This chapter covers Azure NetApp Files (ANF), a high-performance file storage service for Azure that provides NFS and SMB volumes with enterprise-class data management capabilities. On the AZ-104 exam, storage accounts and file shares are a significant topic area, with questions on ANF appearing in approximately 5-10% of storage-related questions, especially in scenarios requiring low-latency, high-IOPS, or advanced data protection for enterprise workloads. Understanding ANF's architecture, service levels, networking requirements, and integration with other Azure services is essential for the Storage objective (2.2).
Jump to a section
Think of Azure NetApp Files (ANF) as a dedicated, high-performance storage area network (SAN) appliance hosted within Azure, similar to an on-premises NetApp FAS or AFF array but managed as a PaaS service. Imagine a corporate data center with a NetApp storage controller that provides NFS and SMB shares to hundreds of application servers over a dedicated Fibre Channel or iSCSI network. The controller has its own non-volatile memory, flash cache, and RAID protection, and it can take instant space-efficient snapshots without impacting performance. In Azure, ANF behaves identically: a NetApp controller (called a capacity pool) is deployed in an Azure region inside a delegated subnet, and it exports volumes over NFSv3, NFSv4.1, or SMB 3.0. When a virtual machine mounts an ANF volume, the I/O travels over the Azure network to that dedicated controller, which processes reads and writes using its own file system (WAFL). The controller can also replicate volumes to another region using cross-region replication (CRR) and can be protected by Azure NetApp Files backup to Azure Blob. The key difference from a standard Azure file share is that ANF provides consistent sub-millisecond latency and up to 4.5 GB/s throughput per volume, thanks to the dedicated controller architecture and the ability to adjust service level (Standard, Premium, Ultra) to match performance demands. Just as you would not run a high-transaction database on a shared NAS, you would not use Azure Files for an SAP HANA database; instead, you deploy ANF for workloads that require low latency, high IOPS, and advanced data management features like snapshots and clones.
What is Azure NetApp Files?
Azure NetApp Files (ANF) is a fully managed, high-performance file storage service built on NetApp's on-premises technology. It provides NFSv3, NFSv4.1, and SMB 3.0 volumes that can be mounted from Azure Virtual Machines (VMs), on-premises clients via ExpressRoute or VPN, or other Azure services. ANF is designed for workloads that require low latency (sub-millisecond), high IOPS, and consistent performance, such as SAP HANA, Oracle databases, high-performance computing (HPC), and virtual desktop infrastructure (VDI).
How ANF Works Internally
ANF is deployed within an Azure Virtual Network (VNet) using a delegated subnet. This delegated subnet is dedicated to ANF and must be at least /28 (16 IPs) but ideally /26 (64 IPs) to allow for scaling. The ANF service provisions a NetApp storage controller (the 'NetApp appliance') in the delegated subnet, which handles all I/O operations. The controller uses the WAFL (Write Anywhere File Layout) file system, which is the same technology used in on-premises NetApp arrays.
Capacity Pools: Before creating volumes, you must create a capacity pool. A capacity pool is a logical container that defines the service tier (Standard, Premium, or Ultra) and the total provisioned capacity (in TiB). All volumes within a pool share the pool's performance characteristics. The pool size determines the maximum aggregate throughput and IOPS for the pool.
Volumes: Within a capacity pool, you create volumes. Each volume has its own size, protocol (NFS or SMB), and export policies. Volumes can be as small as 100 GiB and as large as 100 TiB. The performance of a volume is determined by the service tier of its capacity pool and the volume size. For example, a 1-TiB volume in a Premium pool can achieve up to 64 MiB/s of throughput and 4,000 IOPS.
Snapshots: ANF supports instant, space-efficient snapshots. Snapshots are read-only point-in-time copies that consume only the changed blocks. They can be created manually or via scheduled policies. Snapshots can be restored to a new volume or used to revert an existing volume.
Cross-Region Replication (CRR): ANF can replicate volumes to a different Azure region for disaster recovery. CRR uses asynchronous replication with a configurable RPO (Recovery Point Objective) of 5 minutes or more. The replication is done at the block level, and the destination volume is read-only until a failover is performed.
Backup: Azure NetApp Files backup (preview) allows you to back up ANF volumes to Azure Blob storage. Backups are incremental and can be restored to a new volume.
Key Components, Values, and Defaults
- Delegated Subnet: Must be created in the same VNet as the client VMs. The subnet cannot have any other resources. Minimum size /28, recommended /26. The subnet must be delegated to Microsoft.NetApp/volumes.
- Capacity Pool: Minimum 4 TiB, maximum 500 TiB. You can have multiple pools in a NetApp account. The pool's service tier determines per-TiB performance:
- Standard: 16 MiB/s per TiB, 1,600 IOPS per TiB
- Premium: 64 MiB/s per TiB, 4,000 IOPS per TiB
- Ultra: 128 MiB/s per TiB, 8,000 IOPS per TiB
- Volume Quota: The size of the volume determines its allocated performance. For example, a 4-TiB volume in a Premium pool gets 256 MiB/s (4 * 64) and 16,000 IOPS. Performance scales linearly with volume size up to the pool's aggregate limit.
- Throughput Limit: A single volume can achieve up to 4.5 GiB/s of throughput (Ultra tier, large volumes). The maximum IOPS per volume is 450,000.
- Latency: Typically sub-millisecond for reads and writes in Premium and Ultra tiers.
- Export Policies: Control which clients can mount a volume and with what permissions (read-only or read-write). Rules are based on IP addresses or CIDR ranges.
- Snapshot Policies: Can be scheduled hourly, daily, weekly, or monthly. Maximum of 255 snapshots per volume.
- CRR: Requires a NetApp account in the source and destination regions. Replication is configured at the volume level. The destination volume must be in a different region and in a different capacity pool.
Configuration and Verification Commands
To create an ANF volume, you can use the Azure portal, Azure CLI, or PowerShell. Below are CLI examples:
# Create a NetApp account
az netappfiles account create --resource-group myRG --account-name myNetAppAccount --location eastus
# Create a capacity pool
az netappfiles pool create --resource-group myRG --account-name myNetAppAccount --pool-name myPool --size 4 --service-level Premium --location eastus
# Create a delegated subnet
az network vnet subnet create --resource-group myRG --vnet-name myVNet --name anf-subnet --address-prefixes 10.0.1.0/26 --delegation Microsoft.NetApp/volumes
# Create an NFSv3 volume
az netappfiles volume create --resource-group myRG --account-name myNetAppAccount --pool-name myPool --volume-name myVolume --location eastus --service-level Premium --usage-threshold 1024 --vnet myVNet --subnet anf-subnet --protocol-types NFSv3
# List volumes
az netappfiles volume list --resource-group myRG --account-name myNetAppAccount --pool-name myPool
# Create a snapshot
az netappfiles snapshot create --resource-group myRG --account-name myNetAppAccount --pool-name myPool --volume-name myVolume --snapshot-name mySnapshot --location eastusTo verify mount from a Linux VM:
sudo mount -t nfs -o rw,hard,rsize=65536,wsize=65536,vers=3,tcp <mount-ip>:/<volume-name> /mnt/anfInteraction with Related Technologies
Azure Virtual Machines: ANF is mounted as a standard NFS or SMB share. For Linux VMs, NFSv3 or NFSv4.1 is used; for Windows VMs, SMB 3.0. Performance is affected by the VM size and network bandwidth. Use VMs with accelerated networking for best performance.
Azure ExpressRoute: On-premises clients can access ANF volumes via ExpressRoute or VPN. The latency is higher than from Azure VMs but still acceptable for many workloads.
Azure Backup: ANF backup (preview) backs up volumes to Azure Blob. This is separate from CRR. Backup can be used for long-term retention.
Azure Site Recovery: Not directly supported; use CRR for disaster recovery.
Azure Policy: Can be used to enforce compliance on ANF resources, such as requiring specific service tiers or encryption settings.
Azure Monitor: ANF metrics are available, including volume IOPS, throughput, latency, and snapshot size. Alerts can be configured.
Performance Tuning
Volume Quota: Increase volume size to get more IOPS and throughput. Performance scales linearly with size.
Capacity Pool Size: Larger pools provide higher aggregate performance, but individual volume performance is capped by the volume quota.
Protocol: NFSv3 is faster than NFSv4.1 in some cases due to less overhead. SMB 3.0 is optimized for Windows.
Mount Options: Use rsize=65536,wsize=65536 for NFS to maximize throughput. Use hard mount option to prevent data loss.
Network: Ensure client VM has sufficient network bandwidth. Use VMs with at least 4 vCPUs for high-throughput workloads.
Limitations
Delegated Subnet: Cannot be used for any other resource. Once created, the subnet cannot be deleted if it has volumes.
Region Availability: ANF is not available in all Azure regions. Check the latest list.
Cross-Region Replication: Only supports one-to-one replication. No failback automation (manual failback required).
Backup: Currently in preview, not all regions supported.
Maximum Volume Size: 100 TiB per volume.
Maximum Number of Volumes: 500 per NetApp account.
Use Cases
SAP HANA: ANF is certified for SAP HANA deployments, providing the required low latency and high IOPS.
Oracle Databases: Supports Oracle databases with NFS mounts.
VDI: Windows Virtual Desktop deployments can use SMB volumes for user profiles and FSLogix.
HPC: Life sciences, financial modeling, and rendering workloads benefit from high throughput.
Security
Encryption at rest: Enabled by default using platform-managed keys. Customer-managed keys are supported.
Encryption in transit: Not enforced by default; use NFSv4.1 with Kerberos or SMB 3.0 encryption.
Network Security Groups (NSGs): Can be applied to the delegated subnet to restrict traffic.
Export Policies: IP-based access control.
Private Endpoints: Supported for secure access over Microsoft backbone.
Create a NetApp Account
In the Azure portal, search for 'Azure NetApp Files' and create a NetApp account. This is a management resource that holds capacity pools and volumes. You need to specify a resource group and a location. The account is free; you only pay for the capacity pools and volumes. This step is analogous to registering a storage account for Azure Files, but for ANF.
Create a Capacity Pool
Within the NetApp account, create a capacity pool. Choose a service tier (Standard, Premium, Ultra) based on your performance requirements. The pool must be at least 4 TiB in size. The pool's size determines the total aggregate throughput and IOPS available to all volumes in that pool. For example, a 4-TiB Premium pool provides 256 MiB/s (4*64) total throughput. You can later increase the pool size, but you cannot decrease it.
Delegate a Subnet
In the VNet that will host your client VMs, create a subnet and delegate it to `Microsoft.NetApp/volumes`. The subnet must be at least /28 (16 IPs) but /26 (64 IPs) is recommended to allow for scaling. This subnet cannot be used for any other resource, including VMs. The ANF service will use IP addresses from this subnet for the storage controllers. Ensure the subnet has appropriate NSG rules to allow NFS (port 2049) or SMB (port 445) traffic from client VMs.
Create a Volume
In the capacity pool, create a volume. Specify the volume name, size (quota), protocol (NFSv3, NFSv4.1, or SMB), and the delegated subnet. For NFS, you can also set export policies to restrict access to specific IP ranges. The volume's performance is determined by the pool's service tier and the volume size. For example, a 1-TiB volume in a Premium pool gets 64 MiB/s and 4,000 IOPS. After creation, you will get a mount path like `10.0.1.4:/myVolume`. Note that the volume's IP address is from the delegated subnet.
Mount the Volume on a VM
On a Linux VM in the same VNet (or a peered VNet), install NFS client utilities (e.g., `nfs-utils`). Then mount the volume using the mount command: `sudo mount -t nfs -o rw,hard,rsize=65536,wsize=65536,vers=3,tcp <mount-ip>:/<volume-name> /mnt/anf`. For Windows VMs, use SMB and map a drive. The mount should succeed if the NSG allows traffic. Verify with `df -h` and test I/O using `dd` or `fio`. For high performance, ensure the VM has accelerated networking enabled and sufficient network bandwidth.
Enterprise Scenario 1: SAP HANA on Azure
A large enterprise runs SAP S/4HANA on Azure for its ERP system. The SAP HANA database requires extremely low latency (sub-millisecond) and high IOPS (up to 100,000 IOPS) for transaction logs and data files. The company initially used Azure Premium SSDs attached to VMs, but managing disk caching and scaling was complex. They migrated to Azure NetApp Files using the Ultra service tier. They created a 4-TiB capacity pool and a 2-TiB volume for the HANA data, and a separate 500-GiB volume for logs. The volumes were mounted via NFSv4.1 with Kerberos for security. The solution provided consistent sub-0.5 ms latency and 128 MiB/s per TiB throughput. They configured hourly snapshots for point-in-time recovery and cross-region replication to a secondary region for disaster recovery with a 5-minute RPO. The main challenge was ensuring the delegated subnet had enough IP addresses (they used a /26) and that the ExpressRoute circuit had sufficient bandwidth. Misconfiguration of export policies initially caused access issues for some application servers.
Enterprise Scenario 2: Virtual Desktop Infrastructure (VDI) with FSLogix
A financial services company deployed Windows Virtual Desktop (now Azure Virtual Desktop) for 5,000 remote employees. They needed a centralized storage solution for user profiles using FSLogix profile containers. The profiles required SMB shares with low latency to ensure fast logon times. They chose Azure NetApp Files with the Premium tier because it provides consistent performance and supports SMB 3.0 with multichannel. They created a 4-TiB capacity pool and multiple volumes, each serving a group of users. They configured scheduled snapshots to protect against accidental deletion and corruption. They also enabled Azure NetApp Files backup for long-term retention. The primary issue was that the delegated subnet had to be in the same VNet as the session hosts, which required careful network planning. Initially, they used a /28 subnet, but as they scaled, they ran out of IP addresses and had to create a new capacity pool with a larger subnet. The lesson: always use a /26 or larger for production.
Enterprise Scenario 3: High-Performance Computing (HPC) for Life Sciences
A research organization runs genomic sequencing workloads that require massive parallel file access. They use Azure NetApp Files with the Ultra tier to provide up to 4.5 GiB/s throughput per volume. They created a large 50-TiB volume shared across hundreds of compute nodes via NFSv3. They used export policies to restrict access to a specific IP range of the compute cluster. They also set up cross-region replication to replicate results to a different region for collaboration. The main performance consideration was that the compute VMs needed to be on the same Azure region and ideally in the same availability zone to minimize latency. They also used Azure NetApp Files' ability to adjust volume quota dynamically without downtime to increase performance during peak processing. Misconfiguration of the rsize/wsize mount options initially caused poor throughput; after tuning to 65536, performance improved significantly.
AZ-104 Exam Focus on Azure NetApp Files
The AZ-104 exam tests Azure NetApp Files under the Storage domain (Objective 2.2: Configure Azure Files and Azure Blob Storage). While Azure Files and Blob Storage are more heavily tested, ANF appears in 5-10% of storage questions, often as a distractor or in scenario-based questions. Key exam areas:
- Service Tiers: Know the three tiers (Standard, Premium, Ultra) and their per-TiB performance numbers: Standard (16 MiB/s, 1,600 IOPS), Premium (64 MiB/s, 4,000 IOPS), Ultra (128 MiB/s, 8,000 IOPS). The exam may ask which tier to choose for a given workload (e.g., SAP HANA -> Ultra, general file shares -> Standard).
- Networking: Understand the delegated subnet requirement. The subnet must be at least /28 and delegated to Microsoft.NetApp/volumes. It cannot have any other resources. The exam may present a scenario where a subnet is already in use, and the candidate must create a new subnet.
- Capacity Pool: Minimum 4 TiB. Cannot be decreased. Performance scales linearly with pool size. The exam may ask about resizing options.
- Volume Quota: Performance scales linearly with volume size. For example, a 2-TiB volume in Premium gets 128 MiB/s. The exam may ask to calculate required volume size to meet a throughput target.
- Snapshots: Instant, space-efficient, read-only. Maximum 255 per volume. Can be scheduled. The exam may ask about snapshot restoration options (to new volume or revert).
- Cross-Region Replication (CRR): Asynchronous, RPO 5 minutes or more. Destination volume is read-only. Manual failover. The exam may ask about DR requirements.
- Protocols: NFSv3, NFSv4.1, SMB 3.0. Know which protocol to use for Linux vs Windows. NFSv3 is simpler but less secure; NFSv4.1 supports Kerberos.
- Common Wrong Answers:
1. *Choosing Azure Files instead of ANF for high-performance workloads*: Many candidates think Azure Files (Premium) can match ANF performance, but ANF provides sub-millisecond latency and much higher IOPS (up to 450,000 per volume vs 100,000 for Azure Files).
2. *Using a regular subnet for ANF*: The subnet must be delegated. Candidates may mistakenly think any subnet works.
3. *Thinking capacity pool size can be decreased*: It can only be increased. This is a common trap.
4. *Confusing ANF snapshots with Azure VM snapshots*: ANF snapshots are instant and space-efficient, not full copies.
- Edge Cases:
ANF does not support Azure Active Directory authentication for NFSv3; only NFSv4.1 with Kerberos.
SMB volumes can be joined to Active Directory for identity-based access.
ANF volumes cannot be accessed from the internet directly; they must be within a VNet or connected via ExpressRoute/VPN.
How to Eliminate Wrong Answers: If the question mentions 'sub-millisecond latency', 'high IOPS for database', or 'NFS', the answer is likely ANF. If the question mentions 'serverless', 'HTTP access', or 'geo-redundancy', it might be Azure Files or Blob. Always check the protocol and performance requirements.
Azure NetApp Files provides enterprise-grade NFS and SMB volumes with sub-millisecond latency, suitable for high-performance workloads like SAP HANA and databases.
ANF requires a delegated subnet of at least /28 (recommended /26) in the same VNet as client VMs.
Capacity pools have a minimum size of 4 TiB and can only be increased; service tiers are Standard (16 MiB/s/TiB), Premium (64 MiB/s/TiB), and Ultra (128 MiB/s/TiB).
Volume performance scales linearly with size: e.g., a 2-TiB Premium volume gets 128 MiB/s throughput and 8,000 IOPS.
Snapshots are instant, space-efficient, and can be scheduled; maximum 255 per volume.
Cross-region replication is asynchronous with a minimum RPO of 5 minutes; failover is manual.
ANF is not accessible over the public internet; use ExpressRoute or VPN for on-premises access.
Common exam trap: confusing ANF with Azure Files Premium; remember ANF is for ultra-low latency and high IOPS.
These come up on the exam all the time. Here's how to tell them apart.
Azure NetApp Files
Supports NFSv3, NFSv4.1, and SMB 3.0 protocols
Sub-millisecond latency; up to 4.5 GiB/s throughput per volume
Up to 450,000 IOPS per volume
Requires delegated subnet in a VNet; not accessible from internet
Advanced data management: instant snapshots, clones, CRR
Azure Files
Supports SMB 3.0 and NFSv4.1 (preview) protocols
Latency around 1-3 ms; up to 10 GiB/s per storage account (Premium)
Up to 100,000 IOPS per share (Premium)
Can be accessed via public endpoint with SMB over internet or private endpoints
Snapshots are Azure Files snapshots; no CRR, but geo-redundant storage available
Mistake
Azure NetApp Files is just a rebranded Azure Files Premium share.
Correct
ANF is fundamentally different: it uses a dedicated NetApp controller with WAFL file system, providing sub-millisecond latency and up to 4.5 GiB/s throughput per volume. Azure Files Premium uses Azure's own distributed file system with lower performance limits (max 100,000 IOPS per share).
Mistake
You can mount ANF volumes from anywhere on the internet.
Correct
ANF volumes are only accessible from within the Azure VNet where the delegated subnet resides, or from on-premises via ExpressRoute or VPN. They are not directly accessible over the public internet. You must use a private endpoint or a VPN gateway.
Mistake
ANF capacity pools can be resized down to save costs.
Correct
Capacity pools can only be increased in size, not decreased. If you need to reduce capacity, you must create a new pool and migrate volumes. Always plan capacity carefully.
Mistake
ANF snapshots are full copies that consume as much space as the volume.
Correct
ANF snapshots are space-efficient, read-only point-in-time copies. They only consume space for changed blocks since the snapshot was taken. The first snapshot is small; subsequent snapshots grow incrementally.
Mistake
Cross-region replication provides automatic failover with zero data loss.
Correct
CRR is asynchronous with a configurable RPO (minimum 5 minutes). There is no automatic failover; you must manually initiate a failover to the destination volume. During a disaster, you may lose up to the RPO window of data.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
Azure NetApp Files is a high-performance file storage service built on NetApp technology, offering sub-millisecond latency, up to 4.5 GiB/s throughput, and 450,000 IOPS per volume. It supports NFSv3, NFSv4.1, and SMB 3.0, and requires a delegated subnet. Azure Files is a fully managed file share service for SMB and NFS (preview) with lower performance limits (up to 100,000 IOPS and 10 GiB/s per storage account). Use ANF for databases, HPC, and VDI; use Azure Files for general-purpose file sharing and lift-and-shift applications.
Yes, you can access ANF volumes from on-premises clients via ExpressRoute or site-to-site VPN. The ANF delegated subnet must be in a VNet that is connected to your on-premises network. You cannot access ANF directly over the public internet. For secure access, you can also use a private endpoint.
Performance scales linearly with volume size. For example, in the Premium tier, each TiB provides 64 MiB/s. To achieve 512 MiB/s, you need a volume of at least 8 TiB (512/64). However, the volume size can be larger than the used data; you pay for the provisioned size. Use the formula: required size (TiB) = desired throughput (MiB/s) / per-TiB throughput of the tier.
ANF supports NFSv3, NFSv4.1, and SMB 3.0. NFSv3 is the most common for Linux workloads. NFSv4.1 supports Kerberos authentication. SMB 3.0 is used for Windows workloads and supports Active Directory integration. You can choose the protocol when creating a volume; a volume can only use one protocol.
You can back up ANF volumes using Azure NetApp Files backup (preview), which backs up to Azure Blob storage. Alternatively, you can use snapshots (for quick recovery) and cross-region replication (for disaster recovery). Snapshots are not full backups; they are space-efficient point-in-time copies. For long-term retention, use Azure Backup or manually copy data to another storage.
Yes, AKS can mount ANF volumes using the CSI driver for Azure NetApp Files. This allows pods to access persistent storage with high performance. The ANF volume must be in the same VNet as the AKS cluster or connected via VNet peering. You can use static or dynamic provisioning.
The maximum volume size is 100 TiB. The minimum is 100 GiB. You can increase the volume size on the fly without downtime, but you cannot decrease it.
You've just covered Azure NetApp Files — now see how well it sticks with free AZ-104 practice questions. Full explanations included, no account needed.
Done with this chapter?