Configuring the Manage Your Own Keys (MYOK) Feature
Feature overview
The Manage Your Own Keys (MYOK) feature allows customers to encrypt their data using their own Azure-managed encryption keys, instead of Azure-managed encryption keys controlled by Arctera Insight.
If a customer opts to manage its own encryption keys, the Arctera Insight Super Admin enables the MYOK option from the Management Console during the initial provisioning of the customer's account. After MYOK is enabled, the customer gains full control over its Azure-managed keys through the Management Console and uses them to encrypt and protect its data.
MYOK-specific constraints
The MYOK option is available only during initial provisioning of a customer account from the Management Console. If the customer opts to manage its own encryption keys, the Arctera Insight Super Admin must enable MYOK at that stage.
The customer for whom the MYOK feature is not enabled can contact Arctera support to access this option; however, the process incurs additional time and cost. Once enabled, a service alert prompts customer administrators to complete the MYOK configuration. Until it's completed, the Management Console remains restricted, and other features are inaccessible.
Prerequisites
Before installing the Microsoft Azure app, ensure that:
-
You have the Application Administrator and Owner (subscription owner) roles to create the encryption keys.
-
You must sign up using an Azure Active Directory (Azure AD) organizational account.Note: Personal Microsoft accounts are not supported for this configuration.
Configuration steps
The stages involved in the MYOK feature configuration are described below.
-
To be done by the Arctera Insight Management Console Super Administrator
-
To be done by the Customer's Insight Management Console administrator
-
Stage 3: Generating a Storage Key URI
-
Stage 5: Configuring key rotation policy