什么是 Azure 资源管理器?What is Azure Resource Manager?

Azure 资源管理器是 Azure 的部署和管理服务。Azure Resource Manager is the deployment and management service for Azure. 它提供了一个管理层,用于在 Azure 帐户中创建、更新和删除资源。It provides a management layer that enables you to create, update, and delete resources in your Azure account. 部署后,可以使用访问控制、锁和标记等管理功能来保护和组织资源。You use management features, like access control, locks, and tags, to secure and organize your resources after deployment.

若要了解 Azure 资源管理器模板,请参阅模板部署概述To learn about Azure Resource Manager templates, see Template deployment overview.

一致的管理层Consistent management layer

当用户从任意 Azure 工具、API 或 SDK 发送请求时,资源管理器将会接收该请求。When a user sends a request from any of the Azure tools, APIs, or SDKs, Resource Manager receives the request. 它会对该请求进行身份验证和授权。It authenticates and authorizes the request. 资源管理器将请求发送到 Azure 服务,后者将执行请求的操作。Resource Manager sends the request to the Azure service, which takes the requested action. 由于所有请求是通过同一个 API 处理的,因此在所有不同的工具中会看到一致的结果和功能。Because all requests are handled through the same API, you see consistent results and capabilities in all the different tools.

下图演示了 Azure 资源管理器在处理 Azure 请求时发挥的作用。The following image shows the role Azure Resource Manager plays in handling Azure requests.

Resource Manager 请求模型

在门户中提供的所有功能也可以通过 PowerShell、Azure CLI、REST API 和客户端 SDK 来提供。All capabilities that are available in the portal are also available through PowerShell, Azure CLI, REST APIs, and client SDKs. 最初通过 API 发布的功能将在初次发布后的 180 天内在门户中提供。Functionality initially released through APIs will be represented in the portal within 180 days of initial release.


如果不熟悉 Azure 资源管理器,则可能不熟悉某些术语。If you're new to Azure Resource Manager, there are some terms you might not be familiar with.

  • 资源 - 可通过 Azure 获取的可管理项。resource - A manageable item that is available through Azure. 资源的示例包括虚拟机、存储帐户、Web 应用、数据库和虚拟网络。Virtual machines, storage accounts, web apps, databases, and virtual networks are examples of resources. 资源组、订阅、管理组和标记也是资源的示例。Resource groups, subscriptions, management groups, and tags are also examples of resources.
  • 资源组 — 一个容器,用于保存 Azure 解决方案的相关资源。resource group - A container that holds related resources for an Azure solution. 资源组包括你想要作为一个组进行管理的那些资源。The resource group includes those resources that you want to manage as a group. 根据最适合组织的情况来决定哪些资源属于哪个资源组。You decide which resources belong in a resource group based on what makes the most sense for your organization. 请参阅 资源组See Resource groups.
  • 资源提供程序 - 提供 Azure 资源的服务。resource provider - A service that supplies Azure resources. 例如,Microsoft.Compute 就是一个常见的资源提供程序,它提供虚拟机资源。For example, a common resource provider is Microsoft.Compute, which supplies the virtual machine resource. Microsoft.Storage 是另一个常见的资源提供程序。Microsoft.Storage is another common resource provider. 请参阅资源提供程序和类型See Resource providers and types.
  • 资源管理器模板 - 一个 JavaScript 对象表示法 (JSON) 文件,用于定义一个或多个要部署到资源组、订阅、管理组或租户的资源。Resource Manager template - A JavaScript Object Notation (JSON) file that defines one or more resources to deploy to a resource group, subscription, management group, or tenant. 使用模板能够以一致方式反复部署资源。The template can be used to deploy the resources consistently and repeatedly. 请参阅模板部署概述See Template deployment overview.
  • 声明性语法 — 一种语法,允许声明“以下是我想要创建的项目”,而不需要编写一系列编程命令来进行创建。declarative syntax - Syntax that lets you state "Here is what I intend to create" without having to write the sequence of programming commands to create it. 资源管理器模板便是声明性语法的其中一个示例。The Resource Manager template is an example of declarative syntax. 在该文件中,可以定义要部署到 Azure 的基础结构的属性。In the file, you define the properties for the infrastructure to deploy to Azure. 请参阅模板部署概述See Template deployment overview.

使用 Resource Manager 的优势The benefits of using Resource Manager

使用资源管理器可以:With Resource Manager, you can:

  • 通过声明性模板而非脚本来管理基础结构。Manage your infrastructure through declarative templates rather than scripts.

  • 以组的形式部署、管理和监视解决方案的所有资源,而不是单独处理这些资源。Deploy, manage, and monitor all the resources for your solution as a group, rather than handling these resources individually.

  • 在整个开发生命周期内重复部署解决方案,并确保以一致的状态部署资源。Redeploy your solution throughout the development lifecycle and have confidence your resources are deployed in a consistent state.

  • 定义各资源之间的依赖关系,使其按正确的顺序进行部署。Define the dependencies between resources so they're deployed in the correct order.

  • 将访问控制应用于所有服务,因为基于角色的访问控制 (RBAC) 原本已集成到管理平台。Apply access control to all services because Role-Based Access Control (RBAC) is natively integrated into the management platform.

  • 将标记应用到资源,以逻辑方式组织订阅中的所有资源。Apply tags to resources to logically organize all the resources in your subscription.

  • 通过查看一组共享相同标记的资源的成本来理清组织的帐单。Clarify your organization's billing by viewing costs for a group of resources sharing the same tag.

了解范围Understand scope

Azure 提供四个级别的范围:管理组、订阅、资源组和资源。Azure provides four levels of scope: management groups, subscriptions, resource groups, and resources. 下图显示了这些层的一个示例。The following image shows an example of these layers.


将在上述任何级别的作用域中应用管理设置。You apply management settings at any of these levels of scope. 所选的级别确定应用设置的广泛程度。The level you select determines how widely the setting is applied. 较低级别继承较高级别的设置。Lower levels inherit settings from higher levels. 例如,将策略应用于订阅时,该策略将应用于订阅中的所有资源组和资源。For example, when you apply a policy to the subscription, the policy is applied to all resource groups and resources in your subscription. 在资源组上应用策略时,该策略将应用于资源组及其所有资源。When you apply a policy on the resource group, that policy is applied the resource group and all its resources. 但是,其他资源组没有该策略分配。However, another resource group doesn't have that policy assignment.

可以将模板部署到租户、管理组、订阅或资源组。You can deploy templates to tenants, management groups, subscriptions, or resource groups.

资源组Resource groups

定义资源组时,需要考虑以下几个重要因素:There are some important factors to consider when defining your resource group:

  • 组中的所有资源应该共享相同的生命周期。All the resources in your group should share the same lifecycle. 一起部署、更新和删除这些资源。You deploy, update, and delete them together. 如果某个资源(例如服务器)需要采用不同的部署周期,则它应在另一个资源组中。If one resource, such as a server, needs to exist on a different deployment cycle it should be in another resource group.

  • 每个资源只能在一个资源组中。Each resource can only exist in one resource group.

  • 某些资源可能存在于资源组之外。Some resources can exist outside of a resource group. 这些资源将部署到订阅管理组租户These resources are deployed to the subscription, management group, or tenant. 这些范围仅支持特定的资源类型。Only specific resource types are supported at these scopes.

  • 随时可以在资源组添加或删除资源。You can add or remove a resource to a resource group at any time.

  • 可以将资源从一个资源组移到另一个组。You can move a resource from one resource group to another group. 有关详细信息,请参阅将资源移到新资源组或订阅For more information, see Move resources to new resource group or subscription.

  • 资源组可以包含位于不同区域的资源。A resource group can contain resources that are located in different regions.

  • 资源组可用于划分对管理操作的访问控制。A resource group can be used to scope access control for administrative actions.

  • 资源可与其他资源组中的资源进行交互。A resource can interact with resources in other resource groups. 如果两个资源相关,但不共享相同的生命周期,那么这种交互很常见(例如,Web 应用连接到数据库)。This interaction is common when the two resources are related but don't share the same lifecycle (for example, web apps connecting to a database).

创建资源组时,需要提供该资源组的位置。When creating a resource group, you need to provide a location for that resource group. 你可能想知道,“为什么资源组需要一个位置?You may be wondering, "Why does a resource group need a location? 另外,如果资源的位置和资源组不同,那为什么资源组的位置很重要呢?And, if the resources can have different locations than the resource group, why does the resource group location matter at all?" ” 资源组存储有关资源的元数据。The resource group stores metadata about the resources. 当指定资源组的位置时,也就指定了元数据的存储位置。When you specify a location for the resource group, you're specifying where that metadata is stored. 出于合规性原因,可能需要确保数据存储在某一特定区域。For compliance reasons, you may need to ensure that your data is stored in a particular region.

如果资源组的区域临时不可用,则不能更新资源组中的资源,因为元数据不可用。If the resource group's region is temporarily unavailable, you can't update resources in the resource group because the metadata is unavailable. 其他区域中的资源仍可按预期运行,但你不能更新它们。The resources in other regions will still function as expected, but you can't update them.

Azure 资源管理器的复原能力Resiliency of Azure Resource Manager

Azure 资源管理器服务旨在实现复原能力和持续可用性。The Azure Resource Manager service is designed for resiliency and continuous availability. REST API 中的资源管理器和控制平面操作(发送到 management.chinacloudapi.cn 的请求)具有以下特性:Resource Manager and control plane operations (requests sent to management.chinacloudapi.cn) in the REST API are:

  • 跨区域分布。Distributed across regions. 某些服务具有区域性。Some services are regional.

  • 不依赖于单个逻辑数据中心。Not dependent on a single logical data center.

  • 从未因维护活动而停机。Never taken down for maintenance activities.

这种复原能力适用于通过资源管理器接收请求的服务。This resiliency applies to services that receive requests through Resource Manager. 例如,Key Vault 可以利用这种复原能力。For example, Key Vault benefits from this resiliency.

后续步骤Next steps