Azure 控制平面和数据平面Azure control plane and data plane

Azure 操作可以分为两个类别 - 控制平面和数据平面。Azure operations can be divided into two categories - control plane and data plane. 本文介绍这两种类型的操作之间的差异。This article describes the differences between those two types of operations.

使用控制平面可管理订阅中的资源。You use the control plane to manage resources in your subscription. 可以使用数据平面来使用由资源类型的实例公开的功能。You use the data plane to use capabilities exposed by your instance of a resource type.

例如:For example:

  • 通过控制平面创建虚拟机。You create a virtual machine through the control plane. 创建虚拟机后,通过数据平面操作(如远程桌面协议 (RDP))与该虚拟机进行交互。After the virtual machine is created, you interact with it through data plane operations, such as Remote Desktop Protocol (RDP).

  • 通过控制平面创建存储帐户。You create a storage account through the control plane. 然后,使用数据平面在存储帐户中读取和写入数据。You use the data plane to read and write data in the storage account.

  • 通过控制平面创建 Cosmos 数据库。You create a Cosmos database through the control plane. 为了查询 Cosmos 数据库中的数据,可以使用数据平面。To query data in the Cosmos database, you use the data plane.

控制面板Control plane

对控制平面操作的所有请求都将发送到 Azure 资源管理器 URL。All requests for control plane operations are sent to the Azure Resource Manager URL. 该 URL 因 Azure 环境而异。That URL varies by the Azure environment.

  • 对于 Azure 全球,该 URL 是 Azure global, the URL is
  • 对于 Azure 政府,该 URL 是 Azure Government, the URL is
  • 对于 Azure 德国,该 URL 是 Azure Germany, the URL is
  • 对于 Microsoft Azure 中国世纪互联,该 URL 是 https://management.chinacloudapi.cnFor Microsoft Azure China 21Vianet, the URL is

若要发现哪些操作使用 Azure 资源管理器 URL,请参阅 Azure REST APITo discover which operations use the Azure Resource Manager URL, see the Azure REST API. 例如,用于 MySql 的创建或更新操作是控制平面操作,因为请求 URL 是:For example, the create or update operation for MySql is a control plane operation because the request URL is:


Azure 资源管理器处理所有控制平面请求。Azure Resource Manager handles all control plane requests. 它将自动应用已实现的 Azure 功能来管理资源,例如:It automatically applies the Azure features you've implemented to manage your resources, such as:

对请求进行身份验证后,Azure 资源管理器会将其发送到资源提供程序,该资源提供程序会完成操作。After authenticating the request, Azure Resource Manager sends it to the resource provider, which completes the operation.

控制平面包括两个用于处理请求的方案 -“绿色字段”和“棕色字段”。The control plane includes two scenarios for handling requests - "green field" and "brown field". “绿色字段”指的是新资源。Green field refers to new resources. “棕色字段”指的是现有资源。Brown field refers to existing resources. 部署资源时,Azure 资源管理器会了解何时要创建新资源以及何时要更新现有资源。As you deploy resources, Azure Resource Manager understands when to create new resources and when to update existing resources. 你不必担心相同的资源会被创建。You don't have to worry that identical resources will be created.

数据平面Data plane

对数据平面操作的请求将发送到特定于你的实例的终结点。Requests for data plane operations are sent to an endpoint that is specific to your instance. 例如,认知服务中的检测语言操作是一项数据平面操作,因为请求 URL 是:For example, the Detect Language operation in Cognitive Services is a data plane operation because the request URL is:

POST {Endpoint}/text/analytics/v2.0/languages

数据平面操作不限于 REST API。Data plane operations aren't limited to REST API. 它们可能需要其他凭据,例如在登录到虚拟机或数据库服务器时。They may require additional credentials such as logging in to a virtual machine or database server.

那些强制执行管理和调控的功能可能不适用于数据平面操作。Features that enforce management and governance might not applied to data plane operations. 你需要考虑用户与你的解决方案交互的不同方式。You need to consider the different ways users interact with your solutions. 例如,某个阻止用户删除数据库的锁不会阻止用户通过查询删除数据。For example, a lock that prevents users from deleting a database doesn't prevent users from deleting data through queries.

你可以使用某些策略来调控数据平面操作。You can use some policies to govern data plane operations. 有关详细信息,请参阅 Azure Policy 中的资源提供程序模式(预览版)For more information, see Resource Provider modes (preview) in Azure Policy.

后续步骤Next steps