我想首先获取与 VM 关联的磁盘列表,然后遍历每个磁盘属性以识别磁盘是否经过客户管理密钥 (CMK) 加密。如何使用 Azure PowerShell 执行此检查?
问问题
53 次
1 回答
0
通常,要获取虚拟机的加密状态,可以使用 Get-AzVMDiskEncryptionStatus cmdlet,语法如下:
Get-AzVmDiskEncryptionStatus -ResourceGroupName $resourceGroupName -VMName $vmName
您将看到操作系统的加密状态和数据量。
如果上面的OsVolumeEncrypted或DataVolumesEncrypted显示Encrypted,您可能有 osDisk 或 dataDisk 使用 CMK 加密。
您还可以使用以下 PowerShell 命令从每个磁盘捕获加密设置。有关更多详细信息,您可以阅读这篇文章。
RGNAME="RGNAME"
VMNAME="VNAME"
$VM = Get-AzVM -Name $VMNAME -ResourceGroupName $RGNAME
$Sourcedisk = Get-AzDisk -ResourceGroupName $RGNAME -DiskName $VM.StorageProfile.OsDisk.Name
Write-Host "============================================================================================================================================================="
Write-Host " OS disk Encryption Settings:"
Write-Host "============================================================================================================================================================="
Write-Host "Enabled:" $Sourcedisk.EncryptionSettingsCollection.Enabled
Write-Host "Version:" $Sourcedisk.EncryptionSettingsCollection.EncryptionSettingsVersion
Write-Host "Source Vault:" $Sourcedisk.EncryptionSettingsCollection.EncryptionSettings.DiskEncryptionKey.SourceVault.Id
Write-Host "Secret URL:" $Sourcedisk.EncryptionSettingsCollection.EncryptionSettings.DiskEncryptionKey.SecretUrl
Write-Host "Key URL:" $Sourcedisk.EncryptionSettingsCollection.EncryptionSettings.KeyEncryptionKey.KeyUrl
Write-Host "============================================================================================================================================================="
foreach ($i in $VM.StorageProfile.DataDisks| ForEach-Object{$_.Name})
{
Write-Host "============================================================================================================================================================="
Write-Host "Data Disk Encryption Settings:"
Write-Host "============================================================================================================================================================="
Write-Host "Checking Disk:" $i
$Sourcedisk=(Get-AzDisk -ResourceGroupName $RGNAME -DiskName $i)
Write-Host "Encryption Enable: " $Sourcedisk.EncryptionSettingsCollection.Enabled
Write-Host "Encryption KeyEncryptionKey: " $Sourcedisk.EncryptionSettingsCollection.EncryptionSettings.KeyEncryptionKey.KeyUrl;
Write-Host "Encryption DiskEncryptionKey: " $Sourcedisk.EncryptionSettingsCollection.EncryptionSettings.DiskEncryptionKey.SecretUrl;
Write-Host "============================================================================================================================================================="
}
于 2021-05-11T02:58:00.647 回答