Uncanny, I was reading about ephemeral disks for my AZ-104 study yesterday but had mistakenly picked up that they couldn't be used for OS, so this demo was both very timely and helpful. Thanks for sharing.
Thanks for the video, John. It helped verify the way I was understanding it. After reading the documentation I still had my doubts that they were allowing you to use a non-persistent storage for the OS, being traditionally antithetical. But does make sense for AKS and some scenarios.
I like this and it did not occur to me when i had the same requirement. Tried to encrypt and throw away the CMK but the secrets are purge protected when attached to a resource. The best way I came up with for a secure ephemeral VM is to ensure there is no TPM, bitlocker encrypt through customer script extension and throw away the recovery key, and have that script also remove the azure services so password cant be reset by an azure admin. Set an auto shutdown and you have a single boot VM that cant be recovered by nosey admins. (good for the occasional GPT when its not allowed ;) ) Huge benefit to IOPS with your solution. The only way I have managed to bypass the IOPS barriers is to use the iSCSI Ramdrive system and symbolic link my apps to run from it. WIll try your solution as it solves both ! :)
I read the documentation and I felt confused. Then I found this video and now it all makes sense! Thanks for the video
Uncanny, I was reading about ephemeral disks for my AZ-104 study yesterday but had mistakenly picked up that they couldn't be used for OS, so this demo was both very timely and helpful. Thanks for sharing.
Glad I could help!
Thanks for the video, John. It helped verify the way I was understanding it. After reading the documentation I still had my doubts that they were allowing you to use a non-persistent storage for the OS, being traditionally antithetical. But does make sense for AKS and some scenarios.
I like this and it did not occur to me when i had the same requirement. Tried to encrypt and throw away the CMK but the secrets are purge protected when attached to a resource. The best way I came up with for a secure ephemeral VM is to ensure there is no TPM, bitlocker encrypt through customer script extension and throw away the recovery key, and have that script also remove the azure services so password cant be reset by an azure admin. Set an auto shutdown and you have a single boot VM that cant be recovered by nosey admins. (good for the occasional GPT when its not allowed ;) ) Huge benefit to IOPS with your solution. The only way I have managed to bypass the IOPS barriers is to use the iSCSI Ramdrive system and symbolic link my apps to run from it. WIll try your solution as it solves both ! :)
This video about Ephemeral Disks makes so much sense if you are using ephemeral VMs aka non persistent VMs, this makes VMs much much faster.
Perfect for nonpersistent vdi
Morning John. Thanks for the video. Always interesting.
You bet
Nice refresher, thanks again John
Thank so much you, Chief 👍👍
enjoying this video for today learning, thanks a lot!
You are welcome!
For AKS, we can use ephemeral disk only for stateless containers. Is that a right statement?
No. The state of containers would not typically be stored on the node local storage but on something like persistent volume that is hosted elsewhere.
Thanks legend!
💪