Encryption At Rest with Azure Site Recovery is now generally available

We are excited to announce that Encryption At Rest with Azure Site Recovery (ASR) which was in Private preview earlier, is now Generally Available (GA). This follows the recent announcement from the Azure Storage team on the General Availability of this feature.

Storage Service Encryption (SSE) helps your organization protect and safeguard data to meet your organizational security and compliance commitments. ASR’s support for Storage Service Encryption delivers further on our promise of providing an enterprise-class, secure and reliable business continuity solution.

With this feature, you can now replicate your on-premises data to storage accounts with Encryption enabled. Encryption can be enabled via the portal on the storage account’s Settings pane as shown in Figure: 1.

If you want to programmatically enable or disable Encryption, you can use the Azure Storage Resource Provider REST API, the Storage Resource Provider Client Library for .NET, Azure PowerShell, or the Azure CLI, details of which can be found in the feature overview from the Azure storage team.

Figure: 1

After enabling encryption, this storage account can be specified as a target for replication while setting up protection for your workloads using Site Recovery as shown in Figure: 2. 

All the replicated data would now be encrypted prior to persisting to storage and decrypted on retrieval. Upon a failover to Azure, your machine would run off of the encrypted storage account.

Figure: 2

Below are a few considerations to keep in mind when using this feature:

All encryption keys are stored, encrypted, and managed by Microsoft.
The experience when using ASR does not change when replicating to SSE-enabled storage accounts.
If you have been using ASR for protecting your workloads, you can turn on SSE for storage accounts used to store the replicated data. Once you do this, all data replicated to these storage accounts from then on (fresh writes) would be encrypted. Data replicated and stored in these storage accounts prior to enabling SSE would not be encrypted.
If you intend to replicate your workloads to premium storage, you will need to turn on SSE on both the premium storage account and the standard storage account used for storing replication logs (configured at the time of setting up replication). 

Support matrix for this feature is specified below for your reference:

Support Matrix

Supported Workloads

All workloads supported by ASR for DR to Azure including
 
VMware virtual machines/physical servers.
Hyper-V VM’s managed by System Center VMM
Hyper-V hosts without System Center VMM.

Storage Type
Standard storage
Premium storage (For VMware virtual machines/physical servers)

Deployment model
Resource Manager

 

For a complete understanding of how SSE works, please refer to the detailed SSE documentation from the Azure storage team.

Ready to start using ASR? Check out additional product information, to start replicating your workloads to Microsoft Azure using Azure Site Recovery today. You can use the powerful replication capabilities of Site Recovery for 31 days at no charge for every new physical server or virtual machine that you replicate. Visit the Azure Site Recovery forum on MSDN for additional information and to engage with other customers, or use the ASR UserVoice to let us know what features you want us to enable next.

Azure Site Recovery, as part of Microsoft Operations Management Suite, enables you to gain control and manage your workloads no matter where they run (Azure, AWS, Windows Server, Linux, VMware or OpenStack) with a cost-effective, all-in-one cloud IT management solution. Existing System Center customers can take advantage of the Microsoft Operations Management Suite add-on, empowering them to do more by leveraging their current investments. Get access to all the new services that OMS offers, with a convenient step-up price for all existing System Center customers. You can also access only the IT management services that you need, enabling you to on-board quickly and have immediate value, paying only for the features that you use.
Quelle: Azure

Published by