You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: azure-managed-lustre/vnet-encryption.md
+5-10Lines changed: 5 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,7 +11,7 @@ ms.lastreviewed: 07/21/2023
11
11
12
12
# Enable and Validate VNet Encryption with Azure Managed Lustre
13
13
14
-
Azure Managed Lustre (AMLFS) supports Virtual Network (VNet) Encryption, enabling encryption of data in transit between AMLFS and client virtual machines (VMs). This feature is valuable for customers in regulated industries such as finance, healthcare, and government, where data confidentiality is paramount.
14
+
Azure Managed Lustre (AMLFS) supports [Virtual Network (VNet) Encryption](/azure/virtual-network/virtual-network-encryption-overview), enabling encryption of data in transit between AMLFS and client virtual machines (VMs). This feature is valuable for customers in regulated industries such as finance, healthcare, and government, where data confidentiality is paramount.
15
15
16
16
## How VNet Encryption Works
17
17
@@ -35,14 +35,9 @@ To enable VNet Encryption with AMLFS:
35
35
36
36
1. Ensure Client VM Compatibility
37
37
38
-
Only specific VM series support VNet Encryption:
38
+
Azure only supports specific VM series for VNet Encryption. Unsupported VMs do not encrypt traffic, even if the VNet is encrypted. See [Azure Virtual Network encryption requirements](/azure/virtual-network/virtual-network-encryption-overview#requirements) for requirements and a list of VM SKUs that support encryption.
39
39
40
-
- Dsv6-series
41
-
- Ebsv5-series
42
-
43
-
> [!IMPORTANT]
44
-
> Unsupported VMs do not encrypt traffic, even if the VNet is encrypted.
45
-
> Existing VMs must be rebooted for encryption to be enabled.
40
+
Existing VMs must be rebooted for encryption to be enabled.
46
41
47
42
1. Deploy AMLFS into an Encrypted VNet
48
43
@@ -58,7 +53,7 @@ To enable VNet Encryption with AMLFS:
58
53
59
54
## Enforcement Mode
60
55
61
-
Azure currently supports only the `AllowUnencrypted` enforcement mode:
56
+
Azure currently supports only the [`AllowUnencrypted`](/azure/virtual-network/virtual-network-encryption-overview#limitations) enforcement mode:
62
57
63
58
- Unencrypted traffic is still allowed, even when VNet Encryption is enabled.
64
59
- The stricter `DropUnencrypted` mode isn't generally available and requires special feature registration.
@@ -74,7 +69,7 @@ To confirm that traffic between AMLFS and client VMs is encrypted:
74
69
75
70
1.**Run Diagnostic Reports**
76
71
- Use Azure Monitor or custom scripts to validate encrypted traffic paths.
77
-
- Check VM metrics and logs for encryption status indicators.
72
+
- Check VM metrics and logs for [encryption status](/azure/network-watcher/vnet-flow-logs-overview?tabs=Americas#log-format) indicators.
78
73
79
74
1.**Check VM Capabilities**
80
75
Use the following command to verify if a VM supports VNet Encryption:
0 commit comments