12/8/2015: Update: Azure Disk Encryption for Linux and Windows Virtual Machines is now in Public Preview. You can review the latest information here.
As we look at Microsoft Azure and securing our Virtual Machines, encryption typically comes up. Now there are multiple forms of encryption, but encryption at rest is usually part of the conversation. I’ve talked about the Microsoft server software support for Microsoft Azure virtual machines list before, and BitLocker is specifically called out as an unsupported solution. Basically, BitLocker is not supported because there is no way for Azure to handle the key management portion of the Virtual Machine startup. If we think about the traditional BitLocker deployment, BitLocker uses the computer hardware (the TPM chip) for the encryption key that allows access to an encrypted volume. Since Azure consists of multiple physical servers, there isn’t a good way to manage your BitLocker keys until now.
Let me introduce you to CloudLink. CloudLink has the capability to manage the BitLocker keys for you so that you can encrypt your data at rest using BitLocker while still using the Microsoft Azure Public Cloud infrastructure. I’m pretty excited about their solution because it gives you the ability to leverage Microsoft Azure and keep your Virtual Machines and your data encrypted while at rest.
Until next time,