{"id":519,"date":"2026-04-14T08:51:41","date_gmt":"2026-04-14T08:51:41","guid":{"rendered":"https:\/\/www.devopsschool.com\/tutorials\/azure-elastic-san-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-storage\/"},"modified":"2026-04-14T08:51:41","modified_gmt":"2026-04-14T08:51:41","slug":"azure-elastic-san-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-storage","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/tutorials\/azure-elastic-san-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-storage\/","title":{"rendered":"Azure Elastic SAN Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Storage"},"content":{"rendered":"\n

Category<\/h2>\n\n\n\n

Storage<\/p>\n\n\n\n

1. Introduction<\/h2>\n\n\n\n

Azure Elastic SAN is a managed block storage<\/strong> service that provides SAN-like (Storage Area Network) capabilities in Azure using iSCSI<\/strong>. It is designed for workloads that want shared, high-performance block volumes without you having to build and operate traditional SAN infrastructure.<\/p>\n\n\n\n

In simple terms: you create an Elastic SAN, carve it into volumes, and attach those volumes to servers over the network<\/strong>\u2014similar to how an on\u2011prem SAN presents LUNs to hosts, but delivered as a managed Azure service.<\/p>\n\n\n\n

Technically, Azure Elastic SAN is an Azure resource that contains provisioned capacity and performance, then exposes one or more volume groups<\/strong> with network connectivity to your virtual network. Within a volume group, you create volumes<\/strong> that are accessed by clients (for example, Azure VMs) using the iSCSI protocol over private networking. Control-plane operations are handled through Azure Resource Manager (ARM), while data-plane traffic flows directly between your hosts and the iSCSI target endpoints.<\/p>\n\n\n\n

The main problem it solves is: shared, centrally managed block storage at scale<\/strong>. Compared to attaching many individual managed disks across many VMs, Elastic SAN gives you pooled capacity, consolidated performance management, and SAN-style operations (volume creation, resizing, access control) in a single service.<\/p>\n\n\n\n

\n

Service status \/ naming: As of this writing, the official product name is Azure Elastic SAN<\/strong> in Azure Storage. If Microsoft renames or rebrands the service, verify the latest name and features in the official documentation: https:\/\/learn.microsoft.com\/azure\/storage\/elastic-san\/<\/p>\n<\/blockquote>\n\n\n\n

\n\n\n\n

2. What is Azure Elastic SAN?<\/h2>\n\n\n\n

Azure Elastic SAN is a managed Azure Storage service that delivers SAN-like, network-attached block storage<\/strong> to compute resources in Azure using iSCSI<\/strong>.<\/p>\n\n\n\n

Official purpose (what it\u2019s for)<\/h3>\n\n\n\n
    \n
  • Provide centrally managed, scalable block storage volumes that can be attached over the network to one or more hosts.<\/li>\n
  • Reduce operational complexity compared to self-managed iSCSI targets or traditional SAN appliances.<\/li>\n
  • Offer pooled capacity\/performance and flexible volume provisioning for enterprise-style workloads.<\/li>\n<\/ul>\n\n\n\n

    Core capabilities<\/h3>\n\n\n\n
      \n
    • Provision an Elastic SAN instance (capacity + performance) and subdivide it into volumes.<\/li>\n
    • Organize volumes into volume groups<\/strong>, which represent a network-accessible iSCSI target boundary and access configuration.<\/li>\n
    • Attach volumes to hosts using iSCSI initiators (commonly Linux or Windows VMs).<\/li>\n
    • Resize volumes and manage lifecycle via Azure Portal, ARM, Azure CLI, PowerShell, and APIs (availability depends on current tooling support\u2014verify in docs).<\/li>\n<\/ul>\n\n\n\n

      Major components<\/h3>\n\n\n\n
        \n
      • Elastic SAN<\/strong>: The top-level resource where you provision overall capacity\/performance.<\/li>\n
      • Volume group<\/strong>: A container for volumes that also defines how volumes are exposed to your network (iSCSI target endpoints and access\/network rules).<\/li>\n
      • Volume<\/strong>: The block device presented to hosts (similar to a LUN).<\/li>\n
      • (Optional\/feature-dependent) Snapshots \/ backups<\/strong>: Some SAN products support snapshots; Azure Elastic SAN has evolving capabilities. Verify the current snapshot\/backup support and limitations in the official docs for your region and SKU.<\/li>\n<\/ul>\n\n\n\n

        Service type<\/h3>\n\n\n\n
          \n
        • Managed block storage over the network (iSCSI)<\/strong>.<\/li>\n
        • Control plane: Azure Resource Manager.<\/li>\n
        • Data plane: iSCSI traffic from initiators to target endpoints in\/through your Azure virtual network.<\/li>\n<\/ul>\n\n\n\n

          Scope: regional\/global, subscription, etc.<\/h3>\n\n\n\n
            \n
          • Regional service<\/strong>: You deploy an Elastic SAN into an Azure region. Hosts typically need to be in the same region for best latency and to avoid cross-region complexity\/cost. (Verify any cross-region access guidance in official docs.)<\/li>\n
          • Azure subscription\/resource group scoped<\/strong>: Managed like other Azure resources with RBAC, tags, policies, and locks.<\/li>\n<\/ul>\n\n\n\n

            How it fits into the Azure ecosystem<\/h3>\n\n\n\n

            Azure Elastic SAN complements other Azure Storage offerings:<\/p>\n\n\n\n

              \n
            • Azure Managed Disks<\/strong>: Per-VM block disks (simple, common default).<\/li>\n
            • Azure Files<\/strong>: SMB\/NFS file shares (file storage).<\/li>\n
            • Azure NetApp Files<\/strong>: Enterprise NFS\/SMB with NetApp features (file storage and some block-style workflows through NetApp capabilities).<\/li>\n
            • Azure Elastic SAN<\/strong>: A SAN-style, shared, pooled block storage service for architectures that benefit from centralized volume management and iSCSI connectivity.<\/li>\n<\/ul>\n\n\n\n
              \n\n\n\n

              3. Why use Azure Elastic SAN?<\/h2>\n\n\n\n

              Business reasons<\/h3>\n\n\n\n
                \n
              • Reduced operational burden<\/strong>: No need to deploy, patch, and manage iSCSI target servers or third-party SAN VMs.<\/li>\n
              • Faster provisioning<\/strong>: Storage teams can provision volumes quickly without complex infrastructure lead time.<\/li>\n
              • Better cost governance<\/strong>: Pooled capacity\/performance can reduce overprovisioning compared to \u201cone managed disk per workload\u201d sprawl (depending on usage patterns).<\/li>\n<\/ul>\n\n\n\n

                Technical reasons<\/h3>\n\n\n\n
                  \n
                • Shared block storage model<\/strong>: For workloads and clustering patterns that require SAN-like behavior.<\/li>\n
                • Centralized capacity and performance<\/strong>: Provision capacity once at the SAN level, then allocate volumes to applications as needed.<\/li>\n
                • Network-based attachment<\/strong>: Hosts connect over iSCSI; volumes aren\u2019t tied to one VM the way a managed disk typically is.<\/li>\n<\/ul>\n\n\n\n

                  Operational reasons<\/h3>\n\n\n\n
                    \n
                  • Standardized storage operations<\/strong>: Volume creation, resizing, access boundaries via volume groups.<\/li>\n
                  • Easier fleet management<\/strong>: Large environments can manage many volumes under fewer top-level resources.<\/li>\n
                  • Separation of duties<\/strong>: Storage admins can manage SAN\/volume lifecycle while app teams manage OS\/filesystems.<\/li>\n<\/ul>\n\n\n\n

                    Security\/compliance reasons<\/h3>\n\n\n\n
                      \n
                    • Private networking patterns<\/strong>: Data traffic can stay within Azure VNets\/private connectivity (implementation depends on current Elastic SAN networking model\u2014verify in docs).<\/li>\n
                    • Azure RBAC and governance<\/strong>: Use resource-level access control, tags, policies, and activity logs.<\/li>\n
                    • Encryption at rest<\/strong>: Azure Storage services generally encrypt data at rest by default; confirm Elastic SAN specifics in the service documentation.<\/li>\n<\/ul>\n\n\n\n

                      Scalability\/performance reasons<\/h3>\n\n\n\n
                        \n
                      • Scale by pooling<\/strong>: Add capacity and performance to the SAN, then distribute to volumes.<\/li>\n
                      • Multi-host access patterns<\/strong>: iSCSI supports multi-pathing and redundant connectivity patterns (host configuration required).<\/li>\n<\/ul>\n\n\n\n

                        When teams should choose it<\/h3>\n\n\n\n

                        Choose Azure Elastic SAN when you need:\n– SAN-style shared block storage patterns\n– Centralized management of many volumes\n– iSCSI connectivity in Azure\n– Predictable performance planning at a pool level<\/p>\n\n\n\n

                        When teams should not choose it<\/h3>\n\n\n\n

                        Avoid Azure Elastic SAN when:\n– You only need simple per-VM storage: Azure Managed Disks<\/strong> are usually simpler.\n– You need file protocols (SMB\/NFS): use Azure Files<\/strong> or Azure NetApp Files<\/strong>.\n– You require features not supported by Elastic SAN (advanced snapshot\/replication\/backup integrations, cross-region replication, etc.). Verify current feature support.\n– You need Kubernetes-native persistent volumes without custom iSCSI workflows. (Most AKS users use Azure Disk CSI or Azure Files CSI; iSCSI is possible but adds operational complexity.)<\/p>\n\n\n\n

                        \n\n\n\n

                        4. Where is Azure Elastic SAN used?<\/h2>\n\n\n\n

                        Industries<\/h3>\n\n\n\n
                          \n
                        • Finance and trading (latency-sensitive databases, standardized storage governance)<\/li>\n
                        • Healthcare (regulated environments, centralized control)<\/li>\n
                        • Manufacturing (ERP workloads, plant systems migrating to Azure)<\/li>\n
                        • Retail\/e-commerce (databases, analytics staging)<\/li>\n
                        • Media and gaming (build pipelines, asset processing requiring fast block storage)<\/li>\n
                        • Government (centralized governance and compliance patterns)<\/li>\n<\/ul>\n\n\n\n

                          Team types<\/h3>\n\n\n\n
                            \n
                          • Platform engineering teams building shared infrastructure<\/li>\n
                          • Storage\/infra teams migrating SAN workflows to cloud<\/li>\n
                          • SRE\/operations teams standardizing block storage provisioning<\/li>\n
                          • DevOps teams supporting stateful services at scale (outside of purely cloud-native patterns)<\/li>\n<\/ul>\n\n\n\n

                            Workloads<\/h3>\n\n\n\n
                              \n
                            • Databases and transactional systems that prefer block devices (verify best practices for your specific database)<\/li>\n
                            • Legacy enterprise applications that expect SAN-backed LUNs<\/li>\n
                            • Clustering solutions that use shared block storage (compatibility and support matrices must be verified)<\/li>\n
                            • Build systems needing many volumes across many build agents<\/li>\n
                            • Large fleets of VMs where per-VM disk management is cumbersome<\/li>\n<\/ul>\n\n\n\n

                              Architectures<\/h3>\n\n\n\n
                                \n
                              • Hub-and-spoke networks where shared services live in hub VNets (networking model must be verified against Elastic SAN requirements)<\/li>\n
                              • Multi-tier apps with a storage tier providing block volumes to app\/data tier VMs<\/li>\n
                              • \u201cStorage platform\u201d internal service where storage is offered to multiple app teams via volume groups<\/li>\n<\/ul>\n\n\n\n

                                Real-world deployment contexts<\/h3>\n\n\n\n
                                  \n
                                • Production: central SAN per environment (prod\/non-prod) with strict access boundaries and monitoring<\/li>\n
                                • Dev\/test: smaller SANs used to reproduce SAN-based workloads with lower cost controls (capacity\/performance kept minimal)<\/li>\n<\/ul>\n\n\n\n
                                  \n\n\n\n

                                  5. Top Use Cases and Scenarios<\/h2>\n\n\n\n

                                  Below are realistic scenarios where Azure Elastic SAN is a strong fit. Always validate workload support (OS, clustering, multipath, filesystem, and any vendor requirements).<\/p>\n\n\n\n

                                  1) Shared block volumes for VM clusters<\/h3>\n\n\n\n
                                    \n
                                  • Problem<\/strong>: Multiple VMs need access to shared block storage for clustering or coordinated access patterns.<\/li>\n
                                  • Why it fits<\/strong>: iSCSI SAN model is designed for shared LUN workflows (with proper host-side coordination).<\/li>\n
                                  • Example<\/strong>: A Windows Server cluster that requires shared disks for specific roles (verify supported architectures).<\/li>\n<\/ul>\n\n\n\n

                                    2) Consolidating \u201cdisk sprawl\u201d across hundreds of VMs<\/h3>\n\n\n\n
                                      \n
                                    • Problem<\/strong>: Large environments create and manage thousands of managed disks, making lifecycle and governance complex.<\/li>\n
                                    • Why it fits<\/strong>: Elastic SAN provides pooled capacity and centralized volume management.<\/li>\n
                                    • Example<\/strong>: A CI fleet with many ephemeral worker VMs that need fast scratch volumes.<\/li>\n<\/ul>\n\n\n\n

                                      3) Lift-and-shift of SAN-backed enterprise apps<\/h3>\n\n\n\n
                                        \n
                                      • Problem<\/strong>: An on-prem app is tightly coupled to SAN volumes and expects SAN-like operational processes.<\/li>\n
                                      • Why it fits<\/strong>: Similar operational model (LUNs\/volumes, access controls, centralized provisioning).<\/li>\n
                                      • Example<\/strong>: Migrating a line-of-business application that documents \u201ciSCSI LUN required.\u201d<\/li>\n<\/ul>\n\n\n\n

                                        4) Database storage modernization (SAN model)<\/h3>\n\n\n\n
                                          \n
                                        • Problem<\/strong>: Database teams want dedicated volumes with predictable performance and centralized monitoring.<\/li>\n
                                        • Why it fits<\/strong>: You can allocate volumes from a performance pool and manage changes centrally.<\/li>\n
                                        • Example<\/strong>: A SQL Server VM deployment using separate volumes for data, logs, and temp (validate vendor guidance).<\/li>\n<\/ul>\n\n\n\n

                                          5) High-performance scratch or staging for ETL<\/h3>\n\n\n\n
                                            \n
                                          • Problem<\/strong>: ETL jobs need fast block storage for intermediate data sets, not long-term file sharing.<\/li>\n
                                          • Why it fits<\/strong>: Block volumes can deliver consistent performance; volumes can be created and destroyed as pipelines change.<\/li>\n
                                          • Example<\/strong>: Nightly batch ETL stages data on Elastic SAN volumes, then writes results to a data lake.<\/li>\n<\/ul>\n\n\n\n

                                            6) Standardized storage service for internal platform teams<\/h3>\n\n\n\n
                                              \n
                                            • Problem<\/strong>: App teams need storage, but platform team wants a consistent model and guardrails.<\/li>\n
                                            • Why it fits<\/strong>: Volume groups can represent tenants\/environments; RBAC and policy can enforce standards.<\/li>\n
                                            • Example<\/strong>: Platform team creates \u201cprod\u201d and \u201cnonprod\u201d volume groups and allocates volumes to teams.<\/li>\n<\/ul>\n\n\n\n

                                              7) Rapid provisioning of many small block volumes<\/h3>\n\n\n\n
                                                \n
                                              • Problem<\/strong>: Per-disk overhead makes it tedious to manage many small disks across VMs.<\/li>\n
                                              • Why it fits<\/strong>: SAN pooling and volume creation workflows are designed for high volume.<\/li>\n
                                              • Example<\/strong>: A lab environment that spins up dozens of training VMs, each with one dedicated volume.<\/li>\n<\/ul>\n\n\n\n

                                                8) Migration off self-managed iSCSI target VMs<\/h3>\n\n\n\n
                                                  \n
                                                • Problem<\/strong>: Teams run iSCSI targets on Linux\/Windows VMs, causing patching, HA, and operational overhead.<\/li>\n
                                                • Why it fits<\/strong>: Managed service removes target server management burden.<\/li>\n
                                                • Example<\/strong>: Replace a pair of Linux iSCSI target VMs with Elastic SAN volume groups.<\/li>\n<\/ul>\n\n\n\n

                                                  9) Separate capacity planning from VM lifecycle<\/h3>\n\n\n\n
                                                    \n
                                                  • Problem<\/strong>: Storage planning is hard when each VM owns its disks; resizing is frequent.<\/li>\n
                                                  • Why it fits<\/strong>: Capacity is pooled at SAN level; you can resize volumes without touching VM definitions.<\/li>\n
                                                  • Example<\/strong>: A microservices platform where stateful components come and go, but storage pool stays.<\/li>\n<\/ul>\n\n\n\n

                                                    10) Controlled multi-tenant storage boundaries<\/h3>\n\n\n\n
                                                      \n
                                                    • Problem<\/strong>: Multiple teams need storage, but you must prevent accidental cross-access.<\/li>\n
                                                    • Why it fits<\/strong>: Use separate volume groups (and RBAC) to isolate teams\/environments.<\/li>\n
                                                    • Example<\/strong>: One Elastic SAN per department, one volume group per application domain.<\/li>\n<\/ul>\n\n\n\n

                                                      11) Performance isolation by design<\/h3>\n\n\n\n
                                                        \n
                                                      • Problem<\/strong>: Mixed workloads interfere with each other\u2019s disk performance.<\/li>\n
                                                      • Why it fits<\/strong>: Allocate performance at the SAN\/volume group level (exact controls depend on current product capabilities\u2014verify).<\/li>\n
                                                      • Example<\/strong>: Separate volume groups for latency-sensitive OLTP vs batch processing.<\/li>\n<\/ul>\n\n\n\n

                                                        12) Consistent iSCSI connectivity for specialized appliances<\/h3>\n\n\n\n
                                                          \n
                                                        • Problem<\/strong>: Some third-party VM appliances support iSCSI and are easier to integrate with LUNs than with cloud-native disk models.<\/li>\n
                                                        • Why it fits<\/strong>: iSCSI is widely supported across OSes and appliances.<\/li>\n
                                                        • Example<\/strong>: A vendor VM that only documents iSCSI LUN attachment for data storage.<\/li>\n<\/ul>\n\n\n\n
                                                          \n\n\n\n

                                                          6. Core Features<\/h2>\n\n\n\n

                                                          This section focuses on practical, commonly used capabilities of Azure Elastic SAN. Exact feature availability can vary by region or service updates\u2014verify in official docs.<\/p>\n\n\n\n

                                                          Feature 1: Elastic SAN resource (pooled provisioning)<\/h3>\n\n\n\n
                                                            \n
                                                          • What it does<\/strong>: Lets you provision storage capacity (and performance) once, then allocate volumes from that pool.<\/li>\n
                                                          • Why it matters<\/strong>: Avoids managing capacity\/performance per disk across many VMs.<\/li>\n
                                                          • Practical benefit<\/strong>: Faster provisioning and easier capacity planning.<\/li>\n
                                                          • Caveats<\/strong>: You still need to plan for headroom, growth, and performance allocation. Pricing is based on provisioned dimensions (see Pricing section).<\/li>\n<\/ul>\n\n\n\n

                                                            Feature 2: Volume groups (network + administrative boundary)<\/h3>\n\n\n\n
                                                              \n
                                                            • What it does<\/strong>: Groups volumes and defines how they\u2019re exposed over the network (iSCSI target endpoints) and managed as a unit.<\/li>\n
                                                            • Why it matters<\/strong>: Clean separation of environments\/tenants and networking configuration.<\/li>\n
                                                            • Practical benefit<\/strong>: Create \u201cprod\u201d vs \u201cdev\u201d boundaries; isolate teams\/apps.<\/li>\n
                                                            • Caveats<\/strong>: Volume group networking may require specific subnet\/delegation\/private connectivity patterns. Confirm requirements in docs.<\/li>\n<\/ul>\n\n\n\n

                                                              Feature 3: Volumes (block devices\/LUNs)<\/h3>\n\n\n\n
                                                                \n
                                                              • What it does<\/strong>: Provides block storage devices that hosts can format with filesystems (XFS\/ext4\/NTFS\/ReFS, etc.) or use as raw devices.<\/li>\n
                                                              • Why it matters<\/strong>: Enables enterprise and legacy apps that expect block devices.<\/li>\n
                                                              • Practical benefit<\/strong>: Familiar storage operations: partition, format, mount, resize (host steps required).<\/li>\n
                                                              • Caveats<\/strong>: Multi-host access requires correct clustering\/filesystem coordination. Block devices are not inherently \u201cshared file systems.\u201d<\/li>\n<\/ul>\n\n\n\n

                                                                Feature 4: iSCSI-based data plane<\/h3>\n\n\n\n
                                                                  \n
                                                                • What it does<\/strong>: Hosts connect using iSCSI initiators to iSCSI target endpoints provided by the volume group.<\/li>\n
                                                                • Why it matters<\/strong>: Standard protocol, widely supported; works across many OS types.<\/li>\n
                                                                • Practical benefit<\/strong>: Straightforward connectivity from Linux\/Windows; supports multipath with proper configuration.<\/li>\n
                                                                • Caveats<\/strong>: iSCSI security is heavily reliant on private networking and correct access controls. If CHAP or other auth features are supported, configure them\u2014verify current options.<\/li>\n<\/ul>\n\n\n\n

                                                                  Feature 5: Host-side multipath support (architecture pattern)<\/h3>\n\n\n\n
                                                                    \n
                                                                  • What it does<\/strong>: iSCSI typically supports multiple paths\/portals for redundancy and performance (host configuration).<\/li>\n
                                                                  • Why it matters<\/strong>: Reduces impact of a single network path failure and can improve throughput.<\/li>\n
                                                                  • Practical benefit<\/strong>: Better resilience for critical workloads.<\/li>\n
                                                                  • Caveats<\/strong>: Multipath is configured on the host OS (e.g., multipath-tools<\/code> on Linux, MPIO on Windows). Misconfiguration can cause data corruption or inconsistent device names.<\/li>\n<\/ul>\n\n\n\n

                                                                    Feature 6: Resizing volumes (capacity changes)<\/h3>\n\n\n\n
                                                                      \n
                                                                    • What it does<\/strong>: Increase volume size as needs grow (and potentially adjust SAN pool capacity).<\/li>\n
                                                                    • Why it matters<\/strong>: Avoids migrations when storage needs expand.<\/li>\n
                                                                    • Practical benefit<\/strong>: Scale up with minimal disruption (host filesystem resize still required).<\/li>\n
                                                                    • Caveats<\/strong>: Shrinking volumes is often restricted in block storage systems; confirm what Elastic SAN supports. Always validate app\/filesystem procedure.<\/li>\n<\/ul>\n\n\n\n

                                                                      Feature 7: Azure RBAC and ARM governance<\/h3>\n\n\n\n
                                                                        \n
                                                                      • What it does<\/strong>: Control management-plane actions (create\/delete\/resize volumes, change volume groups) through Azure roles.<\/li>\n
                                                                      • Why it matters<\/strong>: Prevents unauthorized changes and supports separation of duties.<\/li>\n
                                                                      • Practical benefit<\/strong>: Least privilege, auditability, policy enforcement.<\/li>\n
                                                                      • Caveats<\/strong>: RBAC protects control plane; you still must enforce data-plane access via network and iSCSI configuration.<\/li>\n<\/ul>\n\n\n\n

                                                                        Feature 8: Monitoring via Azure Monitor (metrics\/logging)<\/h3>\n\n\n\n
                                                                          \n
                                                                        • What it does<\/strong>: Exposes metrics and (depending on support) diagnostic logs for operational visibility.<\/li>\n
                                                                        • Why it matters<\/strong>: Storage issues often manifest as latency, IOPS saturation, and connectivity problems.<\/li>\n
                                                                        • Practical benefit<\/strong>: Alert on key SLO indicators like latency and throughput, and correlate with VM metrics.<\/li>\n
                                                                        • Caveats<\/strong>: Confirm which metrics\/logs are available for Elastic SAN in your region and how to route them to Log Analytics\/Event Hub\/Storage.<\/li>\n<\/ul>\n\n\n\n

                                                                          Feature 9: Private networking patterns (typical deployment)<\/h3>\n\n\n\n
                                                                            \n
                                                                          • What it does<\/strong>: Keep iSCSI endpoints reachable only via your Azure virtual network(s) using private addressing\/private access.<\/li>\n
                                                                          • Why it matters<\/strong>: iSCSI should not be exposed broadly.<\/li>\n
                                                                          • Practical benefit<\/strong>: Reduces attack surface and data exfiltration risk.<\/li>\n
                                                                          • Caveats<\/strong>: Exact networking implementation (delegated subnet, private endpoints, allowed subnets, DNS) must follow current Elastic SAN docs.<\/li>\n<\/ul>\n\n\n\n

                                                                            Feature 10: Automation support (CLI\/PowerShell\/ARM\/Bicep)<\/h3>\n\n\n\n
                                                                              \n
                                                                            • What it does<\/strong>: Enables infrastructure-as-code for provisioning SANs, volume groups, and volumes.<\/li>\n
                                                                            • Why it matters<\/strong>: Storage should be reproducible and governed like other infrastructure.<\/li>\n
                                                                            • Practical benefit<\/strong>: Standardized environments, safer changes, CI\/CD integration.<\/li>\n
                                                                            • Caveats<\/strong>: Tooling evolves; verify the latest Azure CLI\/PowerShell modules and API versions.<\/li>\n<\/ul>\n\n\n\n
                                                                              \n\n\n\n

                                                                              7. Architecture and How It Works<\/h2>\n\n\n\n

                                                                              High-level service architecture<\/h3>\n\n\n\n

                                                                              Azure Elastic SAN has two major planes:<\/p>\n\n\n\n

                                                                                \n
                                                                              1. \n

                                                                                Control plane (management)<\/strong>\n – You create and manage Elastic SAN resources via Azure Portal\/CLI\/ARM.\n – Operations include provisioning capacity, creating volume groups and volumes, setting access\/network configurations, and monitoring.<\/p>\n<\/li>\n

                                                                              2. \n

                                                                                Data plane (I\/O path)<\/strong>\n – Your hosts (e.g., Azure VMs) connect using iSCSI<\/strong> to the SAN\u2019s target endpoints.\n – Reads\/writes traverse your Azure network path to the iSCSI target and storage backend.<\/p>\n<\/li>\n<\/ol>\n\n\n\n

                                                                                Request\/data\/control flow<\/h3>\n\n\n\n
                                                                                  \n
                                                                                • Provisioning<\/strong>:\n User \u2192 Azure Resource Manager \u2192 Elastic SAN resource provider \u2192 Elastic SAN created\/updated.<\/li>\n
                                                                                • Attachment\/IO<\/strong>:\n VM (iSCSI initiator) \u2192 VNet \u2192 iSCSI target endpoints (volume group) \u2192 Volume storage.<\/li>\n
                                                                                • Monitoring<\/strong>:\n Elastic SAN emits metrics\/logs \u2192 Azure Monitor \u2192 alerts\/dashboards \u2192 ITSM\/incident workflows.<\/li>\n<\/ul>\n\n\n\n

                                                                                  Integrations with related Azure services<\/h3>\n\n\n\n

                                                                                  Common integrations include:\n– Azure Virtual Network (VNet)<\/strong>: required for private connectivity patterns.\n– Azure VMs<\/strong>: typical compute initiators for iSCSI volumes.\n– Azure Monitor + Log Analytics<\/strong>: monitoring and diagnostics aggregation.\n– Azure Policy<\/strong>: enforce tags, allowed regions, required diagnostic settings (policy coverage varies; validate).\n– Microsoft Defender for Cloud<\/strong>: posture management (coverage depends on resource type support).<\/p>\n\n\n\n

                                                                                  Dependency services<\/h3>\n\n\n\n
                                                                                    \n
                                                                                  • Azure Resource Manager for provisioning and governance.<\/li>\n
                                                                                  • Azure networking for connectivity and isolation.<\/li>\n
                                                                                  • Azure Monitor for metrics\/logging.<\/li>\n<\/ul>\n\n\n\n

                                                                                    Security\/authentication model<\/h3>\n\n\n\n
                                                                                      \n
                                                                                    • Management plane<\/strong>: Azure AD + Azure RBAC controls who can create\/modify SAN resources.<\/li>\n
                                                                                    • Data plane<\/strong>: iSCSI connectivity is typically protected by private networking and access rules. If iSCSI authentication (e.g., CHAP) is supported, use it\u2014verify in current Elastic SAN docs.<\/li>\n<\/ul>\n\n\n\n

                                                                                      Networking model (practical view)<\/h3>\n\n\n\n

                                                                                      Most designs follow these principles:\n– Keep Elastic SAN endpoints private<\/strong> in a dedicated subnet.\n– Restrict which subnets\/hosts can reach the iSCSI target endpoints.\n– Allow required traffic (typically TCP 3260 for iSCSI) within trusted VNets.<\/p>\n\n\n\n

                                                                                      Because the exact Elastic SAN network configuration model can change (delegated subnet vs private endpoint vs network rules), follow the current \u201cNetworking\u201d section of the official docs<\/strong>:\nhttps:\/\/learn.microsoft.com\/azure\/storage\/elastic-san\/<\/p>\n\n\n\n

                                                                                      Monitoring\/logging\/governance considerations<\/h3>\n\n\n\n
                                                                                        \n
                                                                                      • Track latency, IOPS, throughput, queue depth indicators (as provided).<\/li>\n
                                                                                      • Use Azure Activity Log for who changed what (RBAC-protected operations).<\/li>\n
                                                                                      • Configure diagnostic settings (if supported) to Log Analytics.<\/li>\n
                                                                                      • Enforce tags (cost center, environment, owner, data classification).<\/li>\n<\/ul>\n\n\n\n
                                                                                        \n\n\n\n

                                                                                        Simple architecture diagram<\/h3>\n\n\n\n
                                                                                        flowchart LR\n  subgraph AzureVNet[Azure Virtual Network]\n    VM[Azure VM\\n(iSCSI initiator)]\n  end\n\n  subgraph ElasticSAN[Azure Elastic SAN]\n    VG[Volume Group\\n(iSCSI target endpoints)]\n    VOL[Volume (LUN)]\n  end\n\n  VM -- \"iSCSI (TCP 3260)\\nread\/write\" --> VG --> VOL\n  Admin[Admin\/CI Pipeline] -- \"ARM\/Portal\/CLI\" --> ElasticSAN\n<\/code><\/pre>\n\n\n\n
                                                                                        Production-style architecture diagram<\/h3>\n\n\n\n
                                                                                        flowchart TB\n  subgraph Mgmt[Management Plane]\n    AAD[Azure AD]\n    RBAC[Azure RBAC]\n    ARM[Azure Resource Manager]\n    Policy[Azure Policy]\n  end\n\n  subgraph Net[Azure Networking]\n    Hub[Hub VNet]\n    Spoke1[Spoke VNet: App\/Data]\n    DNS[Private DNS (if required)]\n  end\n\n  subgraph Compute[Compute Layer]\n    VM1[VMs \/ Cluster Nodes\\nLinux\/Windows iSCSI initiators]\n    VM2[Batch\/ETL Workers]\n  end\n\n  subgraph Storage[Storage Layer]\n    ESAN[Azure Elastic SAN]\n    VG1[Volume Group: prod]\n    VG2[Volume Group: nonprod]\n    V1[Volumes: data\/log\/temp]\n    V2[Volumes: scratch]\n  end\n\n  subgraph Ops[Operations]\n    Mon[Azure Monitor Metrics]\n    LA[Log Analytics Workspace]\n    Alert[Alerts\/Action Groups]\n  end\n\n  AAD --> RBAC --> ARM --> ESAN\n  Policy --> ESAN\n\n  Hub --- Spoke1\n  Spoke1 --- Compute\n  Compute -- \"iSCSI (TCP 3260)\\nMultipath recommended\" --> VG1 --> V1\n  Compute -- \"iSCSI (TCP 3260)\" --> VG2 --> V2\n\n  ESAN --> Mon --> Alert\n  ESAN --> LA\n  DNS --- Spoke1\n<\/code><\/pre>\n\n\n\n
                                                                                        \n\n\n\n
                                                                                        8. Prerequisites<\/h2>\n\n\n\n
                                                                                        Account\/subscription\/tenant requirements<\/h3>\n\n\n\n
                                                                                          \n
                                                                                        • An active Azure subscription<\/strong>.<\/li>\n
                                                                                        • Ability to create resources in a resource group in a region that supports Azure Elastic SAN.<\/li>\n<\/ul>\n\n\n\n
                                                                                          Permissions \/ IAM roles<\/h3>\n\n\n\n
                                                                                          At minimum, you typically need:\n– Contributor<\/strong> on the resource group (for creating SAN, networks, and VM), or more scoped roles:\n  – Roles that can create\/manage Elastic SAN resources (service-specific roles may exist\u2014verify).\n  – Network Contributor<\/strong> for VNet\/subnet changes.\n  – Virtual Machine Contributor<\/strong> for VM creation.<\/p>\n\n\n\n
                                                                                          Principle of least privilege:\n– Storage admins: can manage Elastic SAN and volume groups\/volumes.\n– App\/ops teams: can connect and format volumes inside the OS but not delete SAN resources.<\/p>\n\n\n\n
                                                                                          Billing requirements<\/h3>\n\n\n\n
                                                                                            \n
                                                                                          • Azure Elastic SAN is a paid service. Ensure your subscription is allowed to create it (no policy blocks) and has a valid billing method.<\/li>\n<\/ul>\n\n\n\n
                                                                                            CLI\/SDK\/tools<\/h3>\n\n\n\n
                                                                                              \n
                                                                                            • Azure Portal (web)<\/li>\n
                                                                                            • Azure CLI (recommended for scripting): https:\/\/learn.microsoft.com\/cli\/azure\/install-azure-cli<\/li>\n
                                                                                            • If az elastic-san<\/code> commands aren\u2019t available in your CLI version, you may need an extension or an update. Verify via:\n    bash\n    az version\n    az elastic-san -h<\/code><\/li>\n
                                                                                            • SSH client (for Linux VM access)<\/li>\n
                                                                                            • On the VM:<\/li>\n
                                                                                            • Linux: open-iscsi<\/code> package; optionally multipath-tools<\/code>.<\/li>\n
                                                                                            • Windows: iSCSI Initiator + (optionally) MPIO.<\/li>\n<\/ul>\n\n\n\n
                                                                                              Region availability<\/h3>\n\n\n\n
                                                                                                \n
                                                                                              • Azure Elastic SAN is not available in every region. Check:<\/li>\n
                                                                                              • Product availability: https:\/\/azure.microsoft.com\/explore\/global-infrastructure\/products-by-region\/<\/li>\n
                                                                                              • Elastic SAN documentation region notes: https:\/\/learn.microsoft.com\/azure\/storage\/elastic-san\/<\/li>\n<\/ul>\n\n\n\n
                                                                                                Quotas\/limits<\/h3>\n\n\n\n
                                                                                                  \n
                                                                                                • Expect limits such as max SANs per subscription\/region, max volume groups, max volumes, max capacity, and performance ceilings.<\/li>\n
                                                                                                • Quotas can change; verify current limits in the official docs and in Azure Portal quota pages for your subscription\/region.<\/li>\n<\/ul>\n\n\n\n
                                                                                                  Prerequisite services<\/h3>\n\n\n\n
                                                                                                    \n
                                                                                                  • Azure Virtual Network (VNet) and subnets for compute and Elastic SAN connectivity.<\/li>\n
                                                                                                  • Azure VM(s) (for this lab) to act as iSCSI initiators.<\/li>\n<\/ul>\n\n\n\n
                                                                                                    \n\n\n\n
                                                                                                    9. Pricing \/ Cost<\/h2>\n\n\n\n
                                                                                                    Azure Elastic SAN pricing is usage- and provisioning-based<\/strong>. Exact rates vary by region and may change over time, so use official sources for current numbers.<\/p>\n\n\n\n
                                                                                                      \n
                                                                                                    • Official pricing page: https:\/\/azure.microsoft.com\/pricing\/details\/elastic-san\/  <\/li>\n
                                                                                                    • Azure Pricing Calculator: https:\/\/azure.microsoft.com\/pricing\/calculator\/<\/li>\n<\/ul>\n\n\n\n
                                                                                                      Pricing dimensions (what you pay for)<\/h3>\n\n\n\n
                                                                                                      Typical cost dimensions for managed SAN-style services include (verify exact Elastic SAN meters on the pricing page):\n1. Provisioned capacity<\/strong> (how much SAN storage you allocate)\n2. Provisioned performance<\/strong> (IOPS and\/or throughput capacity, often configurable separately from capacity)\n3. Snapshots \/ backup capacity<\/strong> (if snapshot features are enabled and billed)\n4. Networking components<\/strong> that your architecture requires (indirect):\n   – Private Link \/ private endpoints (if used)\n   – VNet peering (if spanning VNets)\n   – NAT gateways, firewalls, or routing appliances (if used)<\/p>\n\n\n\n
                                                                                                      Free tier<\/h3>\n\n\n\n
                                                                                                        \n
                                                                                                      • Azure Elastic SAN generally does not<\/strong> have a meaningful free tier for production usage. You might get limited free Azure credits via trials, Visual Studio subscriptions, or training subscriptions, but the service itself is billed.<\/li>\n<\/ul>\n\n\n\n
                                                                                                        Primary cost drivers<\/h3>\n\n\n\n
                                                                                                          \n
                                                                                                        • Provisioned SAN size<\/strong>: Larger pools increase cost even if not fully used.<\/li>\n
                                                                                                        • Provisioned performance<\/strong>: Higher IOPS\/throughput allocations increase cost.<\/li>\n
                                                                                                        • Number of environments<\/strong>: Multiple SANs (prod\/nonprod) multiply fixed provisioning charges.<\/li>\n
                                                                                                        • Operational design<\/strong>: If you add Private Link, firewalls, or complex routing, networking costs can exceed storage costs.<\/li>\n<\/ul>\n\n\n\n
                                                                                                          Hidden or indirect costs to plan for<\/h3>\n\n\n\n
                                                                                                            \n
                                                                                                          • Compute<\/strong>: VMs that consume Elastic SAN volumes are billed separately.<\/li>\n
                                                                                                          • Backups<\/strong>: If you implement backups via app-level tools or snapshots + copy workflows, storage and data movement costs add up.<\/li>\n
                                                                                                          • Monitoring<\/strong>: Log Analytics ingestion\/retention can be significant if diagnostics are verbose.<\/li>\n
                                                                                                          • Cross-zone or cross-region traffic<\/strong>: If your design causes inter-zone or inter-region data transfer, you may incur bandwidth charges and latency penalties (verify Azure bandwidth pricing).<\/li>\n<\/ul>\n\n\n\n
                                                                                                            Network\/data transfer implications<\/h3>\n\n\n\n
                                                                                                              \n
                                                                                                            • In-region VNet traffic patterns are usually the cheapest and lowest latency.<\/li>\n
                                                                                                            • If you connect from a different VNet via peering, verify:<\/li>\n
                                                                                                            • Whether Elastic SAN supports your desired topology.<\/li>\n
                                                                                                            • Whether peering\/egress charges apply.<\/li>\n
                                                                                                            • Whether additional DNS\/private endpoint configurations are needed.<\/li>\n<\/ul>\n\n\n\n
                                                                                                              How to optimize cost (practical guidance)<\/h3>\n\n\n\n
                                                                                                                \n
                                                                                                              • Right-size capacity<\/strong>: Don\u2019t provision large pools \u201cjust in case\u201d without growth plans.<\/li>\n
                                                                                                              • Right-size performance<\/strong>: Increase IOPS\/throughput only when metrics show sustained saturation.<\/li>\n
                                                                                                              • Separate environments: Use smaller SAN for dev\/test with strict auto-shutdown for VMs.<\/li>\n
                                                                                                              • Use tagging and budgets:<\/li>\n
                                                                                                              • Tags: env<\/code>, app<\/code>, costCenter<\/code>, owner<\/code>, dataClassification<\/code><\/li>\n
                                                                                                              • Azure Budgets + alerts for storage and monitoring spend<\/li>\n<\/ul>\n\n\n\n
                                                                                                                Example low-cost starter estimate (how to think about it)<\/h3>\n\n\n\n
                                                                                                                A minimal lab typically includes:\n– 1 small Elastic SAN with minimal provisioned capacity\/performance (service minimums apply)\n– 1 small Linux VM for a few hours\n– Minimal logging retention<\/p>\n\n\n\n
                                                                                                                Because exact prices are region- and meter-dependent, build an estimate with the Azure Pricing Calculator using:\n– Your target region\n– Expected provisioned capacity\n– Expected performance units (IOPS\/throughput as applicable)\n– Expected runtime (for VM)\n– Monitoring retention (Log Analytics)<\/p>\n\n\n\n
                                                                                                                Example production cost considerations<\/h3>\n\n\n\n
                                                                                                                For production, estimate:\n– SAN provisioned capacity for 12\u201324 months growth\n– Performance headroom for peak workloads\n– Redundant host connectivity (may require extra networking components)\n– Backup strategy costs (snapshot storage, backup vaults, or app-native replication)\n– Monitoring and alerting (Log Analytics volume, retention, dashboards)<\/p>\n\n\n\n
                                                                                                                \n\n\n\n
                                                                                                                10. Step-by-Step Hands-On Tutorial<\/h2>\n\n\n\n
                                                                                                                This lab provisions a small Azure environment and attaches an Azure Elastic SAN volume to a Linux VM over iSCSI, formats it, mounts it, and validates I\/O.<\/p>\n\n\n\n
                                                                                                                Objective<\/h3>\n\n\n\n
                                                                                                                  \n
                                                                                                                • Create an Azure Elastic SAN, volume group, and volume<\/li>\n
                                                                                                                • Connect a Linux VM to the volume using iSCSI<\/li>\n
                                                                                                                • Format and mount the block device<\/li>\n
                                                                                                                • Validate read\/write<\/li>\n
                                                                                                                • Clean up resources safely<\/li>\n<\/ul>\n\n\n\n
                                                                                                                  Lab Overview<\/h3>\n\n\n\n
                                                                                                                  You will build:\n– Resource group\n– VNet with:\n  – subnet-vm<\/code> (VM lives here)\n  – subnet-esan<\/code> (used for Elastic SAN volume group connectivity; may require delegation per current docs)\n– Ubuntu VM\n– Azure Elastic SAN + volume group + volume\n– iSCSI connection from VM to Elastic SAN<\/p>\n\n\n\n
                                                                                                                  Cost control tips:\n– Use one small VM size\n– Keep SAN capacity\/performance minimal\n– Delete everything at the end<\/p>\n\n\n\n
                                                                                                                  \n\n\n\n
                                                                                                                  Step 1: Create a resource group and network (Azure CLI)<\/h3>\n\n\n\n
                                                                                                                  1) Sign in and select your subscription:<\/p>\n\n\n\n
                                                                                                                  az login\naz account show\naz account set --subscription \"<SUBSCRIPTION_ID_OR_NAME>\"\n<\/code><\/pre>\n\n\n\n
                                                                                                                  2) Set variables:<\/p>\n\n\n\n
                                                                                                                  LOCATION=\"eastus\"              # choose a region that supports Azure Elastic SAN\nRG=\"rg-elasticsan-lab\"\nVNET=\"vnet-elasticsan-lab\"\nSUBNET_VM=\"subnet-vm\"\nSUBNET_ESAN=\"subnet-esan\"\n<\/code><\/pre>\n\n\n\n
                                                                                                                  3) Create the resource group:<\/p>\n\n\n\n
                                                                                                                  az group create --name \"$RG\" --location \"$LOCATION\"\n<\/code><\/pre>\n\n\n\n
                                                                                                                  Expected outcome:\n– Resource group exists in your chosen region.<\/p>\n\n\n\n
                                                                                                                  4) Create the VNet and VM subnet:<\/p>\n\n\n\n
                                                                                                                  az network vnet create \\\n  --resource-group \"$RG\" \\\n  --name \"$VNET\" \\\n  --address-prefixes 10.50.0.0\/16 \\\n  --subnet-name \"$SUBNET_VM\" \\\n  --subnet-prefixes 10.50.1.0\/24\n<\/code><\/pre>\n\n\n\n
                                                                                                                  5) Create the Elastic SAN subnet:<\/p>\n\n\n\n
                                                                                                                  az network vnet subnet create \\\n  --resource-group \"$RG\" \\\n  --vnet-name \"$VNET\" \\\n  --name \"$SUBNET_ESAN\" \\\n  --address-prefixes 10.50.2.0\/24\n<\/code><\/pre>\n\n\n\n
                                                                                                                  Expected outcome:\n– VNet with two subnets is ready.<\/p>\n\n\n\n
                                                                                                                  \n
                                                                                                                  Note: Elastic SAN volume group networking may require a delegated subnet<\/strong> and\/or specific network settings. The safest approach is to apply the required delegation in the Azure Portal during volume group creation (it will show the exact delegation name). Follow current docs: https:\/\/learn.microsoft.com\/azure\/storage\/elastic-san\/<\/p>\n<\/blockquote>\n\n\n\n
                                                                                                                  \n\n\n\n
                                                                                                                  Step 2: Create a Linux VM (Azure CLI)<\/h3>\n\n\n\n
                                                                                                                  1) Create an Ubuntu VM:<\/p>\n\n\n\n
                                                                                                                  VM_NAME=\"vm-iscsi-initiator-01\"\nADMIN_USER=\"azureuser\"\n\naz vm create \\\n  --resource-group \"$RG\" \\\n  --name \"$VM_NAME\" \\\n  --image Ubuntu2204 \\\n  --admin-username \"$ADMIN_USER\" \\\n  --generate-ssh-keys \\\n  --vnet-name \"$VNET\" \\\n  --subnet \"$SUBNET_VM\" \\\n  --public-ip-sku Standard\n<\/code><\/pre>\n\n\n\n
                                                                                                                  Expected outcome:\n– VM is created and you receive public IP info in the output.<\/p>\n\n\n\n
                                                                                                                  2) Capture the VM public IP:<\/p>\n\n\n\n
                                                                                                                  VM_IP=$(az vm show -d -g \"$RG\" -n \"$VM_NAME\" --query publicIps -o tsv)\necho \"$VM_IP\"\n<\/code><\/pre>\n\n\n\n
                                                                                                                  3) SSH to the VM:<\/p>\n\n\n\n
                                                                                                                  ssh ${ADMIN_USER}@${VM_IP}\n<\/code><\/pre>\n\n\n\n
                                                                                                                  Expected outcome:\n– You have a shell on the VM.<\/p>\n\n\n\n
                                                                                                                  \n\n\n\n
                                                                                                                  Step 3: Create Azure Elastic SAN, volume group, and volume (Azure Portal)<\/h3>\n\n\n\n
                                                                                                                  Because Elastic SAN fields and CLI parameters can evolve, this lab uses the Azure Portal for the service-specific provisioning steps to keep the workflow executable.<\/p>\n\n\n\n
                                                                                                                  1) In the Azure Portal, go to Create a resource<\/strong> \u2192 search for Azure Elastic SAN<\/strong> \u2192 Create<\/strong>.<\/p>\n\n\n\n
                                                                                                                  2) In Basics<\/strong>:\n– Subscription: your subscription\n– Resource group: rg-elasticsan-lab<\/code>\n– Name: esanlab01<\/code> (must be unique in the RG)\n– Region: same region as the VM (e.g., East US)\n– Configure capacity<\/strong> and performance<\/strong> at minimal values allowed in the portal.<\/p>\n\n\n\n
                                                                                                                  3) Create a volume group<\/strong>:\n– Go to your Elastic SAN \u2192 Volume groups<\/strong> \u2192 + Create<\/strong>\n– Name: vg-lab-01<\/code>\n– Network:\n  – Select your VNet: vnet-elasticsan-lab<\/code>\n  – Select subnet: subnet-esan<\/code>\n  – If the portal prompts for subnet delegation or requires changes, allow it (this is common for managed service endpoint injection patterns).\n  – Restrict access to only required VNets\/subnets as recommended by the portal\/docs.<\/p>\n\n\n\n
                                                                                                                  4) Create a volume<\/strong> in the volume group:\n– Go to volume group vg-lab-01<\/code> \u2192 Volumes<\/strong> \u2192 + Create<\/strong>\n– Volume name: vol-lab-01<\/code>\n– Size: choose a small size for the lab (e.g., tens of GiB; use portal minimums)\n– Keep defaults unless you have a specific need.<\/p>\n\n\n\n
                                                                                                                  Expected outcome:\n– You have one Elastic SAN, one volume group, and one volume in a Succeeded<\/strong> provisioning state.<\/p>\n\n\n\n
                                                                                                                  \n\n\n\n
                                                                                                                  Step 4: Obtain iSCSI connection details (Azure Portal)<\/h3>\n\n\n\n
                                                                                                                  1) In the Azure Portal, open:\n– Elastic SAN \u2192 Volume group vg-lab-01<\/code> \u2192 Volume vol-lab-01<\/code><\/p>\n\n\n\n
                                                                                                                  2) Find the Connect<\/strong> \/ iSCSI<\/strong> connection panel (naming can differ slightly).\nCapture:\n– One or more target portal IPs\/FQDNs<\/strong>\n– The target IQN<\/strong> (iSCSI Qualified Name)\n– The LUN<\/strong> identifier if shown (often 0<\/code> for a single volume)<\/p>\n\n\n\n
                                                                                                                  Expected outcome:\n– You have the connection details required for iscsiadm<\/code> on Linux.<\/p>\n\n\n\n
                                                                                                                  \n\n\n\n
                                                                                                                  Step 5: Connect from Linux to the Elastic SAN volume (Linux commands)<\/h3>\n\n\n\n
                                                                                                                  Run the following on the VM (SSH session).<\/p>\n\n\n\n
                                                                                                                  1) Install iSCSI tools:<\/p>\n\n\n\n
                                                                                                                  sudo apt-get update\nsudo apt-get install -y open-iscsi\nsudo systemctl enable --now iscsid\n<\/code><\/pre>\n\n\n\n
                                                                                                                  Expected outcome:\n– iscsid<\/code> service is running.<\/p>\n\n\n\n
                                                                                                                  2) (Optional but recommended) Install multipath tools:<\/p>\n\n\n\n
                                                                                                                  sudo apt-get install -y multipath-tools\nsudo systemctl enable --now multipathd\n<\/code><\/pre>\n\n\n\n
                                                                                                                  3) Discover targets (use one portal IP from the portal):<\/p>\n\n\n\n
                                                                                                                  # Replace with one target portal IP\/FQDN from Azure Portal:\nPORTAL=\"<TARGET_PORTAL_IP_OR_FQDN>\"\n\nsudo iscsiadm -m discovery -t sendtargets -p \"$PORTAL\"\n<\/code><\/pre>\n\n\n\n
                                                                                                                  Expected outcome:\n– Output lists one or more targets including an IQN.<\/p>\n\n\n\n
                                                                                                                  4) Log in to the target (replace IQN with your target IQN):<\/p>\n\n\n\n
                                                                                                                  IQN=\"<TARGET_IQN_FROM_PORTAL>\"\n\nsudo iscsiadm -m node -T \"$IQN\" -p \"$PORTAL\" --login\n<\/code><\/pre>\n\n\n\n
                                                                                                                  Expected outcome:\n– Successful login message; a new block device appears.<\/p>\n\n\n\n
                                                                                                                  5) Make the login persistent across reboots:<\/p>\n\n\n\n
                                                                                                                  sudo iscsiadm -m node -T \"$IQN\" -p \"$PORTAL\" --op update -n node.startup -v automatic\n<\/code><\/pre>\n\n\n\n
                                                                                                                  6) Identify the new disk:<\/p>\n\n\n\n
                                                                                                                  lsblk -o NAME,SIZE,TYPE,MOUNTPOINT,MODEL\n<\/code><\/pre>\n\n\n\n
                                                                                                                  Look for a new disk (often sdb<\/code> or similar) with the size you created.<\/p>\n\n\n\n
                                                                                                                  If multipath is enabled, check:<\/p>\n\n\n\n
                                                                                                                  sudo multipath -ll || true\nls -l \/dev\/mapper\/ || true\n<\/code><\/pre>\n\n\n\n
                                                                                                                  Expected outcome:\n– You can identify the device path to format (either \/dev\/sdX<\/code> or \/dev\/mapper\/mpathX<\/code>).<\/p>\n\n\n\n
                                                                                                                  \n\n\n\n
                                                                                                                  Step 6: Partition, format, and mount the volume<\/h3>\n\n\n\n
                                                                                                                  \n
                                                                                                                  Choose one<\/strong> device path carefully. Formatting the wrong disk will destroy data.<\/p>\n<\/blockquote>\n\n\n\n
                                                                                                                  1) Set a variable for the device (examples shown; pick the correct one):<\/p>\n\n\n\n
                                                                                                                  # Example if the new disk is \/dev\/sdb (single path)\nDEV=\"\/dev\/sdb\"\n\n# Example if multipath created a device like \/dev\/mapper\/mpatha\n# DEV=\"\/dev\/mapper\/mpatha\"\n<\/code><\/pre>\n\n\n\n
                                                                                                                  2) Create a GPT partition table and a single partition:<\/p>\n\n\n\n
                                                                                                                  sudo parted -s \"$DEV\" mklabel gpt\nsudo parted -s \"$DEV\" mkpart primary 0% 100%\n<\/code><\/pre>\n\n\n\n
                                                                                                                  3) Format it (XFS is common for data volumes; ext4 is also fine):<\/p>\n\n\n\n
                                                                                                                  PART=\"${DEV}1\"\nsudo mkfs.xfs -f \"$PART\"\n<\/code><\/pre>\n\n\n\n
                                                                                                                  Expected outcome:\n– Filesystem created successfully.<\/p>\n\n\n\n
                                                                                                                  4) Mount the filesystem:<\/p>\n\n\n\n
                                                                                                                  sudo mkdir -p \/mnt\/esan\nsudo mount \"$PART\" \/mnt\/esan\ndf -h \/mnt\/esan\n<\/code><\/pre>\n\n\n\n
                                                                                                                  Expected outcome:\n– \/mnt\/esan<\/code> shows mounted capacity.<\/p>\n\n\n\n
                                                                                                                  5) Make it persistent in \/etc\/fstab<\/code>:<\/p>\n\n\n\n
                                                                                                                  UUID=$(sudo blkid -s UUID -o value \"$PART\")\necho \"UUID=$UUID \/mnt\/esan xfs defaults,_netdev,nofail 0 2\" | sudo tee -a \/etc\/fstab\n<\/code><\/pre>\n\n\n\n
                                                                                                                  Expected outcome:\n– VM will remount after reboot ( _netdev<\/code> helps ensure network is up before mounting).<\/p>\n\n\n\n
                                                                                                                  \n\n\n\n
                                                                                                                  Validation<\/h3>\n\n\n\n
                                                                                                                  Run these checks on the VM:<\/p>\n\n\n\n
                                                                                                                  1) Confirm iSCSI session:<\/p>\n\n\n\n
                                                                                                                  sudo iscsiadm -m session\n<\/code><\/pre>\n\n\n\n
                                                                                                                  2) Confirm mount is writable:<\/p>\n\n\n\n
                                                                                                                  sudo sh -c 'echo \"hello from Elastic SAN $(date)\" > \/mnt\/esan\/hello.txt'\ncat \/mnt\/esan\/hello.txt\n<\/code><\/pre>\n\n\n\n
                                                                                                                  3) (Optional) Quick I\/O test (small and safe):<\/p>\n\n\n\n
                                                                                                                  sudo apt-get install -y fio\nfio --name=quicktest --directory=\/mnt\/esan --size=256M --bs=64k --rw=write --iodepth=8 --numjobs=1 --time_based --runtime=30\n<\/code><\/pre>\n\n\n\n
                                                                                                                  Expected outcome:\n– Write test completes without I\/O errors.<\/p>\n\n\n\n
                                                                                                                  \n\n\n\n
                                                                                                                  Troubleshooting<\/h3>\n\n\n\n
                                                                                                                  Common problems and fixes:<\/p>\n\n\n\n
                                                                                                                  1) Discovery returns nothing \/ cannot reach portal<\/strong>\n– Verify the VM and Elastic SAN are in the same region<\/strong> (recommended).\n– Verify volume group networking is correctly configured (subnet selection and any required delegation).\n– Ensure no NSG\/route table blocks traffic from subnet-vm<\/code> to subnet-esan<\/code>.\n– Confirm you used the correct portal IP\/FQDN from the Connect<\/strong> panel.<\/p>\n\n\n\n
                                                                                                                  2) iscsiadm --login<\/code> fails<\/strong>\n– Re-check the target IQN.\n– If authentication (e.g., CHAP) is configured, ensure credentials match (verify whether Elastic SAN supports and how to configure it).\n– Check system logs:\n  bash\n  sudo journalctl -u iscsid --no-pager | tail -n 200<\/code><\/p>\n\n\n\n
                                                                                                                  3) Disk appears but mount is unstable after reboot<\/strong>\n– Ensure node.startup = automatic<\/code> is set.\n– Ensure \/etc\/fstab<\/code> includes _netdev,nofail<\/code>.\n– If multipath is used, ensure you mount the multipath device\/partition<\/strong>, not a single path.<\/p>\n\n\n\n
                                                                                                                  4) Multipath shows multiple devices \/ wrong device naming<\/strong>\n– Use \/dev\/disk\/by-id\/<\/code> or \/dev\/mapper\/<\/code> stable names rather than \/dev\/sdX<\/code>.\n– Validate multipath -ll<\/code> output and confirm only one multipath device per LUN.<\/p>\n\n\n\n
                                                                                                                  5) Performance lower than expected<\/strong>\n– Check if you\u2019re hitting provisioned performance limits (IOPS\/throughput).\n– Check VM size limits and NIC throughput.\n– Confirm your test pattern and filesystem alignment.<\/p>\n\n\n\n
                                                                                                                  \n\n\n\n
                                                                                                                  Cleanup<\/h3>\n\n\n\n
                                                                                                                  To avoid ongoing charges, clean up in this order.<\/p>\n\n\n\n
                                                                                                                  On the VM:\n1) Unmount:<\/p>\n\n\n\n
                                                                                                                  sudo umount \/mnt\/esan\n<\/code><\/pre>\n\n\n\n
                                                                                                                  2) Remove the fstab entry (optional):<\/p>\n\n\n\n
                                                                                                                  sudo sed -i '\\|\/mnt\/esan|d' \/etc\/fstab\n<\/code><\/pre>\n\n\n\n
                                                                                                                  3) Log out and delete iSCSI node records:<\/p>\n\n\n\n
                                                                                                                  PORTAL=\"<TARGET_PORTAL_IP_OR_FQDN>\"\nIQN=\"<TARGET_IQN_FROM_PORTAL>\"\n\nsudo iscsiadm -m node -T \"$IQN\" -p \"$PORTAL\" --logout || true\nsudo iscsiadm -m node -o delete -T \"$IQN\" -p \"$PORTAL\" || true\n<\/code><\/pre>\n\n\n\n
                                                                                                                  In Azure:\n1) Delete the volume (vol-lab-01<\/code>)\n2) Delete the volume group (vg-lab-01<\/code>)\n3) Delete the Elastic SAN (esanlab01<\/code>)\n4) Delete the resource group (fastest way to ensure everything is removed):<\/p>\n\n\n\n
                                                                                                                  az group delete --name \"$RG\" --yes --no-wait\n<\/code><\/pre>\n\n\n\n
                                                                                                                  Expected outcome:\n– All lab resources are deleted and billing stops (after Azure finalizes deletion).<\/p>\n\n\n\n
                                                                                                                  \n\n\n\n
                                                                                                                  11. Best Practices<\/h2>\n\n\n\n
                                                                                                                  Architecture best practices<\/h3>\n\n\n\n
                                                                                                                    \n
                                                                                                                  • Keep it regional<\/strong>: Place compute and Elastic SAN in the same Azure region for latency and cost predictability.<\/li>\n
                                                                                                                  • Separate subnets<\/strong>:<\/li>\n
                                                                                                                  • One subnet for initiators (VMs)<\/li>\n
                                                                                                                  • One dedicated subnet for Elastic SAN volume group endpoints if required by the service model<\/li>\n
                                                                                                                  • Design for multipath<\/strong>: Use redundant paths and host-side multipath where supported and appropriate.<\/li>\n
                                                                                                                  • Use volume groups as boundaries<\/strong>: Split by environment (prod\/nonprod) or tenant\/application domain.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                    IAM\/security best practices<\/h3>\n\n\n\n
                                                                                                                      \n
                                                                                                                    • Apply least privilege<\/strong>:<\/li>\n
                                                                                                                    • Storage admins: manage SAN\/volume groups\/volumes<\/li>\n
                                                                                                                    • Operators: read-only monitoring access<\/li>\n
                                                                                                                    • App teams: no delete permissions on SAN resources<\/li>\n
                                                                                                                    • Use resource locks<\/strong> on production SAN and volume groups to prevent accidental deletion.<\/li>\n
                                                                                                                    • Enforce tag compliance via Azure Policy if possible (or CI checks).<\/li>\n<\/ul>\n\n\n\n
                                                                                                                      Cost best practices<\/h3>\n\n\n\n
                                                                                                                        \n
                                                                                                                      • Start small and scale:<\/li>\n
                                                                                                                      • Avoid large pools without a growth plan.<\/li>\n
                                                                                                                      • Monitor performance to avoid over-provisioning:<\/li>\n
                                                                                                                      • Increase provisioned performance only after confirming sustained bottlenecks.<\/li>\n
                                                                                                                      • Use budgets and alerts:<\/li>\n
                                                                                                                      • Alert on unexpected increases in storage and monitoring spend.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                        Performance best practices<\/h3>\n\n\n\n
                                                                                                                          \n
                                                                                                                        • Validate VM and network limits:<\/li>\n
                                                                                                                        • VM size can cap network throughput and IOPS.<\/li>\n
                                                                                                                        • Use appropriate filesystem and mount options:<\/li>\n
                                                                                                                        • For Linux, XFS is common; ensure correct alignment and queue settings when recommended.<\/li>\n
                                                                                                                        • Benchmark realistically:<\/li>\n
                                                                                                                        • Use fio<\/code> patterns matching your production workload (block size, read\/write mix, concurrency, sync mode).<\/li>\n
                                                                                                                        • Avoid noisy neighbors in the OS:<\/li>\n
                                                                                                                        • Ensure your app and OS tuning do not create unnecessary sync writes if not needed.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                          Reliability best practices<\/h3>\n\n\n\n
                                                                                                                            \n
                                                                                                                          • Use multipath for higher resilience (host configuration).<\/li>\n
                                                                                                                          • Plan maintenance windows for major resizing or configuration changes.<\/li>\n
                                                                                                                          • Implement backups at the appropriate layer:<\/li>\n
                                                                                                                          • App-consistent backups (database-native)<\/li>\n
                                                                                                                          • Filesystem snapshots (if supported)\n  Verify the best approach for Elastic SAN and your workload.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                            Operations best practices<\/h3>\n\n\n\n
                                                                                                                              \n
                                                                                                                            • Standardize naming:<\/li>\n
                                                                                                                            • esan-<org>-<env>-<region>-01<\/code><\/li>\n
                                                                                                                            • vg-<app>-<env><\/code><\/li>\n
                                                                                                                            • vol-<app>-<purpose>-<nn><\/code><\/li>\n
                                                                                                                            • Instrument everything:<\/li>\n
                                                                                                                            • Azure Monitor alerts for latency\/IOPS saturation<\/li>\n
                                                                                                                            • VM metrics for disk queue\/IO wait<\/li>\n
                                                                                                                            • Document runbooks:<\/li>\n
                                                                                                                            • \u201cHow to add a new volume\u201d<\/li>\n
                                                                                                                            • \u201cHow to resize a volume and filesystem\u201d<\/li>\n
                                                                                                                            • \u201cHow to recover from iSCSI login issues\u201d<\/li>\n<\/ul>\n\n\n\n
                                                                                                                              Governance\/tagging\/naming best practices<\/h3>\n\n\n\n
                                                                                                                              Recommended tags:\n– env<\/code> (prod\/dev\/test)\n– app<\/code>\n– owner<\/code>\n– costCenter<\/code>\n– dataClassification<\/code>\n– criticality<\/code>\n– rpo<\/code> \/ rto<\/code> (optional)<\/p>\n\n\n\n
                                                                                                                              \n\n\n\n
                                                                                                                              12. Security Considerations<\/h2>\n\n\n\n
                                                                                                                              Identity and access model<\/h3>\n\n\n\n
                                                                                                                                \n
                                                                                                                              • Azure AD + Azure RBAC<\/strong> secures management operations:<\/li>\n
                                                                                                                              • Create\/modify\/delete Elastic SAN resources<\/li>\n
                                                                                                                              • Create volume groups\/volumes<\/li>\n
                                                                                                                              • Update networking settings<\/li>\n
                                                                                                                              • Use separation of duties<\/strong>:<\/li>\n
                                                                                                                              • Storage operators should not automatically have Owner rights.<\/li>\n
                                                                                                                              • Prefer managed identities<\/strong> for automation (CI\/CD) rather than user credentials.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                Encryption<\/h3>\n\n\n\n
                                                                                                                                  \n
                                                                                                                                • Encryption at rest<\/strong>: Azure Storage services typically encrypt at rest by default using platform-managed keys; verify Elastic SAN encryption specifics and whether customer-managed keys are supported for your scenario.<\/li>\n
                                                                                                                                • Encryption in transit<\/strong>: iSCSI traffic is not inherently encrypted like TLS. Security usually relies on:<\/li>\n
                                                                                                                                • Private networking and isolation<\/li>\n
                                                                                                                                • Optional iSCSI authentication features (e.g., CHAP) if supported\n  Confirm current Elastic SAN capabilities and recommendations.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                  Network exposure<\/h3>\n\n\n\n
                                                                                                                                    \n
                                                                                                                                  • Do not expose iSCSI endpoints publicly.<\/li>\n
                                                                                                                                  • Restrict access to:<\/li>\n
                                                                                                                                  • Approved VNets\/subnets<\/li>\n
                                                                                                                                  • Approved hosts<\/li>\n
                                                                                                                                  • Consider additional controls:<\/li>\n
                                                                                                                                  • NSGs with minimal required rules (be careful not to block required service behavior)<\/li>\n
                                                                                                                                  • Azure Firewall\/NVA only if your design requires inspection (it may add latency)<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                    Secrets handling<\/h3>\n\n\n\n
                                                                                                                                      \n
                                                                                                                                    • If iSCSI authentication secrets are used (CHAP or similar), store them securely:<\/li>\n
                                                                                                                                    • Azure Key Vault for secret storage<\/li>\n
                                                                                                                                    • Do not hardcode in scripts or images<\/li>\n
                                                                                                                                    • Rotate secrets and document rotation procedures.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                      Audit\/logging<\/h3>\n\n\n\n
                                                                                                                                        \n
                                                                                                                                      • Use Azure Activity Log<\/strong> to track control-plane changes.<\/li>\n
                                                                                                                                      • Enable diagnostic settings for Elastic SAN if available.<\/li>\n
                                                                                                                                      • Log host-side events:<\/li>\n
                                                                                                                                      • Linux: journalctl -u iscsid<\/code>, multipath logs<\/li>\n
                                                                                                                                      • Windows: Event Viewer iSCSI\/MPIO logs<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                        Compliance considerations<\/h3>\n\n\n\n
                                                                                                                                          \n
                                                                                                                                        • Classify data and align with required controls (encryption, network isolation, access logging).<\/li>\n
                                                                                                                                        • Validate service compliance offerings and certifications in Azure compliance documentation (service-by-service coverage can vary).<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                          Common security mistakes<\/h3>\n\n\n\n
                                                                                                                                            \n
                                                                                                                                          • Overly broad RBAC (giving too many users Contributor\/Owner)<\/li>\n
                                                                                                                                          • Flat networks where any VM can reach storage endpoints<\/li>\n
                                                                                                                                          • No monitoring\/alerts for performance saturation (can become a security issue if it impacts availability)<\/li>\n
                                                                                                                                          • No deletion protection (locks) for production SAN resources<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                            Secure deployment recommendations<\/h3>\n\n\n\n
                                                                                                                                              \n
                                                                                                                                            • Use private networking only.<\/li>\n
                                                                                                                                            • Enforce least privilege and locks.<\/li>\n
                                                                                                                                            • Centralize logging and alerting.<\/li>\n
                                                                                                                                            • Treat iSCSI volumes like critical infrastructure: document, monitor, and change-control.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                              \n\n\n\n
                                                                                                                                              13. Limitations and Gotchas<\/h2>\n\n\n\n
                                                                                                                                              Because Azure Elastic SAN is a specialized service, confirm these areas early:<\/p>\n\n\n\n
                                                                                                                                              Known limitations (verify in docs)<\/h3>\n\n\n\n
                                                                                                                                                \n
                                                                                                                                              • Region availability<\/strong>: Not all regions support the service.<\/li>\n
                                                                                                                                              • Feature availability<\/strong>: Some features may be in preview or not supported in all regions\/SKUs.<\/li>\n
                                                                                                                                              • Snapshots\/backup<\/strong>: Snapshot and backup integrations can differ from managed disks\u2014verify current support.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                Quotas<\/h3>\n\n\n\n
                                                                                                                                                  \n
                                                                                                                                                • Maximum number of SANs per subscription\/region<\/li>\n
                                                                                                                                                • Maximum volumes per volume group \/ per SAN<\/li>\n
                                                                                                                                                • Maximum volume size<\/li>\n
                                                                                                                                                • Performance ceilings (IOPS\/throughput)<\/li>\n
                                                                                                                                                • Portal-enforced minimums for capacity\/performance provisioning<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                  All of these can change\u2014verify current values in:\nhttps:\/\/learn.microsoft.com\/azure\/storage\/elastic-san\/<\/p>\n\n\n\n
                                                                                                                                                  Regional constraints<\/h3>\n\n\n\n
                                                                                                                                                    \n
                                                                                                                                                  • Cross-region access is generally not recommended for low-latency block I\/O. Even if technically possible via networking, it can be costly and slow.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                    Pricing surprises<\/h3>\n\n\n\n
                                                                                                                                                      \n
                                                                                                                                                    • Provisioned performance can be a major cost driver even if average IOPS is low.<\/li>\n
                                                                                                                                                    • Private networking components (Private Link, firewalls, NAT) can add meaningful cost.<\/li>\n
                                                                                                                                                    • Log Analytics ingestion\/retention costs can grow quickly.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                      Compatibility issues<\/h3>\n\n\n\n
                                                                                                                                                        \n
                                                                                                                                                      • Multipath requires correct OS configuration.<\/li>\n
                                                                                                                                                      • Some clustered filesystems and cluster stacks have strict requirements\u2014validate with vendor documentation and testing.<\/li>\n
                                                                                                                                                      • Device naming can change if not using stable identifiers (\/dev\/disk\/by-id<\/code>, UUIDs, multipath aliases).<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                        Operational gotchas<\/h3>\n\n\n\n
                                                                                                                                                          \n
                                                                                                                                                        • Resizing storage usually requires:<\/li>\n
                                                                                                                                                        • Azure-side resize<\/li>\n
                                                                                                                                                        • OS rescan<\/li>\n
                                                                                                                                                        • Partition resize (if used)<\/li>\n
                                                                                                                                                        • Filesystem resize\n  Missing one step can make capacity appear unchanged.<\/li>\n
                                                                                                                                                        • iSCSI login persistence:<\/li>\n
                                                                                                                                                        • Must ensure services start and node.startup=automatic<\/code> is set<\/li>\n
                                                                                                                                                        • Use _netdev<\/code> in fstab to avoid boot failures<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                          Migration challenges<\/h3>\n\n\n\n
                                                                                                                                                            \n
                                                                                                                                                          • Moving from managed disks to iSCSI volumes is a migration project:<\/li>\n
                                                                                                                                                          • Data copy, downtime planning, filesystem changes, app reconfiguration<\/li>\n
                                                                                                                                                          • Moving from on-prem SAN may require:<\/li>\n
                                                                                                                                                          • iSCSI initiator differences<\/li>\n
                                                                                                                                                          • Windows\/Linux multipath differences<\/li>\n
                                                                                                                                                          • Different snapshot\/backup model<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                            Vendor-specific nuances<\/h3>\n\n\n\n
                                                                                                                                                              \n
                                                                                                                                                            • Treat Elastic SAN like a managed platform service: you control configuration and usage, but not the underlying storage fabric.<\/li>\n
                                                                                                                                                            • Follow Azure\u2019s published SLA, support boundaries, and documented maintenance behaviors.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                              \n\n\n\n
                                                                                                                                                              14. Comparison with Alternatives<\/h2>\n\n\n\n
                                                                                                                                                              Azure Elastic SAN is not the default choice for every storage need. Use this comparison to decide.<\/p>\n\n\n\n
                                                                                                                                                              Comparison table<\/h3>\n\n\n\n
                                                                                                                                                              \n\n\n\n\n\n\n\n\n\n\n\n
                                                                                                                                                              Option<\/th>\nBest For<\/th>\nStrengths<\/th>\nWeaknesses<\/th>\nWhen to Choose<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                              Azure Elastic SAN<\/strong><\/td>\nSAN-style shared block storage via iSCSI<\/td>\nPooled capacity\/performance, centralized volume management, iSCSI standard protocol<\/td>\nAdded complexity vs managed disks; iSCSI ops and multipath required; feature set varies<\/td>\nYou need SAN-like LUN workflows and centralized block storage<\/td>\n<\/tr>\n
                                                                                                                                                              Azure Managed Disks<\/strong><\/td>\nPer-VM block storage (most VM workloads)<\/td>\nVery simple, tight VM integration, broad ecosystem support<\/td>\nDisk sprawl in large fleets; not SAN-style shared model<\/td>\nDefault for VM-based apps unless you specifically need SAN behavior<\/td>\n<\/tr>\n
                                                                                                                                                              Azure Files (SMB\/NFS)<\/strong><\/td>\nShared file storage<\/td>\nEasy sharing across hosts, simple mounts<\/td>\nFile semantics (not raw block), performance\/latency differs from block<\/td>\nYou need shared file access rather than block devices<\/td>\n<\/tr>\n
                                                                                                                                                              Azure NetApp Files<\/strong><\/td>\nEnterprise NFS\/SMB (and advanced storage features)<\/td>\nHigh performance file storage, mature enterprise features<\/td>\nCost model can be higher; different operational model<\/td>\nEnterprise file workloads and advanced data management needs<\/td>\n<\/tr>\n
                                                                                                                                                              Self-managed iSCSI target on Azure VMs<\/strong><\/td>\nCustom SAN features or tight control<\/td>\nFull control, can use open-source stacks<\/td>\nYou manage HA, patching, scaling, security<\/td>\nOnly when managed services don\u2019t meet requirements and you accept ops burden<\/td>\n<\/tr>\n
                                                                                                                                                              AWS EBS<\/strong> (other cloud)<\/td>\nPer-instance block storage in AWS<\/td>\nMature, simple, strong integration<\/td>\nAWS-only; not SAN-pool model<\/td>\nIf you are on AWS and need per-instance block storage<\/td>\n<\/tr>\n
                                                                                                                                                              AWS FSx for NetApp ONTAP<\/strong> (other cloud)<\/td>\nManaged NetApp storage (file + iSCSI LUNs)<\/td>\nEnterprise ONTAP features<\/td>\nDifferent cost\/ops model; AWS-only<\/td>\nIf you need NetApp ONTAP features and are on AWS<\/td>\n<\/tr>\n
                                                                                                                                                              Google Persistent Disk<\/strong> (other cloud)<\/td>\nPer-VM block storage in GCP<\/td>\nSimple, integrated<\/td>\nGCP-only; not SAN-pool model<\/td>\nIf you are on GCP and need per-VM block storage<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                              \n\n\n\n
                                                                                                                                                              15. Real-World Example<\/h2>\n\n\n\n
                                                                                                                                                              Enterprise example: Centralized storage platform for regulated workloads<\/h3>\n\n\n\n
                                                                                                                                                                \n
                                                                                                                                                              • Problem<\/strong>: A regulated enterprise has many VM-based applications that require block storage and a storage team that must enforce strict access boundaries, auditing, and standardized provisioning.<\/li>\n
                                                                                                                                                              • Proposed architecture<\/strong>:<\/li>\n
                                                                                                                                                              • One Azure Elastic SAN per region per environment (prod\/nonprod)<\/li>\n
                                                                                                                                                              • Volume groups per business unit\/application domain<\/li>\n
                                                                                                                                                              • Dedicated subnets for SAN connectivity<\/li>\n
                                                                                                                                                              • Multipath configured on all critical VMs<\/li>\n
                                                                                                                                                              • Azure Monitor alerts on latency and saturation<\/li>\n
                                                                                                                                                              • Azure Policy enforcing tags and required diagnostic settings (where supported)<\/li>\n
                                                                                                                                                              • Why Azure Elastic SAN was chosen<\/strong>:<\/li>\n
                                                                                                                                                              • Centralized pool model reduces disk sprawl<\/li>\n
                                                                                                                                                              • SAN-like provisioning maps to existing storage processes<\/li>\n
                                                                                                                                                              • Private network connectivity supports security requirements<\/li>\n
                                                                                                                                                              • Expected outcomes<\/strong>:<\/li>\n
                                                                                                                                                              • Faster provisioning (hours to minutes)<\/li>\n
                                                                                                                                                              • More consistent performance governance<\/li>\n
                                                                                                                                                              • Improved auditability of storage changes via Azure Activity Log and RBAC<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                Startup\/small-team example: Migrating a legacy app that requires iSCSI<\/h3>\n\n\n\n
                                                                                                                                                                  \n
                                                                                                                                                                • Problem<\/strong>: A small team is migrating a legacy VM-based product from on-prem where it used iSCSI LUNs; rewriting for cloud-native storage would delay the move.<\/li>\n
                                                                                                                                                                • Proposed architecture<\/strong>:<\/li>\n
                                                                                                                                                                • Single Elastic SAN in one region<\/li>\n
                                                                                                                                                                • One volume group for production<\/li>\n
                                                                                                                                                                • Two Linux VMs attached via iSCSI (with careful application-level coordination)<\/li>\n
                                                                                                                                                                • Simple monitoring and a runbook for reconnect\/rescan<\/li>\n
                                                                                                                                                                • Why Azure Elastic SAN was chosen<\/strong>:<\/li>\n
                                                                                                                                                                • Minimal infrastructure management compared to self-hosted iSCSI<\/li>\n
                                                                                                                                                                • Faster migration path that preserves the app\u2019s storage assumptions<\/li>\n
                                                                                                                                                                • Expected outcomes<\/strong>:<\/li>\n
                                                                                                                                                                • Migration completed without redesigning the storage layer<\/li>\n
                                                                                                                                                                • Reduced operational burden vs maintaining iSCSI target VMs<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                  \n\n\n\n
                                                                                                                                                                  16. FAQ<\/h2>\n\n\n\n
                                                                                                                                                                  1) Is Azure Elastic SAN block storage or file storage?<\/strong>\nAzure Elastic SAN provides block storage<\/strong> volumes accessed using iSCSI<\/strong>.<\/p>\n\n\n\n
                                                                                                                                                                  2) How do clients connect to Azure Elastic SAN volumes?<\/strong>\nTypically via iSCSI initiators<\/strong> on supported operating systems (Linux\/Windows). You use portal-provided target portals and IQNs.<\/p>\n\n\n\n
                                                                                                                                                                  3) Do I attach an Elastic SAN volume like an Azure managed disk?<\/strong>\nNo. Managed disks attach through Azure\u2019s VM\/disk attachment model. Elastic SAN volumes are connected at the OS level over iSCSI networking.<\/p>\n\n\n\n
                                                                                                                                                                  4) Is Azure Elastic SAN regional?<\/strong>\nYes, it\u2019s deployed into an Azure region. For best results, place compute in the same region.<\/p>\n\n\n\n
                                                                                                                                                                  5) Can I use Azure Elastic SAN with AKS?<\/strong>\nIt\u2019s technically possible to use iSCSI-backed persistent volumes in Kubernetes, but it\u2019s not the default Azure approach. Most AKS users use Azure Disk CSI or Azure Files CSI. Evaluate operational complexity carefully.<\/p>\n\n\n\n
                                                                                                                                                                  6) Does Azure Elastic SAN support snapshots?<\/strong>\nFeature availability changes over time. Verify current snapshot support and billing in the official docs and pricing page.<\/p>\n\n\n\n
                                                                                                                                                                  7) How is performance managed?<\/strong>\nElastic SAN typically uses provisioned capacity and provisioned performance dimensions. Check the pricing page for the current model and the portal for configurable performance options.<\/p>\n\n\n\n
                                                                                                                                                                  8) Is the data encrypted at rest?<\/strong>\nAzure Storage commonly encrypts at rest by default, but always verify Elastic SAN encryption details and any customer-managed key support in the official documentation.<\/p>\n\n\n\n
                                                                                                                                                                  9) Is iSCSI traffic encrypted in transit?<\/strong>\niSCSI is not TLS by default. Use private networking and access restrictions. If Elastic SAN supports CHAP or other mechanisms, configure them\u2014verify in docs.<\/p>\n\n\n\n
                                                                                                                                                                  10) What ports must be open?<\/strong>\niSCSI commonly uses TCP 3260<\/strong>. Confirm any additional ports\/endpoints required by Elastic SAN and your OS multipath configuration.<\/p>\n\n\n\n
                                                                                                                                                                  11) Can multiple hosts connect to the same volume?<\/strong>\nBlock volumes can be connected by multiple hosts, but safe multi-host usage depends on the filesystem\/cluster stack. For most filesystems, concurrent mounting can corrupt data. Use a cluster-aware filesystem or clustering solution if required, and validate support.<\/p>\n\n\n\n
                                                                                                                                                                  12) How do I resize a volume?<\/strong>\nUsually you resize in Azure (volume size), then rescan on the host, then resize partition\/filesystem. Confirm Elastic SAN supports your desired resize direction (grow vs shrink).<\/p>\n\n\n\n
                                                                                                                                                                  13) What is a volume group?<\/strong>\nA volume group is a container for volumes that also acts as a boundary for iSCSI exposure\/network settings and administration.<\/p>\n\n\n\n
                                                                                                                                                                  14) How do I monitor Elastic SAN health and performance?<\/strong>\nUse Azure Monitor metrics and diagnostic logs (where supported). Also monitor host-level disk latency and I\/O wait.<\/p>\n\n\n\n
                                                                                                                                                                  15) What are common causes of connection failures?<\/strong>\nIncorrect subnet\/network configuration, blocked traffic (NSG\/UDR), wrong portal\/IQN, missing iSCSI services, or authentication mismatch (if configured).<\/p>\n\n\n\n
                                                                                                                                                                  16) Is Azure Elastic SAN a replacement for Azure NetApp Files?<\/strong>\nNot directly. NetApp Files is primarily enterprise file<\/strong> storage (NFS\/SMB). Elastic SAN is block<\/strong> storage over iSCSI with a SAN-like operational model.<\/p>\n\n\n\n
                                                                                                                                                                  17) Is Azure Elastic SAN cheaper than managed disks?<\/strong>\nIt depends. For some pooled, high-scale scenarios it can be cost-effective. For many simple workloads, managed disks may be cheaper and simpler. Use the pricing calculator with your workload assumptions.<\/p>\n\n\n\n
                                                                                                                                                                  \n\n\n\n
                                                                                                                                                                  17. Top Online Resources to Learn Azure Elastic SAN<\/h2>\n\n\n\n
                                                                                                                                                                  \n\n\n\n\n\n\n\n\n\n\n\n\n\n
                                                                                                                                                                  Resource Type<\/th>\nName<\/th>\nWhy It Is Useful<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                                  Official documentation<\/td>\nAzure Elastic SAN documentation<\/td>\nPrimary source for concepts, how-tos, limits, and networking requirements: https:\/\/learn.microsoft.com\/azure\/storage\/elastic-san\/<\/td>\n<\/tr>\n
                                                                                                                                                                  Official pricing<\/td>\nAzure Elastic SAN pricing page<\/td>\nCurrent meters and region-dependent pricing: https:\/\/azure.microsoft.com\/pricing\/details\/elastic-san\/<\/td>\n<\/tr>\n
                                                                                                                                                                  Pricing tool<\/td>\nAzure Pricing Calculator<\/td>\nBuild estimates for SAN + VM + monitoring: https:\/\/azure.microsoft.com\/pricing\/calculator\/<\/td>\n<\/tr>\n
                                                                                                                                                                  Product availability<\/td>\nAzure Products by Region<\/td>\nConfirm Elastic SAN is available in your region: https:\/\/azure.microsoft.com\/explore\/global-infrastructure\/products-by-region\/<\/td>\n<\/tr>\n
                                                                                                                                                                  Azure CLI docs<\/td>\nInstall Azure CLI<\/td>\nRequired to automate labs and operations: https:\/\/learn.microsoft.com\/cli\/azure\/install-azure-cli<\/td>\n<\/tr>\n
                                                                                                                                                                  Architecture guidance<\/td>\nAzure Architecture Center<\/td>\nBroader Azure storage + networking patterns (useful context): https:\/\/learn.microsoft.com\/azure\/architecture\/<\/td>\n<\/tr>\n
                                                                                                                                                                  Monitoring<\/td>\nAzure Monitor overview<\/td>\nHow to build alerts and dashboards: https:\/\/learn.microsoft.com\/azure\/azure-monitor\/<\/td>\n<\/tr>\n
                                                                                                                                                                  Identity\/RBAC<\/td>\nAzure RBAC documentation<\/td>\nSecure management-plane operations: https:\/\/learn.microsoft.com\/azure\/role-based-access-control\/overview<\/td>\n<\/tr>\n
                                                                                                                                                                  Storage concepts<\/td>\nAzure Storage documentation<\/td>\nContext for Azure Storage services and common concepts: https:\/\/learn.microsoft.com\/azure\/storage\/<\/td>\n<\/tr>\n
                                                                                                                                                                  Community (use with care)<\/td>\nMicrosoft Tech Community (Azure Storage)<\/td>\nPractical tips and announcements; validate against official docs: https:\/\/techcommunity.microsoft.com\/t5\/azure-storage\/bd-p\/AzureStorageBlog<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                                  \n\n\n\n
                                                                                                                                                                  18. Training and Certification Providers<\/h2>\n\n\n\n
                                                                                                                                                                  \n\n\n\n\n\n\n\n\n
                                                                                                                                                                  Institute<\/th>\nSuitable Audience<\/th>\nLikely Learning Focus<\/th>\nMode<\/th>\nWebsite URL<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                                  DevOpsSchool.com<\/td>\nDevOps engineers, cloud engineers, SREs<\/td>\nAzure operations, DevOps practices, automation fundamentals<\/td>\nCheck website<\/td>\nhttps:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n
                                                                                                                                                                  ScmGalaxy.com<\/td>\nBeginners to intermediate engineers<\/td>\nSCM\/DevOps basics, CI\/CD, cloud fundamentals<\/td>\nCheck website<\/td>\nhttps:\/\/www.scmgalaxy.com\/<\/td>\n<\/tr>\n
                                                                                                                                                                  CLoudOpsNow.in<\/td>\nCloud operations teams<\/td>\nCloudOps practices, monitoring, reliability operations<\/td>\nCheck website<\/td>\nhttps:\/\/www.cloudopsnow.in\/<\/td>\n<\/tr>\n
                                                                                                                                                                  SreSchool.com<\/td>\nSREs, platform engineers<\/td>\nSRE principles, observability, reliability, incident response<\/td>\nCheck website<\/td>\nhttps:\/\/www.sreschool.com\/<\/td>\n<\/tr>\n
                                                                                                                                                                  AiOpsSchool.com<\/td>\nOps\/SRE\/ITSM teams<\/td>\nAIOps concepts, monitoring analytics, automation<\/td>\nCheck website<\/td>\nhttps:\/\/www.aiopsschool.com\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                                  \n\n\n\n
                                                                                                                                                                  19. Top Trainers<\/h2>\n\n\n\n
                                                                                                                                                                  \n\n\n\n\n\n\n\n
                                                                                                                                                                  Platform\/Site<\/th>\nLikely Specialization<\/th>\nSuitable Audience<\/th>\nWebsite URL<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                                  RajeshKumar.xyz<\/td>\nCloud\/DevOps training content (verify specific offerings)<\/td>\nBeginners to intermediate<\/td>\nhttps:\/\/rajeshkumar.xyz\/<\/td>\n<\/tr>\n
                                                                                                                                                                  devopstrainer.in<\/td>\nDevOps tools and practices (verify course catalog)<\/td>\nDevOps engineers<\/td>\nhttps:\/\/www.devopstrainer.in\/<\/td>\n<\/tr>\n
                                                                                                                                                                  devopsfreelancer.com<\/td>\nFreelance\/contract DevOps services and guidance (verify training\/services)<\/td>\nTeams needing short-term help<\/td>\nhttps:\/\/www.devopsfreelancer.com\/<\/td>\n<\/tr>\n
                                                                                                                                                                  devopssupport.in<\/td>\nDevOps support and enablement resources (verify offerings)<\/td>\nOps and DevOps teams<\/td>\nhttps:\/\/www.devopssupport.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                                  \n\n\n\n
                                                                                                                                                                  20. Top Consulting Companies<\/h2>\n\n\n\n
                                                                                                                                                                  \n\n\n\n\n\n\n
                                                                                                                                                                  Company Name<\/th>\nLikely Service Area<\/th>\nWhere They May Help<\/th>\nConsulting Use Case Examples<\/th>\nWebsite URL<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                                  cotocus.com<\/td>\nCloud\/DevOps consulting (verify service list)<\/td>\nArchitecture, migrations, automation, operations<\/td>\nElastic SAN adoption assessment, secure network design, IaC pipelines<\/td>\nhttps:\/\/cotocus.com\/<\/td>\n<\/tr>\n
                                                                                                                                                                  DevOpsSchool.com<\/td>\nDevOps and cloud consulting (verify service list)<\/td>\nDevOps transformation, CI\/CD, cloud operations<\/td>\nStandardized storage provisioning runbooks, monitoring\/alerting integration<\/td>\nhttps:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n
                                                                                                                                                                  DEVOPSCONSULTING.IN<\/td>\nDevOps consulting (verify service list)<\/td>\nToolchain setup, automation, operations improvements<\/td>\nLanding zone readiness for storage services, governance and cost controls<\/td>\nhttps:\/\/devopsconsulting.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                                  \n\n\n\n
                                                                                                                                                                  21. Career and Learning Roadmap<\/h2>\n\n\n\n
                                                                                                                                                                  What to learn before Azure Elastic SAN<\/h3>\n\n\n\n
                                                                                                                                                                  Foundations:\n– Azure fundamentals (subscriptions, resource groups, ARM)\n– Azure networking:\n  – VNets, subnets, NSGs, route tables, peering\n– Storage fundamentals:\n  – Block vs file storage\n  – IOPS, throughput, latency, queue depth\n– iSCSI basics:\n  – IQN, portals, LUNs\n  – Discovery vs login\n– OS storage administration:\n  – Linux: partitions, filesystems, fstab<\/code>, iscsiadm<\/code>, multipath\n  – Windows: iSCSI Initiator, Disk Management, MPIO (if applicable)<\/p>\n\n\n\n
                                                                                                                                                                  What to learn after Azure Elastic SAN<\/h3>\n\n\n\n
                                                                                                                                                                    \n
                                                                                                                                                                  • Production reliability:<\/li>\n
                                                                                                                                                                  • Multipath design, failure testing, runbooks<\/li>\n
                                                                                                                                                                  • Monitoring and SRE practices:<\/li>\n
                                                                                                                                                                  • Azure Monitor alerts, SLOs for storage latency\/availability<\/li>\n
                                                                                                                                                                  • Backup and DR patterns:<\/li>\n
                                                                                                                                                                  • App-consistent backups, replication strategies (service-dependent)<\/li>\n
                                                                                                                                                                  • Infrastructure as Code:<\/li>\n
                                                                                                                                                                  • Bicep\/Terraform (verify Elastic SAN resource support in your chosen IaC tool)<\/li>\n
                                                                                                                                                                  • Governance:<\/li>\n
                                                                                                                                                                  • Azure Policy, tagging standards, cost management<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                    Job roles that use it<\/h3>\n\n\n\n
                                                                                                                                                                      \n
                                                                                                                                                                    • Cloud engineer \/ cloud infrastructure engineer<\/li>\n
                                                                                                                                                                    • Platform engineer<\/li>\n
                                                                                                                                                                    • SRE \/ operations engineer<\/li>\n
                                                                                                                                                                    • Storage engineer (cloud)<\/li>\n
                                                                                                                                                                    • Solutions architect<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                      Certification path (Azure)<\/h3>\n\n\n\n
                                                                                                                                                                      Azure certifications don\u2019t usually focus on a single storage service, but these are relevant:\n– AZ-900<\/strong> (Azure Fundamentals)\n– AZ-104<\/strong> (Azure Administrator)\n– AZ-305<\/strong> (Azure Solutions Architect Expert)\n– AZ-500<\/strong> (Azure Security Engineer) for secure deployment patterns<\/p>\n\n\n\n
                                                                                                                                                                      Project ideas for practice<\/h3>\n\n\n\n
                                                                                                                                                                        \n
                                                                                                                                                                      • Build an \u201cinternal storage platform\u201d:<\/li>\n
                                                                                                                                                                      • One SAN, multiple volume groups, RBAC per team, tagging, budgets<\/li>\n
                                                                                                                                                                      • Implement a resize automation runbook:<\/li>\n
                                                                                                                                                                      • Resize volume + host filesystem + validation checks<\/li>\n
                                                                                                                                                                      • Create a monitoring dashboard:<\/li>\n
                                                                                                                                                                      • SAN metrics + VM IO wait + alerts for saturation<\/li>\n
                                                                                                                                                                      • Test failure scenarios:<\/li>\n
                                                                                                                                                                      • Path failure (simulate NSG blocks) and validate multipath recovery<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                        \n\n\n\n
                                                                                                                                                                        22. Glossary<\/h2>\n\n\n\n
                                                                                                                                                                          \n
                                                                                                                                                                        • Block storage<\/strong>: Storage presented as a raw device (like a disk) to an operating system.<\/li>\n
                                                                                                                                                                        • SAN (Storage Area Network)<\/strong>: A network-based system for presenting block storage volumes to hosts.<\/li>\n
                                                                                                                                                                        • iSCSI<\/strong>: Internet Small Computer Systems Interface; a protocol to carry SCSI commands over TCP\/IP networks.<\/li>\n
                                                                                                                                                                        • IQN<\/strong>: iSCSI Qualified Name; a unique identifier for iSCSI targets and initiators.<\/li>\n
                                                                                                                                                                        • LUN<\/strong>: Logical Unit Number; identifies a logical storage device presented by a target.<\/li>\n
                                                                                                                                                                        • Initiator<\/strong>: The client (host) that initiates iSCSI sessions (e.g., a Linux VM).<\/li>\n
                                                                                                                                                                        • Target<\/strong>: The storage endpoint that provides LUNs\/volumes over iSCSI.<\/li>\n
                                                                                                                                                                        • Multipath (MPIO)<\/strong>: Host configuration that uses multiple network paths to the same storage device for redundancy\/performance.<\/li>\n
                                                                                                                                                                        • Volume group<\/strong>: In Azure Elastic SAN, a grouping of volumes and a boundary for network exposure and management.<\/li>\n
                                                                                                                                                                        • RBAC<\/strong>: Role-Based Access Control; Azure authorization model for management-plane operations.<\/li>\n
                                                                                                                                                                        • NSG<\/strong>: Network Security Group; Azure firewall-like rules for subnets\/NICs.<\/li>\n
                                                                                                                                                                        • ARM<\/strong>: Azure Resource Manager; Azure control plane for provisioning and managing resources.<\/li>\n
                                                                                                                                                                        • IOPS<\/strong>: Input\/output operations per second; a measure of storage performance.<\/li>\n
                                                                                                                                                                        • Throughput<\/strong>: Data transfer rate (e.g., MB\/s or GB\/s).<\/li>\n
                                                                                                                                                                        • Latency<\/strong>: Time taken to complete an I\/O request, often measured in milliseconds.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                          \n\n\n\n
                                                                                                                                                                          23. Summary<\/h2>\n\n\n\n
                                                                                                                                                                          Azure Elastic SAN is an Azure Storage service that provides managed SAN-style block storage<\/strong> over iSCSI<\/strong>, enabling centralized provisioning of volumes from a pooled capacity\/performance resource. It matters when you need shared, centrally managed block volumes<\/strong> and want to reduce the operational overhead of self-managed iSCSI targets or large-scale managed disk sprawl.<\/p>\n\n\n\n
                                                                                                                                                                          Architecturally, Elastic SAN fits best for regional<\/strong>, private-network deployments where hosts connect via iSCSI and teams enforce strict RBAC<\/strong>, network isolation, and operational runbooks. Cost is primarily driven by provisioned capacity and provisioned performance<\/strong>, plus indirect networking and monitoring costs\u2014so right-sizing and metrics-driven tuning are essential.<\/p>\n\n\n\n
                                                                                                                                                                          Use Azure Elastic SAN when SAN-like workflows are required; prefer Azure Managed Disks or Azure Files when simpler block-per-VM or shared file storage meets the need. Next, deepen your skills by automating provisioning (ARM\/Bicep\/Terraform where supported) and building production-grade monitoring and multipath runbooks using the official docs: https:\/\/learn.microsoft.com\/azure\/storage\/elastic-san\/<\/p>\n","protected":false},"excerpt":{"rendered":"
                                                                                                                                                                          Storage<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[40,7],"tags":[],"class_list":["post-519","post","type-post","status-publish","format-standard","hentry","category-azure","category-storage"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/519","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/comments?post=519"}],"version-history":[{"count":0,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/519\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/media?parent=519"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/categories?post=519"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/tags?post=519"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}