7 hours 58 minutes
Welcome back, and this episode we're gonna take a look at some of the concepts we learned from the last episode with an azure disc encryption demo.
Our objectives include we're going to configure the Azure Key vault to support disc encryption, and then we're gonna enable disc encryption on a virtual machine. Let's jump out to the azure portal
back in the Azure portal before we get started with encrypting the virtual machine Dis drive. We need to go configure our key vault to support this. So here, under Azure service's Weaken, just select key vaults
will select our key fall from our previous demo
and under settings, Let's go to access policies.
And here we have a couple of different options for enable access to, and the one we're concerned with here is the 3rd 1 which is azure disc encryption. And this is going to permit virtual machines to retrieve secrets from the vault and access those keys for their disk encryption. So it's going and slick this to enable it,
and we'll save our changes
with our azure key vote now configured,
let's check out a virtual machine already have created
inside the virtual machine. Let's go to settings and disks,
and here you can see we have our single operating system Roos disc. And right now encryption is set to not enabled,
and right up here on the menu, we can go ahead and just select encryption.
And here, in our options, we can select which this to encrypt. Currently, it's set to none, but we can just encrypt the OS disc. Or if we had any data disks, we can encrypt those as well.
Since I just have the OS disk, let's choose the second option.
Next, we need to select a key vault in the key for our encryption so we can select this link here
and let's select the key vault to store the sin. Right now, we just have the one key vault. So it's selected,
and right now there's no keys to select to encrypt this disc with. But if he noticed, this isn't a required parameter, since we don't have any existing ones at this point, we can just select this key vault, and it will create the encryption key for us.
Now that we have our disk and key vault configured, let's go ahead and click on Save
and it's just going to give us a warning that to enable the Azure disc encryption, it's gonna reboot the virtual machine.
Let's go and select. Yes,
and this is going to start encrypting the disk and restarting the virtual machine. This will take a few minutes, so I'm gonna pause the recording and we'll come back when it is complete
with our disk encryption completed. Let's go back and look at our overall view.
If we look down here, our encryption is now showing as enabled.
Let's go back to our KI Volt
and in our key vote, if we go take a look at our secrets,
let's go check out this middle one here, which is new inside of my ki volt.
And if we drill down into it,
well, see, we have a secret identify WR for accessing this key. If we need to programmatically,
we can set an activation date or an expiration date if it's enabled or disabled.
If we go take a look at the tags, we'll see the volume letter label in the machine named that it's associated with.
So by enabling disc encryption on the virtual machine it wouldn't had and tag some important information for us that we could access later.
That does it for a demo. Just very basic of how to enable Diskant, Crip Shin on a virtual machine. Let's jump back to the slides and wrap this up.
That does it for our demo. And that does it for this module is well, coming up. Next. We're gonna dive into the next module with an introduction to Cosmos D B, see you in the next episode.