混合应用程序设计注意事项Hybrid application design considerations

Azure 是唯一一致的混合云。Azure is the only consistent hybrid cloud. 它可让你重复利用开发投资,并支持跨全球 Azure、Azure 主权云和 Azure Stack(数据中心内的一个 Azure 扩展)的应用程序。It allows you to reuse your development investments and enables applications that can span global Azure, the sovereign Azure clouds, and Azure Stack, which is an extension of Azure in your datacenter. 跨云的应用程序也称为混合应用程序Applications that span clouds are also referred to as hybrid applications.

Azure 应用程序体系结构指南中介绍了设计可缩放、可复原和高度可用的应用程序的结构化方法。 The Azure Application Architecture Guide describes a structured approach for designing applications that are scalable, resilient, and highly available. Azure 应用程序体系结构指南中所述的注意事项同样适用于针对单个云设计的应用程序和跨云的应用程序。 The considerations described in the Azure Application Architecture Guide equally apply to applications that are designed for a single cloud and for applications that span clouds.

本文补充了 Azure 应用程序体系结构指南中所述的软件质量的要素,重点说明如何设计混合应用程序。 This article augments the Pillars of software quality discussed in the Azure Application Architecture Guide, focusing specifically on designing hybrid applications. 此外,我们还添加了一个定位要素,因为混合应用程序并非专属于一个云或一个本地数据中心。 In addition, we add a placement pillar as hybrid applications are not exclusive to one cloud or one on-premises datacenter.

混合方案因可用于开发的资源而有很大的不同,并且涉及地理、安全性、Internet 访问等考虑因素。Hybrid scenarios vary greatly with the resources that are available for development, and span considerations such as geography, security, Internet access, and other considerations. 尽管本指南无法列举具体的考虑因素,但可以提供一些重要的指导和最佳做法供你遵循。Although this guide cannot enumerate your specific considerations, it can provide some key guidelines and best practices for you to follow. 要成功设计、配置、部署和维护混合应用程序体系结构涉及到许多可能不为你所熟知的设计考虑因素。Successfully designing, configuring, deploying, and maintaining a hybrid application architecture involves many design considerations that might not be inherently known to you.

本文档旨在汇总实施混合应用程序时可能发生的问题,并提供相关注意事项(这些要素),以及处理这些问题的最佳做法。This document aims to aggregate the possible questions that might arise when implementing hybrid applications and provides considerations (these pillars) and best practices to work with them. 在设计阶段解决这些问题有助于避免它们在生产环境中造成问题。By addressing these questions during the design phase, you’ll avoid the issues they could cause in production.

实质上,在创建混合应用程序之前需要考虑到这些问题。Essentially, these are questions you need to think about before creating a hybrid application. 若要开始,需做好以下工作:To get started, you need to do the following:

  • 识别和评估应用程序组件。Identify and evaluate the application components.

  • 根据要素评估应用程序组件。Evaluate application components against the pillars.

评估应用程序组件Evaluate the application components

应用程序的每个组件在较大的应用程序中具有其自身的特定角色,且根据所有设计注意事项对其进行评审。Each component of an application has its own specific role within the larger application and should be reviewed with all design considerations. 每个组件的要求和功能应符合这些注意事项,以帮助确定应用程序体系结构。Each component’s requirements and features should map to these considerations to help determine the application architecture.

可以研究应用程序的体系结构并确定其构成部分,以此将应用程序分解成不同的组件。Decompose your application into its components by studying your application’s architecture and determining what it consists of. 组件还可能包含与应用程序交互的其他应用程序。Components can also include other applications that your application interacts with. 在识别组件时,请根据其特征评估所需的混合操作,例如:As you identify the components, evaluate your intended hybrid operations according to their characteristics, such as the following:

  • 组件的用途是什么?What is the purpose of the component?

  • 组件之间的相互依赖关系是什么?What are the interdependencies between the components?

例如,应用程序可能包含定义为两个组件的前端和后端。For example, an application can have a front-end and back-end defined as two components. 在混合方案中,前端位于一个云中,后端位于另一个云中。In a hybrid scenario, the front end is in one cloud and the back-end is in the other. 应用程序The application

在前端与用户之间以及前端与后端之间提供信道。provides communication channels between the front end and the user, and also between the front end and the back-end.

应用程序组件是按照多种形式和方案定义的。An application component is defined by many forms and scenarios. 最重要的任务是识别组件及其云位置或本地位置。The most important task is identifying them and their cloud or on-premises location.

表 1 列出了要包含在库存中的常见应用程序组件。The common application components to include in your inventory are listed in Table 1.

表 1.Table 1. 常见的应用组件Common app components

组件Component 混合应用程序指导Hybrid application guidance
客户端连接Client connections 应用程序(在任何设备上)可以从单个入口点通过多种方式访问用户,其中包括:Your application (on any device) can access users in various ways, from a single-entry point, including the following:
- 客户端服务器模型,该模型要求用户安装客户端以使用应用程序。- A client-server model that requires the user to have a client installed to work with the application. 基于服务器的、可从 Web 浏览器访问的应用程序。A server-based application that is accessed from a web browser.
- 客户端连接可以包括连接中断时发出的通知,或发生漫游费时发出的警报。- Client connections can include notifications when the connection is broken or alerts when roaming charges may apply.
身份验证Authentication 连接到应用程序的用户或者从一个组件连接到另一个组件的用户可能需要执行身份验证。Authentication can be required for a user connecting to the application, or from one component connecting to another.
APIAPIs 可让开发人员以编程方式使用 API 集和类库来访问你的应用程序,并根据 Internet 标准提供连接接口。You can provide developers with programmatic access to your application with API sets and class libraries and provide a connection interface based on Internet standards. 还可以使用 API 将应用程序分解成独立运行的逻辑单元。You can also use APIs to decompose an application into independently operating logical units.
服务Services 可以使用简单的服务来提供应用程序的功能。You can employ succinct services to provide the features for an application. 此类服务可以是应用程序运行所在的引擎。A service can be the engine that the application runs on.
队列Queues 可以使用队列来组织生命周期的状态,以及应用程序组件的状态。You can use queues to organize the status of the life cycles and states of your application’s components. 这些队列可为订阅方提供消息传送、通知和缓冲功能。These queues can provide messaging, notifications, and buffering capabilities to subscribing parties.
数据存储Data storage 应用程序可以是无状态或有状态的。An application can be stateless or stateful. 有状态应用程序需要采用众多格式和容量大小的数据存储。Stateful applications need data storage that can be met by numerous formats and volumes.
数据缓存Data caching 设计中的数据缓存组件可按策略解决延迟问题,并在触发云负载喷发方面发挥作用。A data caching component in your design can strategically address latency issues and play a role in triggering cloud bursting.
数据引入Data ingestion 可通过多种方式将数据提交到应用程序,包括 Web 窗体中的用户提交值、持续性的大量数据流,等等。Data can be submitted to an application in many ways, ranging from user-submitted values in a web form to continuously high-volume data flow.
数据处理Data processing 可在源中执行数据处理任务(例如报告、分析、批量导出和数据转换),或使用数据副本在独立的组件上减轻这些任务的负载。Your data processing tasks (such as reports, analytics, batch exports, and data transformation) can either be processed at the source or offloaded on a separate component using a copy of the data.

评估应用组件的要素Assess app components for pillars

对于每个组件,需评估其每个要素的特征。For each component, evaluate its characteristics for each pillar. 评估每个组件的所有要素时,你可能会认识到以前未曾考虑到的问题对混合应用程序设计造成的影响。As you evaluate each component with all of the pillars, questions you might not have considered may become known to you that affect the design of the hybrid application. 这些考虑有助于应用程序的优化。Acting on these considerations could add value in optimizing your application. 表 2 描述了每项要素与混合应用程序之间的关系。Table 2 provides a description of each pillar as it relates to hybrid applications.

表 2.Table 2. 要素Pillars

要素Pillar 说明Description
定位Placement 组件在混合应用程序中的战略定位。The strategic positioning of components in hybrid applications.
可伸缩性Scalability 系统处理增加的负载的能力。The ability of a system to handle increased load.
可用性Availability 混合应用程序正常运行的时间比例。The proportion of time that a hybrid application is functional and working.
复原能力Resiliency 混合应用程序的恢复能力。The ability for a hybrid application to recover.
可管理性Manageability 让系统在生产环境中持续运行的操作过程。Operations processes that keep a system running in production.
安全性Security 保护混合应用程序和数据免受威胁。Protecting hybrid applications and data from threats.


混合应用程序原本附带定位考虑因素,例如在数据中心的定位。A hybrid application inherently has a placement consideration, such as for the datacenter.

定位是定位组件的重要任务,这些组件应该为混合应用程序提供最佳服务。Placement is the important task of positioning components so that they can best service a hybrid application. 根据定义,混合应用程序跨多个位置,例如从本地到云,以及位于不同的云之间。By definition, hybrid applications span locations, such as from on-premises to the cloud and among different clouds. 可通过两种方式将应用程序的组件定位到云中:You can place components of the application on clouds in two ways:

  • 垂直混合应用程序Vertical hybrid applications
    应用程序组件分布在各个位置。Application components are distributed across locations. 每个组件可以有多个仅位于一个位置的实例。Each individual component can have multiple instances located only in a single location.

  • 水平混合应用程序Horizontal hybrid applications
    应用程序组件分布在各个位置。Application components are distributed across locations. 每个组件可以有多个跨多个位置的实例。Each individual component can have multiple instances spanning multiple locations.

    有些组件可以识别其位置,而有些则完全无法识别其位置和定位方式。Some components can be aware of their location while others do not have any knowledge of their location and placement. 这种识别力可通过一个抽象层来实现。This virtuousness can be achieved with an abstraction layer. 此层使用新式应用程序框架(例如微服务),可定义在跨云节点上运行的应用程序组件如何通过定位来为应用程序提供服务。This layer, with a modern application framework like microservices, can define how the application is serviced by the placement of application components operating on nodes across clouds.

定位查检表Placement checklist

验证所需的位置。Verify required locations. 确保要求应用程序或其任何组件在特定的云中运行,或者需要经过认证才能在该云中运行。Make sure the application or any of its components are required to operate in, or require certification for, a specific cloud. 这可能包括公司或法律规定的主权要求。This can include sovereignty requirements from your company or dictated by law. 此外,确定特定的位置或区域设置是否需要任何本地操作。Also, determine if any on-premises operations are required for a particular location or locale.

确定连接依赖关系。Ascertain connectivity dependencies. 所需的位置和其他因素可以指示组件之间的连接依赖关系。Required locations and other factors can dictate the connectivity dependencies among your components. 定位组件时,请确定它们之间的通信的最佳连接和安全性。As you place the components, determine the optimal connectivity and security for communication among them. 选项包括 VPNExpressRoute混合连接Choices include VPN, ExpressRoute, and Hybrid Connections.

评估平台功能。Evaluate platform capabilities. 对于每个应用程序组件,请确定云中是否提供了应用程序组件所需的资源提供程序,以及带宽是否足以应对预期的吞吐量和延迟要求。For each application component, see if the required resource provider for the application component is available on the cloud and if the bandwidth can accommodate the expected throughput and latency requirements.

规划可移植性。Plan for portability. 使用新式应用程序框架(例如容器或微服务)来规划移动操作以及防止服务依赖关系。Use modern application frameworks, like containers or microservices, to plan for moving operations and to prevent service dependencies.

确定数据主权要求。Determine data sovereignty requirements. 混合应用程序在设计上可以应对数据隔离,例如本地数据中心的数据隔离。Hybrid applications are geared for accommodating data isolation, such as on a local datacenter. 请检查资源的定位方式,以进行优化并成功应对此项要求。Review the placement of your resources to optimize the success for accommodating this requirement.

规划延迟。Plan for latency. 云间操作可能会在应用程序组件之间造成物理间距。Inter-cloud operations can introduce physical distance between the application components. 请确定有关应对任何延迟的要求。Ascertain the requirements to accommodate any latency.

控制流量流。Control traffic flows. 在公有云中的前端访问个人身份信息数据时,请控制高峰用量,并确保该数据的传输方式适当且安全。Handle peak usage and the appropriate and secured communications for personal identifiable information data when accessed by the front end in a public cloud.


可伸缩性是指系统对于应用程序负载增加的处理能力,此能力可能随着其他因素和作用力而改变,除了影响应用程序的大小和范围外,还会影响受众大小。Scalability is the ability of a system to handle increased load on an application, which can vary over time as other factors, and forces, affect the audience size in addition to the size and scope of the application.

有关此要素的核心介绍,请参阅“软件质量的要素”中的可伸缩性For the core discussion of this pillar, see Scalability in Pillars of software quality.

通过混合应用程序的水平缩放方法可以添加更多实例来满足需求,并在使用频率较低时禁用这些实例。A horizontal scaling approach for hybrid applications allows for adding more instances to meet demand and then disabling them during quieter periods.

在混合方案中,当组件分散到不同的云时,扩展单个组件需要考虑到其他因素。In hybrid scenarios, scaling out individual components requires additional consideration when components are spread across clouds. 扩展应用程序的一个组成部分可能需要同时扩展另一个组成部分。Scaling one part of the application can require the scaling of another. 例如,如果客户端连接数增加,但应用程序的 Web 服务未适当扩展,则数据库上的负载可能会使应用程序达到饱和。For example, if the number of client connections increases but the application’s web services are not scaled out appropriately, the load on the database might saturate the application.

有些应用程序组件可以线性扩展,而有些组件包含缩放依赖项,因此其缩放能力可能受到限制。Some application components can scale out linearly, while others have scaling dependencies and might be limited to what extend they are able to scale. 例如,为应用程序组件位置提供混合连接的 VPN 隧道在可缩放的带宽和延迟方面存在限制。For example, a VPN tunnel providing hybrid connectivity for the application components locations has a limit to the bandwidth and latency it can be scaled to. 要如何缩放应用程序的组件才能确保符合这些要求呢?How are components of the application scaled to ensure these requirements are met?

可伸缩性清单Scalability checklist

确定缩放阈值。Ascertain scaling thresholds. 若要处理应用程序中的各种依赖项,请确定应用程序组件在不同云中可独立缩放到何种程度,同时仍符合运行应用程序的要求。To handle the various dependencies in your application, determine the extent to which application components in different clouds can scale independently of each other, while still meeting the requirements to run the application. 混合应用程序常需要缩放应用程序中的特定区域,以处理某个与应用程序的其余部分交互并造成影响的功能。Hybrid applications often need to scale particular areas in the application to handle a feature as it interacts and affects the rest of the application. 例如,当前端实例超出某个数量时,可能需要扩展后端。For example, exceeding a number of front-end instances may require scaling the back-end.

定义缩放计划。Define scale schedules. 大多数应用程序都有繁忙时段,因此需要将其高峰时间聚合到计划中,以安排最佳缩放。Most applications have busy periods, so you need to aggregate their peak times into schedules to coordinate optimal scaling.

使用集中式监视系统。Use a centralized monitoring system. 平台监视功能可以提供自动缩放机制,但混合应用程序需要可聚合系统运行状况和负载的集中式监视系统。Platform monitoring capabilities can provide autoscaling, but hybrid applications need a centralized monitoring system that aggregates system health and load. 集中式监视系统可在某个位置开始缩放某个资源,并在另一个位置缩放依赖的资源。A centralized monitoring system can initiate scaling a resource in one location and scaling a depending on resource in another location. 此外,中心监视系统可跟踪哪些云自动伸缩资源,哪些云不会自动伸缩资源。Additionally, a central monitoring system can track which clouds autoscale resources and which clouds don’t.

利用自动缩放功能(如果适用)。Leverage autoscaling capabilities (as available). 如果自动缩放功能是体系结构的一部分,可以通过设置阈值来定义应用程序组件在何时需要纵向/横向扩展或缩减,以此实施自动缩放。If autoscaling capabilities are part of your architecture, you implement autoscaling by setting thresholds that define when an application component needs to be scaled up, out, down, or in. 自动缩放的示例是,客户端连接在一个云中进行自动缩放,以处理增加的容量,但同时使分散于不同云中的其他应用程序依赖项也进行缩放。An example of autoscaling is a client connection that is autoscaled in one cloud to handle increased capacity, but causes other dependencies of the application, spread across different clouds, to also be scaled. 必须确定这些依赖组件是否有自动缩放功能。The autoscaling capabilities of these dependent components must be ascertained.

如果无法使用自动缩放,请考虑实施脚本和其他资源,以适应集中式监视系统中的阈值所触发的手动缩放。If autoscaling is not available, consider implementing scripts and other resources to accommodate manual scaling, triggered by thresholds in the centralized monitoring system.

按位置确定预期负载。Determine expected load by location. 处理客户端请求的混合应用程序可能主要依赖于单个位置。Hybrid applications that handle client requests might primarily rely on a single location. 当客户端请求的负载超过阈值时,When the load of client requests exceeds a threshold,

可以在不同的位置添加额外的资源,以分散入站请求的负载。additional resources can be added in a different location to distribute the load of inbound requests. 确保客户端连接可以处理增加的负载,并确定是否有任何自动化过程可供客户端连接处理负载。Make sure that the client connections can handle the increased loads and also determine any automated procedures for the client connections to handle the load.


可用性是指系统正常运行的时间。Availability is the time that a system is functional and working. 可用性以正常运行时间百分比来计量。Availability is measured as a percentage of uptime. 应用程序错误、基础结构问题和系统负载都会降低可用性。Application errors, infrastructure problems, and system load can all reduce availability.

有关此要素的核心介绍,请参阅“软件质量的要素”中的可用性For the core discussion of this pillar, see Availability in Pillars of software quality.

可用性核对清单Availability checklist

为连接提供冗余。Provide redundancy for connectivity. 混合应用程序要求在应用程序所分散到的云之间建立连接。Hybrid applications require connectivity among the clouds that the application is spread across. 可为混合连接选择所需的技术,因此,除了选择的主要技术外,还可以使用另一项技术来提供冗余能力,以便在主要技术发生故障时进行自动化故障转移。You have a choice of technologies for hybrid connectivity, so in addition to your primary technology choice, use another technology to provide redundancy with automated failover capabilities should the primary technology fail.

对容错域进行分类。Classify fault domains. 可容错的应用程序需要多个容错域。Fault-tolerant applications require multiple fault domains. 容错域有助于找到故障点,例如,是本地的单个硬盘故障、架顶式交换机故障,还是整个数据中心不可用。Fault domains help isolate the point of failure, such as if a single hard disk fails on premises, if a top-of-rack switch goes down, or if the full datacenter is unavailable. 在混合应用程序中,可将某个位置分类为容错域。In a hybrid application, a location can be classified as a fault domain. 可用性要求越高,就越需要评估单个容错域的分类方式。With more availability requirements, the more you need to evaluate how a single fault domain should be classified.

对升级域进行分类。Classify upgrade domains. 升级域用于确保应用程序组件的实例在相同组件的其他实例进行更新或功能升级时仍保持可用。Upgrade domains are used to ensure that instances of application components are available, while other instances of the same component are being serviced with updates or feature upgrades. 与容错域一样,升级域也可按其定位位置来分类。As with fault domains, upgrade domains can be classified by their placement across locations. 必须先确定应用程序组件是否可直接在某个位置升级而无需先在另一个位置升级,或者否需要进行其他域配置。You must determine if an application component can accommodate getting upgraded in one location before it is upgraded in another location, or if other domain configurations are required. 单个位置本身可以包含多个升级域。A single location itself can have multiple upgrade domains.

跟踪实例和可用性。Track instances and availability. 高可用性应用程序组件可通过负载均衡和同步数据复制来使用。Highly available application components can be available through load balancing and synchronous data replication. 必须确定在服务中断之前最多可以有多少个实例脱机。You must determine how many instances can be offline before the service is interrupted.

实施自我修复。Implement self-healing. 当某个问题导致应用程序可用性中断时,监视系统的检测可以启动对应用程序的自我修复活动,例如清空有故障的实例并重新部署。In the event an issue causes an interruption to the application availability, a detection by a monitoring system could initiate self-healing activities to the application, such as draining the failed instance and redeploying it. 这很有可能需要一个中心监视解决方案,并与混合持续集成和持续交付 (CI/CD) 管道相集成。Most likely this requires a central monitoring solution, integrated with a hybrid Continuous Integration, and Continuous Delivery (CI/CD) pipeline. 应用程序可与监视系统集成,以识别可能需要重新部署应用程序组件的问题。The application is integrated with a monitoring system to identify issues that could require redeployment of an application component. 监视系统还可触发混合 CI/CD 以重新部署应用程序组件,甚至位于相同或其他位置中的其他任何依赖组件。The monitoring system can also trigger hybrid CI/CD to redeploy the application component and potentially any other dependent components in the same or other locations.

维护服务级别协议 (SLA)。Maintain service-level agreements (SLAs). 在任何协议中,要使你为客户提供的服务和应用程序保持连接,可用性关键重要。Availability is critical for any agreements to maintain connectivity to the services and applications that you have with your customers. 混合应用程序所依赖的每个位置都可能有其本身的 SLA。Each location that your hybrid application relies on might have its own SLA. 这些不同的 SLA 可能影响到混合应用程序的整体 SLA。These different SLAs can affect the overall SLA of your hybrid application.


复原能力是指混合应用程序和系统在发生故障后进行恢复,然后继续正常运行的能力。Resiliency is the ability for a hybrid application and system to recover from failures and continue to function. 复原能力的目标是在故障发生后将应用程序恢复到可完全正常运行的状态。The goal of resiliency is to return the application to a fully functioning state after a failure occurs. 恢复策略包括备份、复制和灾难恢复等解决方案。Resiliency strategies include solutions like backup, replication, and disaster recovery.

有关此要素的核心介绍,请参阅“软件质量的要素”中的复原能力For the core discussion of this pillar, see Resiliency in Pillars of software quality.

复原能力查检表Resiliency checklist

发现灾难恢复依赖项。Uncover disaster-recovery dependencies. 在一个云中进行灾难恢复可能需要更改另一个云中的应用程序组件。Disaster recovery in one cloud might require changes to application components in another cloud. 如果一个云中的一个或多个组件故障转移到另一个位置(在相同或不同的云中),需要使依赖组件能够识别这些更改。If one or multiple components from one cloud are failed over to another location, either within the same cloud or to another cloud, the dependent components need to be made aware of these changes. 这还包括连接依赖项。This also includes the connectivity dependencies. 若要获得复原能力,需要针对每个云制定经过全面测试的应用程序恢复计划。Resiliency requires a fully tested application recovery plan for each cloud.

建立恢复流。Establish recovery flow. 有效的恢复流设计已评估应用程序组件是否有能力适应缓冲区、重试、重试失败的数据传输,并根据需要切换回到不同的服务或工作流。An effective recovery flow design has evaluated application components for their ability to accommodate buffers, retries, retrying failed data transfer, and, if necessary, fall back to a different service or workflow. 必须确定要使用哪种备份机制、其还原过程涉及到哪些活动,及其测试频率。You must determine what back-up mechanism to use, what its restore procedure involves, and how often it’s tested. 还应确定增量和完整备份的频率。You should also determine the frequency for both incremental and full backups.

测试部分恢复。Test partial recoveries. 应用程序组成部分的部分恢复可向用户再次保证整体可用性。A partial recovery for part of the application can provide reassurance to users that all is not unavailable. 此计划部分应确保部分还原没有任何副作用,例如,备份和还原服务与应用程序交互,并在备份之前正常关闭。This part of the plan should ensure that a partial restore doesn’t have any side effects, such as a backup and restore service that interacts with the application to gracefully shut it down before the backup is made.

确定灾难恢复调查人员并分配职责。Determine disaster-recovery instigators and assign responsibility. 恢复计划应在可备份和还原的项目以外,连带说明哪些人员和哪些角色可以启动备份和恢复操作。A recovery plan should describe who, and what roles, can initiate backup and recovery actions in addition to what can be backed up and restored.

比较自我修复阈值与灾难恢复。Compare self-healing thresholds with disaster recovery. 确定应用程序启动自动恢复的自我修复能力,以及将应用程序的自我修复视为失败或成功所需的时间。Determine an application’s self-healing capabilities for automatic recovery initiation and the time required for an application’s self- healing to be considered a failure or success. 确定每个云的阈值。Determine the thresholds for each cloud.

验证复原功能的可用性。Verify availability of resiliency features. 对每个位置确定复原功能的可用性。Determine the availability of resiliency features and capabilities for each location. 如果某个位置未提供所需的功能,请考虑将该位置集成到可提供复原功能的集中式服务中。If a location does not provide the required capabilities, consider integrating that location into a centralized service that provides the resiliency features.

确定停机时间。Determine downtimes. 确定对整个应用程序和应用程序组件进行维护而造成的预期停机时间。Determine the expected downtime due to maintenance for the application as a whole and as application components.

制定故障排除过程的文档。Document troubleshooting procedures. 定义重新部署资源和应用程序组件的故障排除过程。Define troubleshooting procedures for redeploying resources and application components.


在设计体系结构时,管理混合应用程序的方式是非常重要的考虑因素。The considerations for how you manage your hybrid applications are critical in designing your architecture. 妥善管理的混合应用程序可提供代码形式的的基础结构,实现在通用开发管道中集成一致的应用程序代码。A well-managed hybrid application provides an infrastructure as code that enables the integration of consistent application code in a common development pipeline. 通过对基础结构的更改实施一致的系统范围测试和单独测试,当更改通过测试时,可以确保集成的部署允许将这些更改合并到源代码中。By implementing consistent system-wide and individual testing of changes to the infrastructure, you can assure an integrated deployment if the changes pass the tests, allowing them to be merged into the source code.

有关此要素的核心介绍,请参阅“软件质量的要素”中的管理和 DevOpsFor the core discussion of this pillar, see Management and DevOps in Pillars of software quality.

可管理性查检表Manageability checklist

实施监视。Implement monitoring. 使用跨云分散的应用程序组件的集中式监视系统,提供其运行状况和性能的聚合视图。Use a centralized monitoring system of application components spread across clouds to provide an aggregated view of their health and performance. 此系统可同时监视应用程序组件和相关的平台功能。This system includes monitoring both the application components and related platform capabilities.

确定需要监视应用程序的哪些组成部分。Determine the parts of the application that require monitoring.

协调策略。Coordinate policies. 混合应用程序跨越的每个位置可以有其自身的策略,其中涵盖了允许的资源类型、命名约定、标记和其他准则。Each location that a hybrid application spans can have its own policy that covers allowed resource types, naming conventions, tags, and other criteria.

定义和使用角色。Define and use roles. 数据库管理员必须确定需要访问应用程序资源的不同角色(例如应用程序所有者、数据库管理员和最终用户)所需的权限。As a database administrator, you need to determine the permissions required for different personas (like an application owner, a database administrator, and an end user) that need to access application resources. 需要针对资源并在应用程序内部配置这些权限。These permissions need to be configured on the resources and inside the application. 使用基于角色的访问控制 (RBAC) 系统可以针对应用程序资源设置这些权限。A role-based access control (RBAC) system allows you to set these permissions on the application resources. 将所有资源部署在单个云中时,这些访问权限将难以处理;当资源分散在不同的云中时,更需要加以慎重。These access rights are challenging when all resources are deployed in a single cloud but require even more attention when the resources are spread across clouds. 在一个云中设置的资源权限不会应用到另一个云中设置的资源。Permissions on resources set in one cloud do not apply to resources set in another cloud.

使用 CI/CD 管道。Use CI/CD pipelines. 持续集成和持续开发 (CI/CD) 管道提供一致的过程用于创作和部署跨云的应用程序,并提供其基础结构和应用程序的质量保证。A Continuous Integration and Continuous Development (CI/CD) pipeline can provide a consistent process for authoring and deploying applications that span across clouds, and to provide quality assurance for their infrastructure and application. 使用此管道可在一个云中测试基础结构和应用程序,然后将其部署到另一个云中。This pipeline enables the infrastructure and application to be tested on one cloud and deployed on another cloud. 该管道甚至允许将混合应用程序的某些组件部署到一个云,并将其他组件部署到另一个云,从而在本质上构成混合应用程序部署的基础。The pipeline even allows you to deploy certain components of your hybrid application to one cloud and other components to another cloud, essentially forming the foundation for hybrid application deployment. 处理应用程序组件在安装期间的相互依赖关系时(例如 Web 应用程序需要数据库的连接字符串),CI/CD 系统至关重要。A CI/CD system is critical for handling the dependencies application components have for each other during installation, such as the web application needing a connection string to the database.

管理生命周期。Manage the life cycle. 由于混合应用程序的资源可跨多个位置,因此需要将每个位置的生命周期管理功能聚合成单个生命周期管理单元。Because resources of a hybrid application can span locations, each single location’s life-cycle management capability needs to be aggregated into a single life-cycle management unit. 请考虑这些资源的创建、更新和删除方式。Consider how they are created, updated, and deleted.

检查故障排除策略。Examine troubleshooting strategies. 相较于在单个云中运行的应用程序,对混合应用程序进行故障排除所涉及的应用程序组件更多。Troubleshooting a hybrid application involves more application components than the same application that is running in a single cloud. 除了需要在云之间建立连接以外,还要考虑到应用程序是在两个平台而不是一个平台上运行。Besides the connectivity between the clouds, the application is running on two platforms instead of one. 对混合应用程序进行故障排除的重要任务之一是,检查应用程序组件的聚合运行状况和性能监视。An important task in troubleshooting hybrid applications is to examine the aggregated health and performance monitoring of the application components.


安全性是任何云应用程序的主要考虑因素之一,对混合云应用程序而言更为关键。Security is one of the primary considerations for any cloud application, and it becomes even more critical for hybrid cloud applications.

有关此要素的核心介绍,请参阅“软件质量的要素”中的安全性For the core discussion of this pillar, see Security in Pillars of software quality.

安全清单Security checklist

假想安全漏洞。Assume breach. 如果应用程序的某个组成部分遭到入侵,请确保有现成的解决方案可将安全漏洞的扩散范围减到最小(不仅是在相同的位置,而是在各个位置)。If one part of the application is compromised, ensure there are solutions in place to minimize the spread of the breach, not only within the same location but also across locations.

监视允许的网络访问。Monitor allowed network access. 确定应用程序的网络访问策略,例如只从特定子网访问应用程序,以及在组件之间仅允许应用程序正常运行所需的基本端口和协议。Determine the network access policies for the application, such as only accessing the application from a specific subnet and only allow the minimum ports and protocols between the components required for the application to function properly.

使用可靠的身份验证。Employ robust authentication. 可靠的身份验证方案对于应用程序的安全性而言至关重要。A robust authentication scheme is critical for the security of your application. 考虑使用可提供单一登录功能的联合标识提供者,并采用以下一种或多种方案:用户名和密码登录、公钥和私钥、双重或多重身份验证,以及受信任的安全组。Consider using a federated identity provider that provides single sign-on capabilities and employs one or more of the following schemes: username and password sign-on, public and private keys, two-factor or multi-factor authentication, and trusted security groups. 除了证书类型以外,确定要使用哪种适当的资源来存储用于应用程序身份验证的敏感数据和其他机密,以及对这些资源的要求。Determine the appropriate resources to store sensitive data and other secrets for application authentication in addition to certificate types and their requirements.

使用加密。Use encryption. 识别应用程序的哪些区域要使用加密,例如,用于数据存储或客户端通信和访问。Identify which areas of the application use encryption, such as for data storage or client communication and access.

使用安全通道。Use secure channels. 云间必须存在安全通道才能提供安全性和身份验证检查、实时保护、隔离和其他跨云服务。A secure channel across the clouds is critical for providing security and authentication checks, real-time protection, quarantine, and other services across clouds.

定义和使用角色。Define and use roles. 对跨云的资源配置和单一标识访问实施角色。Implement roles for resource configurations and single-identity access across clouds. 确定应用程序及其平台资源的基于角色的访问控制 (RBAC) 要求。Determine the role-based access control (RBAC) requirements for the application and its platform resources.

审核系统。Audit your system. 系统监视可以记录和聚合来自应用程序组件和相关云平台操作的数据。System monitoring can log and aggregate data from both the application components and the related cloud platform operations.


本文提供了在创作和设计混合应用程序期间必须考虑到的事项的查检表。This article provides a checklist of items that are important to consider during the authoring and designing of your hybrid applications. 在部署应用程序之前先查看这些要素可以防止在生产环境中断时遇到这些问题,并有助于避免重新访问设计。Reviewing these pillars before you deploy your application prevents you from running into these questions in production outages and potentially requiring you to revisit your design.

此项预备任务看似非常耗时,但如果根据这些要素设计应用程序,你的付出很快就能得到回报。It can seem like a time-consuming task beforehand, but you easily get your return on investment if you design your application based on these pillars.

后续步骤Next steps

有关详细信息,请参阅以下资源:For more information, see the following resources: