Direct mount of an Azure file share:

@prasantc Firstly, apologies for the delay in responding here and any inconvenience this issue may have caused.

1) I would think that with a 50Mbps symmetric pipe, direct access should work - but again, how many users are accessing how big files concurrently and what else is using that pipe. So a local cache for general purpose file scenarios - especially since there is active usage (hot files) involved, generally pays dividends. So I'd look into AFS.

2) I would recommend to use Azure File Sync is superior in so many ways to the old offline cache. When domain joining the server, please have the server use a normal domain join process, where the server get's it's own object in AD. For the ACLs to work, it just needs to be against the same AD as the ACLs on the files in the file share. Typically a 20% cache on-prem for hot data is sufficient... You also need to add some additional free space to the on-prem footprint: whatever your 20% of the data in the share is - take that number and add additional free space for files to come down from the cloud, users bursting new sets of files onto the server, etc. Just to reserve some free space.

3) For the perf issues, please email to me via AZCommunity[AT]microsoft.com with a link to this Issue Please mention "ATTN subm" in the subject field. We would like to work closer with you on this matter.

Hope this helps!

Kindly let us know if the above helps or you need further assistance on this issue.

Please don’t forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

@prasantc For considering direct cloud access vs. VPN to corpnet, I’d consider not only network speed, but also ease of connectivity and cost. If you have already has their end users setup to VPN into corpnet that might be the easiest thing to do and it avoids some egress costs because they can read from the AFS cache.

If they are doing creative stuff with Adobe, using WVD is probably the best approach such that the storage is located near compute and they can be sure they get great performance.

“can I use file sync after the all the file share data has been migrated to the cloud?”. Yes, they can use file sync after the data is migrated. You should keep in mind that if you are doing direct cloud access in combination with file sync that there is a delay syncing direct cloud changes to the file sync endpoints. You can avoid that delay by using a file sync running in IaaS if they need immediate sync everywhere.
Also here are some additional details on working from home/anywhere with Azure Files:
Working from home with Azure file shares.
There are several ways to connect to Azure Files from home.
For this article we will assume that you want to use Active Directory to secure access to files and your machine is AD joined. You could also connect using a shared storage account key as described here.
There are three primary options to consider

1. VPN into your corporate network.
2. Point to Site (P2S) VPN to connect your home PC to Azure
3. MyWorkDrive (3rd party product) to eliminate the need for VPN and access your files via a web browser or mapped drive client.

You may even consider a combination of these access methods for different end users.

VPN Into Corporate Network
Many corporations have VPN connectivity into their corporate network already setup. If the customer has already setup access to Azure files shares from corpnet, this I the most straightforward method. How to connect to Azure files from corporate network.

Point to Site VPN to connect home PC to Azure
In order to use AD, the users machine will need network access to both an Active Directory domain controller and Azure file share.
Running an AD server in IaaS is the most common method. Syncing AD credentials to AAD is not enough, you must have a domain controller accessible to the home computer.
Rather than running AD in Azure, it would also be possible to setup a Site to Site VPN or Expressroute connection from the corporate network where AD is running to Azure. This way when the user does a P2S VPN connection to Azure they can connect to AD through the always-on connectivity between their corporate network and Azure.
How to setup P2S VPN with Azure Files.

My Work Drive

MyWorkDrive eliminates the need for the client machine to use VPN and also eliminates the need for the client machine to be AD joined. Need to access files from the family computer, no problem! MyWorkDrive even includes integration with Office365 online so you can edit your documents right in the web browser.
My Work Drive allows three modes of accessing files
(1) Web Browser. This requires no software installation and can be accessed from anywhere including mobile devices.
(2) Mapped Drive Agent. This requires installation of an agent on your machine and will make your files appear as a drive on your computer. No VPN required because the mapped drive client works over HTTPs.
(3) Mobile App for iPhone and Android.
MyWorkDrive is installed on a Windows Server and connected to an Azure file share. It can be run in on-premises and connected to an Azure File Sync instance or could be run in Azure. In either case, MyWorkDrive will need connectivity to an Active Directory Domain Controller.
How to Setup MyWorkDrive with Azure Files

Kindly let us know if the above helps or you need further assistance on this issue.

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Please don’t forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

@Sumarigo-MSFT Thanks for the detail response. The above response is sufficient to accept as answer. However, I have one more query about VPN users -

Considering 70% of the user volumes are working from home. Would sync server really help in this situation, if they are accessing from home network with 80/10 mbps home network, connecting to cisco vpn and accessing files through EP. I can see cache server would really be helpful for on prem users.
For remote user would it be helpful to bump up the EP or backup vpn gateway speed and setup point-to-site az vpn instead adding two more hops with cisco vpn (user+on prem data center + ep).

If noting works to improve the PDF performance after analyzing all cost effective option for a year or so. I may have to go with WVD and use Adobe DC only as virtual app and point IE add-in and chrome add-in to use virtual Acrobat DC app. If I am using for PDF only then I may be able run 40 user session with 32 GB RAM on D2S series VM but that is something after testing azure p2s, bumping EP to 200 mbps and nothing works then WVD.

Additionally, can I use filesync after the all the file share data has been migrated to the cloud?

@prasantc Just checking in to see if the above answer helped. If this answers your query, do click “Mark as Answer” and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.