Azure Virtual Machines

Question 1

When would I use a Standard SSD?

Answer 1

Moderate performance, suitable for workloads with lower IOPS and throughput

Question 2

When would I use a Premium SSD v2?

Answer 2

Higher performance with IOPS and throughput configurable based on VM size

Question 3

What IOPS has a Premium SSD v2?

Answer 3

IOPS are defined using disk size, IOPS up to 80K

Question 4

What IOPS has a Standard SSD?

Answer 4

IOPS are defined using disk size, IOPS up to 6K

Question 5

I have a single Premium SSD v2 and wnat to increase its IOPS; how can iu do this?

Answer 5

Increase the disk size and the IOPS increase.

Question 6

What latency has Premium SSD v2?

Answer 6

Low latency for consistent performance

Question 7

What latency has Standard SSD?

Answer 7

Moderate latency; may not meet high-performance needs

Question 8

In azure, when you set the disk encryption to Volume Type all, what are you doing?

Answer 8

(This is older thinking, today Azure has hardware based encryption using Server-Side Encryption (SSE) for Managed Disks)
When you set the disk encryption to VolumeType: All in Azure, you are configuring BitLocker to encrypt both the operating system and data volumes of a virtual machine (VM).

Question 9

What is Server-Side Encryption (SSE) for Managed Disks?

Answer 9

Managed Disks in Azure have server-side encryption (SSE) with 256-bit AES encryption, enabled by default. SSE encrypts data at rest automatically without requiring any additional setup, and this includes OS disks, data disks, and temporary disks.

Question 10

Is Azure have server-side encryption (SSE) hardware offloaded?

Answer 10

Yes, Azure offers server-side encryption (SSE) with hardware offloading through its Encryption at Host feature.
This feature ensures that data is encrypted at rest using hardware-based encryption mechanisms, providing end-to-end encryption for your virtual machine (VM) data.

Question 11

What are Azure Confidential Computing?

Question 12

In Azure, can you enable disk encryption for all virtual machines?

Answer 12

Yes,

In Azure, you can enable disk encryption for your virtual machines (VMs) using Azure Disk Encryption (ADE). ADE utilizes BitLocker for Windows VMs and DM-Crypt for Linux VMs to provide full disk encryption for both operating system and data disks. This feature integrates with Azure Key Vault, allowing you to manage and control the encryption keys.

Question 13

For Azure VM Scale Set, how many days of history does n predictive auto-scaling require?

Answer 13

Seven historical days are required, but the most accurate is fifteen days.

Question 14

For Azure Virtual Disks, is the encryption using bitlocker?

Answer 14

No, Azure Managed Disks are encrypted at rest by default using server-side encryption (SSE) with platform-managed keys, employing 256-bit AES encryption. Azure Storage handles this encryption and does not utilize BitLocker.

Question 15

For Azure Managed Virtual Disks, can you use customer-managed keys?

Answer 15

Yes, you can use customer-managed keys (CMK) to encrypt Azure Managed Disks. This approach provides greater control over encryption keys, allowing you to meet specific compliance and security requirements. Azure integrates with Azure Key Vault, enabling you to manage your own keys for server-side encryption of managed disks.

To implement customer-managed keys for Azure Managed Disks, follow these steps:

Set Up an Azure Key Vault: Create a Key Vault to store your encryption keys. Ensure that soft delete and purge protection are enabled to prevent accidental key deletion.

Create or Import a Key: Within the Key Vault, generate a new RSA key or import an existing one. Supported key sizes are 2048-bit, 3072-bit, and 4096-bit.

Create a Disk Encryption Set: This resource links your managed disks to the Key Vault. When creating the Disk Encryption Set, specify the Key Vault and key you intend to use.

Assign Permissions: Grant the Disk Encryption Set’s managed identity the necessary permissions (wrapKey, unwrapKey, get) to access the key in your Key Vault.

Encrypt Disks: Associate your managed disks with the Disk Encryption Set to enable encryption using your customer-managed key.

Please note the following considerations:
Regional and Subscription Alignment: The Disk Encryption Set, Key Vault, virtual machines, disks, and snapshots must reside in the same Azure region and subscription.

Key Vault Requirements: The Key Vault must have soft delete and purge protection enabled.

Question 16

For Azure Managed Virtual Disks, what encryption is used for encryption of the disk?

Answer 16

Azure Managed Disks are encrypted using 256-bit Advanced Encryption Standard (AES) encryption, which is FIPS 140-2 compliant. This encryption is applied transparently to data at rest, ensuring that your data is securely protected without impacting performance.

By default, Azure employs server-side encryption with platform-managed keys for all managed disks. For enhanced control over encryption keys, you have the option to use customer-managed keys stored in Azure Key Vault. This approach allows you to manage and rotate your encryption keys according to your organization’s security policies.

Additionally, Azure offers Azure Disk Encryption, which utilizes BitLocker for Windows VMs and DM-Crypt for Linux VMs to provide volume-level encryption within the virtual machine. This method integrates with Azure Key Vault for key management and is particularly useful for scenarios requiring end-to-end encryption, including temporary disks and disk caches.

For scenarios requiring encryption of temporary disks and disk caches, Azure provides the “encryption at host” feature. This option ensures that all data stored on the VM host is encrypted at rest and flows encrypted to the Storage service, offering end-to-end encryption for your VM data.

In summary, Azure Managed Disks are encrypted using robust 256-bit AES encryption by default, with options available for customer-managed keys and additional encryption features to meet various security and compliance requirements.

Question 17

What is the FIPS level of Azure Managed Virtual encryption?

Answer 17

FIPS 140-2 compliant.

Question 18

What type of encryption is Azure Managed Virtual disk using?

Answer 18

Server side transparent encryption

Question 19

In Azure Managed Disk do you pay for used capacity or provisioned capacity?

Answer 19

You pay for provisioned capacity.

Question 20

How many IOPS has the managed disk types in Azure?

Answer 20

Ultra Disk (400,000 IOPS)
Premium disk v2 (80,000 IOPS)
Premium disk (20,000 IOPS)
Standard SSD (6,000 IOPS)
Standard HDD (2,000 IOPS)

Question 21

Can you use Azure Managed Disk Ultra disk as the operating system disk?

Answer 21

No

Question 22

Can you use Azure Managed Disk Premium Disk v2 as the operating system disk?

Answer 22

No

Question 23

Can you use Azure Managed Disk Premium Disk as the operating system disk?

Answer 23

Yes

Question 24

Can you use Azure Managed Disk Standard as the operating system disk?

Answer 24

Yes

Question 25

What Azure Managed Disk type do i use for sub ms latency and extreme IOPS?

Answer 25

Ultra disk

Question 26

What Azure Managed Disk type do i use for sub ms latency and high IOPS?

Answer 26

Premium Disk (v2)

Question 27

What Azure Managed Disk would i use for long term storage?

Answer 27

Standard HDD

Question 28

What Azure Managed Disk would i use for entry level storage?

Answer 28

Standard disk

Question 29

Do Azure Managed Disk Premium have burst capabilities?

Answer 29

Yes

Question 30

Do Azure Managed Disk Standard have burst capabilities?

Answer 30

No

Question 31

For Azure Managed Disk how are backups taken?

Answer 31

They are incremental snapshots and are stored with the first full snapshot on SSD and further incremental snapshots been incremental, they are stored in what is refer to as Azure Backup Vault, but are infect not copied to azure storage account storage but live local and are what are referred to as operational backups.

Question 32

For Ultra Azure Managed Disk how can we get more IOPS?

Answer 32

Increasing the capacity, capacity and IOPS are linked.

Question 33

I want to be able to select a different performance for my disk, what pricing tier supports the ability to select managed disk performance separate form the storage size?

Answer 33

To select a performance level for your Azure managed disk independently of its storage size, you should use Premium SSD v2 or Ultra Disks. These disk types allow you to configure performance parameters such as IOPS (Input/Output Operations Per Second) and throughput separately from the disk’s capacity.

Premium SSD v2:
Performance Configuration: You can provision the exact IOPS and throughput needed without increasing the disk size.
Use Cases: Ideal for performance-sensitive workloads requiring consistent low latency and high throughput, such as databases and transaction-intensive applications.
Pricing: Charges are based on the provisioned capacity, IOPS, and throughput. For detailed pricing, refer to Azure’s Managed Disks Pricing.

Ultra Disks:
Performance Configuration: Offers the highest performance with the ability to adjust IOPS and throughput independently of disk size.
Use Cases: Suited for data-intensive workloads like SAP HANA and top-tier databases.
Pricing: Billing is based on provisioned capacity, IOPS, and throughput. More information is available on Azure’s Managed Disks Pricing.

Question 34

When using Azure Managed Disk on the standard pricing tier, am I guaranteed the performance?

Answer 34

When using Azure Managed Disks on the Standard pricing tiers—Standard SSD and Standard HDD—performance is not guaranteed. These tiers are designed for cost-effective storage and are suitable for workloads with lower performance requirements.

Standard SSD:
Performance Characteristics: Offers consistent performance for general-purpose workloads.
Use Cases: Ideal for web servers, lightly used enterprise applications, and dev/test environments.
Performance Guarantees: Does not provide guaranteed performance levels.

Standard HDD:
Performance Characteristics: Provides the lowest cost per GB among managed disk options, suitable for infrequent access workloads.
Use Cases: Best for backup, non-critical, and infrequently accessed data.
Performance Guarantees: Does not offer guaranteed performance levels.
For workloads that require consistent and predictable performance, consider using Premium SSD or Ultra Disks. These tiers are designed for high-performance needs and offer guaranteed performance metrics. For detailed information on Azure managed disk types and their performance characteristics, refer to Microsoft’s documentation:

Question 35

When using Azure Managed Disk on the premium pricing tier, am I guaranteed the performance?

Answer 35

Yes, when you use Azure Managed Disks on the Premium SSD tier, Azure guarantees the performance levels specified for each disk size. For example, a P50 disk provides 7,500 IOPS and 250 MB/sec throughput. These performance metrics are provisioned and maintained by Azure to ensure consistent performance for your workloads.
MICROSOFT LEARN

It’s important to note that while the disk itself offers guaranteed performance, the virtual machine (VM) to which the disk is attached also has its own performance limits. Each VM size has specific IOPS and throughput caps. For instance, a Standard GS5 VM has a maximum IOPS limit of 80,000. Therefore, to fully utilize the disk’s performance capabilities, ensure that your VM’s performance limits align with or exceed those of the attached disk.
MICROSOFT LEARN

By appropriately matching your VM size with your Premium SSD Managed Disk, you can achieve the guaranteed performance levels necessary for your applications.

Question 36

When using Azure Managed Disk on the ultra pricing tier, am I guaranteed the performance?

Answer 36

Yes, when using Azure Managed Disks on the Ultra Disk tier, you are guaranteed the provisioned performance levels. Ultra Disks are designed to deliver consistent performance with low sub-millisecond latency, ensuring that the provisioned IOPS (Input/Output Operations Per Second) and throughput are met 99.99% of the time.

This high level of performance consistency makes Ultra Disks suitable for data-intensive workloads such as SAP HANA, top-tier databases, and transaction-heavy applications. Additionally, Ultra Disks offer the flexibility to dynamically adjust performance parameters (IOPS and throughput) without the need to restart your virtual machines, allowing you to scale performance in line with your workload demands

Question 37

What is Azure Managed Disk on-demand bursting?

Answer 37

zure Managed Disk on-demand bursting is a feature that allows Premium SSD managed disks larger than 512 GiB to temporarily exceed their provisioned performance limits, providing higher IOPS (Input/Output Operations Per Second) and throughput when needed. This capability is particularly useful for handling unexpected spikes in workload demand without permanently allocating higher performance levels.

Key aspects of on-demand bursting:

Eligibility: Available for Premium SSD managed disks larger than 512 GiB. Disks of 512 GiB or smaller utilize credit-based bursting instead.

Performance Increase: Enables disks to burst up to 30,000 IOPS and 1,000 MB/s throughput, depending on the disk size and region.

Cost Implications: Involves an hourly burst enablement fee and additional charges for transactions exceeding the provisioned performance targets.

Activation: Must be explicitly enabled by the user and can only be activated when the disk is detached from a VM or when the VM is stopped.

Question 38

If i want to have the ability to prevision different storage, throughput and iops, what disk type do i need in Azure Managed Disks?

Answer 38

Ultra disk

Question 39

Do you have bursting on ultra disk?

Answer 39

No

Question 40

What is the default storage redundancy for Azure Managed Disk?

Answer 40

LRS

Question 41

If i want a shared Azure Managed Disk, is this possible?

Answer 41

Yes for premium and ultra

Question 42

Can I have ZRS for Azure Managed Disk??

Answer 42

Yes for SSD Standard and Premium

Question 43

Can you increase a managed disk larger?

Answer 43

Yes

Question 44

Can you decrease a managed disk larger?

Answer 44

No

Question 45

When i am selecting a azure virtual disk, do i have to be concerned about the VM capabilities?

Answer 45

Yes, you need to match the VM IOPS/Throughput have to be matched to the Azure Virtual Disk IOPS/Throughput.

Question 46

For Azure Managed Disks with bursting, what is the default length of time i can burst?

Answer 46

30min.

Question 47

How do Managed Disks bursting work?

Answer 47

When your disk IOPS/Throughput is above the disk allowed for its pricing tier, burst credits come out of the bucket, below the pricing tier credit go into the bucket up to the max of 30 min.

Question 48

What is the % availability for an azure managed disk?

Answer 48

99.999% availability

Question 49

Where is the data stored for an Azure managed disk?

Answer 49

It depends:

LRS for Premium SSD (v2), Standard SSD, Standard HDD, Ultra
ZRS for Premium SSD , Standard SSD

Question 50

Azure managed disk can you select a Zone for LRS?

Answer 50

Yes, LRS means you can select a Zone where you storage for your disk resides.

Question 51

Is Azure managed disk encrypted by default?

Answer 51

Yes, you can use customer of azure managed keys.

Question 52

You need to ensure your virtual machine boot and data volumes are encrypted. Your virtual machine is already deployed using an Azure Marketplace Windows OS image and managed disks. Which 2 of the following tasks should you complete to enable the required encryption?

(Choose 2)

Configure Secure Transfer Required

Create an Azure Key Vault

Migrate to Unmanaged Disks

Configure Azure Disk Encryption

Configure Azure Storage Service Encryption

Answer 52

Create an Azure Key Vault
Azure Key Vault is required to store the encryption keys used by Azure Disk Encryption for encrypting boot and data volumes.

Configure Azure Disk Encryption
Azure Disk Encryption is the mechanism used to encrypt virtual machine disks (boot and data volumes) for both Linux and Windows VMs.