This chapter covers Azure NetApp Files (ANF) as a high-performance NFS file share solution for Azure. You will learn how ANF differs from Azure Files and Azure Blob Storage, its architecture, performance tiers, and key use cases. On the AZ-305 exam, questions on Azure NetApp Files typically appear in the 'Design for Storage' domain (15–20% of the exam), specifically under objective 2.1 'Design a storage solution for enterprise file workloads.' Expect 2–3 questions that test your ability to choose ANF over other storage options based on performance, protocol support, and migration requirements.
Jump to a section
Imagine your company rents a dedicated rack in a co-location data center. You install a high-end NetApp FAS storage appliance in that rack, connected to your own private network via a cross-connect. The appliance has its own dedicated SSDs, NVMe cache, and a powerful controller that can serve files over NFS to your servers. Now, instead of you buying, racking, cabling, and maintaining that appliance, the co-location provider offers a 'Storage-as-a-Service' where they provision a virtual instance of that same NetApp appliance in their rack, connected to your virtual network via a dedicated VLAN. The provider handles all hardware failures, firmware updates, and capacity scaling. You can create volumes, set export policies, and manage snapshots just as if it were your own physical appliance. The key difference is that the storage is now a managed service – you don't see the underlying hardware, but you get the same performance, features, and NFS protocol compatibility. The storage is accessible only from within your virtual network (or via private peering), not over the public internet. This is exactly how Azure NetApp Files works: Microsoft hosts NetApp's ONTAP software in Azure data centers, provisions a dedicated capacity pool for you, and exposes NFS volumes that are accessible from your Azure VNets or on-premises via ExpressRoute. You get enterprise-grade features like snapshots, clones, and cross-region replication without managing any hardware.
What is Azure NetApp Files?
Azure NetApp Files (ANF) is a fully managed, high-performance file storage service built on NetApp's ONTAP storage operating system. It provides NFSv3, NFSv4.1, and SMB (CIFS) protocols, making it suitable for a wide range of enterprise workloads including HPC, SAP, databases, and VDI. ANF is designed for low latency (sub-millisecond) and high throughput, leveraging NetApp's proprietary WAFL (Write Anywhere File Layout) file system. It is a first-party Azure service, meaning it is natively integrated with Azure networking and identity.
Why Azure NetApp Files Exists
Azure offers multiple file storage options: Azure Files (SMB only, with NFS preview but limited performance), Azure Blob Storage (object storage, not a file system), and Azure NetApp Files (enterprise NAS). ANF fills the gap for workloads that require: - POSIX compliance (permissions, locking, ownership) – critical for Linux-based workloads. - Sub-millisecond latency – required by databases like SAP HANA, Oracle, and MySQL. - High throughput and IOPS – for HPC, media rendering, and EDA. - Native NFS support (v3 and v4.1) – for on-premises lift-and-shift migrations. - Snapshots, clones, and replication – for data protection and DR.
How Azure NetApp Files Works Internally
ANF is deployed as a capacity pool within a NetApp account. The capacity pool is a logical boundary that defines the service level (performance tier) and total provisioned capacity. Within a capacity pool, you create volumes, which are the actual file shares exposed via NFS or SMB. Each volume is served by a highly available pair of NetApp controllers running ONTAP. The controllers are dedicated to your capacity pool, not shared with other tenants, ensuring consistent performance (no noisy neighbor).
Key Components and Architecture:
- NetApp Account: Top-level container for ANF resources. Must be created in a region that supports ANF.
- Capacity Pool: Defines the service level (Standard, Premium, Ultra) and total provisioned capacity (TiB). The service level determines the maximum throughput and IOPS per TiB.
- Volume: A logical file share with its own mount path, export policies, and snapshot policies. Volumes are created within a capacity pool and consume capacity from it.
- Virtual Network (VNet): ANF volumes are deployed into a delegated subnet (called NetApp subnet) within your VNet. This subnet must be at least /26 (64 IPs) and cannot have any other resources. The volume receives an IP address from the subnet and is accessible from any resource in the VNet (or peered networks).
- Export Policy: Controls NFS access at the volume level. You define allowed IP ranges (CIDR) and access rules (read/write, root squash, security style).
- Snapshots: NetApp snapshots are point-in-time, read-only copies of the volume. They are space-efficient (copy-on-write) and can be used for quick recovery. You can schedule snapshots with policies (hourly, daily, weekly).
- Cross-Region Replication: ANF supports asynchronous replication to another region for disaster recovery. Replication is volume-level and uses NetApp SnapMirror technology.
Performance Tiers and Throughput: ANF offers three service levels, each with a guaranteed throughput per TiB of provisioned capacity: - Standard: 16 MB/s per TiB (up to 4,500 MB/s per volume with larger capacity) - Premium: 64 MB/s per TiB (up to 4,500 MB/s per volume) - Ultra: 128 MB/s per TiB (up to 4,500 MB/s per volume)
IOPS is roughly proportional to throughput, with typical values of 1,000 IOPS per MB/s for sequential workloads. For random workloads, IOPS is higher but latency increases. The maximum volume size is 100 TiB, and the maximum capacity pool size is 500 TiB.
Networking and Security: ANF volumes are accessible only from within the VNet (or via peered networks, ExpressRoute, VPN). They are not exposed to the internet. NFS traffic is unencrypted by default, but you can enable Kerberos encryption for NFSv4.1 (requires domain join). For SMB, encryption is supported via SMB 3.0. Access control is managed via export policies (IP-based) and, for NFSv4.1, via Kerberos or AAD DS integration.
Configuration and Verification Commands: To create an ANF volume, you typically use the Azure portal, CLI, or PowerShell. Example CLI commands:
# Create a NetApp account
az netappfiles account create -g myResourceGroup -n myNetAppAccount -l eastus
# Create a capacity pool (Standard, 4 TiB)
az netappfiles pool create -g myResourceGroup -a myNetAppAccount -n myPool -l eastus --service-level Standard --size 4
# Create an NFSv3 volume (100 GiB)
az netappfiles volume create -g myResourceGroup -a myNetAppAccount -p myPool -n myVolume -l eastus --file-path myVolume --usage-threshold 100 --vnet myVnet --subnet myNetAppSubnet --protocol-types NFSv3To verify the volume mount path:
az netappfiles volume show -g myResourceGroup -a myNetAppAccount -p myPool -n myVolume --query mountTargetsInteraction with Related Technologies: - Azure Backup: ANF snapshots can be used for instant recovery, but for long-term backup, you can use Azure Backup for ANF (which leverages snapshots and offloads them to Azure Blob Storage). - Azure Site Recovery: You can replicate ANF volumes to another region using ANF cross-region replication, not ASR. - Azure VMware Solution: ANF is a supported datastore for AVS, providing NFS-based storage for VMware workloads. - HPC and SAP: ANF is certified for SAP HANA (NFS) and is commonly used with Azure HPC clusters (e.g., CycleCloud, Slurm).
Key Values, Defaults, and Timers
Subnet size: Minimum /26 (64 IPs). The subnet is delegated to Microsoft.NetApp/volumes.
Volume size: 100 GiB to 100 TiB. Can be increased in 1 GiB increments.
Throughput limits: Per volume, max 4,500 MB/s (achieved with larger volumes in Ultra tier).
Snapshot retention: Up to 255 snapshots per volume. Snapshot policies support hourly (up to 24), daily (up to 365), weekly (up to 52), and monthly (up to 120).
Replication RPO: Typically 5–30 minutes for cross-region replication, depending on network bandwidth and data change rate.
Latency: Sub-millisecond for Ultra, 1-2 ms for Premium, 3-5 ms for Standard (under moderate load).
Common Exam Traps
ANF vs Azure Files: Azure Files NFS is still in preview and has lower performance (no Ultra tier). ANF is the only option for sub-millisecond NFS latency.
ANF vs Azure NetApp Files (Premium SSD v2): Premium SSD v2 is a managed disk, not a file share. ANF is a file service.
ANF for SQL Server: SQL Server on Windows typically uses SMB, but ANF supports SMB. For Linux SQL, NFS is used. However, SQL Server on Linux is not as common; Azure Files or managed disks are often preferred.
Cross-region replication: ANF replication is asynchronous and volume-level. It does not support Active/Active configurations; failover is manual or automated via scripts.
How ANF Handles NFSv3 vs NFSv4.1
NFSv3 is stateless and uses Network Lock Manager (NLM) for file locking. NFSv4.1 is stateful and uses a single protocol for locking and operations. ANF supports both. For new deployments, NFSv4.1 is recommended because it offers better security (Kerberos), delegation, and compound operations. However, NFSv3 is still widely used for compatibility with older systems.
Capacity Pool Over-Provisioning
ANF allows you to over-provision capacity (create volumes that sum to more than the pool size) but not over-provision throughput. If the total volume throughput exceeds the pool's throughput limit, volumes are throttled. This is a common exam scenario: you must size the pool correctly based on aggregate workload requirements.
Summary of Exam-Relevant Facts
ANF is the only Azure file service that supports both NFS and SMB with enterprise performance.
Service levels: Standard (16 MB/s/TiB), Premium (64 MB/s/TiB), Ultra (128 MB/s/TiB).
Minimum subnet size: /26.
Maximum volume size: 100 TiB.
Maximum pool size: 500 TiB.
Supported protocols: NFSv3, NFSv4.1, SMB 3.x.
Cross-region replication: SnapMirror-based, asynchronous.
Backup: Azure Backup for ANF (snapshot-based).
Provision a Capacity Pool
First, you create a NetApp account and then a capacity pool within a region. The capacity pool defines the service level (Standard, Premium, Ultra) and the total provisioned capacity (in TiB). The service level determines the maximum throughput per TiB. For example, a 4 TiB Premium pool gives you 4 * 64 = 256 MB/s of throughput. You can later increase the pool size, but you cannot change the service level after creation. The pool is billed based on the provisioned size, not used size.
Delegate a Subnet to ANF
You need a dedicated subnet in your VNet, delegated to `Microsoft.NetApp/volumes`. The subnet must be at least /26 (64 IPs) and cannot contain any other resources. ANF uses the IP addresses from this subnet for the volume's mount targets. The subnet must be in the same region as the capacity pool. You cannot use an existing subnet with other resources; a fresh, empty subnet is required.
Create an NFS Volume
Within the capacity pool, you create a volume. Specify the volume name, file path (which becomes the mount path), quota (size in GiB), protocol (NFSv3 or NFSv4.1), and the delegated subnet. The volume will be assigned an IP address from the subnet. For NFSv4.1, you can optionally enable Kerberos and set the security style (UNIX or NTFS). The volume is immediately available for mounting.
Configure Export Policy
Export policies control which clients can access the volume and with what permissions. You define rules with an allowed CIDR (e.g., 10.0.0.0/16), access type (ReadWrite or ReadOnly), root squash (maps root to nobody), and security style (UNIX, NTFS, or MIXED). For NFSv3, the export policy is critical for security. For NFSv4.1, you can also use Kerberos for authentication.
Mount the Volume from a Linux Client
Once the volume is created, you get a mount path like `10.0.0.4:/myVolume`. On a Linux VM in the same VNet (or connected via peering/ExpressRoute), you install the NFS client (`nfs-utils` for RHEL/CentOS, `nfs-common` for Ubuntu) and mount it: `mount -t nfs -o rw,hard,rsize=1048576,wsize=1048576,vers=3,tcp 10.0.0.4:/myVolume /mnt/anf`. The mount options (rsize, wsize) are optimized for ANF. For NFSv4.1, use `vers=4.1`.
Scenario 1: SAP HANA on Azure with ANF
A global manufacturing company runs SAP S/4HANA on Azure. They need low-latency, high-throughput NFS storage for the HANA data and log volumes. They choose Azure NetApp Files Premium tier because it provides 64 MB/s per TiB, which meets their 400 MB/s throughput requirement for a 6 TiB HANA system. They create two volumes: one for data (4 TiB) and one for log (2 TiB). They use NFSv4.1 for better locking and security. The volumes are placed in a delegated subnet within the same VNet as the HANA VMs. They configure export policies to allow only the HANA VM subnet. They also enable cross-region replication to a secondary region for disaster recovery, with an RPO of 15 minutes. The migration from on-premises was a simple lift-and-shift because ANF supports the same NFS protocol as their existing NetApp storage. The key challenge was sizing the capacity pool correctly: they initially over-provisioned the pool (10 TiB) to allow for growth, but then they realized the throughput was limited by the pool size. They had to increase the pool to 12 TiB to get the needed throughput.
Scenario 2: High-Performance Computing (HPC) for Financial Modeling
A hedge fund runs Monte Carlo simulations on Azure HPC clusters. They need a parallel file system that can handle thousands of concurrent reads/writes with sub-millisecond latency. They deploy Azure NetApp Files Ultra tier volumes (128 MB/s/TiB) and create multiple volumes for different data sets. They use NFSv3 because their application stack is older and does not support NFSv4.1. They mount volumes on each compute node using the hard and intr options to handle network interruptions. The performance is critical: they benchmarked ANF against Azure Files NFS and found ANF consistently lower latency by 2-3 ms. They also use ANF snapshots to create checkpoints of simulation data every hour, allowing rollback if a job fails. The biggest issue they faced was network bandwidth: the delegated subnet was only /28, which limited the number of mount targets. They had to resize the subnet to /26 to accommodate more IP addresses.
Scenario 3: VDI with FSLogix and ANF
A large enterprise deploys Windows Virtual Desktop (now Azure Virtual Desktop) and uses FSLogix profile containers. They need a highly available, low-latency SMB share for user profiles. They choose Azure NetApp Files with SMB protocol. They create a capacity pool with Premium tier and a volume for FSLogix profiles. They join the ANF volume to an Active Directory domain (via Azure AD DS or on-premises AD) to support Kerberos authentication. They configure export policies to allow only the AVD session hosts. The volume is sized at 10 TiB for 5,000 users. They use ANF snapshots for point-in-time recovery of user profiles. A common misconfiguration is forgetting to set the security style to NTFS for SMB volumes; if left as UNIX, Windows clients cannot access the files. Also, they learned that ANF does not support SMB Multichannel, so they had to ensure the network path was not a bottleneck.
AZ-305 Objective 2.1: Design a storage solution for enterprise file workloads
This objective includes selecting the appropriate file storage service (Azure Files, Azure NetApp Files, or Azure Blob Storage with NFS preview) based on performance, protocol, and migration requirements. The exam expects you to know: - When to choose ANF over Azure Files: ANF is for workloads that require sub-millisecond latency, high throughput (Ultra tier), or NFSv4.1 with Kerberos. Azure Files is for general-purpose SMB shares with moderate performance. - Service level throughput: Standard 16 MB/s/TiB, Premium 64 MB/s/TiB, Ultra 128 MB/s/TiB. You must be able to calculate required pool size based on throughput needs. - Subnet requirements: Minimum /26 delegated subnet. Cannot be shared with other resources. - Protocol support: NFSv3, NFSv4.1, SMB 3.x. SMB is not available in all regions (check region support). - Cross-region replication: Asynchronous, volume-level, RPO typically 5-30 minutes. Not suitable for active-active. - Backup options: Azure Backup for ANF (snapshot-based) or manual snapshots. Long-term backup to Blob.
Common Wrong Answers and Why Candidates Choose Them
Choosing Azure Files NFS for a high-performance HPC workload: Azure Files NFS is in preview and has lower performance (no Ultra tier). Candidates see 'NFS' and assume it's equivalent, but ANF is the only enterprise NFS option.
Selecting Azure NetApp Files for a simple file share with low throughput requirements: ANF is expensive compared to Azure Files. For standard file shares (e.g., home directories), Azure Files is more cost-effective. Candidates overlook cost.
Thinking ANF supports SMB Multichannel or SMB Direct: It does not. This is a common trap; candidates assume because it's NetApp, it supports all ONTAP features.
Misunderstanding capacity pool sizing: Candidates think they can set the pool size to the total volume size, but they must consider throughput. For example, a 4 TiB Ultra pool gives only 512 MB/s; if a workload needs 800 MB/s, the pool must be at least 6.25 TiB (800/128).
Assuming ANF volumes are accessible from the internet: They are only accessible from VNets. Candidates might try to mount from on-premises without ExpressRoute or VPN.
Edge Cases and Exceptions
Region availability: ANF is not available in all Azure regions. Check the region list before designing.
SMB protocol: SMB is not supported in all regions where ANF is available. For example, some regions support NFS only.
NFSv4.1 with Kerberos: Requires the ANF volume to be joined to an Active Directory domain (Azure AD DS or on-premises). This adds complexity.
Volume size changes: You can increase a volume's quota (size) but cannot decrease it. Plan for growth.
Throughput limits per volume: The maximum throughput per volume is 4,500 MB/s, regardless of pool size. For larger throughput, split across multiple volumes.
How to Eliminate Wrong Answers
If the question mentions 'sub-millisecond latency' or 'HPC', the answer is likely ANF.
If the question mentions 'SMB' and 'high performance', ANF is the only option (Azure Files SMB is limited to 10,000 IOPS per share).
If the question mentions 'NFS' and 'Kerberos', ANF is the answer (Azure Files NFS does not support Kerberos).
If the question mentions 'cost-effective' and 'general-purpose', choose Azure Files.
If the question mentions 'migration from on-premises NetApp', ANF is the natural choice because it uses the same ONTAP technology.
Azure NetApp Files is the only Azure file service that provides sub-millisecond latency and high throughput (Ultra: 128 MB/s/TiB).
ANF supports NFSv3, NFSv4.1, and SMB 3.x protocols, making it suitable for Linux and Windows workloads.
A delegated subnet of at least /26 is required for ANF, and it cannot contain any other resources.
Capacity pool service levels are fixed at creation; you cannot change from Standard to Premium later.
Cross-region replication is asynchronous with an RPO of 5-30 minutes, using SnapMirror technology.
ANF volumes can be up to 100 TiB, and capacity pools up to 500 TiB.
Export policies control NFS access via IP CIDR rules; NFSv4.1 supports Kerberos authentication.
ANF is the recommended storage for SAP HANA on Azure (certified) and HPC workloads.
Azure Backup for ANF uses snapshots for backup, not traditional file-level backup.
ANF does not support SMB Multichannel or SMB Direct; performance is scaled via pool size.
These come up on the exam all the time. Here's how to tell them apart.
Azure NetApp Files
Supports both NFS (v3, v4.1) and SMB protocols.
Sub-millisecond latency with Ultra tier (128 MB/s/TiB).
Maximum throughput per volume: 4,500 MB/s.
Enterprise features: snapshots, clones, cross-region replication.
Requires dedicated /26 subnet delegated to Microsoft.NetApp/volumes.
Azure Files
Primarily SMB; NFS is in preview with limited performance.
Latency typically 3-5 ms for Premium tier.
Maximum throughput per share: 10,000 IOPS (approx 300 MB/s).
Snapshots (via Azure Backup) are full VSS snapshots, not space-efficient.
Uses standard Azure storage endpoints; no dedicated subnet needed.
Mistake
Azure NetApp Files is just a rebranded version of Azure Files.
Correct
Azure NetApp Files is built on NetApp ONTAP, a completely different storage stack from Azure Files (which uses Azure Storage). ANF provides enterprise NAS features like snapshots, clones, and cross-region replication that Azure Files does not have.
Mistake
ANF volumes can be accessed over the internet using a public endpoint.
Correct
ANF volumes are only accessible from within a virtual network (VNet) via a delegated subnet. They do not have public endpoints. To access from on-premises, you must use ExpressRoute or VPN.
Mistake
You can change the service level of an ANF capacity pool after creation.
Correct
The service level (Standard, Premium, Ultra) is fixed when the pool is created. You cannot change it later. You would need to create a new pool and migrate volumes.
Mistake
ANF supports SMB Multichannel for higher throughput.
Correct
ANF does not support SMB Multichannel. It does support SMB 3.0 encryption and signing, but not Multichannel. For higher throughput, use a larger capacity pool or multiple volumes.
Mistake
ANF snapshots are full copies of the volume and consume as much space as the volume.
Correct
ANF snapshots are space-efficient, copy-on-write snapshots. They only consume space for data changes since the snapshot was taken. The initial snapshot is nearly instant and consumes minimal space.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
Azure NetApp Files is a high-performance, enterprise-grade NFS solution built on NetApp ONTAP, offering sub-millisecond latency, up to 4,500 MB/s throughput per volume, and features like snapshots and cross-region replication. Azure Files NFS is in preview, has lower performance (no Ultra tier), and lacks enterprise features. For production HPC or SAP HANA, choose ANF. For simple file sharing with moderate performance, Azure Files is more cost-effective.
No, ANF volumes are only accessible from within a virtual network (VNet). To access from on-premises, you need a site-to-site VPN or ExpressRoute. There is no public endpoint. You must also ensure that the on-premises network can route to the ANV subnet IP range.
The minimum subnet size is /26, which provides 64 IP addresses. This subnet must be delegated to 'Microsoft.NetApp/volumes' and cannot contain any other resources. ANF uses the IPs for volume mount targets.
Divide the required throughput by the service level's MB/s per TiB. For example, if you need 800 MB/s and choose Premium (64 MB/s/TiB), the pool must be at least 800/64 = 12.5 TiB. Round up to the next whole TiB (13 TiB). The pool size also determines the total capacity available for volumes.
No, ANF does not support SMB Multichannel. It supports SMB 3.0 encryption and signing but not Multichannel. For higher throughput, increase the capacity pool size or use multiple volumes.
Yes, ANF supports SMB, so you can use it for SQL Server on Windows. However, for SQL Server, Azure Managed Disks (Premium SSD v2) are often preferred for lower latency. ANF is more commonly used for SAP HANA and Linux databases.
The maximum is 255 snapshots per volume. You can schedule snapshots via policies (hourly, daily, weekly, monthly) or take manual snapshots. Snapshots are space-efficient and use copy-on-write.
You've just covered Azure NetApp Files for NFS Workloads — now see how well it sticks with free AZ-305 practice questions. Full explanations included, no account needed.
Done with this chapter?