This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Encryption capabilities
Encryption capabilities protect the content of virtual machines from attacks by malicious guests on a shared virtual machine host and from attacks launched by the hypervisor control software that manages all the virtual machines on the host.
See the following for more information on supported cloud services:
- Encryption capabilities in AWS
- Encryption capabilities in Google Cloud Platform
- Encryption capabilities in Microsoft Azure
Encryption capabilities in AWS
This section describes the encryption capabilities in AWS virtualization environments.
Automatic encryption
You can turn on automatic encryption of new Amazon EBS volumes and snapshot copies created in your account. For more information, see Automatic encryption.
Encryption capabilities in Google Cloud Platform
This section describes the encryption capabilities in Google Cloud Platform (GCP) virtualization environments.
If you need more control over key operations than what Google-managed encryption keys allows, you can use customer-managed encryption keys. When using a customer-managed encryption key, an object is encrypted with the key by Cloud Storage at the time it’s stored in a bucket, and the object is automatically decrypted by Cloud Storage when the object is served to requesters. For more information, see Customer-managed encryption keys.
You can use Customer Managed Encryption Keys (CMEK) for MCS catalogs. For more information, see Using Customer Managed Encryption Keys (CMEK).
Encryption capabilities in Microsoft Azure
This section describes the encryption capabilities in Azure virtualization environments.
Azure server side encryption
Most Azure managed disks are encrypted with Azure Storage encryption, which uses server-side encryption (SSE) to protect your data and to help you meet your security and compliance commitments. Citrix Virtual Apps and Desktops supports customer-managed encryption keys for Azure managed disks through Azure Key Vault. For more information, see Azure server side encryption.
Azure disk encryption at host
You can create an MCS machine catalog with encryption at host capability.
This encryption method does not encrypt the data through the Azure storage. The server hosting the VM encrypts the data and then the encrypted data flows through the Azure storage server. Hence, this method of encryption encrypts data end to end.
For more information on creating MCS machine catalog with encryption at host capability, see Azure disk encryption at host.
Azure double encryption
Double encryption is platform-side encryption (default) and customer managed encryption (CMEK). Therefore, if you are a high security sensitive customer who is concerned about the risk associated with any encryption algorithm, implementation, or a compromised key, you can opt for this double encryption. Persistent OS and data disks, snapshots, and images are all encrypted at rest with double encryption. For more information, see Double encryption on managed disk.
Azure confidential VMs
Azure confidential computing VMs ensure that your virtual desktop is encrypted in memory and protected in use.
You can use MCS to create a catalog with Azure confidential VMs. You must use the machine profile workflow to create such a catalog. You can use both VM and ARM template spec as a machine profile input.
For more information, see Azure confidential VMs.
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.