快速入门:使用 Azure 门户创建并加密虚拟机Quickstart: Create and encrypt a virtual machine with the Azure portal

可以通过 Azure 门户创建 Azure 虚拟机 (VM)。Azure virtual machines (VMs) can be created through the Azure portal. Azure 门户是基于浏览器的用户界面,用于创建 VM 及其相关资源。The Azure portal is a browser-based user interface to create VMs and their associated resources. 本快速入门介绍如何使用 Azure 门户来部署运行 Ubuntu 18.04 LTS 的 Linux 虚拟机 (VM)、如何创建用于存储加密密钥的密钥保管库,以及如何加密 VM。In this quickstart you will use the Azure portal to deploy a Linux virtual machine (VM) running Ubuntu 18.04 LTS, create a key vault for the storage of encryption keys, and encrypt the VM.

如果没有 Azure 订阅,可在开始前创建一个试用帐户If you don't have an Azure subscription, create a Trial before you begin.

登录 AzureSign in to Azure

登录 Azure 门户Sign in to the Azure portal.

创建虚拟机Create a virtual machine

  1. 在 Azure 门户的左上角,选择“创建资源”。Choose Create a resource in the upper left corner of the Azure portal.

  2. 在“新建”页的“常用”下,选择“Ubuntu Server 18.04 LTS”。 In the New page, under Popular, select Ubuntu Server 18.04 LTS.

  3. 在“基本信息”选项卡中的“项目详细信息”下,验证是否选择了正确的订阅。In the Basics tab, under Project details, verify sure the correct subscription is selected.

  4. 对于“资源组”,请选择“新建”。For "Resource Group", select Create new. 输入 myResourceGroup 作为名称,然后选择“确定”。Enter myResourceGroup as the name and select Ok.

  5. 对于“虚拟机名称”,请输入“MyVM”。For Virtual machine name, enter MyVM.

  6. 对于“区域”,请选择“中国北部 2”。 For Region, select China North 2.

  7. 确定“大小”为“标准 D2s v3”。Make sure the Size is Standard D2s v3.

  8. 在“管理员帐户”下,选择“密码”作为“身份验证类型”。Under Administrator account, select Password as the Authentication type. 输入用户名和密码。Enter a user name and a password.

    Linux VM 创建屏幕

    警告

    “磁盘”选项卡在“磁盘选项”下提供了一个“加密类型”字段。The "Disks" tab features an "Encryption Type" field under Disk options. 此字段用于指定托管磁盘 + CMK 的加密选项,而不是用于 Azure 磁盘加密。This field is used to specify encryption options for Managed Disks + CMK, not for Azure Disk Encryption.

    为了避免混淆,建议在完成本教程时完全跳过“磁盘”选项卡。To avoid confusion, we suggest you skip the Disks tab entirely while completing this tutorial.

  9. 选择“管理”选项卡,验证自己是否有一个诊断存储帐户。Select the "Management" tab and verify that you have a Diagnostics Storage Account. 如果没有存储帐户,请选择“新建”,并将存储帐户命名为“myStorageAccount”,然后选择“确定” If you have no storage accounts, select Create New, name your storage account myStorageAccount, and select "Ok"

    ResourceGroup 创建屏幕

  10. 单击“查看 + 创建”。Click "Review + Create".

  11. 在“创建虚拟机”页上,可以查看要创建的 VM 的详细信息。On the Create a virtual machine page, you can see the details about the VM you are about to create. 准备好以后,选择“创建”。When you are ready, select Create.

部署 VM 需要数分钟。It will take a few minutes for your VM to be deployed. 部署完成后,请转到下一部分。When the deployment is finished, move on to the next section.

加密虚拟机Encrypt the virtual machine

  1. VM 部署完成后,选择“转到资源”。When the VM deployment is complete, select Go to resource.

  2. 在左侧边栏上,选择“磁盘”。On the left-hand sidebar, select Disks.

  3. 在顶部栏上,选择“其他设置”。On the top bar, select Additional Settings .

  4. 在“加密设置” > “要加密的磁盘”下,选择“OS 和数据磁盘” 。Under Encryption settings > Disks to encrypt, select OS and data disks.

    屏幕截图突出显示了 OS 磁盘和数据磁盘。

  5. 在“加密设置”下,选择“选择密钥保管库和用于加密的密钥” 。Under Encryption settings, choose Select a key vault and key for encryption.

  6. 在“从 Azure Key Vault 选择密钥”屏幕上选择“新建” 。On the Select key from Azure Key Vault screen, select Create New.

    屏幕截图突出显示了“新建”。

  7. 在“密钥保管库和密钥”的左侧,选择“单击以选择密钥” 。To the left of Key vault and key, select Click to select a key.

  8. 在“从 Azure Key Vault 选择密钥”的“密钥保管库”字段下选择“新建” 。On the Select key from Azure Key Vault, under the Key Vault field, select Create new.

  9. 在“创建密钥保管库”屏幕上,确保资源组为 myResourceGroup,并为密钥保管库命名。On the Create key vault screen, ensure that the Resource Group is myResourceGroup, and give your key vault a name. Azure 中的每个密钥保管库都必须具有唯一名称。Every key vault across Azure must have an unique name.

  10. 在“访问策略”选项卡上,选中“用于卷加密的 Azure 磁盘加密”框 。On the Access Policies tab, check the Azure Disk Encryption for volume encryption box.

    磁盘和加密选择

  11. 选择“查看 + 创建”。Select Review + create.

  12. 在密钥保管库通过验证后,选择“创建”。After the key vault has passed validation, select Create. 这将让你返回“从 Azure Key Vault 选择密钥”屏幕。This will return you to the Select key from Azure Key Vault screen.

  13. 将“密钥”字段留空,然后选择“选择” 。Leave the Key field blank and choose Select.

  14. 在加密屏幕顶部,单击“保存”。At the top of the encryption screen, click Save. 此时会出现一个弹出窗口,警告你 VM 会重启。A popup will warn you that the VM will reboot. 单击 “是”Click Yes.

清理资源Clean up resources

当不再需要时,可以删除资源组、虚拟机和所有相关资源。When no longer needed, you can delete the resource group, virtual machine, and all related resources. 为此,请选择虚拟机的资源组,选择“删除”,然后确认要删除的资源组的名称。To do so, select the resource group for the virtual machine, select Delete, then confirm the name of the resource group to delete.

后续步骤Next steps

在本快速入门中,我们创建了一个启用加密密钥的密钥保管库,创建了一个虚拟机,并为虚拟机启用了加密。In this quickstart, you created a Key Vault that was enabled for encryption keys, created a virtual machine, and enabled the virtual machine for encryption.

Azure 磁盘加密概述Azure Disk Encryption overview