Skip to content

Commit 36e8468

Browse files
alkohlialkohli
committed
Feedback as per Ram
1 parent ce22b3e commit 36e8468

File tree

4 files changed

+9
-12
lines changed

4 files changed

+9
-12
lines changed

azure-local/TOC.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -279,7 +279,7 @@ items:
279279
href: manage/trusted-launch-vm-overview.md
280280
- name: Automatic virtual TPM state transfer
281281
href: manage/trusted-launch-automatic-state-transfer.md
282-
- name: Manage guest state protection key
282+
- name: Manual backup and recovery
283283
href: manage/trusted-launch-vm-import-key.md
284284

285285
- name: Non Arc VMs

azure-local/manage/trusted-launch-automatic-state-transfer.md

Lines changed: 3 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -5,18 +5,15 @@ ms.topic: how-to
55
author: alkohli
66
ms.author: alkohli
77
ms.service: azure-local
8-
ms.date: 02/20/2025
8+
ms.date: 02/27/2025
99
---
1010

11-
# Automatic virtual TPM state transfer for Azure Local
11+
# Automatic transfer of virtual TPM state for Trusted launch VMs on Azure Local
1212

1313
[!INCLUDE [applies-to](../includes/hci-applies-to-23h2.md)]
1414

15-
This article describes how automatic virtual TPM state (vTPM) transfer for Trusted launch virtual machines (VMs) works for Azure Local.
15+
This article uses an example to illustrate the automatic transfer of virtual TPM (vTPM) state in the case of Trusted launch Arc VMs on Azure Local, even as the VM migrates or fails over to another machine in the system. This operation allows the applications that use the vTPM to function normally during VM migration or fail over.
1616

17-
The vTPM state is automatically transferred in the case of Trusted launch Arc VMs when the VM migrates, or fails over to another machine in the system.
18-
19-
Enabling Trusted launch for Arc VMs preserves the vTPM state and allows applications that rely on the vTPM state to function normally, even when the VM migrates or fails over to another machine in the system.
2017

2118
## Example
2219

azure-local/manage/trusted-launch-vm-import-key.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ This article describes how to manually back up and restore a Trusted launch Arc
1717

1818
Unlike standard Azure Arc VMs, Trusted launch Arc VMs use a VM guest state protection (GSP) key to protect the VM guest state, including the virtual TPM (vTPM) state, while at rest. The VM GSP key is stored in a local key vault in the Azure Local system where the VM resides.
1919

20-
Trusted launch Arc VMs store the VM guest state in two files, VM Guest state (VMGS) and VM Runtime state (VMRS). If the VM GSP key is lost, you can't to boot up a Trusted launch Arc VM.
20+
Trusted launch Arc VMs store the VM guest state in two files, VM Guest state (VMGS) and VM Runtime state (VMRS). If the VM GSP key is lost, you can't boot up a Trusted launch Arc VM.
2121

2222
It is important that you back up your Trusted launch Arc VM periodically, so you can recover your VM in the event of a data loss. To back up a Trusted launch VM, back up all the VM files, including VMGS and VMRS files. Additionally, back up the VM GSP key to a backup key vault.
2323

@@ -27,7 +27,7 @@ The following sections describe how you can back up the Trusted launch Arc VM an
2727

2828
## Back up the VM
2929

30-
You can use [Export-VM](/powershell/module/hyper-v/export-vm)(Hyper-V) to obtain a copy of all the VM files, including VMGS and VMRS files, for your Trusted launch Arc VM. You can then back up those VM files.
30+
You can use [Export-VM](/powershell/module/hyper-v/export-vm) to obtain a copy of all the VM files, including VMGS and VMRS files, for your Trusted launch Arc VM. You can then back up those VM files.
3131

3232
Follow these steps to copy the VM GSP key from the key vault on the Azure Local system (where the VM resides) to a backup key vault on a different Azure Local system:
3333

@@ -86,7 +86,7 @@ Run the following steps on the Azure Local system.
8686
8787
## Restore the VM
8888
89-
In the event of a data loss, use the backup copy of your VM files, and restore the VM to a target Azure Local system using [Import-VM](/powershell/module/hyper-v/import-vm)(Hyper-V). This restores all the VM files, including VMGS and VMRS files.
89+
In the event of a data loss, use the backup copy of your VM files, and restore the VM to a target Azure Local system using [Import-VM](/powershell/module/hyper-v/import-vm). This restores all the VM files, including VMGS and VMRS files.
9090
9191
Follow these steps to copy the VM GSP key from the backup key vault in the Azure Local system (where the backup copy of the VM GSP key was stored) to the key vault on the target Azure Local system (where the VM needs to be restored).
9292
@@ -110,7 +110,7 @@ Run the following commands on the Azure Local system.
110110
Get-MocKeyPublicKey -name wrappingKey -group AzureStackHostAttestation -keyvaultName AzureStackTvmKeyVault -outputFile wrappingKey.pem
111111
```
112112
113-
### 2. On the Azure Local system with the backup key
113+
### 2. On the Azure Local system with the backup key vault
114114
115115
Run the following commands on the Azure Local system.
116116

azure-local/manage/trusted-launch-vm-overview.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -56,7 +56,7 @@ When working with Trusted launch Arc VMs, make sure to understand the following
5656

5757
- **Differences between Trusted launch Arc VMs and standard Arc VMs**: Unlike standard Azure Arc VMs, Trusted launch Arc VMs use a VM guest state protection key to protect the VM guest state, including the virtual TPM (vTPM) state, while at rest. The VM protection key is stored in a local key vault in the Azure Local system where the VM resides. Trusted launch Arc VMs store the VM guest state in two files: VM guest state and VM runtime state. To back up and restore a Trusted launch VM, a backup solution must back up and restore all the VM files, including guest state and the runtime state files, and additionally backup and restore the VM protection key.
5858

59-
- **Backup and disaster recovery tooling support**: Currently, Trusted launch Arc VMs do not support any third-party or Microsoft-owned back up and disaster recovery tools, including but not limited to, Azure Backup, Azure Site Recovery, Veeam, and Commvault. If there arises a need to move a Trusted launch Arc TVM to an alternate cluster, see the manual process <link to the Manual backup and recovery of Trusted launch Arc VMs mentioned in bullet 2 below> to manage all the necessary files and VM protection key to ensure that the VM can be successfully restored.
59+
- **Backup and disaster recovery tooling support**: Currently, Trusted launch Arc VMs do not support any third-party or Microsoft-owned back up and disaster recovery tools, including but not limited to, Azure Backup, Azure Site Recovery, Veeam, and Commvault. If there arises a need to move a Trusted launch Arc TVM to an alternate cluster, see the manual process [Manual backup and recovery of Trusted launch Arc VMs](./trusted-launch-vm-import-key.md) to manage all the necessary files and VM protection key to ensure that the VM can be successfully restored.
6060

6161
> [!NOTE]
6262
> Trusted launch Arc VMs restored on an alternate Azure Local system cannot be managed from the Azure control plane.

0 commit comments

Comments
 (0)