Communication between VM OS disk and Compute is unencrypted?

Question

Hi.

I am trying to fix one of Azure Security recommendations "Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources".

This recommendation gets triggered on VM that does not have not temp disk nor data disks. It has single OS disk.
So temp and cache part of recommendation can be ignored. Then i may have problem with data flow between compute and storage.

I know that by default (SSE with PMK) data in transit between VM and DATA disks is not encrypted.

Does communication in transit between OS disk and compute is not encrypted?

Accepted Answer

Hi,

I suggest enabling Encryption at Host on your VM(s). In this way data flows between host and storage will be encrypted in addition to data at rest being encrypted.

Below article has instructions to enable it on your VM. Keep in mind if you haven't registered the provider previously it will take several minutes to complete. I would say, it will be done within 15 minutes after you start the registration. The instructions for enabling it on existing VM is all the way at the end of the article:

https://learn.microsoft.com/en-us/azure/virtual-machines/disks-enable-host-based-encryption-portal?tabs=azure-powershell

For reference, please see this comparison chart that shows different types of encryption and features of each:

https://learn.microsoft.com/en-us/azure/virtual-machines/disk-encryption-overview#comparison

If the above was helpful please click Accept Answer.

Thanks.

-TP

Share via

Communication between VM OS disk and Compute is unencrypted?

0 additional answers

Your answer