Microsoft announces general availability of encryption at rest with Azure Site Recovery

Microsoft announced Wednesday that Encryption At Rest with Azure Site Recovery (ASR) which was in private preview earlier, is now generally available (GA), following the recent announcement from the Azure Storage team on the general availability of this feature.

Storage Service Encryption (SSE) helps organization protect and safeguard data to meet organizational security and compliance commitments. ASR’s support for Storage Service Encryption delivers an enterprise-class, secure and reliable business continuity solution.

Azure Site Recovery, as part of Microsoft Operations Management Suite, enables you to gain control and manage your workloads no matter where they run (Azure, AWS, Windows Server, Linux, VMware or OpenStack) with a cost-effective, all-in-one cloud IT management solution.

Existing System Center customers can take advantage of the Microsoft Operations Management Suite add-on, empowering them to do more by leveraging their current investments. Get access to all the new services that OMS offers, with a convenient step-up price for all existing System Center customers. Users can also access only the IT management services that are needed, enabling on-board quickly and have immediate value, paying only for the features that are being used.

With this feature, users can now replicate on-premises data to storage accounts with Encryption enabled. Encryption can be enabled via the portal on the storage account’s Settings pane.

If users want to programmatically enable or disable encryption, they can use the Azure Storage Resource Provider REST API, the Storage Resource Provider Client Library for .NET, Azure PowerShell, or the Azure CLI, details of which can be found in the feature overview from the Azure storage team.

After enabling encryption, this storage account can be specified as a target for replication while setting up protection for the workloads using Site Recovery. All the replicated data would now be encrypted prior to persisting to storage and decrypted on retrieval. Upon a failover to Azure, the machine would run off of the encrypted storage account.

When using this feature, all encryption keys are stored, encrypted, and managed by Microsoft. The experience when using ASR does not change when replicating to SSE-enabled storage accounts. If consumers have been using ASR for protecting workloads, they can turn on SSE for storage accounts used to store the replicated data. Once this is done, all data replicated to these storage accounts from then on (fresh writes) would be encrypted. Data replicated and stored in these storage accounts prior to enabling SSE would not be encrypted.

If users intend to replicate workloads to premium storage, they will need to turn on SSE on both the premium storage account and the standard storage account used for storing replication logs (configured at the time of setting up replication).

Leave a Reply

WWPI – Covering the best in IT since 1980