no-pager | tail -n 200

3) Disk appears but mount is unstable after reboot – Ensure node.startup = automatic is set. – Ensure /etc/fstab includes _netdev,nofail. – If multipath is used, ensure you mount the multipath device/partition, not a single path.

4) Multipath shows multiple devices / wrong device naming – Use /dev/disk/by-id/ or /dev/mapper/ stable names rather than /dev/sdX. – Validate multipath -ll output and confirm only one multipath device per LUN.

5) Performance lower than expected – Check if you’re hitting provisioned performance limits (IOPS/throughput). – Check VM size limits and NIC throughput. – Confirm your test pattern and filesystem alignment.

Cleanup

To avoid ongoing charges, clean up in this order.

On the VM: 1) Unmount:

sudo umount /mnt/esan

2) Remove the fstab entry (optional):

sudo sed -i '\|/mnt/esan|d' /etc/fstab

3) Log out and delete iSCSI node records:

PORTAL="<TARGET_PORTAL_IP_OR_FQDN>"
IQN="<TARGET_IQN_FROM_PORTAL>"

sudo iscsiadm -m node -T "$IQN" -p "$PORTAL" --logout || true
sudo iscsiadm -m node -o delete -T "$IQN" -p "$PORTAL" || true

In Azure: 1) Delete the volume (vol-lab-01) 2) Delete the volume group (vg-lab-01) 3) Delete the Elastic SAN (esanlab01) 4) Delete the resource group (fastest way to ensure everything is removed):

az group delete --name "$RG" --yes --no-wait

Expected outcome: – All lab resources are deleted and billing stops (after Azure finalizes deletion).

11. Best Practices

Architecture best practices

Keep it regional: Place compute and Elastic SAN in the same Azure region for latency and cost predictability.
Separate subnets:
One subnet for initiators (VMs)
One dedicated subnet for Elastic SAN volume group endpoints if required by the service model
Design for multipath: Use redundant paths and host-side multipath where supported and appropriate.
Use volume groups as boundaries: Split by environment (prod/nonprod) or tenant/application domain.

IAM/security best practices

Apply least privilege:
Storage admins: manage SAN/volume groups/volumes
Operators: read-only monitoring access
App teams: no delete permissions on SAN resources
Use resource locks on production SAN and volume groups to prevent accidental deletion.
Enforce tag compliance via Azure Policy if possible (or CI checks).

Cost best practices

Start small and scale:
Avoid large pools without a growth plan.
Monitor performance to avoid over-provisioning:
Increase provisioned performance only after confirming sustained bottlenecks.
Use budgets and alerts:
Alert on unexpected increases in storage and monitoring spend.

Performance best practices

Validate VM and network limits:
VM size can cap network throughput and IOPS.
Use appropriate filesystem and mount options:
For Linux, XFS is common; ensure correct alignment and queue settings when recommended.
Benchmark realistically:
Use fio patterns matching your production workload (block size, read/write mix, concurrency, sync mode).
Avoid noisy neighbors in the OS:
Ensure your app and OS tuning do not create unnecessary sync writes if not needed.

Reliability best practices

Use multipath for higher resilience (host configuration).
Plan maintenance windows for major resizing or configuration changes.
Implement backups at the appropriate layer:
App-consistent backups (database-native)
Filesystem snapshots (if supported)
Verify the best approach for Elastic SAN and your workload.

Operations best practices

Standardize naming:
esan-<org>-<env>-<region>-01
vg-<app>-<env>
vol-<app>-<purpose>-<nn>
Instrument everything:
Azure Monitor alerts for latency/IOPS saturation
VM metrics for disk queue/IO wait
Document runbooks:
“How to add a new volume”
“How to resize a volume and filesystem”
“How to recover from iSCSI login issues”

Governance/tagging/naming best practices

Recommended tags: – env (prod/dev/test) – app – owner – costCenter – dataClassification – criticality – rpo / rto (optional)

12. Security Considerations

Identity and access model

Azure AD + Azure RBAC secures management operations:
Create/modify/delete Elastic SAN resources
Create volume groups/volumes
Update networking settings
Use separation of duties:
Storage operators should not automatically have Owner rights.
Prefer managed identities for automation (CI/CD) rather than user credentials.

Encryption

Encryption at rest: Azure Storage services typically encrypt at rest by default using platform-managed keys; verify Elastic SAN encryption specifics and whether customer-managed keys are supported for your scenario.
Encryption in transit: iSCSI traffic is not inherently encrypted like TLS. Security usually relies on:
Private networking and isolation
Optional iSCSI authentication features (e.g., CHAP) if supported
Confirm current Elastic SAN capabilities and recommendations.

Network exposure

Do not expose iSCSI endpoints publicly.
Restrict access to:
Approved VNets/subnets
Approved hosts
Consider additional controls:
NSGs with minimal required rules (be careful not to block required service behavior)
Azure Firewall/NVA only if your design requires inspection (it may add latency)

Secrets handling

If iSCSI authentication secrets are used (CHAP or similar), store them securely:
Azure Key Vault for secret storage
Do not hardcode in scripts or images
Rotate secrets and document rotation procedures.

Audit/logging

Use Azure Activity Log to track control-plane changes.
Enable diagnostic settings for Elastic SAN if available.
Log host-side events:
Linux: journalctl -u iscsid, multipath logs
Windows: Event Viewer iSCSI/MPIO logs

Compliance considerations

Classify data and align with required controls (encryption, network isolation, access logging).
Validate service compliance offerings and certifications in Azure compliance documentation (service-by-service coverage can vary).

Common security mistakes

Overly broad RBAC (giving too many users Contributor/Owner)
Flat networks where any VM can reach storage endpoints
No monitoring/alerts for performance saturation (can become a security issue if it impacts availability)
No deletion protection (locks) for production SAN resources

Secure deployment recommendations

Use private networking only.
Enforce least privilege and locks.
Centralize logging and alerting.
Treat iSCSI volumes like critical infrastructure: document, monitor, and change-control.

13. Limitations and Gotchas

Because Azure Elastic SAN is a specialized service, confirm these areas early:

Known limitations (verify in docs)

Region availability: Not all regions support the service.
Feature availability: Some features may be in preview or not supported in all regions/SKUs.
Snapshots/backup: Snapshot and backup integrations can differ from managed disks—verify current support.

Quotas

Maximum number of SANs per subscription/region
Maximum volumes per volume group / per SAN
Maximum volume size
Performance ceilings (IOPS/throughput)
Portal-enforced minimums for capacity/performance provisioning

All of these can change—verify current values in: https://learn.microsoft.com/azure/storage/elastic-san/

Regional constraints

Cross-region access is generally not recommended for low-latency block I/O. Even if technically possible via networking, it can be costly and slow.

Pricing surprises

Provisioned performance can be a major cost driver even if average IOPS is low.
Private networking components (Private Link, firewalls, NAT) can add meaningful cost.
Log Analytics ingestion/retention costs can grow quickly.

Compatibility issues

Multipath requires correct OS configuration.
Some clustered filesystems and cluster stacks have strict requirements—validate with vendor documentation and testing.
Device naming can change if not using stable identifiers (/dev/disk/by-id, UUIDs, multipath aliases).

Operational gotchas

Resizing storage usually requires:
Azure-side resize
OS rescan
Partition resize (if used)
Filesystem resize
Missing one step can make capacity appear unchanged.
iSCSI login persistence:
Must ensure services start and node.startup=automatic is set
Use _netdev in fstab to avoid boot failures

Migration challenges

Moving from managed disks to iSCSI volumes is a migration project:
Data copy, downtime planning, filesystem changes, app reconfiguration
Moving from on-prem SAN may require:
iSCSI initiator differences
Windows/Linux multipath differences
Different snapshot/backup model

Vendor-specific nuances

Treat Elastic SAN like a managed platform service: you control configuration and usage, but not the underlying storage fabric.
Follow Azure’s published SLA, support boundaries, and documented maintenance behaviors.

14. Comparison with Alternatives

Azure Elastic SAN is not the default choice for every storage need. Use this comparison to decide.

Comparison table

Option	Best For	Strengths	Weaknesses	When to Choose
Azure Elastic SAN	SAN-style shared block storage via iSCSI	Pooled capacity/performance, centralized volume management, iSCSI standard protocol	Added complexity vs managed disks; iSCSI ops and multipath required; feature set varies	You need SAN-like LUN workflows and centralized block storage
Azure Managed Disks	Per-VM block storage (most VM workloads)	Very simple, tight VM integration, broad ecosystem support	Disk sprawl in large fleets; not SAN-style shared model	Default for VM-based apps unless you specifically need SAN behavior
Azure Files (SMB/NFS)	Shared file storage	Easy sharing across hosts, simple mounts	File semantics (not raw block), performance/latency differs from block	You need shared file access rather than block devices
Azure NetApp Files	Enterprise NFS/SMB (and advanced storage features)	High performance file storage, mature enterprise features	Cost model can be higher; different operational model	Enterprise file workloads and advanced data management needs
Self-managed iSCSI target on Azure VMs	Custom SAN features or tight control	Full control, can use open-source stacks	You manage HA, patching, scaling, security	Only when managed services don’t meet requirements and you accept ops burden
AWS EBS (other cloud)	Per-instance block storage in AWS	Mature, simple, strong integration	AWS-only; not SAN-pool model	If you are on AWS and need per-instance block storage
AWS FSx for NetApp ONTAP (other cloud)	Managed NetApp storage (file + iSCSI LUNs)	Enterprise ONTAP features	Different cost/ops model; AWS-only	If you need NetApp ONTAP features and are on AWS
Google Persistent Disk (other cloud)	Per-VM block storage in GCP	Simple, integrated	GCP-only; not SAN-pool model	If you are on GCP and need per-VM block storage

15. Real-World Example

Enterprise example: Centralized storage platform for regulated workloads

Problem: A regulated enterprise has many VM-based applications that require block storage and a storage team that must enforce strict access boundaries, auditing, and standardized provisioning.
Proposed architecture:
One Azure Elastic SAN per region per environment (prod/nonprod)
Volume groups per business unit/application domain
Dedicated subnets for SAN connectivity
Multipath configured on all critical VMs
Azure Monitor alerts on latency and saturation
Azure Policy enforcing tags and required diagnostic settings (where supported)
Why Azure Elastic SAN was chosen:
Centralized pool model reduces disk sprawl
SAN-like provisioning maps to existing storage processes
Private network connectivity supports security requirements
Expected outcomes:
Faster provisioning (hours to minutes)
More consistent performance governance
Improved auditability of storage changes via Azure Activity Log and RBAC

Startup/small-team example: Migrating a legacy app that requires iSCSI

Problem: A small team is migrating a legacy VM-based product from on-prem where it used iSCSI LUNs; rewriting for cloud-native storage would delay the move.
Proposed architecture:
Single Elastic SAN in one region
One volume group for production
Two Linux VMs attached via iSCSI (with careful application-level coordination)
Simple monitoring and a runbook for reconnect/rescan
Why Azure Elastic SAN was chosen:
Minimal infrastructure management compared to self-hosted iSCSI
Faster migration path that preserves the app’s storage assumptions
Expected outcomes:
Migration completed without redesigning the storage layer
Reduced operational burden vs maintaining iSCSI target VMs

16. FAQ

1) Is Azure Elastic SAN block storage or file storage?
Azure Elastic SAN provides block storage volumes accessed using iSCSI.

2) How do clients connect to Azure Elastic SAN volumes?
Typically via iSCSI initiators on supported operating systems (Linux/Windows). You use portal-provided target portals and IQNs.

3) Do I attach an Elastic SAN volume like an Azure managed disk?
No. Managed disks attach through Azure’s VM/disk attachment model. Elastic SAN volumes are connected at the OS level over iSCSI networking.

4) Is Azure Elastic SAN regional?
Yes, it’s deployed into an Azure region. For best results, place compute in the same region.

5) Can I use Azure Elastic SAN with AKS?
It’s technically possible to use iSCSI-backed persistent volumes in Kubernetes, but it’s not the default Azure approach. Most AKS users use Azure Disk CSI or Azure Files CSI. Evaluate operational complexity carefully.

6) Does Azure Elastic SAN support snapshots?
Feature availability changes over time. Verify current snapshot support and billing in the official docs and pricing page.

7) How is performance managed?
Elastic SAN typically uses provisioned capacity and provisioned performance dimensions. Check the pricing page for the current model and the portal for configurable performance options.

8) Is the data encrypted at rest?
Azure Storage commonly encrypts at rest by default, but always verify Elastic SAN encryption details and any customer-managed key support in the official documentation.

9) Is iSCSI traffic encrypted in transit?
iSCSI is not TLS by default. Use private networking and access restrictions. If Elastic SAN supports CHAP or other mechanisms, configure them—verify in docs.

10) What ports must be open?
iSCSI commonly uses TCP 3260. Confirm any additional ports/endpoints required by Elastic SAN and your OS multipath configuration.

11) Can multiple hosts connect to the same volume?
Block volumes can be connected by multiple hosts, but safe multi-host usage depends on the filesystem/cluster stack. For most filesystems, concurrent mounting can corrupt data. Use a cluster-aware filesystem or clustering solution if required, and validate support.

12) How do I resize a volume?
Usually you resize in Azure (volume size), then rescan on the host, then resize partition/filesystem. Confirm Elastic SAN supports your desired resize direction (grow vs shrink).

13) What is a volume group?
A volume group is a container for volumes that also acts as a boundary for iSCSI exposure/network settings and administration.

14) How do I monitor Elastic SAN health and performance?
Use Azure Monitor metrics and diagnostic logs (where supported). Also monitor host-level disk latency and I/O wait.

15) What are common causes of connection failures?
Incorrect subnet/network configuration, blocked traffic (NSG/UDR), wrong portal/IQN, missing iSCSI services, or authentication mismatch (if configured).

16) Is Azure Elastic SAN a replacement for Azure NetApp Files?
Not directly. NetApp Files is primarily enterprise file storage (NFS/SMB). Elastic SAN is block storage over iSCSI with a SAN-like operational model.

17) Is Azure Elastic SAN cheaper than managed disks?
It depends. For some pooled, high-scale scenarios it can be cost-effective. For many simple workloads, managed disks may be cheaper and simpler. Use the pricing calculator with your workload assumptions.

17. Top Online Resources to Learn Azure Elastic SAN

Resource Type	Name	Why It Is Useful
Official documentation	Azure Elastic SAN documentation	Primary source for concepts, how-tos, limits, and networking requirements: https://learn.microsoft.com/azure/storage/elastic-san/
Official pricing	Azure Elastic SAN pricing page	Current meters and region-dependent pricing: https://azure.microsoft.com/pricing/details/elastic-san/
Pricing tool	Azure Pricing Calculator	Build estimates for SAN + VM + monitoring: https://azure.microsoft.com/pricing/calculator/
Product availability	Azure Products by Region	Confirm Elastic SAN is available in your region: https://azure.microsoft.com/explore/global-infrastructure/products-by-region/
Azure CLI docs	Install Azure CLI	Required to automate labs and operations: https://learn.microsoft.com/cli/azure/install-azure-cli
Architecture guidance	Azure Architecture Center	Broader Azure storage + networking patterns (useful context): https://learn.microsoft.com/azure/architecture/
Monitoring	Azure Monitor overview	How to build alerts and dashboards: https://learn.microsoft.com/azure/azure-monitor/
Identity/RBAC	Azure RBAC documentation	Secure management-plane operations: https://learn.microsoft.com/azure/role-based-access-control/overview
Storage concepts	Azure Storage documentation	Context for Azure Storage services and common concepts: https://learn.microsoft.com/azure/storage/
Community (use with care)	Microsoft Tech Community (Azure Storage)	Practical tips and announcements; validate against official docs: https://techcommunity.microsoft.com/t5/azure-storage/bd-p/AzureStorageBlog

18. Training and Certification Providers

Institute	Suitable Audience	Likely Learning Focus	Mode	Website URL
DevOpsSchool.com	DevOps engineers, cloud engineers, SREs	Azure operations, DevOps practices, automation fundamentals	Check website	https://www.devopsschool.com/
ScmGalaxy.com	Beginners to intermediate engineers	SCM/DevOps basics, CI/CD, cloud fundamentals	Check website	https://www.scmgalaxy.com/
CLoudOpsNow.in	Cloud operations teams	CloudOps practices, monitoring, reliability operations	Check website	https://www.cloudopsnow.in/
SreSchool.com	SREs, platform engineers	SRE principles, observability, reliability, incident response	Check website	https://www.sreschool.com/
AiOpsSchool.com	Ops/SRE/ITSM teams	AIOps concepts, monitoring analytics, automation	Check website	https://www.aiopsschool.com/

19. Top Trainers

Platform/Site	Likely Specialization	Suitable Audience	Website URL
RajeshKumar.xyz	Cloud/DevOps training content (verify specific offerings)	Beginners to intermediate	https://rajeshkumar.xyz/
devopstrainer.in	DevOps tools and practices (verify course catalog)	DevOps engineers	https://www.devopstrainer.in/
devopsfreelancer.com	Freelance/contract DevOps services and guidance (verify training/services)	Teams needing short-term help	https://www.devopsfreelancer.com/
devopssupport.in	DevOps support and enablement resources (verify offerings)	Ops and DevOps teams	https://www.devopssupport.in/

20. Top Consulting Companies

Company Name	Likely Service Area	Where They May Help	Consulting Use Case Examples	Website URL
cotocus.com	Cloud/DevOps consulting (verify service list)	Architecture, migrations, automation, operations	Elastic SAN adoption assessment, secure network design, IaC pipelines	https://cotocus.com/
DevOpsSchool.com	DevOps and cloud consulting (verify service list)	DevOps transformation, CI/CD, cloud operations	Standardized storage provisioning runbooks, monitoring/alerting integration	https://www.devopsschool.com/
DEVOPSCONSULTING.IN	DevOps consulting (verify service list)	Toolchain setup, automation, operations improvements	Landing zone readiness for storage services, governance and cost controls	https://devopsconsulting.in/

21. Career and Learning Roadmap

What to learn before Azure Elastic SAN

Foundations: – Azure fundamentals (subscriptions, resource groups, ARM) – Azure networking: – VNets, subnets, NSGs, route tables, peering – Storage fundamentals: – Block vs file storage – IOPS, throughput, latency, queue depth – iSCSI basics: – IQN, portals, LUNs – Discovery vs login – OS storage administration: – Linux: partitions, filesystems, fstab, iscsiadm, multipath – Windows: iSCSI Initiator, Disk Management, MPIO (if applicable)

What to learn after Azure Elastic SAN

Production reliability:
Multipath design, failure testing, runbooks
Monitoring and SRE practices:
Azure Monitor alerts, SLOs for storage latency/availability
Backup and DR patterns:
App-consistent backups, replication strategies (service-dependent)
Infrastructure as Code:
Bicep/Terraform (verify Elastic SAN resource support in your chosen IaC tool)
Governance:
Azure Policy, tagging standards, cost management

Job roles that use it

Cloud engineer / cloud infrastructure engineer
Platform engineer
SRE / operations engineer
Storage engineer (cloud)
Solutions architect

Certification path (Azure)

Azure certifications don’t usually focus on a single storage service, but these are relevant: – AZ-900 (Azure Fundamentals) – AZ-104 (Azure Administrator) – AZ-305 (Azure Solutions Architect Expert) – AZ-500 (Azure Security Engineer) for secure deployment patterns

Project ideas for practice

Build an “internal storage platform”:
One SAN, multiple volume groups, RBAC per team, tagging, budgets
Implement a resize automation runbook:
Resize volume + host filesystem + validation checks
Create a monitoring dashboard:
SAN metrics + VM IO wait + alerts for saturation
Test failure scenarios:
Path failure (simulate NSG blocks) and validate multipath recovery

22. Glossary

Block storage: Storage presented as a raw device (like a disk) to an operating system.
SAN (Storage Area Network): A network-based system for presenting block storage volumes to hosts.
iSCSI: Internet Small Computer Systems Interface; a protocol to carry SCSI commands over TCP/IP networks.
IQN: iSCSI Qualified Name; a unique identifier for iSCSI targets and initiators.
LUN: Logical Unit Number; identifies a logical storage device presented by a target.
Initiator: The client (host) that initiates iSCSI sessions (e.g., a Linux VM).
Target: The storage endpoint that provides LUNs/volumes over iSCSI.
Multipath (MPIO): Host configuration that uses multiple network paths to the same storage device for redundancy/performance.
Volume group: In Azure Elastic SAN, a grouping of volumes and a boundary for network exposure and management.
RBAC: Role-Based Access Control; Azure authorization model for management-plane operations.
NSG: Network Security Group; Azure firewall-like rules for subnets/NICs.
ARM: Azure Resource Manager; Azure control plane for provisioning and managing resources.
IOPS: Input/output operations per second; a measure of storage performance.
Throughput: Data transfer rate (e.g., MB/s or GB/s).
Latency: Time taken to complete an I/O request, often measured in milliseconds.

23. Summary

Azure Elastic SAN is an Azure Storage service that provides managed SAN-style block storage over iSCSI, enabling centralized provisioning of volumes from a pooled capacity/performance resource. It matters when you need shared, centrally managed block volumes and want to reduce the operational overhead of self-managed iSCSI targets or large-scale managed disk sprawl.

Architecturally, Elastic SAN fits best for regional, private-network deployments where hosts connect via iSCSI and teams enforce strict RBAC, network isolation, and operational runbooks. Cost is primarily driven by provisioned capacity and provisioned performance, plus indirect networking and monitoring costs—so right-sizing and metrics-driven tuning are essential.

Use Azure Elastic SAN when SAN-like workflows are required; prefer Azure Managed Disks or Azure Files when simpler block-per-VM or shared file storage meets the need. Next, deepen your skills by automating provisioning (ARM/Bicep/Terraform where supported) and building production-grade monitoring and multipath runbooks using the official docs: https://learn.microsoft.com/azure/storage/elastic-san/

Category