Request for CLI Support on Confidential Large OS Disk Encryption for CVM Workloads #32224
Description
Preconditions
- No need to upgrade Python SDK or the Python SDK is ready.
Related command
No response
Resource Provider
NA
Description of Feature or Work Requested
The Ask: When creating large OS disk (>127 GB) with confidential OS disk encryption, we should serve the customer an error message and direct customer them to the new solution: Confidential Disk Encryption extension.
- The error should point them to a page with instructions.
- CLI must support new encryption type for CVM OS disk creation i.e., ConfidentialVM_VMGuestStateOnlyEncryptedWithCustomerKey
Note: currently CVM creation supported only with PMK for securityEncryptionType: VMGuestStateOnly, this requirement extends support for Customer Managed Keys (CMK) in CVM creation where the VMGuestStateOnly encryption type is used. Thus, CVM OS disk creation needed a new security type support: ConfidentialVM_VMGuestStateOnlyEncryptedWithCustomerKey
Technical Requirement Overview - G42 CVM Large OS disk encryption.docx
Business justification: Azure Confidential Compute does not support confidential encryption for operating systems larger than 127GB (will be referred to as ‘large OS disks’ in this doc). This requirement is critical for ensuring data confidentiality and integrity where sensitive workloads are being moved via Azure Migrate ‘lift & shift’ migrations. Many on-premises workloads migrating to Azure leveraging Azure Migrate will have OS disks > 127GB. For example: 43% of G42 VMs onboarding to CC have large OS disks.
Minimum API Version Required
NA
Swagger PR link / SDK link
NA
Request Example
No response
Target Date
NA
PM Contact
Engineer Contact
Additional context
No response