Azure 上可用的安全服务和技术Security services and technologies available on Azure

在我们与当前和未来 Azure 客户的讨论中,我们经常被问及“你们是否有 Azure 必须提供的所有安全相关服务和技术的列表?”In our discussions with current and future Azure customers, we’re often asked “do you have a list of all the security-related services and technologies that Azure has to offer?”

了解以下信息有助于评估云服务提供程序选项。When you evaluate cloud service provider options, it’s helpful to have this information. 因此,我们提供此列表帮助你入门。So we have provided this list to get you started.

随着时间的推移,此列表会进行更改,并且会不断变大,就像 Azure 一样。Over time, this list will change and grow, just as Azure does. 请务必时时查看此页面,了解安全相关服务和技术的最新内容。Make sure to check this page on a regular basis to stay up-to-date on our security-related services and technologies.

Azure 常规安全性General Azure security

服务Service 说明Description
Azure 安全 CenterAzure Security Center 一个云工作负荷保护解决方案,可跨混合云工作负荷提供安全性管理和高级威胁防护。A cloud workload protection solution that provides security management and advanced threat protection across hybrid cloud workloads.
Azure 密钥保管库Azure Key Vault 一个安全的机密存储空间,用于存储密码、连接字符串和维持应用正常工作所需的其他信息。A secure secrets store for the passwords, connection strings, and other information you need to keep your apps working.
Azure Monitor 日志Azure Monitor logs 一项监视服务,它收集遥测和其他数据,并且提供查询语言和分析引擎,以传递应用和资源操作见解。A monitoring service that collects telemetry and other data, and provides a query language and analytics engine to deliver operational insights for your apps and resources. 可单独使用或与其他服务一同使用(例如安全中心)。Can be used alone or with other services such as Security Center.

存储安全Storage security

服务Service 说明Description
Azure 存储 服务 加密Azure Storage Service Encryption 一项安全功能,会自动加密 Azure 存储中的数据。A security feature that automatically encrypts your data in Azure storage.
StorSimple 加密混合存储StorSimple Encrypted Hybrid Storage 一种用于管理本地设备与 Azure 云存储之间的存储任务的集成存储解决方案。An integrated storage solution that manages storage tasks between on-premises devices and Azure cloud storage.
Azure 客户端加密Azure Client-Side Encryption 一个客户端加密解决方案,它在将数据上传到 Azure 存储前在客户端应用程序内加密数据,并在下载时解密数据。A client-side encryption solution that encrypts data inside client applications before uploading to Azure Storage; also decrypts the data while downloading.
Azure 存储共享访问签名Azure Storage Shared Access Signatures 共享访问签名对存储帐户中的资源提供委托访问。A shared access signature provides delegated access to resources in your storage account.
Azure 存储帐户密钥Azure Storage Account Keys 一种适用于 Azure 存储的访问控制方法,用于在访问存储帐户时进行身份验证。An access control method for Azure storage that is used for authentication when the storage account is accessed.
带有 SMB 3.0 加密的 Azure 文件共享Azure File shares with SMB 3.0 Encryption 一项网络安全技术,它为服务器消息块 (SMB) 文件共享协议启用自动网络加密。A network security technology that enables automatic network encryption for the Server Message Block (SMB) file sharing protocol.
Azure 存储分析Azure Storage Analytics 一项记录和指标生成技术,适用于存储帐户中的数据。A logging and metrics-generating technology for data in your storage account.

数据库安全Database security

服务Service 说明Description
Azure SQL 防火墙Azure SQL Firewall 一项网络访问控制功能,对针对数据库的网络攻击进行防护。A network access control feature that protects against network-based attacks to database.
Azure SQL 单元格 级别加密Azure SQL Cell Level Encryption 一种提供粒度级别加密的数据库安全技术。A database security technology that provides encryption at a granular level.
Azure SQL 连接加密Azure SQL Connection Encryption 为了确保安全性,SQL 数据库会进行访问控制,即:使用防火墙规则来限制通过 IP 地址进行的连接,使用身份验证机制来要求用户证明其身份,并使用授权机制来限制用户执行特定操作和访问特定数据。To provide security, SQL Database controls access with firewall rules limiting connectivity by IP address, authentication mechanisms requiring users to prove their identity, and authorization mechanisms limiting users to specific actions and data.
Azure SQL 始终加密Azure SQL Always Encryption 保护 Azure SQL 数据库或 SQL Server 数据库中存储的敏感数据,如信用卡号或国民身份证号(例如,美国社会安全号码)。Protects sensitive data, such as credit card numbers or national identification numbers (for example, U.S. social security numbers), stored in Azure SQL Database or SQL Server databases.
Azure SQL 透明数据加密Azure SQL Transparent Data Encryption 一种加密整个数据库存储的数据库安全功能。A database security feature that encrypts the storage of an entire database.
Azure SQL 数据库审核Azure SQL Database Auditing 一种跟踪数据库事件并将事件写入 Azure 存储帐户中的审核日志的数据库审核功能。A database auditing feature that tracks database events and writes them to an audit log in your Azure storage account.

标识和访问管理Identity and access management

服务Service 说明Description
Azure 角色 基于 访问控制Azure Role Based Access Control 一项访问控制功能,它基于用户在组织内的角色,仅允许用户访问其必须访问的内容。An access control feature designed to allow users to access only the resources they are required to access based on their roles within the organization.
Azure Active DirectoryAzure Active Directory 一个基于云的身份验证存储库,它支持基于云的多租户目录和 Azure 中的多标识管理服务。A cloud-based authentication repository that supports a multi-tenant, cloud-based directory and multiple identity management services within Azure.
Azure Active Directory B2CAzure Active Directory B2C 一项标识管理服务,帮助控制客户使用基于 Azure 的应用程序时如何注册、登录和管理其配置文件。An identity management service that enables control over how customers sign-up, sign-in, and manage their profiles when using Azure-based applications.
Azure 多重身份验证Azure Multi-Factor Authentication 一项安全性设置,它会采用几种形式的身份验证和验证,再允许访问安全信息。A security provision that employs several different forms of authentication and verification before allowing access to secured information.

备份和灾难恢复Backup and disaster recovery

服务Service 说明Description
Azure 备份Azure Backup 一项基于 Azure 的服务,用于备份和还原 Azure 云中的数据。An Azure-based service used to back up and restore data in the Azure cloud.
Azure Site RecoveryAzure Site Recovery 一项联机服务,它可将在物理计算机和虚拟机 (VM) 上运行的工作负荷从主站点复制到辅助位置,以便在出现故障后恢复服务。An online service that replicates workloads running on physical and virtual machines (VMs) from a primary site to a secondary location to enable recovery of services after a failure.

网络Networking

服务Service 说明Description
网络 安全 组Network Security Groups 一项基于网络的访问控制功能,它使用 5 元组进行允许或拒绝决策。A network-based access control feature using a 5-tuple to make allow or deny decisions.
Azure VPN 网关Azure VPN Gateway 一种网络设备,用作 VPN 终结点,以允许跨界访问 Azure 虚拟网络。A network device used as a VPN endpoint to allow cross-premises access to Azure Virtual Networks.
Azure 应用程序网关Azure Application Gateway 高级 Web 应用程序负载均衡器,可基于 URL 进行路由并执行 SSL 卸载。An advanced web application load balancer that can route based on URL and perform SSL-offloading.
Web 应用程序防火墙 (WAF)Web application firewall (WAF) 应用程序网关的一项功能,可以对 Web 应用程序进行集中保护,避免其受到常见的攻击和漏洞危害A feature of Application Gateway that provides centralized protection of your web applications from common exploits and vulnerabilities
Azure 负载均衡器Azure Load Balancer TCP/UDP 应用程序网络负载均衡器。A TCP/UDP application network load balancer.
Azure ExpressRouteAzure ExpressRoute 本地网络和 Azure 虚拟网络之间的专用 WAN 链接。A dedicated WAN link between on-premises networks and Azure Virtual Networks.
Azure 流量管理器Azure Traffic Manager 一种全局 DNS 负载均衡器。A global DNS load balancer.
Azure 应用程序代理Azure Application Proxy 用于保护远程访问本地托管 Web 应用程序的身份验证前端。An authenticating front-end used to secure remote access for web applications hosted on-premises.
Azure 防火墙Azure Firewall 是托管的基于云的网络安全服务,可保护 Azure 虚拟网络资源。A managed, cloud-based network security service that protects your Azure Virtual Network resources.
Azure DDoS 防护Azure DDoS protection 与应用程序设计最佳做法相结合,可提供针对 DDoS 攻击的防御。Combined with application design best practices, provides defense against DDoS attacks.
虚拟网络服务终结点Virtual Network service endpoints 可通过直接连接,将 VNet 的虚拟网络专用地址空间和标识扩展到 Azure 服务。Extends your virtual network private address space and the identity of your VNet to the Azure services, over a direct connection.