|
| 1 | +--- |
| 2 | +title: Support multiple users of Cloud Shell in a private virtual network |
| 3 | +description: This article explains changes required to support multiple users for a Cloud Shell instance deployed in a private virtual network. |
| 4 | +ms.topic: how-to |
| 5 | +ms.date: 02/04/2025 |
| 6 | +--- |
| 7 | +# Support multiple users of Cloud Shell in a private virtual network |
| 8 | + |
| 9 | +The instructions and ARM templates used to deploy Cloud Shell in a private virtual network create an |
| 10 | +environment designed to be used by a single user. A single-user deployment is the most secure |
| 11 | +configuration because each user can only access their own file share. However, you might have a need |
| 12 | +to allow multiple users access to a single deployment. To support access for multiple users, you |
| 13 | +need to make the following changes: |
| 14 | + |
| 15 | +- Increase File Share quota |
| 16 | +- Assign roles to the users that allow access to the storage resources |
| 17 | + |
| 18 | +## Increase File Share quota |
| 19 | + |
| 20 | +The initial deployment of Cloud Shell in a private virtual network creates a file share with a 6-GiB |
| 21 | +quota limit. When a new user starts their first session, Cloud Shell creates a 5-GiB image file in |
| 22 | +the file share. The first user uses up the quota limit. When a second user starts their session, |
| 23 | +they receive the 'ephemeral storage' error message because Cloud Shell is unable to create another |
| 24 | +5-GiB image file. Also, notice that Cloud Shell created a 0-byte image file for the failed attempt. |
| 25 | + |
| 26 | +To support multiple users, you need to increase the file share quota to accommodate the number of |
| 27 | +users that share the same storage account. Increase the quota by 5 GiB per user. |
| 28 | + |
| 29 | +Here are the steps to perform |
| 30 | + |
| 31 | +1. Sign in to the Azure portal. |
| 32 | +1. Use the search bar to find your storage accounts |
| 33 | +1. On the **Storage accounts** page, select the storage account that you're using for the Azure |
| 34 | + Cloud Shell environment and view the details. |
| 35 | +1. From the left-hand menu, expand **Data storage** and select **File shares**. |
| 36 | +1. Locate the file share that you're using for the Azure Cloud Shell environment. |
| 37 | +1. On the file share for Cloud Shell, select the 3-dots menu. |
| 38 | +1. Select **Edit quota** from the menu. |
| 39 | +1. Change the **Quota** amount to the desired size. |
| 40 | +1. Select **OK** to save the change. |
| 41 | + |
| 42 | +> [!NOTE] |
| 43 | +> There's a 100-TiB size limit for the file share. |
| 44 | +
|
| 45 | +## Assign roles to the users that allow access to the storage resources |
| 46 | + |
| 47 | +To access the storage account and file share, each user needs to have the following role |
| 48 | +assignments: |
| 49 | + |
| 50 | +- **Reader and Data Access** or **Storage Account Contributor** |
| 51 | +- **Storage File Data Privileged Contributor** |
| 52 | + |
| 53 | +Apply the roles on the storage account. The file share inherits the role assignments from the |
| 54 | +storage account. |
| 55 | + |
| 56 | +Use the following steps to assign roles: |
| 57 | + |
| 58 | +1. Sign in to the Azure portal. |
| 59 | +1. Use the search bar to find your storage accounts |
| 60 | +1. On the **Storage accounts** page, select the storage account that you're using for the Azure |
| 61 | + Cloud Shell environment and view the details. |
| 62 | +1. From the left-hand menu, select **Access Control (IAM)**. |
| 63 | +1. In the details pane, select the **Role assignments** tab. |
| 64 | +1. In the header menu, select **+ Add** then select **Add role assignment** from the dropdown menu. |
| 65 | +1. Use the search field to search for **Reader and Data Access** and select it from the search |
| 66 | + results. |
| 67 | +1. Select **Next** on the bottom of the page to get to the **Members** tab. |
| 68 | +1. To add users to the role: |
| 69 | + 1. Select **+ Select members**. |
| 70 | + 1. In the **Select members** pane, search for the user |
| 71 | + 1. Select the user then use **Select** button at the bottom to add the user. |
| 72 | + 1. Repeat the process for each user. |
| 73 | +1. After adding the users, select **Next** to go to the **Review + assign** tab. |
| 74 | +1. Repeat the process for the **Storage File Data Privileged Contributor** role. |
| 75 | + |
| 76 | +## Summary |
| 77 | + |
| 78 | +In this article, you learned how to increase storage quotas for a file share and how to assign roles |
| 79 | +to users to allow access to storage resources in Azure. |
0 commit comments