Azure Files

Overview

Azure Files is a cloud-based service that provides a file storage backing service for WorkflowGen instances that are hosted on Azure cloud or on-premise via a file share using the standard SMB protocol. This service provides different great options for data access, sharing, synchronization, and redundancy for use in single or multiple WorkflowGen instance scenarios.

For more information about Azure File benefits or use cases, refer to Microsoft's Introduction to Azure Files guide.

The following section provides recommendations and instructions on how to configure an Azure Files share to use in WorkflowGen.

Recommendations

Before choosing Azure Files as your primary file storage backing service for your WorkflowGen, there are a few performance configuration scenarios to consider for your data storage:

  • In a WorkflowGen single instance configuration

    • Hosted on an Azure Virtual Machine:

      • For best performance, use an SSD-grade local disk.

      • For good performance, use an Azure Files share in the same region.

    • Hosted on-premise:

      • For best performance, use an SSD-grade local disk.

      • For basic performance, use an Azure Files share in the region closest to your server for the lowest latency.

  • In a WorkflowGen web farm configuration

    • Hosted on an Azure Virtual Machine:

      • For best performance, use a file share from a file server backed by SSD-grade storage. Note: One of the WorkflowGen web servers or a dedicated virtual machine can act as the file server role.

      • For good performance, use an Azure Files share in the same region.

    • Hosted on-premise:

      • For best performance, use a file share from a file server backed by SSD-grade storage. Note: One of the WorkflowGen web servers or a dedicated server can act as the file server role.

      • For basic performance, use an Azure Files share in the region closest to your server for the lowest latency.

Configuring Azure Files for WorkflowGen

Prerequisites

  • Make sure to have a working WorkflowGen instance with internet access.

  • Make sure to know the address of the instance.

  • TCP port 445 must be open for outbound from the instance.

  • Windows PowerShell version 5.1 or later is required on the instance for one of the steps of the configuration.

  • An active Azure subscription.

  • You must have permissions to make changes in Windows of the WorkflowGen instance, e.g. Administrator privileges.

  • You must have permissions to make changes to the Storage accounts service in the Azure portal.

Step 1: Create a storage account in Azure

Via the Azure Portal

  1. In the Azure portal, choose the Storage accounts service.

  2. Add a new storage account.

  3. Enter a name.

    Note: The wfgendatastorage storage name will be used as an example throughout this section.

  4. Account kind: Choose Storage (general purpose v1) or StorageV2 (general purpose v2).

  5. Location: Choose a location in the same region as your Azure Virtual machine, or the closest to your on-premise location.

  6. Performance: Choose Standard.

  7. Choose your subscription.

  8. Create a new resource group.

    Note: The wfgenresourcegroup resource group name will be used as an example throughout this section.

  9. You can leave the rest of the settings set to their default values or you can customize them according to your needs.

  10. Click Create.

For more information about storage accounts, see About Azure storage accounts.

Via the Azure CLI

To create a storage account via the Azure CLI, first sign in to your Azure account with Azure CLI.

The following script creates a storage account in Azure. The resource group name variable ($resourceGroup) and storage account variable ($storageAccount) should be updated.

# Configuration variables
$location="East US"
$resourceGroup="wfgenresourcegroup"
$storageAccount="wfgendatastorage"
# Create a Storage account
az storage account create `
--name $storageAccount `
--resource-group $resourceGroup `
--location $location

Step 2: Create a file share in Azure

Via the Azure Portal

  1. In the Storage accounts service, choose wfgendatastorage.

  2. In the Overview or the FILE SERVICE section, choose Files.

  3. Add a new File share.

  4. Enter a name.

    Note: The wfgenshare storage name will be used as an example throughout this section.

  5. Enter a quota according to your needs.

  6. Click OK.

For more information about file share, see Create a file share in Azure Files.

Via the Azure CLI

To create a file share via the Azure CLI, first sign in to your Azure account with Azure CLI.

The following script creates a file share in Azure. The storage account variable ($storageAccount) and file share variable ($share) should be updated.

# Configuration variables
$storageAccount="wfgendatastorage"
$share="wfgenshare"
# Create the file shares
az storage share create `
--name $share `
--account-name $storageAccount `

Step 3: Mount the file share in the WorkflowGen web server

  1. Log in to your WorkflowGen instance with your Administrator account.

  2. Open an instance of Windows PowerShell 5.1 as Administrator.

  3. Test TCP port 445 for outbound by running the following command in PowerShell:

    Test-NetConnection -ComputerName "wfgendatastorage.file.core.windows.net" -Port 445

    Note: Remember to replace wfgendatastorage in the above instructions with your storage account name.

    If the test result is successful, proceed to the next step. Otherwise, contact your network administrator to open TCP port 445 for outbound.

  4. Install or update the Azure PowerShell module in PowerShell:

    Install-Module -Name Az -AllowClobber
    Import-Module -Name Az

    For more information, see Install Azure PowerShell Module on Windows with PowerShellGet.

  5. In the Windows Computer Management console, create a local user as the service account that will be used for the WorkflowGen IIS application pool:

    1. Enter a new username and password.

      Note: The wfgen_service username will be used as an example throughout this section.

    2. Check User cannot change password.

    3. Check Password never expires.

    4. Click Create.

    5. Assign the wfgen_service user to the IIS_IUSRS group.

    6. Assign the user to the Remote Desktop Users group if the instance is a remote server.

  6. Log in to your WorkflowGen instance with the wfgen_service account.

  7. Open an instance of Windows PowerShell 5.1 as Administrator.

  8. Log in to your Microsoft Azure account in PowerShell:

    Connect-AzAccount

    If you encounter any security issues with the Microsoft Azure sign-in process, then you must manually add https://login.microsoftonline.com/ and the URIs of all related websites to the Trusted sites zone in Internet Explorer's Internet Options.

  9. In the Microsoft Azure window, sign in to the Azure account that you used to create your storage account.

    If you've successfully signed in to your Azure account, PowerShell will display the following information:

    Account : <your-microsoft-azure-account-name>
    SubscriptionName : <your-subscription-name>
    TenantId : <your-tenant-id>
    Environment : AzureCloud
  10. Persist the Azure Files share credential in Windows for the wfgen_service account in PowerShell:

    $resourceGroupName = "wfgenresourcegroup"
    $storageAccountName = "wfgendatastorage"
    $storageAccount = Get-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName
    $storageAccountKeys = Get-AzStorageAccountKey -ResourceGroupName $resourceGroupName -Name $storageAccountName
    Invoke-Expression -Command "cmdkey /add:$([System.Uri]::new($storageAccount.Context.FileEndPoint).Host) /user:AZURE\$($storageAccount.StorageAccountName) /pass:$($storageAccountKeys[0].Value)"

    Note: Remember to replace wfgendatastorage and wfgenresourcegroup in the above instructions with your storage account and resource group names.

    The credential needs to be persisted for the wfgen_service account in the event of a Windows server restart.

    If the credential is successfully stored then you should see the following message:

    CMDKEY: Credential added successfully.
  11. Verify if the credential has been stored for the storage account in PowerShell:

    cmdkey /list

    If successful, you should then see:

    Target: Domain:target=wfgendatastorage.file.core.windows.net
    Type: Domain Password
    User: AZURE\wfgendatastorage
  12. Test the Azure Files share in the Windows File Explorer.

    \\wfgendatastorage.file.core.windows.net\wfgenshare

    Note: Remember to replace wfgendatastorage and wfgenshare in the above instructions with your storage account and file share names.

For more information about file share in Windows, see Use an Azure file share with Windows.

Step 4: Configure WorkflowGen to use the file share

  1. Log in to your WorkflowGen instance with your administration account.

  2. Open the Internet Information Services (IIS) manager console.

  3. Change your WorkflowGen application pool to use the custom wfgen_service account with the following settings:

    • Identity: wfgen_service

    • Load User Profile: True

  4. Save the changes, then restart IIS.

  5. Log in to your WorkflowGen instance with the wfgen_service account.

  6. Copy all the existing WorkflowGen files to the Azure Files share in PowerShell:

    Copy-Item -Path "C:\inetpub\wwwroot\wfgen\App_Data" -Recurse -Destination "\\wfgendatastorage.file.core.windows.net\wfgenshare" -Container

    Note: Remember to replace C:\inetpub\wwwroot\wfgen\App_Data, wfgendatastorage, and wfgenshare in the above instructions with your WorkflowGen instance's app_data folder, storage account, and file share names.

  7. Update the WorkflowGen web configuration file:

    <add key="ApplicationDataPath" value="\\wfgendatastorage.file.core.windows.net\wfgenshare\App_Data" />

    Note: Remember to replace wfgendatastorage and wfgenshare in the above instructions with your storage account and file share names.

  8. Open the WorkflowGen Administration Module or User Portal, then run a new request test.

Appendix: Viewing Azure Files share content

Use one of the following methods:

  • In your Azure portal storage account:

    • Use the Storage Explorer (preview) tool.

      or

    • Browse the wfgenshare file share under the Files section.

    OR

  • Mount the file share wfgenshare in Windows. To do this:

    1. Navigate to the wfgenshare file share under the Files section.

    2. Click Connect to display a tab with connection instructions.

    For example, to mount the file share to the Z drive from the WorkflowGen instance's administration account, run the following instructions provided by the Connect tab in PowerShell:

    $acctKey = ConvertTo-SecureString -String "aftEV8YUKljZeiwKP9Ts/kZysDASFVFsvSqAvWVjMb3E+QP4BWpVSNLVyqB2ScZjGtEIg/k0P7WBIg==" -AsPlainText -Force
    $credential = New-Object System.Management.Automation.PSCredential -ArgumentList "Azure\wfgendatastorage", $acctKey
    New-PSDrive -Name Z -PSProvider FileSystem -Root "\\wfgendatastorage.file.core.windows.net\wfgenshare" -Credential $credential -Persist

    Note: Remember to replace the key string assigned to $acctKey, wfgendatastorage, and wfgenshare in the above instructions with one of your storage account's Access keys, storage account, and file share names.

You should now be able to browse the content of the Z drive in the Windows File Explorer.

If you encounter any issues, see Troubleshoot Azure Files problems in Windows.