Disk
OS Disk- Managed disk
- Designed for high availability (99.999%)
Temporary Disk- Size varies on the instance size
- Data on temporary disk is lost during a maintenance event or on redeploy
Additional disks- Can be added as needed
Managed Disk
- Managed disks are designed to store the OS files. It provides high availability
Disk SKU
IOPS: Input/output operations per second (read and writes to data). For DBs it must be high-
Throughput: Amount of data being set to the storage disk. Must be high for video download -
Ultra disk: 2 GiB/s Premium SSD: 900 MiB/sStandard SSD: 750 MiB/sStandard HDD: 500 MiB/s
Disk Encryption
-
Server Side Encryption (SSE)` with PMK encryption
-
Encryption at-rest with a platform-managed key(default) Encryption at-rest with a customer-managed key- The encryption key can be generated and stored at the key vault
-
Double encryption with platform-managed and customer-managed keys -
You can't change the encryption type unless you stop the VM
-
Azure Disk Encryption
- Encryption at the OS level
- For Windows:
Bitlocker - For Linux:
LUKS
- For Windows:
Disk->Additional Settings- A key can be selected from the key vault
- Under access policies,
Azure Disk Encryption for volumemust be enabled
- Under access policies,
- No disk encryption set is required!
Disk Encryption Sets
- Links a
keyonto thedisk encryption setto encrypt a disk withcustomer-managed key -
The disk encryption sets communicates with the key vault (A service principal is added to the key vault access policies)
-
After created, a
disk,imageorsnapshotcan be associated with thedisk encryption set - Under
encryption tabin the VM resource - The VM must be deallocated in order to configure the encryption
Disk Snapshots
- A
snapshotfrom adiskcan be created from the disk instance - A snapshot is a
resource - A new disk can be created from a snapshot
- The
new diskcan be then attached to another VM
Shared disks
Shared disks: Allow amanaged diskto be attached to multiple VMs- Only allows for
ultraandpremiumdisks with at least 256gb