什么是 Azure 管理区域?What are the Azure Management areas?

Azure 中的监管是 Azure 管理的一个方面。Governance in Azure is one aspect of Azure Management. 本文介绍了在 Azure 中部署和维护资源的不同管理领域。This article covers the different areas of management for deploying and maintaining your resources in Azure.

管理指的是维护业务应用程序以及为其提供支持的资源所需的任务和流程。Management refers to the tasks and processes required to maintain your business applications and the resources that support them. Azure 有许多服务和工具可以协同工作以提供完整的管理。Azure has many services and tools that work together to provide complete management. 这些服务不仅适用于 Azure 中的资源,还适用于其他云和本地服务。These services aren't only for resources in Azure, but also in other clouds and on-premises. 了解不同的工具以及它们如何协同工作是设计完整管理环境的第一步。Understanding the different tools and how they work together is the first step in designing a complete management environment.

下图说明了维护任何应用程序或资源所需的不同管理方面。The following diagram illustrates the different areas of management that are required to maintain any application or resource. 可将这些不同的区域视为一个生命周期。These different areas can be thought of as a lifecycle. 每个区域都需要在资源的整个生存期内保持连续。Each area is required in continuous succession over the lifespan of a resource. 此资源生命周期始于其初始部署,贯穿其持续操作,在其停用时结束。This resource lifecycle starts with the initial deployment, through continued operation, and finally when retired.

Azure 中的管理原则

没有一个 Azure 服务完全满足特定管理区域的要求。No single Azure service completely fills the requirements of a particular management area. 但搭配多个服务就能实现这一点。Instead, each is realized by several services working together. 某些服务(如 Application Insight)可为 Web 应用程序提供有针对性的监视功能。Some services, such as Application Insights, provide targeted monitoring functionality for web applications. 其他服务(例如 Azure Monitor 日志)可为其他服务存储管理数据。Others, like Azure Monitor logs, store management data for other services. 可使用此功能分析由不同服务收集的不同类型的数据。This feature allows you to analyze data of different types collected by different services.

下列部分简要介绍了不同的管理领域,并提供了用于处理这些领域的主要 Azure 服务的详细内容链接。The following sections briefly describe the different management areas and provide links to detailed content on the main Azure services intended to address them.


监视是一种数据收集和分析操作,用于审核资源的性能、运行状况及可用性。Monitoring is the act of collecting and analyzing data to audit the performance, health, and availability of your resources. 有效的监视策略有助于了解组件的运行情况,并通过通知延长正常运行时间。An effective monitoring strategy helps you understand the operation of components and to increase your uptime with notifications. 请阅读监视概述,了解监视 Azure 应用程序和资源中使用的不同服务。Read an overview of Monitoring that covers the different services used at Monitoring Azure applications and resources.


配置是指资源的初始部署和配置以及持续维护。Configure refers to the initial deployment and configuration of resources and ongoing maintenance. 自动执行这些任务,可以消除冗余,最大限度地节省时间和工作量,以及提高准确性和效率。Automation of these tasks allows you to eliminate redundancy, minimizing your time and effort and increasing your accuracy and efficiency. Azure 自动化提供了大量用于自动执行配置任务的服务。Azure Automation provides the bulk of services for automating configuration tasks. 而 Runbook 可处理流程自动化、配置和更新管理,帮助管理配置。While runbooks handle process automation, configuration and update management assist in managing configuration.


“治理”提供了机制和流程来保持对 Azure 中的应用程序和资源的控制。Governance provides mechanisms and processes to maintain control over your applications and resources in Azure. 它涉及规划计划和设置战略优先级。It involves planning your initiatives and setting strategic priorities. Azure 中的治理主要是通过两个服务实现的。Governance in Azure is primarily implemented with two services. Azure Policy 允许你创建、分配和管理策略定义,以强制执行资源规则。Azure Policy allows you to create, assign, and manage policy definitions to enforce rules for your resources. 此功能可使这些资源符合企业标准。This feature keeps those resources in compliance with your corporate standards.


管理资源和数据的安全性。Manage the security of your resources and data. 安全计划涉及评估威胁、收集和分析数据以及应用程序和资源的符合性。A security program involves assessing threats, collecting and analyzing data, and compliance of your applications and resources. 安全监视和威胁分析由 Azure 安全中心提供,该中心包括跨混合云工作负荷的统一安全管理和高级威胁防护。Security monitoring and threat analysis are provided by Azure Security Center, which includes unified security management and advanced threat protection across hybrid cloud workloads. 请参阅 Azure 安全性简介的全面信息,以及有关保护 Azure 资源的指南。See Introduction to Azure Security for comprehensive information and guidance on securing Azure resources.


保护是指保持应用程序和数据可用,即使是超出控制范围的中断也是如此。Protection refers to keeping your applications and data available, even with outages that are beyond your control. Azure 中的保护由两个服务提供。Protection in Azure is provided by two services. Azure 备份提供数据备份和恢复(在云中或本地)。Azure Backup provides backup and recovery of your data, either in the cloud or on-premises. Azure Site Recovery 可在发生灾难期间提供业务连续性和即时恢复。Azure Site Recovery provides business continuity and immediate recovery during a disaster.