Azure Blob Storage Soft Delete
This post will discuss a new preview recycle bin feature for Azure blob storage called Soft Delete.
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
What Is Soft Delete?
Microsoft Azure customers are becoming more aware of the cost-effectiveness of cloud storage, especially blob storage. If they have a means, probably a web app, to upload and access files to the blob service in a storage account, then they can store huge capacities at a very low cost. A file, now referred to as a blob, can be kept in the hot tier (for frequent access), the cold tier (for infrequent access), or the archive tier (for legal/regulator retention).
Now this storage becomes important and things happen. We have the ability to convert blob storage into WORM storage but if the storage account is more interactive, then users will do things like accidentally deleting a file. Backups can be restored, but recycle bins are faster to use for these kinds of regular restores. And now, there is a preview for:
- Keeping historical versions of blobs
- Retaining blobs after deletion
Both of these features are offered by Soft Delete and are easily configured with a simple retention window.
How Soft Delete Works
The following graphic, by Microsoft, illustrates a file/blob life cycle with Soft Delete enabled in the storage account.
- A file/blob, version B0, is uploaded into a storage account.
- An update is made to the blob, and this is saved by the storage account as B1. The original version is retained as B0 in the background as a soft delete snapshot. B0 is still retrievable.
- The blob is deleted by an application/user, but both B1 and B0 are retained in the background until the retention window expires and can be restored if required.
Using Soft Delete
Soft Delete is disabled by default and must be enabled in the settings of the storage account in question. You can find the Soft Delete settings under Blob Service in the storage account. Set it to Enabled and then define a retention policy of between 1 and 365 days. Click Save to complete the configuration.
Some things to note:
- The feature is backward compatible. Your applications don’t need to understand it for you to enable the service; it operates in the background.
- Soft Delete does not work in the archive tier of blob storage. Any updates or deletions are permanent.
- You are not protected against storage account deletion. Consider enabling Locks on the storage account to prevent accidental deletion.
- The retained snapshots are billed using the normal rates for blob storage in the hot or cool tiers.
In my test environment, I have set up a storage account with some files kept in a blob storage container.
- Edited the original “Legal Contract 9.docx” file on my PC and uploaded it again to the same blob container. I choose to overwrite the original file.
- Deleted the “Legal Contract 9” blob from the storage account.
In the container, I can check the Show Deleted Blobs box to let me see any soft deleted blobs. I can right-click on a deleted checkpoint to either view the snapshots or to restore it.
With a click of “undelete”, the last snapshot is restored to its previous Active state. If I wanted to go back to a previous version of the blob, I can click on the more actions icon (…) for the blob to View Snapshots.
In the above example, you can see that I replaced my original version of the document which was replaced by the later upload of the edited file. I can click the More Actions icon for the snapshot that I want to work with and either download it or promote it (replace the existing active version).
Combined with the preview WORM storage option, the preview for Soft Delete is making Blob storage a very interesting place to keep valuable data. All that remains is protection for the entire storage account using Azure Backup. By the way, you can vote for that feature here.