Azure VM Storage and Storage Security

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
22 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
24
Video Transcription
00:00
>> Hey everybody, welcome back.
00:00
In this lecture we're going to be talking about
00:00
>> Azure VMs storage and storage security.
00:00
>> We want to understand the characteristics
00:00
of the storage options you have
00:00
when you're deploying a VM,
00:00
and what you have after the VMs being deployed.
00:00
Then we're going to take some time to
00:00
understand security features for
00:00
Azure VMs storage as a whole.
00:00
Let's go ahead and talk
00:00
about Azure Virtual Machines storage.
00:00
You have a couple of different types
00:00
of disks and you're probably familiar
00:00
with these types of disk because it's
00:00
very similar to what you would deploy on-premise.
00:00
It's just in the Cloud. When you're
00:00
deploying your Azure VM,
00:00
you're going to get two different types of storage.
00:00
You're going to get an OS disk,
00:00
which is your operating system disk.
00:00
Then you're going to get something called temporary disk,
00:00
which is what we call a VHD,
00:00
and this is going to be used for temp files,
00:00
your swap files, your page files.
00:00
They're going to be labeled as the OS.
00:00
This can be labeled as drive C see,
00:00
this tempt disk or VHD
00:00
>> is going to be labeled as drive D
00:00
>> and these are the standard things
00:00
that are going to be deployed
00:00
>> with your virtual machine.
00:00
>> Now, in addition to that,
00:00
this is like, I don't know,
00:00
this might make up just a few gigabytes.
00:00
But in addition to that, we can actually
00:00
deploy a data disk,
00:00
which is typically what we would use to store files,
00:00
like our important files,
00:00
so we don't want delete it.
00:00
This is not our operating system files,
00:00
this would be like your Word documents,
00:00
your database documents files.
00:00
It could be videos and images, things like that.
00:00
Your other files, your other
00:00
important stuff that don't want accidentally removed,
00:00
and it doesn't necessarily constitute as
00:00
being stored within the OS disk.
00:00
It's not an operating system file itself.
00:00
Now some virtual machines,
00:00
some images that you would spin up
00:00
>> they too automatically deploy data disks.
00:00
>> But it'll be very common for you
00:00
to specify the data disk that you want to deploy.
00:00
This could be the size, the type, characteristics.
00:00
We'll get into more details on that later.
00:00
But this is where you have an option to deploy.
00:00
Then the storage characteristics that you have,
00:00
so VM partitions create
00:00
VH disk, we already mentioned that.
00:00
The VHDs are going to be stored in Azure Blobs,
00:00
they're going to be in a storage account
00:00
>> and they're going to be an a Blob container.
00:00
>> Now, couple things to note here
00:00
with these VH disks or these tempt disks,
00:00
you cannot delete them
00:00
if they are attached to a virtual machine.
00:00
You have to unmount the VHD first
00:00
>> before you can go and delete
00:00
>> the VHD file or VHD storage disk,
00:00
that would be inside your storage account.
00:00
You have to mind which VMs allow specific partitions.
00:00
Not all the virtual machines are going to
00:00
allow all these different types of partitions,
00:00
you do have some different restrictions there.
00:00
To learn more about that, you want to read about
00:00
the requirements for the virtual machine
00:00
you're trying to deploy.
00:00
In addition to that, you can expand your disks,
00:00
you can add to it.
00:00
You can make them bigger,
00:00
but you cannot shrink them.
00:00
>> You cannot make them smaller.
00:00
>> If you need to make them smaller,
00:00
just deploy and attach another disk,
00:00
maybe another data disk, and remove the old one.
00:00
For storage security, we have a few options here.
00:00
With Azure VM disk encryption,
00:00
we have storage service encryption,
00:00
which is titled as SSE.
00:00
This is going to be performed at the hardware level.
00:00
Then we have Azure Disk Encryption, which is ADE.
00:00
This is going to use BitLocker for Windows
00:00
and DM-crypt for Linux.
00:00
By default, data and disks are encrypted at all times.
00:00
You're going to have that option already sets for you
00:00
>> so you don't have to worry about that.
00:00
>> ADE does not support Basic tier for VMs,
00:00
so you're going to need to make sure
00:00
that you know what are the type of VM you have.
00:00
If you want to use Azure Disk Encryption,
00:00
if you want to use BitLocker essentially or DM-crypts,
00:00
you're going to need to make sure that
00:00
the virtual machine that you have does support that.
00:00
Another handy feature, we haven't really covered this
00:00
>> and we won't be covering it in this course.
00:00
>> But Azure Key Vault,
00:00
which is another service that
00:00
basically manages your keys,
00:00
that can manage passwords
00:00
and API keys and all that stuff,
00:00
its sensitive encryption
00:00
>> or authentication type key methods.
00:00
>> The Secure Storage Service,
00:00
does have the ability to hold your keys
00:00
>> for your encrypted services or encrypted disks.
00:00
>> If you need a whole of the keys,
00:00
>> you can't store that within Azure Key Vault,
00:00
>> so it does give you that option, which is nice.
00:00
Then ADE requires VM
00:00
and Azure Key Vault to be in the same region.
00:00
If you are going to go about doing that
00:00
>> and if you need ADE and you want to use
00:00
>> Azure Key Vault for a specific VM,
00:00
just makes sure that the VM
00:00
>> and the Azure Key Vault are within the same region,
00:00
>> it shouldn't be too
00:00
difficult because you have several options there.
00:00
All right, everybody,
00:00
in this lecture we covered Azure, VM storage options.
00:00
The various options that you have,
00:00
just remember, really when it comes down to it,
00:00
you want to make sure that whatever VM
00:00
you're planning on using
00:00
>> and whatever encryption methods
00:00
>> or storage options you want to select,
00:00
>> you really want make sure that the VM
00:00
>> is going to be able to support that
00:00
>> they have lots of different types of VMs,
00:00
>> like we've already talked about,
00:00
and you have a lot of different
00:00
image types that you can use.
00:00
Just make sure that you're planning for these things
00:00
>> when you go ahead and set up for deployment.
00:00
>> Otherwise, you might run into some issues.
00:00
Then in addition to that,
00:00
we talked about security,
00:00
you have two options.
00:00
Disk data is going to be encrypted by default,
00:00
but if you want to use BitLocker
00:00
>> or something like that or the crypt,
00:00
>> you can do that,
00:00
>> but you're going to have to plan for that in accordance
00:00
>> when you're setting up for deployment.
00:00
>> Just keep that in mind.
00:00
That wraps it up for this lecture,
00:00
I will see you guys in the next one.
Up Next
Azure Infrastructure Solutions Lab
1h 45m
Manage Azure Resource Deployment by Using an Azure Resource Manager Template Lab
45m