Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Azure Fluid Relay leverages the encryption-at-rest capability of Azure Kubernetes Service, Azure Cosmos DB and Azure Blob Storage. The service-to-service communication between Azure Fluid Relay and these resources is TLS encrypted and is enclosed in with the Azure Virtual Network boundary, protected from external interference by Network Security Rules.
The diagram below shows at a high level how Azure Fluid Relay is implemented and how it handles data storage.
Encryption-at-rest is enabled by default. There's no additional cost.
The keys are managed by Microsoft.
Microsoft has a set of internal guidelines for encryption key rotation which Azure Fluid Relay follows. The specific guidelines aren't published. Microsoft does publish the Security Development Lifecycle (SDL), which is seen as a subset of internal guidance and has useful best practices for developers.
Yes. For more information, see Customer-managed keys for Azure Fluid Relay encryption.
All Azure Fluid Relay regions have encryption turned on for all user data.
A: There's no impact or changes to performance with encryption at rest enabled.