This chapter covers Azure Elastic SAN, a fully managed SAN solution in Azure that provides scalable, high-performance block storage for large-scale workloads. Understanding Elastic SAN is critical for the AZ-305 exam as it appears in questions about storage architecture for mission-critical applications, especially when discussing storage performance isolation and independent scaling. Approximately 5-10% of exam questions touch on Azure Elastic SAN or its comparison with other storage options like Azure NetApp Files and Azure Managed Disks.
Jump to a section
Imagine a large office building where each floor (compute instance) has its own storage closet (local disk). When one floor runs out of space, they cannot borrow from another floor. Now, imagine the building has a central, massive warehouse (Elastic SAN) with shelves that can be dynamically expanded or contracted. Each floor gets a dedicated aisle (volume) in the warehouse, but the aisle can be widened or narrowed without moving the walls. The warehouse itself is made of storage pods (nodes) that are connected via a high-speed conveyor belt system (iSCSI fabric). When a floor requests data, the request travels through the conveyor belt to the correct aisle. The warehouse manager (control plane) monitors usage and can add more pods or redistribute shelves across aisles without interrupting access. This is exactly how Azure Elastic SAN works: it pools storage resources across multiple nodes, presents them as iSCSI targets, and can scale performance and capacity independently. The key mechanism is that the SAN is a separate resource from compute, connected via the network, and can be resized without redeploying or migrating data.
What is Azure Elastic SAN?
Azure Elastic SAN is a fully managed, cloud-native Storage Area Network (SAN) service that provides scalable, high-performance block storage for Azure compute resources. It is designed for workloads that require consistent low-latency performance, large capacity, and the ability to scale performance and capacity independently. Unlike Azure Managed Disks, which are attached to a single VM and have fixed performance tiers, Elastic SAN allows you to create a pool of storage that can be shared across multiple VMs, with performance (IOPS and throughput) that scales linearly with the provisioned capacity and performance units.
Why Elastic SAN Exists
Traditional Azure Managed Disks have limitations: each disk has a maximum IOPS and throughput based on its size and tier, and scaling performance often requires migrating to a larger disk or adding more disks with striping. For large-scale databases (e.g., SQL Server, Oracle), SAP HANA, or analytics workloads that need consistent performance across many VMs, managed disks can become complex and costly. Elastic SAN solves this by decoupling storage performance from individual VM disks, allowing a single SAN to serve multiple VMs with predictable performance. It also provides built-in redundancy and high availability without requiring application-level replication.
How It Works Internally
Azure Elastic SAN is built on a distributed storage architecture. The SAN consists of a group of storage nodes (physical or virtual) that pool their capacity and performance. When you create an Elastic SAN, you define a total capacity (e.g., 50 TiB) and a performance tier (e.g., Premium, with specific IOPS per GiB). The system then allocates storage resources across multiple nodes in an Azure region, within an availability zone if specified. The SAN exposes iSCSI targets (volumes) that can be connected to VMs over the Azure network. Each volume has its own LUN (Logical Unit Number) and is accessed via iSCSI initiators on the VMs.
Internally, data is striped across multiple nodes for performance and redundancy. The SAN uses a distributed metadata store to track the location of data blocks. When a VM sends a read or write request, the iSCSI initiator forwards it to the SAN's front-end load balancer, which routes it to the appropriate storage node. The node processes the request, and if the data is replicated synchronously (for Premium), it writes to multiple nodes before acknowledging the write. This ensures durability and consistency.
Key Components, Values, Defaults, and Timers
Elastic SAN resource: The top-level object that defines the storage pool. It has a name, region, availability zone (optional), and base performance tier.
Volume group: A logical grouping of volumes that share network access controls (e.g., allowed virtual networks). Each volume group has an iSCSI target portal (IP address and port 3260).
Volume: A block device within a volume group. It has a size (in GiB) and a LUN. Volumes can be dynamically resized without downtime.
Performance tier: Determines the baseline IOPS and throughput per GiB of provisioned capacity. For Premium, the baseline is 60 IOPS/GiB and 0.5 MBps/GiB, with burst capability up to 100 IOPS/GiB.
Capacity: Total provisioned capacity of the SAN, from 1 TiB to 100 TiB (or more with quota increase).
IOPS and throughput: These scale linearly with capacity. For a 50 TiB SAN at Premium tier, baseline IOPS = 50 * 1024 * 60 = 3,072,000 IOPS, and baseline throughput = 50 * 1024 * 0.5 = 25,600 MBps.
iSCSI initiator: Software on the VM (e.g., iscsid on Linux, Microsoft iSCSI Initiator on Windows) that connects to the SAN.
Network requirements: The VM and SAN must be in the same region and peered VNet, or connected via a private endpoint. The SAN supports Azure Private Link for secure access.
Configuration and Verification Commands
To create an Elastic SAN using Azure CLI:
# Create a resource group
az group create --name MyRG --location eastus
# Create an Elastic SAN
az elastic-san create --resource-group MyRG --name MySAN --location eastus --sku-tier Premium --capacity 10240 --base-size 10240
# Create a volume group
az elastic-san volume-group create --resource-group MyRG --san-name MySAN --name MyVolGroup --network-acls default-action=Allow
# Create a volume
az elastic-san volume create --resource-group MyRG --san-name MySAN --volume-group-name MyVolGroup --name MyVolume --size 1024
# List iSCSI targets for a volume group
az elastic-san volume-group list-iscsi-target --resource-group MyRG --san-name MySAN --volume-group-name MyVolGroupTo connect a Linux VM to the SAN:
# Install iSCSI initiator
sudo apt-get install open-iscsi
# Discover targets
sudo iscsiadm -m discovery -t st -p <target-ip>:3260
# Login to target
sudo iscsiadm -m node -T <target-name> -p <target-ip>:3260 -l
# Verify connection
sudo iscsiadm -m session -o showVerification: Use az elastic-san list to see SANs, and az elastic-san volume list to see volumes. Monitor performance metrics via Azure Monitor (e.g., IOPS, throughput, latency).
Interaction with Related Technologies
Elastic SAN integrates with: - Azure Private Link: For private connectivity between VNets and the SAN. - Azure Backup: Supports backup of Elastic SAN volumes using Azure Backup. - Azure Site Recovery: Can replicate volumes to another region for disaster recovery. - Azure Kubernetes Service (AKS): Can be used as persistent storage for stateful workloads via CSI driver. - Azure NetApp Files: Another enterprise-grade file and block storage service, but with different performance profiles (NetApp uses NFS and SMB, while Elastic SAN is iSCSI only).
Elastic SAN is NOT a replacement for Azure Files (file shares) or Azure Blob (object storage). It is strictly block storage accessed over iSCSI.
Performance Considerations
Performance is determined by the total provisioned capacity and the performance tier. Because performance scales linearly, you can increase IOPS by adding more capacity (even if you don't need the space). However, this increases cost. Alternatively, you can choose a higher performance tier (e.g., Premium vs. Standard). The SAN also supports bursting: when workloads exceed baseline, they can burst up to the maximum performance for short periods (up to 30 minutes), similar to managed disks.
Availability and Redundancy
Elastic SAN supports locally redundant storage (LRS) and zone-redundant storage (ZRS). LRS replicates data three times within a single availability zone. ZRS replicates across three availability zones in the same region, providing higher availability. For disaster recovery, you must replicate data to another region using Azure Site Recovery or backup.
Limitations
Maximum capacity per SAN: 100 TiB (default), can be increased via support.
Maximum volume size: 64 TiB.
Maximum number of volumes per SAN: 128.
Maximum number of volume groups per SAN: 5.
iSCSI only; no NFS or SMB support.
Not supported for Azure VM boot disks.
Requires iSCSI initiator on the client.
Cost Model
You pay for the provisioned capacity (in TiB) per month, plus the performance tier premium. There is no charge for IOPS or throughput beyond the baseline (they are included in the capacity price). For example, a 10 TiB Premium SAN costs more than a 10 TiB Standard SAN. You can also reserve capacity for 1 or 3 years to save up to 40%.
Provision the Elastic SAN
In the Azure portal or CLI, you create an Elastic SAN resource specifying the region, availability zone (optional), SKU tier (e.g., Premium), and total base capacity. The base capacity is the minimum amount of storage you commit to. You can later increase capacity up to 100 TiB. At this step, Azure allocates storage nodes and reserves the capacity. The SAN is not yet visible to any VMs.
Create Volume Groups
A volume group is a container for volumes that share network access controls. You define which virtual networks (via Private Link) can access the volumes in the group. Each volume group gets a unique iSCSI target portal IP address and port 3260. You can have up to 5 volume groups per SAN. This step establishes the network boundary for storage access.
Create Volumes
Within a volume group, you create volumes of specified size (in GiB). Each volume is assigned a LUN (Logical Unit Number) automatically. Volumes can be dynamically resized later without downtime. The total size of all volumes cannot exceed the SAN's total capacity. At this point, the volumes are ready to be connected via iSCSI.
Connect VM to SAN via iSCSI
On the VM, you install the iSCSI initiator software. Then you perform an iSCSI discovery against the volume group's target IP. The initiator sends a discovery request (iSCSI SendTargets) and receives a list of targets (volumes). You then log in to the desired target. The initiator and target negotiate authentication (if using CHAP) and then establish a session. The VM now sees the volume as a local disk (e.g., /dev/sdb). You then format and mount it.
Monitor and Scale
Once connected, you monitor the SAN's performance metrics via Azure Monitor (IOPS, throughput, latency). If you need more performance, you can increase the SAN's capacity (adds IOPS/throughput linearly) or change the performance tier. You can also add more volumes or resize existing ones. Scaling is online and does not require disconnecting VMs. The control plane coordinates the redistribution of data across nodes transparently.
Enterprise Scenario 1: Large SQL Server Database Farm
A financial services company runs hundreds of SQL Server databases across multiple VMs. Each database requires high IOPS (e.g., 50,000 IOPS) and low latency (sub-millisecond). Previously, they used P60 managed disks (16 TiB each, 75,000 IOPS), but the cost was high and they had to overprovision capacity to get the performance. They migrated to Azure Elastic SAN: a single 50 TiB Premium SAN providing 3 million IOPS baseline. They created volume groups for different environments (prod, dev, test) and connected each SQL VM via iSCSI. They configured CHAP authentication for security. The result: consistent performance, lower cost (no overprovisioning), and the ability to scale IOPS by increasing SAN capacity without touching VMs. Common misconfiguration: not enabling multipathing (MPIO) on the VMs, leading to single-path failures and lower throughput. They also set up Azure Backup for volume-level backups.
Enterprise Scenario 2: SAP HANA Scale-Out
An enterprise runs SAP HANA on Azure using a scale-out architecture with multiple worker nodes. HANA requires high throughput and low latency for log writes. They use Azure Elastic SAN as shared storage for the HANA data and log volumes. Each worker node connects to the same SAN volumes via iSCSI. The SAN is configured with ZRS for high availability within the region. They provisioned a 30 TiB SAN with Premium tier. The key benefit: independent scaling of compute and storage. When they needed more HANA memory, they added more VMs without migrating data. When they needed more storage, they increased the SAN capacity. Pitfall: forgetting to set the volume group's network ACLs correctly, causing connectivity issues. They also use Azure Private Link to ensure traffic stays within the Microsoft backbone.
Enterprise Scenario 3: Video Rendering Farm
A media company uses Azure Batch to render videos. Each render job writes large files to shared storage. They need high throughput (multiple GB/s) for reading and writing. They use Elastic SAN with Standard tier (lower cost) because latency is less critical. They provision a 100 TiB SAN (max default) and create multiple volumes striped across VMs using software RAID. The SAN provides 50 GB/s throughput baseline. They connect each render VM via iSCSI. The challenge: iSCSI overhead can reduce CPU efficiency for rendering, so they use larger VMs with dedicated iSCSI offload. They also monitor the SAN's throughput to avoid hitting the limit. When they hit the limit, they increase capacity (and thus throughput) by adding more capacity, even if they don't need the space. This is a common exam scenario: knowing that performance scales with capacity.
Exactly What AZ-305 Tests on Elastic SAN
The AZ-305 exam objective 2.1 (Design a storage solution) includes Elastic SAN under the 'Block storage' design considerations. The exam expects you to:
Identify when to use Elastic SAN vs. Azure Managed Disks vs. Azure NetApp Files.
Understand that Elastic SAN provides iSCSI-based block storage that can be shared across multiple VMs.
Know that performance (IOPS/throughput) scales linearly with provisioned capacity.
Recognize that Elastic SAN supports LRS and ZRS, but not GRS (geo-redundancy) natively.
Understand that volumes can be resized without downtime.
Know the maximum capacity (100 TiB default) and maximum volume size (64 TiB).
Common Wrong Answers and Why Candidates Choose Them
'Elastic SAN supports NFS and SMB protocols.' This is false; it only supports iSCSI. Candidates confuse it with Azure NetApp Files, which supports both. The exam may ask about protocol support for a shared file system scenario.
'Elastic SAN can be used as a boot disk for VMs.' False. Only managed disks can be boot disks. Candidates assume any block storage can boot, but Azure restricts boot to managed disks.
'Elastic SAN performance is fixed per volume.' False. Performance scales with total SAN capacity, not per volume. Candidates think of managed disks where each disk has a fixed IOPS.
'Elastic SAN provides geo-redundancy (GRS).' False. It supports LRS and ZRS only. For DR, you must use Azure Site Recovery or backup. Candidates may think of Azure Storage accounts that offer GRS.
Specific Numbers and Terms That Appear on the Exam
Default maximum SAN capacity: 100 TiB.
Maximum volume size: 64 TiB.
Maximum volumes per SAN: 128.
Maximum volume groups per SAN: 5.
Premium tier baseline: 60 IOPS/GiB, 0.5 MBps/GiB.
Burst limit: up to 100 IOPS/GiB for up to 30 minutes.
iSCSI port: 3260.
Supported redundancy: LRS and ZRS.
Edge Cases and Exceptions
Elastic SAN is not available in all regions; check regional availability.
If you need to connect VMs in different VNets, you must use VNet peering or Private Link.
Elastic SAN does not support Azure Disk Encryption (ADE) at the SAN level; you must encrypt volumes at the OS level (e.g., BitLocker, DM-Crypt).
You cannot migrate an existing managed disk to Elastic SAN directly; you must copy data via tools like AzCopy or robocopy.
How to Eliminate Wrong Answers
When you see a question about shared block storage, ask: Does it need to be accessed by multiple VMs simultaneously? If yes, Elastic SAN or NetApp Files are options. If the question mentions iSCSI, it's Elastic SAN. If it mentions NFS or SMB, it's NetApp Files. If it mentions boot disks, it's managed disks. If it mentions geo-redundancy, it's not Elastic SAN (unless combined with Site Recovery). Remember that Elastic SAN is a relatively new service, so the exam may test its specific limits and capabilities.
Elastic SAN is a fully managed iSCSI SAN for shared block storage across multiple VMs.
Performance (IOPS/throughput) scales linearly with provisioned capacity at 60 IOPS/GiB and 0.5 MBps/GiB for Premium tier.
Maximum SAN capacity is 100 TiB (default), maximum volume size is 64 TiB, maximum 128 volumes per SAN, maximum 5 volume groups.
Supports LRS and ZRS only; geo-redundancy requires Azure Site Recovery or backup.
Volumes can be resized without downtime; SAN capacity can be increased online.
Cannot be used as VM boot disks; only for data storage.
Requires iSCSI initiator on the VM; supports CHAP authentication.
Cost is based on provisioned capacity and performance tier; reserved capacity available for savings.
These come up on the exam all the time. Here's how to tell them apart.
Azure Elastic SAN
Shared block storage accessible by multiple VMs
Performance scales with total SAN capacity (linear)
Maximum capacity 100 TiB per SAN
Supports LRS and ZRS
iSCSI protocol only
Azure Managed Disks
Attached to a single VM (unless using shared disks, limited)
Performance per disk fixed by tier and size
Maximum 32 TiB per disk (Ultra Disk up to 64 TiB)
Supports LRS, ZRS, and GRS (via snapshots)
Native Azure protocol, no iSCSI needed
Azure Elastic SAN
Block storage via iSCSI
Performance scales linearly with capacity
Maximum 100 TiB per SAN
Supports LRS and ZRS
Lower cost per GiB for large capacities
Azure NetApp Files
File storage via NFS and SMB
Performance tier based on service level (Standard, Premium, Ultra)
Up to 100 TiB per capacity pool (can have multiple pools)
Supports LRS, ZRS, and cross-region replication
Higher cost but richer features (snapshots, cloning, export policies)
Mistake
Elastic SAN supports both block and file storage.
Correct
Elastic SAN is block storage only, accessed via iSCSI. It does not support NFS or SMB. For file storage, use Azure Files or Azure NetApp Files.
Mistake
You can attach an Elastic SAN volume as a boot disk for a VM.
Correct
Only Azure Managed Disks can be used as boot disks. Elastic SAN volumes cannot be boot disks. They are used for data storage only.
Mistake
Elastic SAN performance is per-volume, like managed disks.
Correct
Elastic SAN performance (IOPS/throughput) is a property of the entire SAN and scales with total provisioned capacity. All volumes share the SAN's performance pool.
Mistake
Elastic SAN provides geo-redundant storage (GRS) by default.
Correct
Elastic SAN supports LRS (locally redundant) and ZRS (zone-redundant) only. For geo-redundancy, you must use Azure Site Recovery or backup to another region.
Mistake
Elastic SAN volumes cannot be resized after creation.
Correct
Volumes can be dynamically resized (increased) without downtime. The SAN's total capacity must be sufficient. Decreasing volume size is not supported.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
Yes, Elastic SAN is ideal for SQL Server. You can provision a SAN with enough capacity to meet your IOPS requirements. For example, a 10 TiB Premium SAN provides 600,000 IOPS baseline. Connect your SQL VM via iSCSI and configure the database files on the volume. The SAN's performance scales linearly, so you can increase IOPS by adding capacity. However, ensure that your VM's network bandwidth and iSCSI initiator can handle the throughput. Also, enable multipathing (MPIO) for redundancy.
You connect each VM to the same volume using iSCSI. The volume is exposed as an iSCSI target. Each VM initiates a session to that target. However, the volume is a block device, so if multiple VMs write to the same block, you need a cluster-aware filesystem (e.g., Windows Server Failover Cluster with CSV, or a clustered filesystem like GFS2). For read-only scenarios, you can mount it as read-only on some VMs. The SAN itself does not coordinate concurrent writes.
Elastic SAN is block storage (iSCSI) while Azure NetApp Files is file storage (NFS/SMB). Elastic SAN performance scales linearly with capacity; NetApp Files has fixed service levels (Standard, Premium, Ultra) with different IOPS/throughput per TiB. NetApp Files offers more advanced features like snapshots, cloning, and cross-region replication. Elastic SAN is generally lower cost for large capacities. Choose Elastic SAN if you need shared block storage and iSCSI; choose NetApp Files if you need NFS/SMB or advanced data management.
Yes, Elastic SAN can be used with AKS via the iSCSI CSI driver. You create volumes in the SAN and then reference them in persistent volume claims. However, the iSCSI CSI driver is not built-in; you need to install it. Alternatively, you can use Azure Disks or Azure Files for simpler integration. Elastic SAN is best for stateful workloads that need high performance and shared access.
Yes, Elastic SAN encrypts data at rest using Azure Storage Service Encryption (SSE) with platform-managed keys. You can also use customer-managed keys (CMK) by enabling encryption with Azure Key Vault. However, note that this is at the SAN level, not per volume. For additional security, you can enable OS-level encryption (e.g., BitLocker).
The VM must have network connectivity to the SAN's target portal IP. You can use a private endpoint (via Private Link) or connect over a VPN/ExpressRoute if the SAN is in a different VNet. The SAN's volume group must have network ACLs configured to allow traffic from the VM's VNet. The iSCSI protocol uses TCP port 3260. Ensure that the VM's firewall allows outbound traffic to that port.
No, you cannot reduce the provisioned capacity of an Elastic SAN. You can only increase it. This is similar to most Azure storage services. Plan your capacity carefully. If you need to reduce, you must create a new SAN with lower capacity and migrate your data.
You've just covered Azure Elastic SAN for Storage Architecture — now see how well it sticks with free AZ-305 practice questions. Full explanations included, no account needed.
Done with this chapter?