SlideShare a Scribd company logo
1 of 10
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Flash Card – Security of
Azure Disk
Prepared by Lai
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Azure Disk Encryption Technologies
Azure Disk
Encryption
(AES 256 bit
encryption)Storage Service
Encryption (SSE)
Azure Disk Encryption
(ADE)
Perform on the
physical disk in the
datacenter
Enable on storage
account
Encrypt the VM virtual
disk
Use bitlocker
(Windows) and DM-
Crypt (Linux)
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Azure Disk Encryption(ADE) Prerequisites
1. Create a key vault
2. Set the key vault access policy to support disk encryption
3. Use the key vault to store the encryption keys for ADE
Encryption
key stored
in Azure Key
vault
ADE
requires key
vault and
VM are in
the same
region
Powershell:-
New-AZKeyVault
Azure CLI:
Az keyvault create
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Create Key Vault
Encryption
key stored
in Azure Key
vault
ADE requires
key vault and
VM are in the
same region
Powershell:-
New-AZKeyVault
Azure CLI:
Az keyvault create
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Key Vault Access Policies
Powershell
Azure CLI
Set-AzKeyVaultAccessPolicy
az keyvault update
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Encrypting an Existing VM Disk
Windows VM Linux VM
All disk or OS disk
to encrypt
Data disk encrypt
(some distro)
Powershell
Azure CLI
Set-AzVmDiskEncryptionExtension
az vm encryption enable
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Viewing the status of a disk
Powershell
Azure CLI
Get-AzVmDiskEncryptionStatus
az vm encryption
New disks added after encryption will not be automatically encrypted. You can re-
run the Set-AzVMDiskEncryptionExtension cmdlet to encrypt new disks
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Decrypting Drives
Powershell
Azure CLI
Disable-AzVMDiskEncryption
az vm encryption disable
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Automate Secure VM Deployment
• Use Azure Resource Manager Templates (JSON
files)
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Thank You

More Related Content

What's hot

GWAVACon 2013: Backup Strategies in Novell Environments
GWAVACon 2013: Backup Strategies in Novell EnvironmentsGWAVACon 2013: Backup Strategies in Novell Environments
GWAVACon 2013: Backup Strategies in Novell Environments
GWAVA
 
vCloudSync – Hybrid disaster recovery for Openstack
vCloudSync – Hybrid disaster recovery for OpenstackvCloudSync – Hybrid disaster recovery for Openstack
vCloudSync – Hybrid disaster recovery for Openstack
Vinothini Raju
 

What's hot (20)

TechWiseTV Workshop: Q&A 5th Generation UCS
TechWiseTV Workshop: Q&A 5th Generation UCSTechWiseTV Workshop: Q&A 5th Generation UCS
TechWiseTV Workshop: Q&A 5th Generation UCS
 
Webinar NETGEAR - Acronis e Netgear, una soluzione concreta per la virtualizz...
Webinar NETGEAR - Acronis e Netgear, una soluzione concreta per la virtualizz...Webinar NETGEAR - Acronis e Netgear, una soluzione concreta per la virtualizz...
Webinar NETGEAR - Acronis e Netgear, una soluzione concreta per la virtualizz...
 
GWAVACon 2013: Backup Strategies in Novell Environments
GWAVACon 2013: Backup Strategies in Novell EnvironmentsGWAVACon 2013: Backup Strategies in Novell Environments
GWAVACon 2013: Backup Strategies in Novell Environments
 
Jekyll
JekyllJekyll
Jekyll
 
Vmware training course
Vmware training courseVmware training course
Vmware training course
 
Iscsi adpater configuration on esxi 6.7 nas
Iscsi adpater configuration on esxi 6.7 nasIscsi adpater configuration on esxi 6.7 nas
Iscsi adpater configuration on esxi 6.7 nas
 
vista
vistavista
vista
 
vista
vistavista
vista
 
Mount10 india With Tridev Entertainment!
Mount10 india With Tridev Entertainment!Mount10 india With Tridev Entertainment!
Mount10 india With Tridev Entertainment!
 
WordPress Meetup Ieper - 15/03/2018 - WordPress Security Best Practices
WordPress Meetup Ieper - 15/03/2018 - WordPress Security Best PracticesWordPress Meetup Ieper - 15/03/2018 - WordPress Security Best Practices
WordPress Meetup Ieper - 15/03/2018 - WordPress Security Best Practices
 
vCloudSync – Hybrid disaster recovery for Openstack
vCloudSync – Hybrid disaster recovery for OpenstackvCloudSync – Hybrid disaster recovery for Openstack
vCloudSync – Hybrid disaster recovery for Openstack
 
The investigation of operating systems
The investigation of operating systems The investigation of operating systems
The investigation of operating systems
 
Mastering VMware datacenter
Mastering VMware datacenterMastering VMware datacenter
Mastering VMware datacenter
 
Fuel porting-prophetstor
Fuel porting-prophetstorFuel porting-prophetstor
Fuel porting-prophetstor
 
Puppet for Production in WebEx - PuppetConf 2013
Puppet for Production in WebEx - PuppetConf 2013Puppet for Production in WebEx - PuppetConf 2013
Puppet for Production in WebEx - PuppetConf 2013
 
Virtual Box Presentation
Virtual Box Presentation Virtual Box Presentation
Virtual Box Presentation
 
Mise en place d'un client VPN l2tp IPsec sous docker
Mise en place d'un client VPN l2tp IPsec sous dockerMise en place d'un client VPN l2tp IPsec sous docker
Mise en place d'un client VPN l2tp IPsec sous docker
 
Azure Backup component matrix
Azure Backup component matrixAzure Backup component matrix
Azure Backup component matrix
 
Nexsan E5000 Family / Familia E5000 Nexsan / Enterprise NAS
Nexsan E5000 Family / Familia E5000 Nexsan / Enterprise NASNexsan E5000 Family / Familia E5000 Nexsan / Enterprise NAS
Nexsan E5000 Family / Familia E5000 Nexsan / Enterprise NAS
 
VirtualBox Ubuntu Host Windows Guest
VirtualBox Ubuntu Host Windows GuestVirtualBox Ubuntu Host Windows Guest
VirtualBox Ubuntu Host Windows Guest
 

Similar to Flash card security-azure disk

Nexsan_E-Series Encryption at Rest SED_US_Eng
Nexsan_E-Series Encryption at Rest SED_US_EngNexsan_E-Series Encryption at Rest SED_US_Eng
Nexsan_E-Series Encryption at Rest SED_US_Eng
Deborah Lindquist
 
Cloud Foundry and OpenStack
Cloud Foundry and OpenStackCloud Foundry and OpenStack
Cloud Foundry and OpenStack
vadimspivak
 
Linux On V Mware ESXi
Linux On V Mware ESXiLinux On V Mware ESXi
Linux On V Mware ESXi
Masafumi Ohta
 

Similar to Flash card security-azure disk (20)

SCVM_Deployment_VMware_OVA.pdf
SCVM_Deployment_VMware_OVA.pdfSCVM_Deployment_VMware_OVA.pdf
SCVM_Deployment_VMware_OVA.pdf
 
Flash card caching and performance in azure storage disk
Flash card caching and performance in azure storage diskFlash card caching and performance in azure storage disk
Flash card caching and performance in azure storage disk
 
Flash card architect storage infrastructure in azure
Flash card architect storage infrastructure in azureFlash card architect storage infrastructure in azure
Flash card architect storage infrastructure in azure
 
Nexsan_E-Series Encryption at Rest SED_US_Eng
Nexsan_E-Series Encryption at Rest SED_US_EngNexsan_E-Series Encryption at Rest SED_US_Eng
Nexsan_E-Series Encryption at Rest SED_US_Eng
 
Back-ups: Hoe ze je kunnen redden van een cyberaanval
Back-ups: Hoe ze je kunnen redden van een cyberaanvalBack-ups: Hoe ze je kunnen redden van een cyberaanval
Back-ups: Hoe ze je kunnen redden van een cyberaanval
 
Flash Card- Architect Migration, Business Continuity and DR in Azure
Flash Card- Architect Migration, Business Continuity and DR in AzureFlash Card- Architect Migration, Business Continuity and DR in Azure
Flash Card- Architect Migration, Business Continuity and DR in Azure
 
SCVM_Deployment_VMware_ISO.pdf
SCVM_Deployment_VMware_ISO.pdfSCVM_Deployment_VMware_ISO.pdf
SCVM_Deployment_VMware_ISO.pdf
 
How to configure esx to pass an audit
How to configure esx to pass an auditHow to configure esx to pass an audit
How to configure esx to pass an audit
 
Web Werks Cloud Hosting FAQ
Web Werks Cloud Hosting FAQWeb Werks Cloud Hosting FAQ
Web Werks Cloud Hosting FAQ
 
Flash card introduction to azure vm
Flash card introduction to azure vmFlash card introduction to azure vm
Flash card introduction to azure vm
 
Xap memory xtend-tutorial-2014
Xap memory xtend-tutorial-2014Xap memory xtend-tutorial-2014
Xap memory xtend-tutorial-2014
 
Flash card Module 9- Manage Security Operation in Azure
Flash card  Module 9- Manage Security Operation in AzureFlash card  Module 9- Manage Security Operation in Azure
Flash card Module 9- Manage Security Operation in Azure
 
Cloud Array : Exploitez le stockage Cloud en toute simplicité
Cloud Array : Exploitez le stockage Cloud en toute simplicitéCloud Array : Exploitez le stockage Cloud en toute simplicité
Cloud Array : Exploitez le stockage Cloud en toute simplicité
 
XPDS16: AMD's virtualization memory encryption technology - Brijesh Singh, A...
XPDS16:  AMD's virtualization memory encryption technology - Brijesh Singh, A...XPDS16:  AMD's virtualization memory encryption technology - Brijesh Singh, A...
XPDS16: AMD's virtualization memory encryption technology - Brijesh Singh, A...
 
Kubestr browse2021.pptx
Kubestr browse2021.pptxKubestr browse2021.pptx
Kubestr browse2021.pptx
 
Guia instalacion SQL Server Denali
Guia instalacion SQL Server DenaliGuia instalacion SQL Server Denali
Guia instalacion SQL Server Denali
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key Vault
 
Cloud Foundry and OpenStack
Cloud Foundry and OpenStackCloud Foundry and OpenStack
Cloud Foundry and OpenStack
 
Linux On V Mware ESXi
Linux On V Mware ESXiLinux On V Mware ESXi
Linux On V Mware ESXi
 
Deploying FuseMQ with Fuse Fabric
Deploying FuseMQ with Fuse FabricDeploying FuseMQ with Fuse Fabric
Deploying FuseMQ with Fuse Fabric
 

More from Yoong Seng Lai

More from Yoong Seng Lai (14)

Evacuate Backup Data from Normal Repository to Dedup Appliance
Evacuate Backup Data from Normal Repository to Dedup ApplianceEvacuate Backup Data from Normal Repository to Dedup Appliance
Evacuate Backup Data from Normal Repository to Dedup Appliance
 
Flash card Module 12-Administer Container in Azure
Flash card Module 12-Administer Container in AzureFlash card Module 12-Administer Container in Azure
Flash card Module 12-Administer Container in Azure
 
Flash Card Module 10-Implement Resource Management Security in Azure
Flash Card Module 10-Implement Resource Management Security in AzureFlash Card Module 10-Implement Resource Management Security in Azure
Flash Card Module 10-Implement Resource Management Security in Azure
 
Flash card Module 8-Manage Identity and Access in Azure Active Directory
Flash card Module 8-Manage Identity and Access in Azure Active DirectoryFlash card Module 8-Manage Identity and Access in Azure Active Directory
Flash card Module 8-Manage Identity and Access in Azure Active Directory
 
Flash Card : Manage Resources in Azure
Flash Card : Manage Resources in AzureFlash Card : Manage Resources in Azure
Flash Card : Manage Resources in Azure
 
Flash Card-Architect Compute Infrastructure in Azure
Flash Card-Architect Compute Infrastructure in AzureFlash Card-Architect Compute Infrastructure in Azure
Flash Card-Architect Compute Infrastructure in Azure
 
Flash Card -Architect Infrastructure Operation in Azure
Flash Card -Architect Infrastructure Operation in AzureFlash Card -Architect Infrastructure Operation in Azure
Flash Card -Architect Infrastructure Operation in Azure
 
Flash card architect network infra in azure
Flash card architect network infra in azureFlash card architect network infra in azure
Flash card architect network infra in azure
 
Flash card managing using azure cli
Flash card managing using azure cliFlash card managing using azure cli
Flash card managing using azure cli
 
Flash card health monitoring of azure vm
Flash card health monitoring of azure vmFlash card health monitoring of azure vm
Flash card health monitoring of azure vm
 
Flash card azure disk
Flash card azure diskFlash card azure disk
Flash card azure disk
 
Flash card azure automation state
Flash card azure automation stateFlash card azure automation state
Flash card azure automation state
 
Extending Availability to the Cloud
Extending Availability to the CloudExtending Availability to the Cloud
Extending Availability to the Cloud
 
Business Continuity with Disaster Recovery
Business Continuity with Disaster RecoveryBusiness Continuity with Disaster Recovery
Business Continuity with Disaster Recovery
 

Recently uploaded

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Recently uploaded (20)

How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development Companies
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software Engineering
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Decarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceDecarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational Performance
 
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseNavigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern Enterprise
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
 

Flash card security-azure disk

  • 1. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Flash Card – Security of Azure Disk Prepared by Lai
  • 2. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Azure Disk Encryption Technologies Azure Disk Encryption (AES 256 bit encryption)Storage Service Encryption (SSE) Azure Disk Encryption (ADE) Perform on the physical disk in the datacenter Enable on storage account Encrypt the VM virtual disk Use bitlocker (Windows) and DM- Crypt (Linux)
  • 3. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Azure Disk Encryption(ADE) Prerequisites 1. Create a key vault 2. Set the key vault access policy to support disk encryption 3. Use the key vault to store the encryption keys for ADE Encryption key stored in Azure Key vault ADE requires key vault and VM are in the same region Powershell:- New-AZKeyVault Azure CLI: Az keyvault create
  • 4. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Create Key Vault Encryption key stored in Azure Key vault ADE requires key vault and VM are in the same region Powershell:- New-AZKeyVault Azure CLI: Az keyvault create
  • 5. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Key Vault Access Policies Powershell Azure CLI Set-AzKeyVaultAccessPolicy az keyvault update
  • 6. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Encrypting an Existing VM Disk Windows VM Linux VM All disk or OS disk to encrypt Data disk encrypt (some distro) Powershell Azure CLI Set-AzVmDiskEncryptionExtension az vm encryption enable
  • 7. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Viewing the status of a disk Powershell Azure CLI Get-AzVmDiskEncryptionStatus az vm encryption New disks added after encryption will not be automatically encrypted. You can re- run the Set-AzVMDiskEncryptionExtension cmdlet to encrypt new disks
  • 8. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Decrypting Drives Powershell Azure CLI Disable-AzVMDiskEncryption az vm encryption disable
  • 9. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Automate Secure VM Deployment • Use Azure Resource Manager Templates (JSON files)
  • 10. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Thank You