What is Azure Encryption at Host?
Azure Encryption at Host encrypts the entire instance end to end for security compliance. This encryption happens outside the operating system at the host level, and is transparent to the operating system and your application. It handles dealing with cloud-specific items that can complicate disk encryption efforts such as temporary ephemeral disks, and encryption of caches.
CAE Application Performance Impact With Encryption at Host Enabled
The Azure documentation says host based encryption has no performance impact, unlike other partial solution encryption options (see table below). To test that, TotalCAE ran some multi-node LS-DYNA jobs on HB series with and without encryption at host enabled on HBv2 and saw NO performance impact from setting it.
How to Enable Encryption at Host on Azure Scale Sets.
The nice part of Encryption at Host is how simple it is to enable, without dealing with complexity and performance hit of encryption at the operating system level.
To enable Encryption at Host, when creating the Azure HPC Virtual Machine Scale Set, click on Enable Encryption at Host, as shown below.
What HPC Instances Support Host-Based Encryption
Most (but not all) HPC H series VMs support Encryption at Host. There is no table online, but you can use the following snippet of PowerShell to find out if your instance type and region supports it; this example shows the HB series in the East US.
You can see that only HBv4 is currently not supported from the output below:
Summary
In summary, Azure Encryption at Host does simplify compliance requirements without impacting the performance of CAE applications. If you are interested in learning more about running CAE applications on Azure, sign up for our TotalCAE on Azure e-book over at https://www.totalcae.com/azure/