Generally Available: Azure VMware Solution Stretched Clusters with Customer-Managed Keys
Published date: June 13, 2023
Stretched clusters for Azure VMware Solution (AVS) is now Generally Available, providing 99.99% uptime for mission critical applications that require the highest availability. With this release, customers can use Customer-Managed Keys to encrypt the stretched vSAN. By default, virtual machines within vSAN datastore are protected with data-at-rest encryption using FIPS 140-2 compliant Data Encryption Key (DEK) generated for each local disk on ESXi hosts. These DEKs are encrypted by VMware vSAN Key Encryption Key (service-managed key) provided by Microsoft.
Stretched Cluster Benefits:
- Improved application availability
- Provide a zero-recovery point objective (RPO) capability for enterprise applications without needing to redesign them or deploy expensive disaster recovery solutions.
- A private cloud with stretched clusters is designed to provide 99.99% availability due to its resilience to AZ failures.
Azure VMware Solution customer-managed encryption is supported through integration with Azure Key Vault. You can create your own encryption keys and store them in a Key Vault, or you can use Azure Key Vault API to generate encryption keys. This is now available in the following regions: West Europe, UK South, Germany West Central and Australia East.
Learn more about the updates in the stretched clusters for Azure VMware solution documentation page and about Customer-Managed Keys here.