在启用磁盘加密的情况下创建池Create a pool with disk encryption enabled

在使用虚拟机配置创建 Azure Batch 池时,可以通过指定磁盘加密配置,使用平台管理的密钥来加密池中的计算节点。When you create an Azure Batch pool using virtual machine configuration, you can encrypt compute nodes in the pool with a platform-managed key by specifying the disk encryption configuration.

本文介绍了如何创建启用了磁盘加密的 Batch 池。This article explains how to create a Batch pool with disk encryption enabled.

为什么使用带有磁盘加密配置的池?Why use a pool with disk encryption configuration?

使用 Batch 池,可以在计算节点的 OS 和临时磁盘上访问并存储数据。With a Batch pool, you can access and store data on the OS and temporary disks of the compute node. 使用平台管理的密钥对服务器端磁盘进行加密,将会以较低的开销方便地对这些数据实施保护。Encrypting the server-side disk with a platform-managed key will safeguard this data with low overhead and convenience.

Batch 将会根据池配置和区域的可支持性在计算节点上应用这些磁盘加密技术之一。Batch will apply one of these disk encryption technologies on compute nodes, based on pool configuration and regional supportability.

你无法指定将哪种加密方法应用于池中的节点。You won't be able to specify which encryption method will be applied to the nodes in your pool. 而是需要提供要在其节点上加密的目标磁盘,然后 Batch 可以选择适当的加密方法,从而确保在计算节点上对指定的磁盘进行加密。Instead, you provide the target disks you want to encrypt on their nodes, and Batch can choose the appropriate encryption method, ensuring the specified disks are encrypted on the compute node.

Azure 门户Azure portal

在 Azure 门户中创建 Batch 池时,请选择“磁盘加密配置”下的“TemporaryDisk”或“OsAndTemporaryDisk” 。When creating a Batch pool in the the Azure portal, select either TemporaryDisk or OsAndTemporaryDisk under Disk Encryption Configuration.

Azure 门户中磁盘加密配置选项的屏幕截图。

创建池后,可在池的“属性”部分中看到磁盘加密配置目标。After the pool is created, you can see the disk encryption configuration targets in the pool's Properties section.

显示 Azure 门户中磁盘加密配置目标的屏幕截图。

示例Examples

以下示例演示了如何使用 Batch .NET SDK、Batch REST API 和 Azure CLI 来加密 Batch 池中的 OS 和临时磁盘。The following examples show how to encrypt the OS and temporary disks on a Batch pool using the Batch .NET SDK, the Batch REST API, and the Azure CLI.

Batch .NET SDKBatch .NET SDK

pool.VirtualMachineConfiguration.DiskEncryptionConfiguration = new DiskEncryptionConfiguration(
    targets: new List<DiskEncryptionTarget> { DiskEncryptionTarget.OsDisk, DiskEncryptionTarget.TemporaryDisk }
    );

Batch REST APIBatch REST API

REST API URL:REST API URL:

POST {batchURL}/pools?api-version=2020-03-01.11.0
client-request-id: 00000000-0000-0000-0000-000000000000

请求正文:Request body:

"pool": {
    "id": "pool2",
    "vmSize": "standard_a1",
    "virtualMachineConfiguration": {
        "imageReference": {
            "publisher": "Canonical",
            "offer": "UbuntuServer",
            "sku": "18.04-LTS"
        },
        "diskEncryptionConfiguration": {
            "targets": [
                "OsDisk",
                "TemporaryDisk"
            ]
        }
        "nodeAgentSKUId": "batch.node.ubuntu 18.04"
    },
    "resizeTimeout": "PT15M",
    "targetDedicatedNodes": 5,
    "targetLowPriorityNodes": 0,
    "taskSlotsPerNode": 3,
    "enableAutoScale": false,
    "enableInterNodeCommunication": false
}

Azure CLIAzure CLI

az batch pool create \
    --id diskencryptionPool \
    --vm-size Standard_DS1_V2 \
    --target-dedicated-nodes 2 \
    --image canonical:ubuntuserver:18.04-LTS \
    --node-agent-sku-id "batch.node.ubuntu 18.04" \
    --disk-encryption-targets OsDisk TemporaryDisk

后续步骤Next steps