These settings are mandatory when using a Key Vault for encrypting managed disks. These settings protect you from losing data due to accidental deletion. Purge protection ensures that a deleted key cannot be permanently deleted until the retention period lapses. Soft delete ensures that the Key Vault holds a deleted key for a given retention period (90 day default). When creating the Key Vault instance, you must enable soft delete and purge protection. First, you will need to create and set up an Azure Key Vault. Setting up customer-managed keys for your disks will require you to create resources in a particular order, if you're doing it for the first time. Once the feature is enabled, you'll need to set up an Azure Key Vault and a disk encryption set, if you haven't already. Create an Azure Key Vault and disk encryption set Deploy a VM with customer-managed keysĪlternatively, you can use customer-managed keys to encrypt your disk caches. You have now deployed a VM with encryption at host enabled, and the cache for the disk is encrypted using platform-managed keys. Make the remaining selections as you like.įinish the VM deployment process, make selections that fit your environment. On the Disks pane, select Encryption at host. Search for Virtual Machines and select + Add to create a VM.Ĭreate a new virtual machine, select an appropriate region and a supported VM size.įill in the other values on the Basic pane as you like, then proceed to the Disks pane. Encryption at host is not currently visible in the public Azure portal without using the link. You must use the provided link to access the Azure portal. Sign in to the Azure portal using the provided link. Get-AzProviderFeature -FeatureName "EncryptionAtHost" -ProviderNamespace "Microsoft.Compute" Follow the steps below to enable the feature for your subscription:Īzure portal: Select the Cloud Shell icon on the Azure portal:Įxecute the following command to register the feature for your subscription Register-AzProviderFeature -FeatureName "EncryptionAtHost" -ProviderNamespace "Microsoft.Compute"Ĭonfirm that the registration state is Registered (takes a few minutes) using the command below before trying out the feature. You must enable the feature for your subscription before you use the EncryptionAtHost property for your VM/VMSS. You can find the list of supported VM sizes by either using the Azure PowerShell module or Azure CLI.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |