question

Harry-7149 avatar image
0 Votes"
Harry-7149 asked ·

How to encrypt a small Linux VM

I am trying to encrypt a B1s VM running Linux. I followed the guides but when I run

 az vm encryption enable ...

I get this error message:

 Not enough memory for enabling encryption on OS volume. 8 GB memory is recommended.

Is there a way to get these small VMs encrypted?


azure-virtual-machinesazure-disk-encryption
· 1
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.


Please "Accept as answer" wherever the information provided helps you to help others in the community.

0 Votes 0 ·

1 Answer

soumi-MSFT avatar image
1 Vote"
soumi-MSFT answered ·

@Harry-7149, Unfortunately we do not allow encryption on Basic VMs. Azure Disk Encryption is not available on Basic, A-series VMs, or on virtual machines that do not meet these minimum memory requirements.

You can read more on this here: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/disk-encryption-overview#supported-vm-sizes

Hope this helps.


Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!


· 4 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@Harry-7149,

Just wanted to check if the above response helped in answering your query or not. If not do let us know if there are any further queries around this so that we can help accordingly.

If the response did help in answering your query, please mark the response as "Answered", so that it helps other users visiting the forum.



Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!

0 Votes 0 ·

Is this memory requirement only needed during initial encryption or also afterwards?

0 Votes 0 ·

Just found the answer myself:

Once the OS disk encryption process is complete on Linux virtual machines, the VM can be configured to run with less memory.

https://docs.microsoft.com/en-us/azure/virtual-machines/linux/disk-encryption-overview










0 Votes 0 ·

Hi,

As much as I understand, memory is one limitation and machine size is another. These limitations enforced separately.

With that being said, according to my tests, this should work. I have just created new machine size ds11_v2 which automatically created the encryption on the os disk. I resize the VM to B2 and the encryption stays. I then attached new disk. Even so that in the portal there was only option to add disk with encryption, it was created without. Next I resize the VM to higher tier and the encryption was enforce automatically according to the portal list of disks. I then resize back to B2 and it is stayed encryption

I recommend to test first on testing VM

0 Votes 0 ·