Azure receives enterprise-class encryption with official release of Encryption At Rest for Azure Site Recovery

Kareem Anderson

Poornima Natarajan, the program manager of cloud and enterprise at Microsoft, is taking some time out today to talk about Encryption At Rest with Azure Site Recovery going from private preview into general availability for customers.

Storage Service Encryption (SSE) helps your organization protect and safeguard data to meet your organizational security and compliance commitments. ASR’s support for Storage Service Encryption delivers further on our promise of providing an enterprise-class, secure and reliable business continuity solution.

With this feature, you can now replicate your on-premises data to storage accounts with Encryption enabled.”

In Natarajan’s write up on the Microsoft Azure blog about ASR becoming generally available, she provides a thoughtful step by step process of enabling or disabling encryption for Azure Storage Resource Provider REST APIs for readers who might be interested in such freedoms.

Fortunately, the process is relatively easy and customers should find a pretty streamlined experience to jump in and out storage accounts.

Site Recovery settings menu
Site Recovery settings menu

Natarajan does have a few word of caution customers should consider when enabling encryption using ASR that include:

  • All encryption keys are stored, encrypted, and managed by Microsoft.
  • The experience when using ASR does not change when replicating to SSE-enabled storage accounts.
  • If you have been using ASR for protecting your workloads, you can turn on SSE for storage accounts used to store the replicated data. Once you do this, all data replicated to these storage accounts from then on (fresh writes) would be encrypted. Data replicated and stored in these storage accounts prior to enabling SSE would not be encrypted.
  • If you intend to replicate your workloads to premium storage, you will need to turn on SSE on both the premium storage account and the standard storage account used for storing replication logs (configured at the time of setting up replication).

To get started, interested Azure customers should first read through the provided literature over at here and here as well as visiting the Azure Site Recovery forum for additional information. As per Microsoft’s recent modus operandi as of late, the company is inviting feedback from customers via its ASR UserVoice page.