This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
We have a VM with all the disks encrypted and the goal is to "clone" one of the data disks and attach it to another VM (same region)
We tried several approaches without success, but it would be better to achieve it quickly since we must perform this action monthly in a production environment.
The disk is quite large (3TB), is there a way to achieve it?
If it can be automated using a PowerShell script, or at least the part of the disk cloning ready to connect to the other VM, that will be great .
Thanks in advance.
@VicentAlemanyAuraPortalAuraQuantic-0135
The easiest method would be to create a snapshot of the disk and then use that snapshot to create a managed disk. If your backups are incremental you can consider using incremental snapshots, which might save on cost and backup time.
Please try this out and let us know if it works for your use case. If you run into any issues please let us know.
-------------------------------
Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.
Thanks for your fast response @deherman-MSFT ,
I already tried that but the disk was encripted and unable to read it's content after attaching it to the other VM.
There is a way to attach that encrypted disk by Azure Disk Encryption by a powershell command?
Regards
@Vicent Alemany (AuraQuantic)
After creating a disk from the snapshot and attaching it to your new VM you can then enable encryption on the new VM with the same key vault. After this completes your disk should be accessible from the new VM. Please check and see if this works for your use-case. If not, please answer these questions so I have a better understanding of your use-case:
1.Why do you want to have two copies of an encrypted data disk on two separate VMs?
2.Will this second VM be encrypted using the same key vault? If not, this won't work unless you download the BEK or KEK.
3.What type of encryption are you using? BEK, KEK, SSE+CMK?
Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.
Hi @deherman-MSFT ,
I may be wrong but that example, Enable encryption on a newly added data disk, will only work if the new disk it's NOT encrypted. Because i don't understand how the OS will be able to reencrypt a data disk without knowing how to desencrypting the new disk before encrypting it again.
Answering to your questions:
@Vicent Alemany (AuraQuantic)
I tested and confirmed that running the CLI command to encrypt the already encrypted disk does work. However, the new VM needs to be unencrypted and you must use the same key vault. You can test this out and see if it works for you.