Azure 密钥保管库可用性和冗余Azure Key Vault availability and redundancy

Azure 密钥保管库具有多层冗余功能,确保密钥和机密持续可供应用程序使用,即使服务的单个组件发生故障也是如此。Azure Key Vault features multiple layers of redundancy to make sure that your keys and secrets remain available to your application even if individual components of the service fail.

会在区域中复制密钥保管库的内容,并复制到至少 150 英里以外的次要区域,但位于同一个地理位置,以保持密钥和机密的持久性。The contents of your key vault are replicated within the region and to a secondary region at least 150 miles away, but within the same geography to maintain high durability of your keys and secrets. 有关特定区域对的详细信息,请参阅 Azure 配对区域For details about specific region pairs, see Azure paired regions. 配对区域模型的例外是巴西南部,它只允许选择将数据保存在巴西南部。The exception to the paired regions model is Brazil South, which allows only the option to keep data resident within Brazil South. 巴西南部使用本地冗余存储 (LRS) 在单个位置/区域内复制数据三次。Brazil South uses locally redundant storage (LRS) to replicate your data three times within the single location/region.

如果密钥保管库服务中的单独组件发生故障,则区域内的替代组件将继续处理请求,确保不会导致功能损失。If individual components within the key vault service fail, alternate components within the region step in to serve your request to make sure that there is no degradation of functionality. 无需执行任何操作即可开始此过程,它会自动发生,且相关信息是透明的。You don't need to take any action to start this process, it happens automatically and will be transparent to you.

在整个 Azure 区域不可用的情况下(这很少见),对该区域中的 Azure 密钥保管库发出的请求会自动路由(“故障转移” )到次要区域。In the rare event that an entire Azure region is unavailable, the requests that you make of Azure Key Vault in that region are automatically routed (failed over) to a secondary region. 当主要区域再次可用时,请求将路由回(“故障回复” )到主要区域。When the primary region is available again, requests are routed back (failed back) to the primary region. 同样,不需要采取任何措施,因为这会自动发生。Again, you don't need to take any action because this happens automatically.

通过这种高可用性设计,Azure 密钥保管库不需要停机进行维护活动。Through this high availability design, Azure Key Vault requires no downtime for maintenance activities.

应注意以下几个事项:There are a few caveats to be aware of:

  • 发生区域故障转移时,可能需要等待几分钟让服务故障转移。In the event of a region failover, it may take a few minutes for the service to fail over. 在故障转移之前的这段时间内发出的请求可能会失败。Requests that are made during this time before failover may fail.

  • 在故障转移期间,密钥保管库处于只读模式。During failover, your key vault is in read-only mode. 在此模式下支持的请求包括:Requests that are supported in this mode are:

    • 列出证书List certificates
    • 获取证书Get certificates
    • 列出机密List secrets
    • 获取机密Get secrets
    • 列出密钥List keys
    • 获取密钥(属性)Get (properties of) keys
    • 加密Encrypt
    • 解密Decrypt
    • 包装Wrap
    • 解包Unwrap
    • 验证Verify
    • 签名Sign
    • 备份Backup
  • 在故障转移期间,无法更改密钥保管库属性。During failover, you will not be able to make changes to key vault properties. 不能更改访问策略或防火墙配置和设置。You will not be able to change access policy or firewall configurations and settings.

  • 故障回复之后,所有请求类型(包括读取 写入请求)都将可用。After a failover is failed back, all request types (including read and write requests) are available.