Azure Files

Overview

Azure Files is a cloud-based service that provides a file storage backing service for WorkflowGen instances that are hosted on Azure cloud or on-premise via a file share using the standard SMB protocol. This service provides different great options for data access, sharing, synchronization, and redundancy for use in single or multiple WorkflowGen instance scenarios.

For more information about Azure File benefits or use cases, refer to Microsoft's guide.

The following section provides recommendations and instructions on how to configure an Azure Files share to use in WorkflowGen.

Recommendations

Before choosing Azure Files as your primary file storage backing service for your WorkflowGen, there are a few performance configuration scenarios to consider for your data storage:

• In a WorkflowGen single instance configuration

  • Hosted on an Azure Virtual Machine:

    • For best performance, use an SSD-grade local disk.

    • For good performance, use an Azure Files share in the same region.

  • Hosted on-premise:

    • For best performance, use an SSD-grade local disk.

    • For basic performance, use an Azure Files share in the region closest to your server for the lowest latency.

• In a WorkflowGen web farm configuration

  • Hosted on an Azure Virtual Machine:

    • For best performance, use a file share from a file server backed by SSD-grade storage. ✏️ Note: One of the WorkflowGen web servers or a dedicated virtual machine can act as the file server role.

    • For good performance, use an Azure Files share in the same region.

  • Hosted on-premise:

    • For best performance, use a file share from a file server backed by SSD-grade storage. ✏️ Note: One of the WorkflowGen web servers or a dedicated server can act as the file server role.

    • For basic performance, use an Azure Files share in the region closest to your server for the lowest latency.

Configuring Azure Files for WorkflowGen

Prerequisites

• Make sure to have a working WorkflowGen instance with internet access.

• Make sure to know the address of the instance.

• TCP port 445 must be open for outbound from the instance.

• Windows PowerShell version 5.1 or later is required on the instance for one of the steps of the configuration.

• An active Azure subscription.

• You must have permissions to make changes in Windows of the WorkflowGen instance, e.g. Administrator privileges.

• You must have permissions to make changes to the Storage accounts service in the Azure portal.

Step 1: Create a storage account in Azure

Via the Azure Portal

1. In the Azure portal, choose the Storage accounts service.

2. Add a new storage account.

3. Enter a name.

   ✏️ Note: The wfgendatastorage storage name will be used as an example throughout this section.

4. Account kind: Choose Storage (general purpose v1) or StorageV2 (general purpose v2).

5. Location: Choose a location in the same region as your Azure Virtual machine, or the closest to your on-premise location.

6. Performance: Choose Standard.

7. Choose your subscription.

8. Create a new resource group.

   ✏️ Note: The wfgenresourcegroup resource group name will be used as an example throughout this section.

9. You can leave the rest of the settings set to their default values or you can customize them according to your needs.

10. Click Create.

Via the Azure CLI

The following script creates a storage account in Azure. The resource group name variable ($resourceGroup) and storage account variable ($storageAccount) should be updated.

# Configuration variables
$location="East US"
$resourceGroup="wfgenresourcegroup"
$storageAccount="wfgendatastorage"

# Create a Storage account
az storage account create `
    --name $storageAccount `
     --resource-group $resourceGroup `
     --location $location

Step 2: Create a file share in Azure

Via the Azure Portal

1. In the Storage accounts service, choose wfgendatastorage.

2. In the Overview or the FILE SERVICE section, choose Files.

3. Add a new File share.

4. Enter a name.

   ✏️ Note: The wfgenshare storage name will be used as an example throughout this section.

5. Enter a quota according to your needs.

6. Click OK.

Via the Azure CLI

The following script creates a file share in Azure. The storage account variable ($storageAccount) and file share variable ($share) should be updated.

# Configuration variables
$storageAccount="wfgendatastorage"
$share="wfgenshare"

# Create the file shares
az storage share create `
    --name $share `
    --account-name $storageAccount `

Step 3: Mount the file share in the WorkflowGen web server

1. Log in to your WorkflowGen instance with your Administrator account.

2. Open an instance of Windows PowerShell 5.1 as Administrator.

3. Test TCP port 445 for outbound by running the following command in PowerShell:

   Copy

    Test-NetConnection -ComputerName "wfgendatastorage.file.core.windows.net" -Port 445

   ✏️ Note: Remember to replace wfgendatastorage in the above instructions with your storage account name.

   If the test result is successful, proceed to the next step. Otherwise, contact your network administrator to open TCP port 445 for outbound.

4. Install or update the Azure PowerShell module in PowerShell:

   Copy

    Install-Module -Name Az -AllowClobber
    Import-Module -Name Az
5. In the Windows Computer Management console, create a local user as the service account that will be used for the WorkflowGen IIS application pool:

   1. Enter a new username and password.

      ✏️ Note: The wfgen_service username will be used as an example throughout this section.

   2. Check User cannot change password.

   3. Check Password never expires.

   4. Click Create.

   5. Assign the wfgen_service user to the IIS_IUSRS group.

   6. Assign the user to the Remote Desktop Users group if the instance is a remote server.

6. Log in to your WorkflowGen instance with the wfgen_service account.

7. Open an instance of Windows PowerShell 5.1 as Administrator.

8. Log in to your Microsoft Azure account in PowerShell:

   Copy

    Connect-AzAccount

   If you encounter any security issues with the Microsoft Azure sign-in process, then you must manually add https://login.microsoftonline.com/ and the URIs of all related websites to the Trusted sites zone in Internet Explorer's Internet Options.

9. In the Microsoft Azure window, sign in to the Azure account that you used to create your storage account.

   If you've successfully signed in to your Azure account, PowerShell will display the following information:

   Copy

    Account          : <your-microsoft-azure-account-name>
    SubscriptionName : <your-subscription-name>
    TenantId         : <your-tenant-id>
    Environment      : AzureCloud

10. Persist the Azure Files share credential in Windows for the wfgen_service account in PowerShell:

    Copy

    $resourceGroupName = "wfgenresourcegroup"
    $storageAccountName = "wfgendatastorage"
    $storageAccount = Get-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName
    $storageAccountKeys = Get-AzStorageAccountKey -ResourceGroupName $resourceGroupName -Name $storageAccountName
    Invoke-Expression -Command "cmdkey /add:$([System.Uri]::new($storageAccount.Context.FileEndPoint).Host) /user:AZURE\$($storageAccount.StorageAccountName) /pass:$($storageAccountKeys[0].Value)"

    ✏️ Note: Remember to replace wfgendatastorage and wfgenresourcegroup in the above instructions with your storage account and resource group names.

    The credential needs to be persisted for the wfgen_service account in the event of a Windows server restart.

    If the credential is successfully stored then you should see the following message:

    Copy

    CMDKEY: Credential added successfully.

11. Verify if the credential has been stored for the storage account in PowerShell:

    Copy

    cmdkey /list

    If successful, you should then see:

    Copy

    Target: Domain:target=wfgendatastorage.file.core.windows.net
    Type: Domain Password
    User: AZURE\wfgendatastorage

12. Test the Azure Files share in the Windows File Explorer.

    Copy

    \\wfgendatastorage.file.core.windows.net\wfgenshare

    ✏️ Note: Remember to replace wfgendatastorage and wfgenshare in the above instructions with your storage account and file share names.

Step 4: Configure WorkflowGen to use the file share

1. Log in to your WorkflowGen instance with your administration account.

2. Open the Internet Information Services (IIS) manager console.

3. Change your WorkflowGen application pool to use the custom wfgen_service account with the following settings:

   • Identity: wfgen_service

   • Load User Profile: True

4. Save the changes, then restart IIS.

5. Log in to your WorkflowGen instance with the wfgen_service account.

6. Copy all the existing WorkflowGen files to the Azure Files share in PowerShell:

   Copy

    Copy-Item -Path "C:\inetpub\wwwroot\wfgen\App_Data" -Recurse -Destination "\\wfgendatastorage.file.core.windows.net\wfgenshare" -Container

   ✏️ Note: Remember to replace C:\inetpub\wwwroot\wfgen\App_Data, wfgendatastorage, and wfgenshare in the above instructions with your WorkflowGen instance's app_data folder, storage account, and file share names.

7. Update the WorkflowGen web configuration file:

   Copy

   <add key="ApplicationDataPath" value="\\wfgendatastorage.file.core.windows.net\wfgenshare\App_Data" />

   ✏️ Note: Remember to replace wfgendatastorage and wfgenshare in the above instructions with your storage account and file share names.

8. Open the WorkflowGen Administration Module or User Portal, then run a new request test.

Appendix: Viewing Azure Files share content

Use one of the following methods:

• In your Azure portal storage account:

  • Use the Storage Explorer (preview) tool.

    or

  • Browse the wfgenshare file share under the Files section.

  OR

• Mount the file share wfgenshare in Windows. To do this:

  1. Navigate to the wfgenshare file share under the Files section.

  2. Click Connect to display a tab with connection instructions.

  For example, to mount the file share to the Z drive from the WorkflowGen instance's administration account, run the following instructions provided by the Connect tab in PowerShell:

  Copy

    $acctKey = ConvertTo-SecureString -String "aftEV8YUKljZeiwKP9Ts/kZysDASFVFsvSqAvWVjMb3E+QP4BWpVSNLVyqB2ScZjGtEIg/k0P7WBIg==" -AsPlainText -Force
    $credential = New-Object System.Management.Automation.PSCredential -ArgumentList "Azure\wfgendatastorage", $acctKey
    New-PSDrive -Name Z -PSProvider FileSystem -Root "\\wfgendatastorage.file.core.windows.net\wfgenshare" -Credential $credential -Persist

  ✏️ Note: Remember to replace the key string assigned to $acctKey, wfgendatastorage, and wfgenshare in the above instructions with one of your storage account's Access keys, storage account, and file share names.

You should now be able to browse the content of the Z drive in the Windows File Explorer.