Azure VM Storage and Storage Security
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Hey everybody, welcome back.
00:00
In this lecture we're going to be talking about
00:00
>> Azure VMs storage and storage security.
00:00
>> We want to understand the characteristics
00:00
of the storage options you have
00:00
when you're deploying a VM,
00:00
and what you have after the VMs being deployed.
00:00
Then we're going to take some time to
00:00
understand security features for
00:00
Azure VMs storage as a whole.
00:00
Let's go ahead and talk
00:00
about Azure Virtual Machines storage.
00:00
You have a couple of different types
00:00
of disks and you're probably familiar
00:00
with these types of disk because it's
00:00
very similar to what you would deploy on-premise.
00:00
It's just in the Cloud. When you're
00:00
deploying your Azure VM,
00:00
you're going to get two different types of storage.
00:00
You're going to get an OS disk,
00:00
which is your operating system disk.
00:00
Then you're going to get something called temporary disk,
00:00
which is what we call a VHD,
00:00
and this is going to be used for temp files,
00:00
your swap files, your page files.
00:00
They're going to be labeled as the OS.
00:00
This can be labeled as drive C see,
00:00
this tempt disk or VHD
00:00
>> is going to be labeled as drive D
00:00
>> and these are the standard things
00:00
that are going to be deployed
00:00
>> with your virtual machine.
00:00
>> Now, in addition to that,
00:00
this is like, I don't know,
00:00
this might make up just a few gigabytes.
00:00
But in addition to that, we can actually
00:00
deploy a data disk,
00:00
which is typically what we would use to store files,
00:00
like our important files,
00:00
so we don't want delete it.
00:00
This is not our operating system files,
00:00
this would be like your Word documents,
00:00
your database documents files.
00:00
It could be videos and images, things like that.
00:00
Your other files, your other
00:00
important stuff that don't want accidentally removed,
00:00
and it doesn't necessarily constitute as
00:00
being stored within the OS disk.
00:00
It's not an operating system file itself.
00:00
Now some virtual machines,
00:00
some images that you would spin up
00:00
>> they too automatically deploy data disks.
00:00
>> But it'll be very common for you
00:00
to specify the data disk that you want to deploy.
00:00
This could be the size, the type, characteristics.
00:00
We'll get into more details on that later.
00:00
But this is where you have an option to deploy.
00:00
Then the storage characteristics that you have,
00:00
so VM partitions create
00:00
VH disk, we already mentioned that.
00:00
The VHDs are going to be stored in Azure Blobs,
00:00
they're going to be in a storage account
00:00
>> and they're going to be an a Blob container.
00:00
>> Now, couple things to note here
00:00
with these VH disks or these tempt disks,
00:00
you cannot delete them
00:00
if they are attached to a virtual machine.
00:00
You have to unmount the VHD first
00:00
>> before you can go and delete
00:00
>> the VHD file or VHD storage disk,
00:00
that would be inside your storage account.
00:00
You have to mind which VMs allow specific partitions.
00:00
Not all the virtual machines are going to
00:00
allow all these different types of partitions,
00:00
you do have some different restrictions there.
00:00
To learn more about that, you want to read about
00:00
the requirements for the virtual machine
00:00
you're trying to deploy.
00:00
In addition to that, you can expand your disks,
00:00
you can add to it.
00:00
You can make them bigger,
00:00
but you cannot shrink them.
00:00
>> You cannot make them smaller.
00:00
>> If you need to make them smaller,
00:00
just deploy and attach another disk,
00:00
maybe another data disk, and remove the old one.
00:00
For storage security, we have a few options here.
00:00
With Azure VM disk encryption,
00:00
we have storage service encryption,
00:00
which is titled as SSE.
00:00
This is going to be performed at the hardware level.
00:00
Then we have Azure Disk Encryption, which is ADE.
00:00
This is going to use BitLocker for Windows
00:00
and DM-crypt for Linux.
00:00
By default, data and disks are encrypted at all times.
00:00
You're going to have that option already sets for you
00:00
>> so you don't have to worry about that.
00:00
>> ADE does not support Basic tier for VMs,
00:00
so you're going to need to make sure
00:00
that you know what are the type of VM you have.
00:00
If you want to use Azure Disk Encryption,
00:00
if you want to use BitLocker essentially or DM-crypts,
00:00
you're going to need to make sure that
00:00
the virtual machine that you have does support that.
00:00
Another handy feature, we haven't really covered this
00:00
>> and we won't be covering it in this course.
00:00
>> But Azure Key Vault,
00:00
which is another service that
00:00
basically manages your keys,
00:00
that can manage passwords
00:00
and API keys and all that stuff,
00:00
its sensitive encryption
00:00
>> or authentication type key methods.
00:00
>> The Secure Storage Service,
00:00
does have the ability to hold your keys
00:00
>> for your encrypted services or encrypted disks.
00:00
>> If you need a whole of the keys,
00:00
>> you can't store that within Azure Key Vault,
00:00
>> so it does give you that option, which is nice.
00:00
Then ADE requires VM
00:00
and Azure Key Vault to be in the same region.
00:00
If you are going to go about doing that
00:00
>> and if you need ADE and you want to use
00:00
>> Azure Key Vault for a specific VM,
00:00
just makes sure that the VM
00:00
>> and the Azure Key Vault are within the same region,
00:00
>> it shouldn't be too
00:00
difficult because you have several options there.
00:00
All right, everybody,
00:00
in this lecture we covered Azure, VM storage options.
00:00
The various options that you have,
00:00
just remember, really when it comes down to it,
00:00
you want to make sure that whatever VM
00:00
you're planning on using
00:00
>> and whatever encryption methods
00:00
>> or storage options you want to select,
00:00
>> you really want make sure that the VM
00:00
>> is going to be able to support that
00:00
>> they have lots of different types of VMs,
00:00
>> like we've already talked about,
00:00
and you have a lot of different
00:00
image types that you can use.
00:00
Just make sure that you're planning for these things
00:00
>> when you go ahead and set up for deployment.
00:00
>> Otherwise, you might run into some issues.
00:00
Then in addition to that,
00:00
we talked about security,
00:00
you have two options.
00:00
Disk data is going to be encrypted by default,
00:00
but if you want to use BitLocker
00:00
>> or something like that or the crypt,
00:00
>> you can do that,
00:00
>> but you're going to have to plan for that in accordance
00:00
>> when you're setting up for deployment.
00:00
>> Just keep that in mind.
00:00
That wraps it up for this lecture,
00:00
I will see you guys in the next one.
Up Next
Azure Infrastructure Solutions Lab
1h 45m
Manage Azure Resource Deployment by Using an Azure Resource Manager Template Lab
45m
Similar Content
