Profile Applicability:
- Level 1
Description:
This check ensures that Azure Virtual Machines (VMs) are using Managed Disks for storage. Managed Disks provide high availability, durability, and scalability by automatically managing the underlying storage infrastructure. They offer improved reliability over unmanaged disks and simplify disk management for Azure VMs.
Rationale:
Managed Disks are recommended for all production workloads in Azure as they handle storage account management for you. Unlike unmanaged disks, which require you to manage storage accounts, Managed Disks are automatically placed in an optimized storage account and offer features like automatic replication, enhanced security, and easier scaling. They also allow for better monitoring and performance.
Impact:
Pros:
Simplifies storage management by eliminating the need to manage storage accounts for disks.
Provides built-in redundancy and high availability by default.
Enhances security through integration with Azure Security Center and encryption at rest.
Improves scalability, making it easier to manage large numbers of VMs and disks.
Cons:
Managed Disks may incur additional costs compared to unmanaged disks, depending on the disk size and performance tier.
Requires configuration of Managed Disks for VMs that were previously using unmanaged disks.
Default Value:
By default, new Azure VMs are created with Managed Disks. However, existing VMs may still be using unmanaged disks if they were created before Managed Disks became the default option.
Pre-requisites:
Ensure that the virtual machines are either newly created or migrated to utilize Managed Disks. It is also important to have sufficient permissions to view and update VM configurations.
Test Plan:
Using Azure Console:
Log in to the Azure portal at https://portal.azure.com.
Go to the Virtual Machines blade.
Select the virtual machine you want to review.
Under the Settings section, click on Disks.
Verify that the OS Disk and any Data Disks are using Managed Disks (the disk type should be listed as Managed).
Using Azure CLI:
To check if a VM is using Managed Disks, run the following command:
az vm show --resource-group <RESOURCE_GROUP_NAME> --name <VM_NAME> --query "storageProfile.osDisk.managedDisk.id"
If the result contains a managed disk ID (indicating the disk is managed), then the VM is utilizing Managed Disks.
Implementation Plan:
Using Azure Console:
Log in to the Azure portal at https://portal.azure.com.
Go to the Virtual Machines blade.
Select the VM for which you want to enable Managed Disks.
Under the Settings section, click on Disks.
If the VM is using unmanaged disks, click on the OS Disk and choose Convert to Managed Disk.
Follow the steps to complete the conversion and click Save.
Using Azure CLI:
To convert an unmanaged disk to a managed disk, run the following command:
az vm disk attach --resource-group <RESOURCE_GROUP_NAME> --vm-name <VM_NAME> --disk <DISK_NAME> --managed
Ensure the VM is configured to use Managed Disks by checking the disk settings again.
Backout Plan:
Using Azure Console:
Log in to the Azure portal at https://portal.azure.com.
Go to the Virtual Machines blade.
Select the VM for which you want to revert the Managed Disk configuration.
Under the Settings section, click on Disks.
If the VM is using Managed Disks, click on the OS Disk and choose Convert to Unmanaged Disk.
Follow the steps to complete the conversion and click Save.
Using Azure CLI:
To convert a Managed Disk back to an unmanaged disk, run the following command:
az vm disk detach --resource-group <RESOURCE_GROUP_NAME> --vm-name <VM_NAME> --name <DISK_NAME>
Then, attach the disk as an unmanaged disk:
az vm disk attach --resource-group <RESOURCE_GROUP_NAME> --vm-name <VM_NAME> --disk <DISK_NAME> --unmanaged