Uncanny, I was reading about ephemeral disks for my AZ-104 study yesterday but had mistakenly picked up that they couldn't be used for OS, so this demo was both very timely and helpful. Thanks for sharing.
Thanks for the video, John. It helped verify the way I was understanding it. After reading the documentation I still had my doubts that they were allowing you to use a non-persistent storage for the OS, being traditionally antithetical. But does make sense for AKS and some scenarios.
I like this and it did not occur to me when i had the same requirement. Tried to encrypt and throw away the CMK but the secrets are purge protected when attached to a resource. The best way I came up with for a secure ephemeral VM is to ensure there is no TPM, bitlocker encrypt through customer script extension and throw away the recovery key, and have that script also remove the azure services so password cant be reset by an azure admin. Set an auto shutdown and you have a single boot VM that cant be recovered by nosey admins. (good for the occasional GPT when its not allowed ;) ) Huge benefit to IOPS with your solution. The only way I have managed to bypass the IOPS barriers is to use the iSCSI Ramdrive system and symbolic link my apps to run from it. WIll try your solution as it solves both ! :)
