Azure Virtual Machines Flashcards
When would I use a Standard SSD?
Moderate performance, suitable for workloads with lower IOPS and throughput
When would I use a Premium SSD v2?
Higher performance with IOPS and throughput configurable based on VM size
What IOPS has a Premium SSD v2?
IOPS are defined using disk size, IOPS up to 80K
What IOPS has a Standard SSD?
IOPS are defined using disk size, IOPS up to 6K
I have a single Premium SSD v2 and wnat to increase its IOPS; how can iu do this?
Increase the disk size and the IOPS increase.
What latency has Premium SSD v2?
Low latency for consistent performance
What latency has Standard SSD?
Moderate latency; may not meet high-performance needs
In azure, when you set the disk encryption to Volume Type all, what are you doing?
(This is older thinking, today Azure has hardware based encryption using Server-Side Encryption (SSE) for Managed Disks)
When you set the disk encryption to VolumeType: All in Azure, you are configuring BitLocker to encrypt both the operating system and data volumes of a virtual machine (VM).
What is Server-Side Encryption (SSE) for Managed Disks?
Managed Disks in Azure have server-side encryption (SSE) with 256-bit AES encryption, enabled by default. SSE encrypts data at rest automatically without requiring any additional setup, and this includes OS disks, data disks, and temporary disks.
Is Azure have server-side encryption (SSE) hardware offloaded?
Yes, Azure offers server-side encryption (SSE) with hardware offloading through its Encryption at Host feature.
This feature ensures that data is encrypted at rest using hardware-based encryption mechanisms, providing end-to-end encryption for your virtual machine (VM) data.
What are Azure Confidential Computing?
In Azure, can you enable disk encryption for all virtual machines?
Yes,
In Azure, you can enable disk encryption for your virtual machines (VMs) using Azure Disk Encryption (ADE). ADE utilizes BitLocker for Windows VMs and DM-Crypt for Linux VMs to provide full disk encryption for both operating system and data disks. This feature integrates with Azure Key Vault, allowing you to manage and control the encryption keys.
For Azure VM Scale Set, how many days of history does n predictive auto-scaling require?
Seven historical days are required, but the most accurate is fifteen days.
For Azure Virtual Disks, is the encryption using bitlocker?
No, Azure Managed Disks are encrypted at rest by default using server-side encryption (SSE) with platform-managed keys, employing 256-bit AES encryption. Azure Storage handles this encryption and does not utilize BitLocker.
For Azure Managed Virtual Disks, can you use customer-managed keys?
Yes, you can use customer-managed keys (CMK) to encrypt Azure Managed Disks. This approach provides greater control over encryption keys, allowing you to meet specific compliance and security requirements. Azure integrates with Azure Key Vault, enabling you to manage your own keys for server-side encryption of managed disks.
To implement customer-managed keys for Azure Managed Disks, follow these steps:
Set Up an Azure Key Vault: Create a Key Vault to store your encryption keys. Ensure that soft delete and purge protection are enabled to prevent accidental key deletion.
Create or Import a Key: Within the Key Vault, generate a new RSA key or import an existing one. Supported key sizes are 2048-bit, 3072-bit, and 4096-bit.
Create a Disk Encryption Set: This resource links your managed disks to the Key Vault. When creating the Disk Encryption Set, specify the Key Vault and key you intend to use.
Assign Permissions: Grant the Disk Encryption Set’s managed identity the necessary permissions (wrapKey, unwrapKey, get) to access the key in your Key Vault.
Encrypt Disks: Associate your managed disks with the Disk Encryption Set to enable encryption using your customer-managed key.
Please note the following considerations:
Regional and Subscription Alignment: The Disk Encryption Set, Key Vault, virtual machines, disks, and snapshots must reside in the same Azure region and subscription.
Key Vault Requirements: The Key Vault must have soft delete and purge protection enabled.
For Azure Managed Virtual Disks, what encryption is used for encryption of the disk?
Azure Managed Disks are encrypted using 256-bit Advanced Encryption Standard (AES) encryption, which is FIPS 140-2 compliant. This encryption is applied transparently to data at rest, ensuring that your data is securely protected without impacting performance.
By default, Azure employs server-side encryption with platform-managed keys for all managed disks. For enhanced control over encryption keys, you have the option to use customer-managed keys stored in Azure Key Vault. This approach allows you to manage and rotate your encryption keys according to your organization’s security policies.
Additionally, Azure offers Azure Disk Encryption, which utilizes BitLocker for Windows VMs and DM-Crypt for Linux VMs to provide volume-level encryption within the virtual machine. This method integrates with Azure Key Vault for key management and is particularly useful for scenarios requiring end-to-end encryption, including temporary disks and disk caches.
For scenarios requiring encryption of temporary disks and disk caches, Azure provides the “encryption at host” feature. This option ensures that all data stored on the VM host is encrypted at rest and flows encrypted to the Storage service, offering end-to-end encryption for your VM data.
In summary, Azure Managed Disks are encrypted using robust 256-bit AES encryption by default, with options available for customer-managed keys and additional encryption features to meet various security and compliance requirements.
What is the FIPS level of Azure Managed Virtual encryption?
FIPS 140-2 compliant.
What type of encryption is Azure Managed Virtual disk using?
Server side transparent encryption
In Azure Managed Disk do you pay for used capacity or provisioned capacity?
You pay for provisioned capacity.
How many IOPS has the managed disk types in Azure?
Ultra Disk (400,000 IOPS)
Premium disk v2 (80,000 IOPS)
Premium disk (20,000 IOPS)
Standard SSD (6,000 IOPS)
Standard HDD (2,000 IOPS)