Skip to content

Commit 0107569

Browse files
msmbaldwinmsmbaldwin
committed
Reversing last change
1 parent aa76bc3 commit 0107569

File tree

1 file changed

+29
-50
lines changed

1 file changed

+29
-50
lines changed

articles/security/azure-security-disk-encryption-faq.md

Lines changed: 29 additions & 50 deletions
Original file line numberDiff line numberDiff line change
@@ -36,57 +36,36 @@ Azure Disk Encryption is supported on a subset of the [Azure-endorsed Linux dist
3636

3737
![Venn Diagram of Linux server distributions that support Azure Disk Encryption](./media/azure-security-disk-encryption-faq/ade-supported-distros.png)
3838

39-
Linux server distributions that are not endorsed by Azure do not support Azure Disk Encryption and, of those that are endorsed, only distributions and versions that meet the following requirements support Azure Disk Encryption:
39+
Linux server distributions that are not endorsed by Azure do not support Azure Disk Encryption and, of those that are endorsed, only the following distributions and versions support Azure Disk Encryption:
40+
41+
| Linux distribution | Version | Volume type supported for encryption|
42+
| --- | --- |--- |
43+
| Ubuntu | 18.04| OS and data disk |
44+
| Ubuntu | 16.04| OS and data disk |
45+
| Ubuntu | 14.04.5</br>[with Azure tuned kernel updated to 4.15 or later](azure-security-disk-encryption-tsg.md#bkmk_Ubuntu14) | OS and data disk |
46+
| RHEL | 7.6 | OS and data disk* |
47+
| RHEL | 7.5 | OS and data disk* |
48+
| RHEL | 7.4 | OS and data disk* |
49+
| RHEL | 7.3 | OS and data disk* |
50+
| RHEL | 7.2 | OS and data disk* |
51+
| RHEL | 6.8 | Data disk* |
52+
| RHEL | 6.7 | Data disk* |
53+
| CentOS | 7.5 | OS and data disk |
54+
| CentOS | 7.4 | OS and data disk |
55+
| CentOS | 7.3 | OS and data disk |
56+
| CentOS | 7.2n | OS and data disk |
57+
| CentOS | 6.8 | OS and data disk |
58+
| CentOS | 7.1 | Data disk |
59+
| CentOS | 7.0 | Data disk |
60+
| CentOS | 6.7 | Data disk |
61+
| CentOS | 6.6 | Data disk |
62+
| CentOS | 6.5 | Data disk |
63+
| openSUSE | 42.3 | Data disk |
64+
| SLES | 12-SP4 | Data disk |
65+
| SLES | 12-SP3 | Data disk |
4066

41-
### RAM
42-
43-
2 GB for 64-bit images
44-
45-
Note: 2GB for standard 30GB disk image with higher amounts of memory for larger disks. see [How to Find Windows 10 Computer Specifications & Systems Requirements](https://www.microsoft.com/en-US/windows/windows-10-specifications).
46-
47-
### Volume Size:
48-
49-
Minimum volume size 64 MB
50-
Best practice is to allocate 8-10MB free space of bitlocker metadata in a 20GB volume and leave a proportional additional amount of free space available as the volume size increases.
51-
52-
### Partition:
53-
54-
Windows Server 2016 and above:
55-
Bitlocker can only be enabled in a subset of partition schemas, to meet this requirement bdecfg is a tool that will configure the partition schema to work with bitlocker, below are some of the partition requirements for system partition and WinRE partition.
56-
57-
BitLocker must use a system partition that is separate from the Windows partition, with the following requirements:
58-
59-
- Must be configured as the active partition.
60-
- Must not be encrypted or used to store user files.
61-
- Must have at least 350 megabytes (MB) of space.
62-
- Must have at least 50 MB of free space.
63-
- May be shared with a recovery partition.
64-
65-
For more information, see [BitLocker Drive Encryption](/windows-hardware/manufacture/desktop/bitlocker-drive-encryption).
66-
67-
For VMs with Win RE partition, Bitlocker has minimum partition requirement inherited from WinRE:
68-
69-
- This partition must be at least 300 MB.
70-
71-
The Windows Recovery Environment (Windows RE) tools require additional free space:
72-
73-
- If the partition is less than 500 MB, it must have at least 50 MB of free space.
74-
- If the partition is 500 MB or larger, it must have at least 320 MB of free space.
75-
- If the partition is larger than 1 GB, we recommend that it should have at least 1 GB free.
76-
77-
When calculating free space, note:
78-
79-
- The recovery image, winre.wim, is typically between 250-300MB, depending on what drivers, languages, and customizations you add.
80-
- The file system itself can take up additional space. For example, NTFS may reserve 5-15MB or more on a 750MB partition.
81-
- The recovery tools should be in a separate partition than the Windows partition to support automatic failover and to support booting partitions encrypted with Windows BitLocker Drive Encryption.
82-
83-
We recommend that you place this partition immediately after the Windows partition. This allows Windows to modify and recreate the partition later if future updates require a larger recovery image.
84-
85-
For more information, see [UEFI/GPT-based hard drive partitions](/windows-hardware/manufacture/desktop/configure-uefigpt-based-hard-drive-partitions).
86-
87-
Windows Server 2008:
88-
89-
Please follow the requirements documentated in the [Description of the BitLocker Drive Preparation Tool](https://support.microsoft.com/en-us/help/933246/description-of-the-bitlocker-drive-preparation-tool).
67+
> [!NOTE]
68+
> New ADE implementation is supported for RHEL OS and data disk for RHEL7 Pay-As-You-Go images. ADE is currently not supported for RHEL Bring-Your-Own-Subscription (BYOS) images. Please also refer to the [Azure Disk Encryption for Linux](azure-security-disk-encryption-linux.md) article for more information.__
9069
9170
## How can I start using Azure Disk Encryption?
9271

0 commit comments

Comments
 (0)