You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: azure-local/manage/trusted-launch-vm-overview.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,7 +16,7 @@ This article introduces Trusted launch for Azure Local virtual machines (VMs) en
16
16
17
17
## Introduction
18
18
19
-
Trusted launch for Azure Local VMs enable secure boot, installs a virtual Trusted Platform Module (vTPM) device, automatically transfers the vTPM state when the VM migrates or fails over to another machine within the system, and supports the ability to attest whether the VM started in a known good state.
19
+
Trusted launch for Azure Local VMs enables secure boot, installs a virtual Trusted Platform Module (vTPM) device, automatically transfers the vTPM state when the VM migrates or fails over to another machine within the system, and supports the ability to attest whether the VM started in a known good state.
20
20
21
21
Trusted launch is a security type that can be specified when creating Azure Local VMs. For more information, see [Trusted launch for Azure Local VMs enabled by Azure Arc](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/trusted-launch-for-azure-arc-vms-on-azure-stack-hci-version-23h2/ba-p/3978051).
22
22
@@ -30,7 +30,7 @@ Trusted launch is a security type that can be specified when creating Azure Loca
30
30
| Virtualization-based security (VBS) | Guest in the VM can create isolated regions of memory using VBS support. |
31
31
32
32
> [!NOTE]
33
-
> VM guest boot integrity verification is not available.
33
+
> VM guest boot integrity verification isn't available.
34
34
35
35
## Guidance
36
36
@@ -40,7 +40,7 @@ Trusted launch is a security type that can be specified when creating Azure Loca
40
40
41
41
- As part of Trusted launch for Azure Local VM creation, Hyper-V creates VM files at a default location on disk to store the VM state. By default, access to those VM files is restricted to host server administrators only. If you store those VM files in a different location, you must ensure that the location is access restricted to host server administrators only.
42
42
43
-
- VM live migration network traffic is not encrypted. We strongly recommend that you enable a network layer encryption technology such as IPsec to protect live migration network traffic.
43
+
- VM live migration network traffic isn't encrypted. We strongly recommend that you enable a network layer encryption technology such as IPsec to protect live migration network traffic.
44
44
45
45
<!--- VM live migration network traffic is not encrypted. We strongly recommend that you enable IPsec to protect live migration network traffic. For more information, see [Network Recommendations for a Hyper-V Cluster](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn550728(v=ws.11)#How_to_isolate_the_network_traffic_on_a_Hyper-V_cluster).-->
46
46
@@ -49,18 +49,18 @@ Trusted launch is a security type that can be specified when creating Azure Loca
49
49
All Windows 11 images (excluding 24H2 Windows 11 SKUs) and Windows Server 2022 images from Azure Marketplace supported by Azure Local VMs are supported. See [Create Azure Local VM image using Azure Marketplace images](/azure-stack/hci/manage/virtual-machine-image-azure-marketplace?tabs=azurecli) for a list of all supported Windows 11 images.
50
50
51
51
> [!NOTE]
52
-
> VM guest images obtained outside of Azure Marketplace are not supported.
52
+
> VM guest images obtained outside of Azure Marketplace aren't supported.
53
53
54
54
## Backup and disaster recovery considerations
55
55
56
56
When working with Trusted launch for Azure Local VMs, make sure to understand the following key considerations and limitations related to backup and recovery:
57
57
58
-
-**Differences between Trusted launch for Azure Local VMs and standard Azure Local VMs**: Unlike standard Azure Local VMs, Trusted launch for Azure Local VMs use a VM guest state protection key to protect the VM guest state, including the virtual TPM (vTPM) state, while at rest. The VM protection key is stored in a local key vault in the Azure Local system where the VM resides. Trusted launch for Azure Local VMs store the VM guest state in two files: VM guest state and VM runtime state. To back up and restore a Trusted launch VM, a backup solution must back up and restore all the VM files, including guest state and the runtime state files, and additionally backup and restore the VM protection key.
58
+
-**Differences between Trusted launch for Azure Local VMs and standard Azure Local VMs**: Unlike standard Azure Local VMs, Trusted launch for Azure Local VMs uses a VM guest state protection key to protect the VM guest state, including the virtual TPM (vTPM) state, while at rest. The VM protection key is stored in a local key vault in the Azure Local system where the VM resides. Trusted launch for Azure Local VMs stores the VM guest state in two files: VM guest state and VM runtime state. To back up and restore a Trusted launch VM, a backup solution must back up and restore all the VM files, including guest state and the runtime state files, and additionally backup and restore the VM protection key.
59
59
60
-
-**Backup and disaster recovery tooling support**: Currently, Trusted launch for Azure Local VMs do not support any third-party or Microsoft-owned back up and disaster recovery tools, including but not limited to, Azure Backup, Azure Site Recovery, Veeam, and Commvault. If there arises a need to move a Trusted launch for Azure Local TVM to an alternate cluster, see the manual process [Manual backup and recovery of Trusted launch for Azure Local VMs](./trusted-launch-vm-import-key.md) to manage all the necessary files and VM protection key to ensure that the VM can be successfully restored.
60
+
-**Backup and disaster recovery tooling support**: Currently, Trusted launch for Azure Local VMs doesn't support any third-party or Microsoft-owned back up and disaster recovery tools, including but not limited to, Azure Backup, Azure Site Recovery, Veeam, and Commvault. If there arises a need to move a Trusted launch for Azure Local TVM to an alternate cluster, see the manual process [Manual backup and recovery of Trusted launch for Azure Local VMs](./trusted-launch-vm-import-key.md) to manage all the necessary files and VM protection key to ensure that the VM can be successfully restored.
61
61
62
62
> [!NOTE]
63
-
> Trusted launch for Azure Local VMs restored on an alternate Azure Local system cannot be managed from the Azure control plane.
63
+
> Trusted launch for Azure Local VMs restored on an alternate Azure Local system can't be managed from the Azure control plane.
0 commit comments