如何预配多租户How to provision for multitenancy

本文演示如何使用分配策略将多个对称密钥设备安全地预配到一组 IoT 中心。This article demonstrates how to securely provision multiple symmetric key devices to a group of IoT Hubs using an allocation policy. 通过预配服务定义的分配策略支持各种不同的分配方案。Allocation policies defined by the provisioning service support a variety of allocation scenarios. 两个常见的方案是:Two common scenarios are:

  • 地理位置/GeoLatency****:当设备在两位置之间移动时,通过将设备预配到距离每个位置最近的 IoT 中心来改善网络延迟。Geolocation / GeoLatency: As a device moves between locations, network latency is improved by having the device provisioned to the IoT hub closest to each location. 在此方案中,为注册选择跨越区域的一组 IoT 中心。In this scenario, a group of IoT hubs, which span across regions, are selected for enrollments. 为这些注册选择“最低延迟”**** 分配策略。The Lowest latency allocation policy is selected for these enrollments. 此策略会使设备预配服务评估设备延迟,并从一组 IoT 中心确定最接近的 IoT 中心。This policy causes the Device Provisioning Service to evaluate device latency and determine the closet IoT hub out of the group of IoT hubs.

  • 多租户****:IoT 解决方案中使用的设备可能需要被分配到一个特定 IoT 中心或一组 IoT 中心。Multi-tenancy: Devices used within an IoT solution may need to be assigned to a specific IoT hub or group of IoT hubs. 解决方案可能要求特定租户的所有设备与一组特定的 IoT 中心进行通信。The solution may require all devices for a particular tenant to communicate with a specific group of IoT hubs. 在某些情况下,租户可能拥有 IoT 中心并要求设备被分配到其 IoT 中心。In some cases, a tenant may own IoT hubs and require devices to be assigned to their IoT hubs.

通常会将这两种方案结合使用。It is common to combine these two scenarios. 例如,多租户 IoT 解决方案通常使用跨区域分散的一组 IoT 中心来分配租户设备。For example, a multitenant IoT solution will commonly assign tenant devices using a group of IoT hubs that are scattered across regions. 这些租户设备可被分配到基于地理位置具有最低延迟的组中的 IoT 中心。These tenant devices can be assigned to the IoT hub in that group, which has the lowest latency based on geographic location.

本文使用 Azure IoT C SDK 中的模拟设备示例来演示如何在跨区域的多租户方案中预配设备。This article uses a simulated device sample from the Azure IoT C SDK to demonstrate how to provision devices in a multitenant scenario across regions. 你将在本文中执行以下步骤:You will perform the following steps in this article:

  • 使用 Azure CLI 创建两个区域 IoT 中心(中国东部中国北部Use the Azure CLI to create two regional IoT hubs (China East and China North)
  • 创建多租户注册Create a multitenant enrollment
  • 使用 Azure CLI 创建两个区域 Linux VM,以充当相同区域(中国东部中国北部)中的设备Use the Azure CLI to create two regional Linux VMs to act as devices in the same regions (China East and China North)
  • 在这两个 Linux VM 上为 Azure IoT C SDK 设置开发环境Set up the development environment for the Azure IoT C SDK on both Linux VMs
  • 模拟设备,以确保为最近区域中同一租户预配设备。Simulate the devices to see that they are provisioned for the same tenant in the closest region.

如果没有 Azure 订阅,请在开始前创建一个试用订阅If you don't have an Azure subscription, create a Trial Subscription before you begin.

先决条件Prerequisites

创建两个区域 IoT 中心Create two regional IoT hubs

在此部分中,你将使用 Azure CLI 在“中国东部”和“中国北部”区域中为租户创建两个新的区域 IoT 中心。In this section, you will use the Azure CLI to create two new regional IoT hubs in the China East and China North regions for a tenant.

  1. 在 Azure CLI 中,使用 az group create 命令创建资源组。Use the Azure CLI to create a resource group with the az group create command. Azure 资源组是在其中部署和管理 Azure 资源的逻辑容器。An Azure resource group is a logical container into which Azure resources are deployed and managed.

    以下示例在 chinanorth 区域中创建一个名为“contoso-us-resource-group”的资源组。The following example creates a resource group named contoso-us-resource-group in the chinanorth region. 建议对本文中创建的所有资源使用该组。It is recommended that you use this group for all resources created in this article. 这将便于在完成学习后更为轻松地清理创建的资源。This will make clean up easier after you are finished.

    az group create --name contoso-us-resource-group --location chinanorth
    
  2. 在 Azure CLI 中,使用 az iot hub create 命令在“chinanorth”区域中创建一个 IoT 中心。Use the Azure CLI to create an IoT hub in the chinanorth region with the az iot hub create command. IoT 中心将被添加到 contoso-us-resource-group**。The IoT hub will be added to the contoso-us-resource-group.

    以下示例在“chinanorth”位置创建一个名为“contoso-east-hub”的 IoT 中心。The following example creates an IoT hub named contoso-east-hub in the chinanorth location. 你必须使用自己的唯一中心名称来替代 contoso-east-hub****。You must use your own unique hub name instead of contoso-east-hub.

    az iot hub create --name contoso-east-hub --resource-group contoso-us-resource-group --location chinanorth --sku S1
    

    此命令可能需要花费几分钟时间完成。This command may take a few minutes to complete.

  3. 在 Azure CLI 中,使用 az iot hub create 命令在“chinaeast”区域中创建一个 IoT 中心。Use the Azure CLI to create an IoT hub in the chinaeast region with the az iot hub create command. 此 IoT 中心也将被添加到 contoso-us-resource-group**。This IoT hub will also be added to the contoso-us-resource-group.

    以下示例在“chinaeast”位置创建一个名为“contoso-west-hub”的 IoT 中心。The following example creates an IoT hub named contoso-west-hub in the chinaeast location. 你必须使用自己的唯一中心名称来替代 contoso-west-hub****。You must use your own unique hub name instead of contoso-west-hub.

    az iot hub create --name contoso-west-hub --resource-group contoso-us-resource-group --location chinaeast --sku S1
    

    此命令可能需要花费几分钟时间完成。This command may take a few minutes to complete.

创建多租户注册Create the multitenant enrollment

在这一部分,你将为租户设备创建新的注册组。In this section, you will create a new enrollment group for the tenant devices.

为简单起见,本文将在注册中使用对称密钥证明For simplicity, this article uses Symmetric key attestation with the enrollment. 对于更安全的解决方案,请考虑使用具有信任链的 X.509 证书证明For a more secure solution, consider using X.509 certificate attestation with a chain of trust.

  1. 登录到 Azure 门户,并打开你的设备预配服务实例。Sign in to the Azure portal, and open your Device Provisioning Service instance.

  2. 选择“管理注册”**** 选项卡,然后单击页面顶部的“添加注册组”**** 按钮。Select the Manage enrollments tab, and then click the Add enrollment group button at the top of the page.

  3. 在“添加注册组”**** 中输入以下信息,然后单击“保存”**** 按钮。On Add Enrollment Group, enter the following information, and click the Save button.

    组名称****:输入 contoso-us-devices****。Group name: Enter contoso-us-devices.

    证明类型:选择对称密钥Attestation Type: Select Symmetric Key.

    自动生成密钥****:此复选框应已处于选中状态。Auto Generate Keys: This checkbox should already be checked.

    选择要如何将设备分配到中心****:选择“最低延迟”****。Select how you want to assign devices to hubs: Select Lowest latency.

    为对称密钥证明添加多租户注册组

  4. 在“添加注册组”**** 上,单击“链接新的 IoT 中心”****,以链接这两个区域中心。On Add Enrollment Group, click Link a new IoT hub to link both of your regional hubs.

    订阅****:如果你有多个订阅,请选择创建区域 IoT 中心的订阅。Subscription: If you have multiple subscriptions, choose the subscription where you created the regional IoT hubs.

    IoT 中心****:选择你创建的区域中心之一。IoT hub: Select one of the regional hubs you created.

    访问策略****:选择“iothubowner”****。Access Policy: Choose iothubowner.

    使用预配服务链接区域 IoT 中心

  5. 在链接这两个区域 IoT 中心后,必须为注册组选择它们,并单击“保存”****,以为注册创建区域 IoT 中心组。Once both regional IoT hubs have been linked, you must select them for the enrollment group and click Save to create the regional IoT hub group for the enrollment.

    为注册创建区域中心组

  6. 保存注册后,重新打开它,并记录“主键”****。After saving the enrollment, reopen it and make a note of the Primary Key. 必须先保存注册,才能生成密钥。You must save the enrollment first to have the keys generated. 此密钥稍后将会在为这两个模拟设备生成唯一设备密钥时使用。This key will be used to generate unique device keys for both simulated devices later.

创建区域 Linux VMCreate regional Linux VMs

在这一部分,你将创建两个区域 Linux 虚拟机 (VM)。In this section, you will create two regional Linux virtual machines (VMs). 这些 VM 将从每个区域运行设备模拟示例,以演示这两个区域中针对租户设备的设备预配。These VMs will run a device simulation sample from each region to demonstrate device provisioning for tenant devices from both regions.

为了更易清理资源,这些 VM 将被添加到包含创建的 IoT 中心的同一资源组 contoso-us-resource-group**。To make clean-up easier, these VMs will be added to the same resource group that contains the IoT hubs that were created, contoso-us-resource-group. 但是,这些 VM 将在不同的区域(中国东部中国北部)中运行。However, the VMs will run in separate regions (China East and China North).

  1. 在 Azure CLI 中,在命令中更改以下参数后,执行该命令以创建“中国北部”区域 VM:In the Azure CLI, execute the following command to create an China North region VM after making the following parameter changes in the command:

    --name:为“中国北部”区域设备 VM 输入一个唯一名称。--name: Enter a unique name for your China North regional device VM.

    --admin-username****:使用你自己的管理员用户名称。--admin-username: Use your own admin user name.

    --admin-password****:使用你自己的管理员密码。--admin-password: Use your own admin password.

    az vm create \
    --resource-group contoso-us-resource-group \
    --name ContosoSimDeviceEast \
    --location chinanorth \
    --image Canonical:UbuntuServer:18.04-LTS:18.04.201809110 \
    --admin-username contosoadmin \
    --admin-password myContosoPassword2018 \
    --authentication-type password
    

    此命令需要花费几分钟时间完成。This command will take a few minutes to complete. 该命令完成后,请记下“中国北部”区域 VM 的 publicIpAddress 值。Once the command has completed, make a note of the publicIpAddress value for your China North region VM.

  2. 在 Azure CLI 中,对该命令进行以下参数更改后,执行该命令以创建“中国东部”区域 VM:In the Azure CLI, execute the command to create a China East region VM after making the following parameter changes in the command:

    --name:为“中国东部”区域设备 VM 输入一个唯一名称。--name: Enter a unique name for your China East regional device VM.

    --admin-username****:使用你自己的管理员用户名称。--admin-username: Use your own admin user name.

    --admin-password****:使用你自己的管理员密码。--admin-password: Use your own admin password.

    az vm create \
    --resource-group contoso-us-resource-group \
    --name ContosoSimDeviceWest \
    --location chinaeast \
    --image Canonical:UbuntuServer:18.04-LTS:18.04.201809110 \
    --admin-username contosoadmin \
    --admin-password myContosoPassword2018 \
    --authentication-type password
    

    此命令需要花费几分钟时间完成。This command will take a few minutes to complete. 该命令完成后,请记下“中国东部”区域 VM 的 publicIpAddress 值。Once the command has completed, make a note of the publicIpAddress value for your China East region VM.

  3. 打开两个命令行 shell。Open two command-line shells. 使用 SSH 连接到每个 shell 中的其中一个区域 VM。Connect to one of the regional VMs in each shell using SSH.

    将管理员用户名和为 VM 记录的公共 IP 地址作为参数传递到 SSH。Pass your admin username, and the public IP address you noted for the VM as parameters to SSH. 在出现提示时输入管理员密码。Enter the admin password when prompted.

    ssh contosoadmin@1.2.3.4
    
    contosoadmin@ContosoSimDeviceEast:~$
    
    ssh contosoadmin@5.6.7.8
    
    contosoadmin@ContosoSimDeviceWest:~$
    

准备 Azure IoT C SDK 开发环境Prepare the Azure IoT C SDK development environment

在这一部分,你将克隆每个 VM 上的 Azure IoT C SDK。In this section, you will clone the Azure IoT C SDK on each VM. SDK 包含将从每个区域模拟租户的设备预配的示例。The SDK contains a sample that will simulate a tenant's device provisioning from each region.

  1. 对于每个 VM,使用以下命令安装 CMake、g++、gcc 和 GitFor each VM, install CMake, g++, gcc, and Git using the following commands:

    sudo apt-get update
    sudo apt-get install cmake build-essential libssl-dev libcurl4-openssl-dev uuid-dev git-all
    
  2. 找到最新版 SDK 的标记名称。Find the tag name for the latest release of the SDK.

  3. 在这两个 VM 上克隆 Azure IoT C SDKClone the Azure IoT C SDK on both VMs. 使用在上一步找到的标记作为 -b 参数的值:Use the tag you found in the previous step as the value for the -b parameter:

    git clone -b <release-tag> https://github.com/Azure/azure-iot-sdk-c.git
    cd azure-iot-sdk-c
    git submodule update --init
    

    应该预料到此操作需要几分钟才能完成。You should expect this operation to take several minutes to complete.

  4. 对于这两个 VM,在存储库内创建一个新的 cmake**** 文件夹,并更改为该文件夹。For both VMs, create a new cmake folder inside the repository and change to that folder.

    mkdir ~/azure-iot-sdk-c/cmake
    cd ~/azure-iot-sdk-c/cmake
    
  5. 对于这两个 VM,运行以下命令,生成特定于你的开发客户端平台的 SDK 版本。For both VMs, run the following command, which builds a version of the SDK specific to your development client platform.

    cmake -Dhsm_type_symm_key:BOOL=ON -Duse_prov_client:BOOL=ON  ..
    

    生成成功后,最后的几个输出行如下所示:Once the build succeeds, the last few output lines will look similar to the following output:

    -- IoT Client SDK Version = 1.2.9
    -- Provisioning client ON
    -- Provisioning SDK Version = 1.2.9
    -- target architecture: x86_64
    -- Checking for module 'libcurl'
    --   Found libcurl, version 7.58.0
    -- Found CURL: curl
    -- target architecture: x86_64
    -- target architecture: x86_64
    -- target architecture: x86_64
    -- target architecture: x86_64
    -- iothub architecture: x86_64
    -- target architecture: x86_64
    -- Configuring done
    -- Generating done
    -- Build files have been written to: /home/contosoadmin/azure-iot-sdk-c/cmake
    

派生唯一设备密钥Derive unique device keys

在组注册中使用对称密钥证明时,不会直接使用注册组密钥。When using symmetric key attestation with group enrollments, you don't use the enrollment group keys directly. 相反,你为每个设备创建唯一派生的密钥,并在使用对称密钥进行组注册中提及。Instead you create a unique derived key for each device and mentioned in Group Enrollments with symmetric keys.

若要生成设备密钥,请使用组主键计算设备的唯一注册 ID 的 HMAC-SHA256,并将结果转换为 Base64 格式。To generate the device key, use the group master key to compute an HMAC-SHA256 of the unique registration ID for the device and convert the result into Base64 format.

不要在设备代码中包含你的组主键。Do not include your group master key in your device code.

使用 Bash shell 示例为使用 openssl**** 的每个设备创建派生的设备密钥。Use the Bash shell example to create a derived device key for each device using openssl.

  • 将密钥**** 值替换为之前注册时所记录的主键****。Replace the value for KEY with the Primary Key you noted earlier for your enrollment.

  • 针对每个设备,将 REG_ID**** 的值替换为你自己的唯一注册 ID。Replace the value for REG_ID with your own unique registration ID for each device. 使用小写字母数字和短划线(“-”)字符定义这两个 ID。Use lowercase alphanumeric and dash ('-') characters to define both IDs.

contoso-simdevice-east** 的示例设备密钥生成:Example device key generation for contoso-simdevice-east:

KEY=rLuyBPpIJ+hOre2SFIP9Ajvdty3j0EwSP/WvTVH9eZAw5HpDuEmf13nziHy5RRXmuTy84FCLpOnhhBPASSbHYg==
REG_ID=contoso-simdevice-east

keybytes=$(echo $KEY | base64 --decode | xxd -p -u -c 1000)
echo -n $REG_ID | openssl sha256 -mac HMAC -macopt hexkey:$keybytes -binary | base64
p3w2DQr9WqEGBLUSlFi1jPQ7UWQL4siAGy75HFTFbf8=

contoso-simdevice-west** 的示例设备密钥生成:Example device key generation for contoso-simdevice-west:

KEY=rLuyBPpIJ+hOre2SFIP9Ajvdty3j0EwSP/WvTVH9eZAw5HpDuEmf13nziHy5RRXmuTy84FCLpOnhhBPASSbHYg==
REG_ID=contoso-simdevice-west

keybytes=$(echo $KEY | base64 --decode | xxd -p -u -c 1000)
echo -n $REG_ID | openssl sha256 -mac HMAC -macopt hexkey:$keybytes -binary | base64
J5n4NY2GiBYy7Mp4lDDa5CbEe6zDU/c62rhjCuFWxnc=

租户设备将分别使用其派生的设备密钥和唯一注册 ID,在预配到租户 IoT 中心期间在注册组中执行对称密钥证明。The tenant devices will each use their derived device key and unique registration ID to perform symmetric key attestation with the enrollment group during provisioning to the tenant IoT hubs.

模拟来自每个区域的设备Simulate the devices from each region

在这一部分,你将为这两个区域 VM 更新 Azure IoT C SDK 中的预配示例。In this section, you will update a provisioning sample in the Azure IoT C SDK for both of the regional VMs.

示例代码模拟将预配请求发送到你的设备预配服务实例的设备启动序列。The sample code simulates a device boot sequence that sends the provisioning request to your Device Provisioning Service instance. 启动序列将会使设备被识别,并基于延迟被分配到最邻近的 IoT 中心。The boot sequence will cause the device to be recognized and assigned to the IoT hub that is closest based on latency.

  1. 在 Azure 门户中,选择设备预配服务的“概述”选项卡,记下“ID 范围”的值。******__**In the Azure portal, select the Overview tab for your Device Provisioning service and note down the ID Scope value.

    从门户边栏选项卡中提取设备预配服务终结点信息

  2. 打开 ~/azure-iot-sdk-c/provisioning_client/samples/prov_dev_client_sample/prov_dev_client_sample.c****,在这两个 VM 上进行编辑。Open ~/azure-iot-sdk-c/provisioning_client/samples/prov_dev_client_sample/prov_dev_client_sample.c for editing on both VMs.

    vi ~/azure-iot-sdk-c/provisioning_client/samples/prov_dev_client_sample/prov_dev_client_sample.c
    
  3. 找到 id_scope 常量,将值替换为前面复制的“ID 范围”值。Find the id_scope constant, and replace the value with your ID Scope value that you copied earlier.

    static const char* id_scope = "0ne00002193";
    
  4. 在同一文件中找到 main() 函数的定义。Find the definition for the main() function in the same file. 请确保将 hsm_type 变量设置为 SECURE_DEVICE_TYPE_SYMMETRIC_KEY(如下所示),以匹配注册组证明方法。Make sure the hsm_type variable is set to SECURE_DEVICE_TYPE_SYMMETRIC_KEY as shown below to match the enrollment group attestation method.

    将你对文件的更改保存在这两个 VM 上。Save your changes to the files on both VMs.

    SECURE_DEVICE_TYPE hsm_type;
    //hsm_type = SECURE_DEVICE_TYPE_TPM;
    //hsm_type = SECURE_DEVICE_TYPE_X509;
    hsm_type = SECURE_DEVICE_TYPE_SYMMETRIC_KEY;
    
  5. 在两个 VM 上,在 prov_dev_client_sample.c 中找到已注释掉的对 prov_dev_set_symmetric_key_info() 的调用。On both VMs, find the call to prov_dev_set_symmetric_key_info() in prov_dev_client_sample.c which is commented out.

    // Set the symmetric key if using they auth type
    //prov_dev_set_symmetric_key_info("<symm_registration_id>", "<symmetric_Key>");
    

    取消注释这些函数调用,并将占位符值(包括尖括号)替换为每个设备的唯一注册 ID 以及派生设备密钥。Uncomment the function calls, and replace the placeholder values (including the angle brackets) with the unique registration IDs and derived device keys for each device. 下面显示的密钥仅用作示例。The keys shown below are for example purposes only. 请使用你之前生成的密钥。Use the keys you generated earlier.

    中国北部:China North:

    // Set the symmetric key if using they auth type
    prov_dev_set_symmetric_key_info("contoso-simdevice-east", "p3w2DQr9WqEGBLUSlFi1jPQ7UWQL4siAGy75HFTFbf8=");
    

    中国东部:China East:

    // Set the symmetric key if using they auth type
    prov_dev_set_symmetric_key_info("contoso-simdevice-west", "J5n4NY2GiBYy7Mp4lDDa5CbEe6zDU/c62rhjCuFWxnc=");
    

    保存文件。Save the files.

  6. 在这两个 VM 上,导航到以下所示的示例文件夹,并生成示例。On both VMs, navigate to the sample folder shown below, and build the sample.

    cd ~/azure-iot-sdk-c/cmake/provisioning_client/samples/prov_dev_client_sample/
    cmake --build . --target prov_dev_client_sample --config Debug
    
  7. 成功生成后,在这两个 VM 上运行 prov_dev_client_sample.exe****,以模拟来自每个区域的租户设备。Once the build succeeds, run prov_dev_client_sample.exe on both VMs to simulate a tenant device from each region. 请注意,每个设备将被分配到最邻近模拟设备区域的租户 IoT 中心。Notice that each device is allocated to the tenant IoT hub closest to the simulated device's regions.

    运行模拟:Run the simulation:

    ~/azure-iot-sdk-c/cmake/provisioning_client/samples/prov_dev_client_sample/prov_dev_client_sample
    

    中国北部 VM 的示例输出:Example output from the China North VM:

    contosoadmin@ContosoSimDeviceEast:~/azure-iot-sdk-c/cmake/provisioning_client/samples/prov_dev_client_sample$ ./prov_dev_client_sample
    Provisioning API Version: 1.2.9
    
    Registering Device
    
    Provisioning Status: PROV_DEVICE_REG_STATUS_CONNECTED
    Provisioning Status: PROV_DEVICE_REG_STATUS_ASSIGNING
    Provisioning Status: PROV_DEVICE_REG_STATUS_ASSIGNING
    
    Registration Information received from service: contoso-east-hub.azure-devices.cn, deviceId: contoso-simdevice-east
    Press enter key to exit:
    
    

    中国东部 VM 的示例输出:Example output from the China East VM:

    contosoadmin@ContosoSimDeviceWest:~/azure-iot-sdk-c/cmake/provisioning_client/samples/prov_dev_client_sample$ ./prov_dev_client_sample
    Provisioning API Version: 1.2.9
    
    Registering Device
    
    Provisioning Status: PROV_DEVICE_REG_STATUS_CONNECTED
    Provisioning Status: PROV_DEVICE_REG_STATUS_ASSIGNING
    Provisioning Status: PROV_DEVICE_REG_STATUS_ASSIGNING
    
    Registration Information received from service: contoso-west-hub.azure-devices.cn, deviceId: contoso-simdevice-west
    Press enter key to exit:
    

清理资源Clean up resources

如果打算继续使用本文中创建的资源,则可以保留它们。If you plan to continue working with resources created in this article, you can leave them. 如果不打算继续使用这些资源,请使用以下步骤删除本文创建的所有资源,以避免不必要的费用。If you do not plan to continue using the resource, use the following steps to delete all resources created by this article to avoid unnecessary charges.

此处的步骤假定你按照名为 contoso-us-resource-group**** 的同一资源组的指示创建了本文中的所有资源。The steps here assume you created all resources in this article as instructed in the same resource group named contoso-us-resource-group.

重要

删除资源组的操作不可逆。Deleting a resource group is irreversible. 资源组以及包含在其中的所有资源将被永久删除。The resource group and all the resources contained in it are permanently deleted. 请确保不会意外删除错误的资源组或资源。Make sure that you do not accidentally delete the wrong resource group or resources. 如果在现有的包含要保留资源的资源组中创建了 IoT 中心,则只删除 IoT 中心资源本身,而不要删除资源组。If you created the IoT Hub inside an existing resource group that contains resources you want to keep, only delete the IoT Hub resource itself instead of deleting the resource group.

若要按名称删除资源组:To delete the resource group by name:

  1. 登录到 Azure 门户,并单击“资源组”。Sign in to the Azure portal and click Resource groups.

  2. 在“按名称筛选...”**** 文本框中,键入包含资源的资源组名称“contoso-us-resource-group”****。In the Filter by name... textbox, type the name of the resource group containing your resources, contoso-us-resource-group.

  3. 在结果列表中的资源组右侧,单击“...”,然后单击“删除资源组”********。To the right of your resource group in the result list, click ... then Delete resource group.

  4. 系统会要求确认是否删除资源组。You will be asked to confirm the deletion of the resource group. 再次键入资源组的名称进行确认,然后单击“删除”****。Type the name of your resource group again to confirm, and then click Delete. 片刻之后,将会删除该资源组及其包含的所有资源。After a few moments, the resource group and all of its contained resources are deleted.

后续步骤Next steps