Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Flash card security-azure disk

86 views

Published on

Flash card security-azure disk

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Flash card security-azure disk

  1. 1. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Flash Card – Security of Azure Disk Prepared by Lai
  2. 2. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Azure Disk Encryption Technologies Azure Disk Encryption (AES 256 bit encryption)Storage Service Encryption (SSE) Azure Disk Encryption (ADE) Perform on the physical disk in the datacenter Enable on storage account Encrypt the VM virtual disk Use bitlocker (Windows) and DM- Crypt (Linux)
  3. 3. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Azure Disk Encryption(ADE) Prerequisites 1. Create a key vault 2. Set the key vault access policy to support disk encryption 3. Use the key vault to store the encryption keys for ADE Encryption key stored in Azure Key vault ADE requires key vault and VM are in the same region Powershell:- New-AZKeyVault Azure CLI: Az keyvault create
  4. 4. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Create Key Vault Encryption key stored in Azure Key vault ADE requires key vault and VM are in the same region Powershell:- New-AZKeyVault Azure CLI: Az keyvault create
  5. 5. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Key Vault Access Policies Powershell Azure CLI Set-AzKeyVaultAccessPolicy az keyvault update
  6. 6. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Encrypting an Existing VM Disk Windows VM Linux VM All disk or OS disk to encrypt Data disk encrypt (some distro) Powershell Azure CLI Set-AzVmDiskEncryptionExtension az vm encryption enable
  7. 7. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Viewing the status of a disk Powershell Azure CLI Get-AzVmDiskEncryptionStatus az vm encryption New disks added after encryption will not be automatically encrypted. You can re- run the Set-AzVMDiskEncryptionExtension cmdlet to encrypt new disks
  8. 8. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Decrypting Drives Powershell Azure CLI Disable-AzVMDiskEncryption az vm encryption disable
  9. 9. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Automate Secure VM Deployment • Use Azure Resource Manager Templates (JSON files)
  10. 10. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Thank You

×