Azure 备份中的加密Encryption in Azure Backup

将所有备份数据存储在云中时,会使用 Azure 存储加密自动对其进行加密,这有助于履行安全性与合规性承诺。All your backed-up data is automatically encrypted when stored in the cloud using Azure Storage encryption, which helps you meet your security and compliance commitments. 此静态数据将使用 256 位 AES 加密法(可用的最强大块加密法之一)以透明方式进行加密,并符合 FIPS 140-2 规范。This data at rest is encrypted using 256-bit AES encryption, one of the strongest block ciphers available, and is FIPS 140-2 compliant. 除了静态加密以外,所有传输中的备份数据将通过 HTTPS 传输。In addition to encryption at rest, all your backup data in transit is transferred over HTTPS. 这些数据始终保留在 Azure 主干网络上。It always remains on the Azure backbone network.

Azure 备份中的加密级别Levels of encryption in Azure Backup

Azure 备份提供两个级别的加密:Azure Backup includes encryption on two levels:

  • 恢复服务保管库中的数据加密Encryption of data in the Recovery Services vault
    • 使用平台管理的密钥:默认情况下,所有数据将使用平台托管的密钥进行加密。Using platform-managed keys: By default, all your data is encrypted using platform-managed keys. 无需从你的终端执行任何明确操作即可实现此加密。You don't need to take any explicit action from your end to enable this encryption. 这种加密适用于要备份到恢复服务保管库的所有工作负荷。It applies to all workloads being backed up to your Recovery Services vault.
  • 特定于要备份的工作负荷的加密Encryption specific to the workload being backed up
    • Azure 虚拟机备份:Azure 备份支持对特定 VM 进行备份,这些 VM 包含的磁盘使用 平台管理的密钥以及你拥有和管理的 客户管理的密钥进行加密。Azure virtual machine backup: Azure Backup supports backup of VMs with disks encrypted using platform-managed keys, as well as customer-managed keys owned and managed by you. 此外,还可以备份已使用 Azure 磁盘加密将其 OS 磁盘或数据磁盘加密的 Azure 虚拟机。In addition, you can also back up your Azure Virtual machines that have their OS or data disks encrypted using Azure Disk Encryption. ADE 使用适用于 Windows VM 的 BitLocker 以及适用于 Linux VM 的 DM-Crypt 来执行来宾内部加密。ADE uses BitLocker for Windows VMs, and DM-Crypt for Linux VMs, to perform in-guest encryption.

后续步骤Next steps