在标识和访问管理基础结构中构建复原能力Build resilience in your identity and access management infrastructure

Azure Active Directory 是一个全局云标识和访问管理系统,可为组织资源提供身份验证、授权等关键服务。Azure Active Directory is a global cloud identity and access management system that provides critical services such as authentication and authorization to your organization’s resources. 本文档将为你提供指导,让你了解、控制和减轻身份验证或授权服务中断给依赖于 Azure Active Directory (Azure AD) 的资源带来的风险。This document provides you with guidance to understand, contain, and mitigate the risk of disruption of authentication or authorization services for resources that rely on Azure Active Directory (Azure AD).

本文档集面向The document set is designed for

  • 标识架构师Identity Architects

  • 标识服务所有者Identity Service Owners

  • 标识运营团队Identity Operations teams

另请参阅面向应用程序开发人员Azure AD B2C 系统的文档。Please also see the documentation for application developers and for Azure AD B2C systems.

什么是复原能力?What is resilience?

就标识基础结构而言,复原能力是指能够承受身份验证和授权等服务的中断或其他组件的故障,并对业务、用户和运营的影响极小,甚至没有影响。In the context of your identity infrastructure, resilience is the ability to endure disruption to services like authentication and authorization, or failure of other components, with minimal or no impact to your business, users, and operations. 中断带来的影响可能会很严重,因此需要认真规划复原能力。The impact of disruption can be severe, and resilience requires diligent planning.

为什么要担心服务中断?Why worry about disruption?

如果对 Azure AD 的调用链中的任意组件发生故障,则对身份验证系统的每次调用都会中断。Every call to the authentication system is subject to disruption if any component in the chain of the call to Azure AD fails. 这意味着,如果基础结构的任意部分出现问题,工作都有可能中断,因为用户无法访问所需的应用程序。This means if any part of your infrastructure has an issue work can be interrupted because users can't access the applications they need. 因此,减少身份验证调用次数和这些调用中的依赖项数量对于复原能力至关重要。Therefore, reducing the number of authentication calls and number of dependencies in those calls is important to your resilience. 应用程序开发人员可以对令牌请求频率进行一些控制。Application developers can assert some control over how often tokens are requested. 例如,与开发人员合作,确保他们尽可能为其应用程序使用 Azure AD 托管标识。For example, work with your developers to ensure they're using Azure AD Managed Identities for their applications wherever possible.

在基于令牌的身份验证系统(如 Azure AD)中,用户的应用程序(客户端)必须先从标识系统获取安全令牌,然后才能访问应用程序或其他资源。In a token-based authentication system like Azure AD, a user’s application (client) must acquire a security token from the identity system before it can access an application or other resource. 在有效期内,客户端可以多次提供同一令牌来访问应用程序。During the validity period, a client can present the same token multiple times to access the application.

当提供给应用程序的令牌过期时,应用程序会拒绝该令牌,客户端必须从 Azure AD 获取新令牌。When the token presented to the application expires, the application rejects the token, and the client must acquire a new token from Azure AD. 获取新令牌可能需要用户交互,例如凭据提示。Acquiring a new token potentially requires user interaction such as credential prompts. 通过使用生存期较长的令牌降低身份验证调用频率,可以减轻这种风险。Reducing the frequency of authentication calls with longer-lived tokens reduces this risk. 但是,你必须在令牌生存期与策略评估减少所造成的风险之间取得平衡。However, you must balance token life with the risk created by fewer policy evaluations.

提高复原能力的方法Ways to increase resilience

下图展示了六种可以提高复原能力的具体方法。The following diagram shows six concrete ways you can increase resilience. 本文“后续步骤”部分中链接的文章详细说明了每种方法。Each method is explained in detail in the articles linked in the Next steps portion of this article.

管理员复原能力概览图

后续步骤Next steps

面向管理员和架构师的复原能力资源Resilience resources for administrators and architects

适用于开发人员的复原能力资源Resilience resources for developers