Hello and welcome to Azure managed disks. In this lesson, we're going to take a look at the benefits of managed disks and at the types of encryption you can use with managed disks. Let's start by identifying what a managed disk is in Azure. An Azure managed disk is similar to a physical disk that you would find in a physical on-prem server, but it's virtualized. It's a block level storage volume that's used with Azure VMs and is managed by Microsoft Azure.

Creating a managed disk in Microsoft Azure is as simple as specifying the size of the disk, and the type of the disk you want to use. When you provision a managed disk, you have a choice of several different types. You can deploy ultra disks, premium SSD disks, standard SSD disks, and standard HDD disks. We will actually look at these types in a little more detail in the next lesson. But for now, we're just going to look at the benefits of using managed disks.

For starters, managed disks are designed for 99.999% availability. That's five nines of availability. To achieve this level of availability, there are three replicas of the data stored on each managed disk. This type of durability protects you from not only one, but two failures of disk replicas.

Managed disks make it easy to deploy and scale VMs. Microsoft Azure allows up to 50,000 VM disks of a specific type per region in each subscription. This allows you to create thousands of virtual machines in one subscription. Because Azure supports so many disks, you can create VM scale sets that include up to 1000 VMs per set, provided you use a marketplace image. 

I should point out that managed disks are integrated with both availability sets and availability zones. The integration with availability sets ensures that VM disks within an availability set are isolated from one another. This protects your applications from a single point of failure within an Azure datacenter. Availability zone integration protects applications from entire Azure datacenter failures.

Since Azure backup supports the backup and restore of managed disks, you can use Azure backup to create backup jobs to protect your data. This makes VM restores a snap. I should mention, however, at the time of this course publication, Azure backup supports disk sizes up to 32 terabytes.

Through Azure role-based access control, or RBAC, you can specify granular access control for managed disks. You can assign specific permissions for managed disks to your users.

Lastly, Azure managed disks make it easier to upload your on-prem VMs to Azure because you can use direct upload to transfer your VHD files to Azure managed disks. There are far fewer steps to uploading your VHDs than there used to be.

There are two types of encryption that you can use with managed disks. They include server-side encryption, or SSE, and Azure disk encryption, or ADE.

Server-side encryption is performed by the Azure storage service, and is enabled by default for all managed disks. This type of encryption provides encryption at rest for your data. Server-side encryption is also enabled by default for snapshots and images in regions where managed disks are available.

Azure disk encryption is enabled on the OS and data disks of a VM. Using Azure disk encryption, you can encrypt the OS and data disks for a virtual machine, including managed disks. On Windows VMs, the disks are encrypted using bit locker technology. While on Linux VMs, the disks are encrypted using DM-crypt technology.

There are three disk roles in Azure. These roles include data disks, OS disks, and temporary disks.

Data disks are managed disks that you attach to a virtual machine. They're used to store applications and other sorts of data that you need. When you attach a data disk to a VM, it's registered as a SCSI drive. You can assign a drive letter to a data disk just like any other physical disk in a physical server. Data disks have a max capacity of 32 terabytes, and the number of data disks that you can attach to a virtual machine will be determined by the size of the virtual machine itself.

OS disks are pretty self-explanatory. When you deploy a virtual machine, it's deployed with a single OS disk attached. The OS disk, as you may have guessed, hosts the VM's operating system and boot volume. The max capacity of an OS disk is four terabytes.

Temporary disks are probably the most misunderstood of the three disk types. Every VM contains a temporary disk. I should mention, however, that the temporary disk is not a managed disk. The temporary disk is not intended for storage of important data. Instead, temporary disks are used to host things like page files and swap files. Data that is stored on a temporary disk is often lost during maintenance events and when a VM is redeployed. The temporary disk is assigned the drive letter of D on Windows machines by default. On Azure Linux VMs, the temporary disk is /dev/sdb.