Support Matrix for Azure Disk Snapshot

Khaleel Mohamed, Fazle Kareem 0 Reputation points
2024-04-17T13:20:20.3866667+00:00

Currently Azure disk snapshot is supported but there is not support matrix available.

For Azure disk backup and Azure VM restore point support. The support matrix is available

https://learn.microsoft.com/en-us/azure/backup/disk-backup-support-matrix

https://learn.microsoft.com/en-us/azure/virtual-machines/concepts-restore-points

It would be great if we can have similar support matrix for Azure disk snapshot as well.

Azure Backup
Azure Backup
An Azure backup service that provides built-in management at scale.
1,129 questions
Azure Disk Storage
Azure Disk Storage
A high-performance, durable block storage designed to be used with Azure Virtual Machines and Azure VMware Solution.
572 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. SadiqhAhmed-MSFT 37,686 Reputation points Microsoft Employee
    2024-04-18T05:59:15.27+00:00

    Hello @Khaleel Mohamed, Fazle Kareem Thank you for posting your question on Microsoft Q&A platform. Happy to help!

    Thank you for sharing your valuable feedback with us. I understand your concern about having a support matrix document for Azure disk snapshot. However, at this time, Microsoft does not provide a support matrix for Azure disk snapshots. The reason for this is that Azure disk snapshots are a basic feature of Azure Storage and are not a part of Azure Backup. Therefore, they do not have the same level of support as Azure Backup. However, Microsoft provides documentation on how to use Azure disk snapshots and best practices for using them.

    I shall pass on this feedback to the concerned product team to consider your ask for doc-enhancement for future release.

    If you have any specific questions or concerns about using Azure disk snapshots, please let me know and I will do my best to assist you.

    Hope this helps!

    If the response helped, do "Accept Answer" and up-vote it

  2. Silvia Wibowo 2,931 Reputation points Microsoft Employee
    2024-04-18T06:13:17.52+00:00

    Hi @Khaleel Mohamed, Fazle Kareem , I understand you want more information about disk snapshot.

    There are 2 types of disk snapshot in Azure:

    1. Full snapshot
    2. Incremental snapshot

    There are a few differences between an incremental snapshot and a full snapshot. Incremental snapshots will always use standard HDD storage, irrespective of the storage type of the disk, whereas full snapshots can use premium SSDs.

    What disk types support snapshot? All disk types support some form of snapshot. For Ultra Disks and Premium SSD v2 disks, they only support incremental snapshots and have some limitations. For details, see Create an incremental snapshot for managed disks. The other disk types support both types of snapshots for all their disk sizes.

    Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

  3. Sumarigo-MSFT 43,801 Reputation points Microsoft Employee
    2024-04-23T09:16:30.69+00:00

    @Khaleel Mohamed, Fazle Kareem

    1. Does disk Snapshot support all type of Encryption? (SSE Encryption and Azure Disk Encryption)

    By default, managed disks use platform-managed encryption keys. All managed disks, snapshots, images, and data written to existing managed disks are automatically encrypted-at-rest with platform-managed keys. Platform-managed keys are managed by Microsoft.

    Yes, disk snapshots in Azure support both Server-Side Encryption (SSE) and Azure Disk Encryption (ADE).

    When you create a disk snapshot in Azure, you can choose to use SSE to encrypt the snapshot. SSE is a feature that allows you to encrypt your data at rest in Azure, using either Microsoft-managed keys or customer-managed keys stored in Azure Key Vault. When you create a disk snapshot with SSE, the snapshot is encrypted using the specified encryption key, and the encryption is performed on the server side, which helps to protect your data from unauthorized access.

    In addition to SSE, you can also use ADE to encrypt the disk snapshot. ADE is a feature that allows you to encrypt the OS and data disks of Azure virtual machines (VMs), using either Microsoft-managed keys or customer-managed keys stored in Azure Key Vault. When you create a disk snapshot with ADE, the snapshot is encrypted using the specified encryption key, and the encryption is performed on the client side, which helps to protect your data from unauthorized access.

    It's worth noting that when you create a disk snapshot with ADE, the snapshot is encrypted using the same encryption key that was used to encrypt the original disk. This means that if you want to use a different encryption key for the snapshot, you need to first decrypt the original disk and then create a new disk with the desired encryption key, before creating the snapshot.

    All disk types support some form of snapshot. For Ultra Disks and Premium SSD v2 disks, they only support incremental snapshots and have some limitations. For details, see Create an incremental snapshot for managed disks. The other disk types support both types of snapshots for all their disk sizes.

    For more detailed information, you can refer to the following Azure documentation:

    1. Does disk snapshot creation or updating support immutability?
      Yes, disk snapshot creation and updating in Azure supports immutability. Immutability is a feature that allows you to protect your data from accidental or malicious deletion, modification, or ransomware attacks by making the data read-only for a specified period of time. When you create a disk snapshot in Azure, you can enable the immutability feature by setting the "ImmutabilityPolicy" property of the snapshot. This property allows you to specify the number of days that the snapshot should be immutable, as well as the retention period for the snapshot. Once the immutability policy is set, the snapshot becomes read-only for the specified period of time, and cannot be deleted or modified during that time. This helps to protect your data from accidental or malicious deletion, modification, or ransomware attacks. It's worth noting that immutability is not enabled by default when you create a disk snapshot in Azure. You need to explicitly enable it by setting the "ImmutabilityPolicy" property of the snapshot. Additionally, immutability is only available for certain types of storage accounts in Azure, such as Blob storage accounts and Azure Data Lake Storage Gen2 accounts. For further details, you can explore the Azure documentation on the following topics:
    2. Any limits on simultaneous creation of disks from a snapshot for disk types standard HDD, standard SSD and premium SSD? I know the limit is 5 for premium SSD V2 and Ultra Disk. But for other three disk types, its not documented.
      I will look into the article , If any update is required we make the necessary changes.
    3. Is concurrent creation of disk snapshots supported?
      Concurrent creation of disk snapshots is not supported in Azure. Snapshots in Azure are designed to capture the state of a single disk and do not have the capability to coordinate with other snapshots, which would be necessary for concurrent snapshot creation, especially in scenarios that involve multiple disks, such as striping. This limitation is due to the fact that snapshots are not aware of any other disks except the one they contain. For more information, you can refer to the Azure documentation on Managed disk snapshots and Consistent snapshots for unmanaged disks. https://learn.microsoft.com/en-us/answers/questions/1275872/what-happens-to-simultaneous-writes-to-disk-when-d

    If there is any limitation with disk snapshot, please share the details as well.
    Yes, disk snapshots in Azure support both Server-Side Encryption (SSE) and Azure Disk Encryption (ADE).

    When you create a disk snapshot in Azure, you can choose to use SSE to encrypt the snapshot. SSE is a feature that allows you to encrypt your data at rest in Azure, using either Microsoft-managed keys or customer-managed keys stored in Azure Key Vault. When you create a disk snapshot with SSE, the snapshot is encrypted using the specified encryption key, and the encryption is performed on the server side, which helps to protect your data from unauthorized access.

    In addition to SSE, you can also use ADE to encrypt the disk snapshot. ADE is a feature that allows you to encrypt the OS and data disks of Azure virtual machines (VMs), using either Microsoft-managed keys or customer-managed keys stored in Azure Key Vault. When you create a disk snapshot with ADE, the snapshot is encrypted using the specified encryption key, and the encryption is performed on the client side, which helps to protect your data from unauthorized access.

    It's worth noting that when you create a disk snapshot with ADE, the snapshot is encrypted using the same encryption key that was used to encrypt the original disk. This means that if you want to use a different encryption key for the snapshot, you need to first decrypt the original disk and then create a new disk with the desired encryption key, before creating the snapshot.

    FAQs for Azure Disks : https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/windows/azure-iaas-vm-disks-managed-unmanaged

    Frequently asked questions about Azure IaaS VM disks and managed and unmanaged premium disks : https://learn.microsoft.com/en-us/azure/virtual-machines/faq-for-disks?tabs=azure-portal#snapshots

    Please let us know if you have any further queries. I’m happy to assist you further.    

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments