Double encryption of Azure VM Disks with Azure Encryption at Host (EAH) and Server Side Encryption (SSE)

Vishal Patel 20 Reputation points
2024-02-26T16:23:42.12+00:00

Is it possible to enable Azure Encryption at Host (EAH) as well as Server Side encryption with Customer Managed Keys on Azure VM disks, kind of double encryption. What are the advantages/disadvantages? What is the performance impact with double encryption?

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,163 questions
Azure Disk Storage
Azure Disk Storage
A high-performance, durable block storage designed to be used with Azure Virtual Machines and Azure VMware Solution.
573 questions
0 comments
Accepted answer
  1. TP 76,686 Reputation points
    2024-02-26T16:27:58.49+00:00

    Hi Vishal,

    Encryption at Host and Server Side Encryption are same thing, only the location where encryption/decryption occurs is different. Yes, you can use Customer Managed Keys with both.

    Perhaps you are thinking of Double encryption at rest?

    Double encryption at rest

    https://learn.microsoft.com/en-us/azure/virtual-machines/disk-encryption#double-encryption-at-rest

    https://learn.microsoft.com/en-us/azure/virtual-machines/disks-enable-double-encryption-at-rest-portal

    Please click Accept Answer and upvote if the above was helpful.

    Thanks.

    -TP

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest