VMware Cloud Community
emacintosh
Hot Shot
Hot Shot
‎11-11-2021 05:07 AM
Jump to solution

vRA 8 - Azure Disk Encryption Set

We currently use an XaaS workflow to build Azure servers, which ultimately uses an ARM template.  And we're evaluating whether we can maybe replace that process with a Cloud Template, and use vRA as it's designed to be used.

 

But one thing we do in the ARM template is set the Disk Encrtyption Set on the OS disk.  I haven't been able to find a way to handle that with the Azure machine in a cloud template.  And i'm not sure it can be configured post-provisioning.  Does anyone know if that's possible? 

 

It also seems like the ability to rename the boot disk isn't working (8.4.2) or maybe the bootDiskName property means something else.

1 Solution

Accepted Solutions
xian_
Expert
Expert
‎11-12-2021 07:00 AM
Jump to solution

I don't use it, but it is available via Storage Profiles:

xian__0-1636729110570.png

You can choose storage profile via its capability tags on the cloud template.

 

View solution in original post

7 Replies
xian_
Expert
Expert
‎11-12-2021 07:00 AM
Jump to solution

I don't use it, but it is available via Storage Profiles:

xian__0-1636729110570.png

You can choose storage profile via its capability tags on the cloud template.

 

emacintosh
Hot Shot
Hot Shot
‎11-12-2021 07:06 AM
Jump to solution

Thanks, didn't even think to look there.  

0 Kudos
emacintosh
Hot Shot
Hot Shot
‎11-12-2021 09:14 AM
Jump to solution

That does work, but I'm not sure it will work for us.  Seems like it's one per storage profile.  We have a ton of encryption sets across multiple resource groups and subscriptions.

 

Still feeling kinda handcuffed with the oob Azure functionality....but then again maybe i'm not using it right.

0 Kudos
Thelemanu
Enthusiast
Enthusiast
‎04-22-2022 08:24 AM
Jump to solution

Hello, the XaaS workflow you are using to leverage the ARM template. What does it contain ? How do you execute the ARM template ? Any reference/advise is welcome

Tks

0 Kudos
emacintosh
Hot Shot
Hot Shot
‎04-22-2022 11:29 AM
Jump to solution

In our environment, most of our "work" is done from our powershell script host. 

So in this case, the XaaS item will grab the inputs from the user and then the correpsonding worklow will turn around and call a powershell script to actually build from the arm template (using New-AzResourceGroupDeployment).  A bit more complicated than that of course, but that's the gist.  

Hope that helps a little.

 

Thelemanu
Enthusiast
Enthusiast
‎04-28-2022 01:20 AM
Jump to solution

Thank you it does help

that is the only PowerShell step we intend to do, for now. So adding a PowerShell script host, only for this ... Any experience with using PowerCli script engine of "Scriptable Tasks" ?

0 Kudos