I have 2 very simple questions, but I don't know them.
How do I know which version (v1 or v2) of application gateway I have configured? It just says: SKU: Standard
AKS uses "encryption at-rest with a platform-managed key" by default, but this is based on a symmetric or asymmetric algorithm and uses some encryption algorithm (DES, 3DES, AES....)
Thank you very much.
Hello @SebastianPacheco-6836 ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
Please find the answers to your queries below:
How do I know which version (v1 or v2) of application gateway I have configured? It just says: SKU: Standard
Standard/WAF is v1 SKU App gateway. Standard v2/WAF v2 is v2 SKU App gateway.
You can see the same while creating an Application gateway as below:
AKS uses "encryption at-rest with a platform-managed key" by default, but this is based on a symmetric or asymmetric algorithm and uses some encryption algorithm (DES, 3DES, AES....)
The Encryption at Rest designs in Azure uses symmetric encryption to encrypt and decrypt large amounts of data. Data in Azure managed disks is encrypted transparently using 256-bit AES encryption, one of the strongest block ciphers available, and is FIPS 140-2 compliant.
For more information on encryption at-rest with a platform-managed key, please refer the below docs:
https://docs.microsoft.com/en-us/azure/aks/enable-host-encryption
https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest
https://docs.microsoft.com/en-us/azure/virtual-machines/disk-encryption
Kindly let us know if the above helps or you need further assistance on this issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Hi @GitaraniSharmaMSFT-4262 , thanks!
then... the information of the O.S of the "AKS NODES" are activated with 256-bit AES algorithms. --->Is this by default or do you have to activate something? In the link it indicates something about registering EncryptionAtHost
I had read that Azure Storage was with 256-bit AES, but I had not found anything regarding the O.S of the aks nodes
Thanks!
This appears on my portal:
Tier: WAF V2
is that Standard v2?
2.-
then... the information of the O.S of the aks nodes are activated with 256-bit AES algorithms.
Is this by default or do you have to activate something? In the link it indicates something about registering EncryptionAtHost
I had read that Azure Storage was with 256-bit AES, but I had not found anything regarding the O.S of the aks nodes
Hello @SebastianPacheco-6836 ,
1) WAF V2 is Application gateway V2 SKU with Web Application Firewall (WAF).
Refer : https://docs.microsoft.com/en-us/azure/application-gateway/overview-v2
2) As mentioned in this doc, with host-based encryption, the data stored on the VM host of your AKS agent nodes' VMs is encrypted at rest and flows encrypted to the Storage service. This means the temp disks are encrypted at rest with platform-managed keys. The cache of OS and data disks is encrypted at rest with either platform-managed keys or customer-managed keys depending on the encryption type set on those disks. By default, when using AKS, OS and data disks are encrypted at rest with platform-managed keys, meaning that the caches for these disks are also by default encrypted at rest with platform-managed keys.
You can confirm the same in Azure portal while creating a AKS cluster as below:
The registration mentioned in the doc is regarding first time registration of the feature, if not done already. If not done, you will not be able to see the default encryption option in Azure portal as shown above.
It is a one-time registration only. Once done, you don't have to do it again and I believe you should already have this feature registered. You can confirm the same by going to the screen shown in the above screenshot in your Azure portal.
ok, thanks!
When I create the AKS cluster I select the "encryption at-rest with a platform-managed key" option, but then when I read the document you indicate, I don't see anywhere that the "EncryptionAtHost" feature is registered on my platform.
I wanted to make sure that when selecting the option ("encryption at-rest with a platform-managed key") the disks of the NODES are automatically encrypted and I don't have to do anything else... I can't find the "EncryptionAtHost" feature
sorry, it's a bit confusing.
11 people are following this question.
