Azure Disk
Encryption for IaaS VMs
Microsoft Azure is committed to ensuring your data privacy
and data sovereignty. Azure enables you to control your Azure-hosted data
through a range of advanced technologies to encrypt, control and manage
encryption keys, and control and audit access of data. This control provides
Azure customers with the flexibility to choose the solution that best meets
their business needs.
Azure Disk
encryption using application and Key Vault.
# Step 1: Create a new resource group and key vault in the
same location.
# To use an existing resource group, comment out the line
for New-AzureRmResourceGroup
$Location = 'Location';
$rgname = 'Your
resource group name';
$KeyVaultName =
'Your Vault Name';
New-AzureRmResourceGroup –Name $rgname –Location $Location;
New-AzureRmKeyVault
-VaultName $KeyVaultName -ResourceGroupName $rgname -Location $Location;
$KeyVault =
Get-AzureRmKeyVault -VaultName $KeyVaultName -ResourceGroupName $rgname;
$KeyVaultResourceId = (Get-AzureRmKeyVault -VaultName $KeyVaultName
-ResourceGroupName $rgname).ResourceId;
$diskEncryptionKeyVaultUrl = (Get-AzureRmKeyVault -VaultName
$KeyVaultName -ResourceGroupName $rgname).VaultUri;
#Step 2: Enable the vault for disk encryption.
Set-AzureRmKeyVaultAccessPolicy -VaultName $KeyVaultName -ResourceGroupName
$rgname -EnabledForDiskEncryption;
#Step 3: Create a new key in the key vault with the
Add-AzureKeyVaultKey cmdlet.
$keyEncryptionKeyName = 'Your KeyName';
Add-AzureKeyVaultKey -VaultName $KeyVaultName -Name
$keyEncryptionKeyName -Destination 'Software';
$keyEncryptionKeyUrl = (Get-AzureKeyVaultKey -VaultName $KeyVaultName
-Name $keyEncryptionKeyName).Key.kid;
#Step 4: Encrypt the disks of an existing IaaS VM
$VMName = Your VM
Name;
Set-AzureRmVMDiskEncryptionExtension -ResourceGroupName $rgname -VMName
$vmName -DiskEncryptionKeyVaultUrl $diskEncryptionKeyVaultUrl
-DiskEncryptionKeyVaultId $KeyVaultResourceId -KeyEncryptionKeyUrl
$keyEncryptionKeyUrl -KeyEncryptionKeyVaultId $KeyVaultResourceId -force
No comments:
Post a Comment