Hello, Siberians. Welcome to Lesson 2.4. Off model to off This course titled Is a Trees Over one Microsoft Azure Actiq Design. Yeah, the tasks that will cover in this demo
so we'll start out by creating on azure Key Vote resource in the Nigel region.
Then we'll configure the advance access policy toe allow as your disk encryption to be able to use this key vote recess.
What then? Generate an encryption key within the key. Vote with us,
after which would enable as your disk encryption
and finally well reviewed the encryption status off our virtual machine.
So here's official representation of what my environments looks like. I haven't and as a virtual mission called as your wind VM
there has to this attached to hit
on. Always. Disk on a data disk on Dhe will be encrypted, but this using keys that will be start in an azure key vote resource.
So let's walk through our tasks.
Task number one will create an azure key vote resource
and has a visual representation of what well between.
So I was signed into the azure Pato and are we creating an azure key? What resource? Let's get on with that.
So here I am in the azure Pato. I go ahead and go on the home. I click on, Create a resource, and I type in key vote.
I click on key votes on I Click on Create.
This gives me the options to specify the parameters for Mikey about resource. I can specify every source scope for that. I have an existence research group called Cyber Every Lesson, too. So go ahead and select that.
I'm gonna have to specify in them for the key votes. So let's go ahead and call this
so cyber UK self key vote.
How'd in quiet and specify the region? Why wants to put this give out free sourcing? I can specify the price into which can either be standard a premium are quiet and leave it a standard for now
on dhe. I won't be making any other changes. I'll just go ahead and review and creates this key vote resource.
Let's click on create.
So this only takes a few seconds to create a CZ. You can see there is the resources now created. I can click on goto results, which takes me to my key vote resource So let's go to the rest off our tasks.
So in the second task, House sets the key vote advanced access policy to allow as your disk encryption.
So the reason why we need to do this is the azure disc. Encryption service needs to be able toe access the keys that I start in the key vote resource. So we need to give it access for an access policy. Let's go ahead and do that.
So why? Hey, I mean, my azure give out
on Dhe. If I scored on, I can see access policies here.
So that's where we can get grant access to the data plane. I click on access policies on at the top. Air this out what I referred to as the advance access policies. So where we can grant access toe setting as your resources or certainly just service is to be able to use this. Give also are wide and just pacify
as your disk encryption for volume encryption
and I'll go ahead and click on safe
handle. It takes a few seconds to complete. Now that that's completed, that's going with the rest of our tasks.
So the next task will be to generate an encryption key for disc encryption.
So what are we doing in this case is I'll be creating
something called a key encryption key.
So this is a key that can be used to wrap or protect a bit broken encryption keys so that they're not just start in a jockey vote in an unencrypted format.
So that's what I'm quiet and creates now.
So here I am in the azure Pato
our weight and click on keys.
Andi Consider they're currently no keys in this cave art resource. Our click on generates slash in parts on. I'll leave that sets to generate our gift is the name
disc encryption K K stand for key encryption key. I'll leave the type as ever, say undersize as to zero for eight on Our Guy Didn't we can create.
So then literally took about a second to create. So that's that step done.
So in the next task are quiet and enable as your disk encryption.
And there's a visual representation of Fort out between
the 1st 1 That out do is out. Go on the d'Azur virtual machine on our enable disc encryption for the disks off that virtual machine that's going to install an agent on the machine, which will be responsible for enabling bit locker and for the encryption process.
This wouldn't start the encryption key into the azure key vote resource. I'm gonna specify in this case they keep about resource that I created that I've been using on dhe that's going to start the bit look encryption key encrypted by the key encryption key into this key vote as secret.
So let's go ahead and do that.
I'm back to the edge of pot off. First of all, if I show you on the secrets that they're currently no secret present for this key vote resource.
So if I go back on the home and I go on the virtual machines,
I select my virtual machine
and I go on the disks.
Now if I go on the disk, if I select encryption,
I can specify which discs off this veteran mission. I want to encrypt. I want to increase reports. The always under data disks that currently attached are great and specify that our need to specify keep out
so in this case are great and select a key vote and keep for the encryption. So let's select that
I can select my key vote. I created Alia.
So, by the way, the key vote has to be in the same region as the virtual machine
Proglide and select the key that I created Elliot, the disc encryption key
on dhe. I'll just quiet and specify division, which is on the one that I have. From now on, I'll go ahead and select that
if I click on safe this week caused the virtual machine to restart on. If I quiet and click on yes,
the veteran mission is gonna be restarted, and then the encryption process was stat
our guide and post a recording. Once the encryption process as completed, we can quiet and review that.
So let's go to the final task in this lesson, which is to review the encryption status.
So if I go back to the azure, Pado can see my virtual machine as successfully restarted and it's currently showing his running.
I'm logged into the veteran mission very out they pee. I'm in the control panel. If I click on system and security on, if I click on bit, look at Dr Encryption, you can see that bit look, encryption is currently enabled for my operating system. Drive on also for my data drives, including the
If I now go over to the azure Pato on dhe, if I go back to
you can see that now I have two secret and one secret for each disc that's encrypted. If I click on that, you'll be able to reveal the tax. So if I click on the vision
you considered us six tags and within the tax, you can see that this is for Volume F on. That's the volume level on dhe for this virtual machine. So it's lives the tags in. That'll help us to identify
which key matches which volume and with virtual machine.
So that's it for this particular demo. Thanks very much for joining me, and I'll see you in the next lesson.