Summary
When scaling an engine or running a query, you may encounter the error: "The property 'securityProfile.encryptionAtHost' is not valid because the 'Microsoft.Compute/EncryptionAtHost' feature is not enabled for this subscription."
Reported Issue
The error message "The property 'securityProfile.encryptionAtHost' is not valid because the 'Microsoft.Compute/EncryptionAtHost' feature is not enabled for this subscription" is seen when scaling an engine or running a query against Dremio Cloud.
Relevant Versions
Dremio Cloud
Troubleshooting Steps
In the engine events, the error message below is shown. Customers can also see this within the Dremio UI, under the engine settings page.
Scaling Failed. The property 'securityProfile.encryptionAtHost' is not valid because the 'Microsoft.Compute/EncryptionAtHost' feature is not enabled for this subscription.
Cause
When you activate encryption at the host level, data residing on the VM host becomes encrypted while at rest, and it is transmitted in an encrypted form to the Azure Storage service. If you have not enabled encryptionAtHost the steps within your Azure subscription, the error message is seen when scaling an engine or running a query against the data.
Steps to Resolve
You can follow these steps here to enable it in your Azure subscription:
https://docs.dremio.com/cloud/get-started/prerequisites#enabling-disk-encryption
https://learn.microsoft.com/en-us/azure/virtual-machines/disks-enable-host-based-encryption-portal?tabs=azure-cli#prerequisites
Next Steps
The change is immediate, no restart of Dremio is required.