Skip to main content

Generally Available: Azure VMware Solution Stretched Clusters with Customer-Managed Keys

Published date: June 13, 2023

Stretched clusters for Azure VMware Solution (AVS) is now Generally Available, providing 99.99% uptime for mission critical applications that require the highest availability. With this release, customers can use Customer-Managed Keys to encrypt the stretched vSAN. By default, virtual machines within vSAN datastore are protected with data-at-rest encryption using FIPS 140-2 compliant Data Encryption Key (DEK) generated for each local disk on ESXi hosts. These DEKs are encrypted by VMware vSAN Key Encryption Key (service-managed key) provided by Microsoft. 

Stretched Cluster Benefits:

  • Improved application availability
  • Provide a zero-recovery point objective (RPO) capability for enterprise applications without needing to redesign them or deploy expensive disaster recovery solutions.
  • A private cloud with stretched clusters is designed to provide 99.99% availability due to its resilience to AZ failures.

Azure VMware Solution customer-managed encryption is supported through integration with Azure Key Vault. You can create your own encryption keys and store them in a Key Vault, or you can use Azure Key Vault API to generate encryption keys. This is now available in the following regions: West Europe, UK South, Germany West Central and Australia East.

Learn more about the updates in the stretched clusters for Azure VMware solution documentation page and about Customer-Managed Keys here.

  • Azure VMware Solution
  • Features

Related Products