Azure 存储简介Introduction to Azure Storage

Azure 存储是 Azure 提供的适用于现代数据存储场景的云存储解决方案。Azure Storage is Azure's cloud storage solution for modern data storage scenarios. Azure 存储为数据对象提供可大规模缩放的对象存储,为云提供文件系统服务,并且提供用于可靠消息传送的消息传送存储以及 NoSQL 存储。Azure Storage offers a massively scalable object store for data objects, a file system service for the cloud, a messaging store for reliable messaging, and a NoSQL store. Azure 存储:Azure Storage is:

  • 持久且具有高可用性。Durable and highly available. 冗余可确保数据在发生短暂的硬件故障时是安全的。Redundancy ensures that your data is safe in the event of transient hardware failures. 还可以选择在各个数据中心或地理区域之间复制数据,从而在发生本地灾难或自然灾害时提供额外的保护。You can also opt to replicate data across datacenters or geographical regions for additional protection from local catastrophe or natural disaster. 以此方式复制的数据在发生意外中断时将保持高可用性。Data replicated in this way remains highly available in the event of an unexpected outage.
  • 安全。Secure. 该服务将对写入到 Azure 存储的所有数据进行加密。All data written to Azure Storage is encrypted by the service. Azure 存储可以精细地控制谁可以访问你的数据。Azure Storage provides you with fine-grained control over who has access to your data.
  • 可缩放。Scalable. Azure 存储设计为可大规模缩放以满足当今的应用程序在数据存储和性能方面的需求。Azure Storage is designed to be massively scalable to meet the data storage and performance needs of today's applications.
  • 托管的。Managed. Azure 为你处理硬件维护、更新和关键问题。Azure handles hardware maintenance, updates, and critical issues for you.
  • 易访问。Accessible. 可以通过 HTTP 或 HTTPS 从世界上的任何位置访问 Azure 存储中的数据。Data in Azure Storage is accessible from anywhere in the world over HTTP or HTTPS. Azure 以各种语言(NET、Java、Node.js、Python、PHP、Ruby、Go 和其他语言)提供了适用于 Azure 存储的 SDK 以及成熟的 REST API。Azure provides SDKs for Azure Storage in a variety of languages -- .NET, Java, Node.js, Python, PHP, Ruby, Go, and others -- as well as a mature REST API. Azure 存储支持通过 Azure PowerShell 或 Azure CLI 运行脚本。Azure Storage supports scripting in Azure PowerShell or Azure CLI. 而且,Azure 门户和 Azure 存储资源管理器提供了用于处理数据的简单可视化解决方案。And the Azure portal and Azure Storage Explorer offer easy visual solutions for working with your data.

Azure 存储服务Azure Storage services

Azure 存储包括以下数据服务:Azure Storage includes these data services:

  • Azure Blob:适用于文本和二进制数据的可大规模缩放的对象存储。Azure Blobs: A massively scalable object store for text and binary data.
  • Azure 文件:适用于云或本地部署的托管文件共享。Azure Files: Managed file shares for cloud or on-premises deployments.
  • Azure 队列:用于在应用程序组件之间进行可靠的消息传送的消息存储。Azure Queues: A messaging store for reliable messaging between application components.
  • Azure 表:一种 NoSQL 存储,适合用作结构化数据的无架构存储。Azure Tables: A NoSQL store for schemaless storage of structured data.

对每个服务的访问都通过存储帐户进行。Each service is accessed through a storage account. 若要开始使用,请参阅创建存储帐户To get started, see Create a storage account.

Blob 存储Blob storage

Azure Blob 存储是 Azure 提供的适用于云的对象存储解决方案。Azure Blob storage is Azure's object storage solution for the cloud. Blob 存储最适合存储巨量的非结构化数据,例如文本或二进制数据。Blob storage is optimized for storing massive amounts of unstructured data, such as text or binary data.

Blob 存储最适合用于:Blob storage is ideal for:

  • 直接向浏览器提供图像或文档。Serving images or documents directly to a browser.
  • 存储文件以供分布式访问。Storing files for distributed access.
  • 对视频和音频进行流式处理。Streaming video and audio.
  • 存储用于备份和还原、灾难恢复及存档的数据。Storing data for backup and restore, disaster recovery, and archiving.
  • 存储数据以供本地或 Azure 托管服务执行分析。Storing data for analysis by an on-premises or Azure-hosted service.

可以通过 HTTP 或 HTTPS 从世界上的任何位置访问 Blob 存储中的对象。Objects in Blob storage can be accessed from anywhere in the world via HTTP or HTTPS. 用户或客户端应用程序可以通过 URL、Azure 存储 REST APIAzure PowerShellAzure CLI 或 Azure 存储客户端库访问 Blob。Users or client applications can access blobs via URLs, the Azure Storage REST API, Azure PowerShell, Azure CLI, or an Azure Storage client library. 存储客户端库以多种语言提供,包括 .NETJavaNode.jsPythonPHPRubyThe storage client libraries are available for multiple languages, including .NET, Java, Node.js, Python, PHP, and Ruby.

有关 Blob 存储的详细信息,请参阅 Blob 存储简介For more information about Blob storage, see Introduction to Blob storage.

Azure 文件Azure Files

可以通过 Azure 文件设置可用性高的网络文件共享,以便使用标准的服务器消息块 (SMB) 协议对其进行访问。Azure Files enables you to set up highly available network file shares that can be accessed by using the standard Server Message Block (SMB) protocol. 这意味着,多个 VM 可以共享启用了读取和写入访问权限的相同文件。That means that multiple VMs can share the same files with both read and write access. 也可使用 REST 接口或存储客户端库来读取文件。You can also read the files using the REST interface or the storage client libraries.

Azure 文件不同于公司文件共享的一点是,可以在全球任何地方使用 URL 来访问文件,只要该 URL 指向文件且包含共享访问签名 (SAS) 令牌即可。One thing that distinguishes Azure Files from files on a corporate file share is that you can access the files from anywhere in the world using a URL that points to the file and includes a shared access signature (SAS) token. 可以生成 SAS 令牌,用于在指定时间内对私有资产进行特定访问。You can generate SAS tokens; they allow specific access to a private asset for a specific amount of time.

文件共享适用于许多常用方案:File shares can be used for many common scenarios:

  • 许多本地应用程序使用文件共享。Many on-premises applications use file shares. 此功能可以更方便地迁移那些将数据共享到 Azure 的应用程序。This feature makes it easier to migrate those applications that share data to Azure. 如果将文件共享装载到本地应用程序所使用的驱动器号,则应用程序中访问文件共享的那部分应尽量少做更改(如果必须进行更改的话)。If you mount the file share to the same drive letter that the on-premises application uses, the part of your application that accesses the file share should work with minimal, if any, changes.

  • 配置文件可以在一个文件共享上存储,从多个 VM 进行访问。Configuration files can be stored on a file share and accessed from multiple VMs. 可以将一个组中多个开发人员使用的工具和实用程序存储到文件共享中,确保每个人都能找到它们并使用同一版本。Tools and utilities used by multiple developers in a group can be stored on a file share, ensuring that everybody can find them, and that they use the same version.

  • 例如,诊断日志、指标和故障转储是三种可以写入到文件共享中供以后处理或分析的数据。Diagnostic logs, metrics, and crash dumps are just three examples of data that can be written to a file share and processed or analyzed later.

目前不支持基于 Active Directory 的身份验证和访问控制列表 (ACL),但将来的某个时候会提供此方面的支持。At this time, Active Directory-based authentication and access control lists (ACLs) are not supported, but they will be at some time in the future. 存储帐户凭据用于提供访问文件共享所需的身份验证。The storage account credentials are used to provide authentication for access to the file share. 这意味着,任何人只要装载了共享都具有该共享的完整读/写访问权限。This means anybody with the share mounted will have full read/write access to the share.

有关 Azure 文件的详细信息,请参阅 Azure 文件简介For more information about Azure Files, see Introduction to Azure Files.

队列存储Queue storage

Azure 队列服务用于存储和检索消息。The Azure Queue service is used to store and retrieve messages. 队列消息最大可以为 64 KB,一个队列可以包含数百万条消息。Queue messages can be up to 64 KB in size, and a queue can contain millions of messages. 队列通常用于存储需要异步处理的消息的列表。Queues are generally used to store lists of messages to be processed asynchronously.

例如,假设你需要客户能够上传图片,并且你需要创建每个图片的缩略图。For example, say you want your customers to be able to upload pictures, and you want to create thumbnails for each picture. 可以让客户在上传图片时等待你创建缩略图,You could have your customer wait for you to create the thumbnails while uploading the pictures. 也可以使用队列。An alternative would be to use a queue. 当客户完成上传操作后,向队列写入一条消息。When the customer finishes his upload, write a message to the queue. 然后通过 Azure Function 从队列检索该消息并创建缩略图。Then have an Azure Function retrieve the message from the queue and create the thumbnails. 此处理过程的每一部分都可以单独进行缩放,让你可以根据使用情况进行调整,加强控制。Each of the parts of this processing can be scaled separately, giving you more control when tuning it for your usage.

有关 Azure 队列的详细信息,请参阅队列简介For more information about Azure Queues, see Introduction to Queues.

表存储Table storage

Azure 表存储现在是 Azure Cosmos DB 的一部分。Azure Table storage is now part of Azure Cosmos DB. 若要查看 Azure 表存储文档,请参阅 Azure 表存储概述To see Azure Table storage documentation, see the Azure Table Storage Overview. 除了现有的 Azure 表存储服务,还有新的 Azure Cosmos DB 表 API 产品/服务,后者提供吞吐量优化表、全局分发和自动辅助索引。In addition to the existing Azure Table storage service, there is a new Azure Cosmos DB Table API offering that provides throughput-optimized tables, global distribution, and automatic secondary indexes. 若要详细了解和尝试新的高级体验,请查看 Azure Cosmos DB 表 APITo learn more and try out the new premium experience, please check out Azure Cosmos DB Table API.

有关表存储的详细信息,请参阅 Azure 表存储概述For more information about Table storage, see Overview of Azure Table storage.

磁盘存储Disk storage

Azure 存储还包括虚拟机使用的托管和非托管磁盘功能。Azure Storage also includes managed and unmanaged disk capabilities used by virtual machines. 有关这些功能的详细信息,请参阅计算服务文档For more information about these features, please see the Compute Service documentation.

存储帐户的类型Types of storage accounts

Azure 存储提供三种类型的存储帐户。Azure Storage offers three types of storage accounts. 每种类型支持不同的功能,并且具有自己的定价模型。Each type supports different features and has its own pricing model. 在创建存储帐户之前,需考虑到这些差异,以便确定最适合应用程序的帐户类型。Consider these differences before you create a storage account to determine the type of account that is best for your applications. 这三种类型的存储帐户是:The three types of storage accounts are:

  • 常规用途 v2 帐户:Blob、文件、队列和表的基本存储帐户类型。General-purpose v2 accounts: Basic storage account type for blobs, files, queues, and tables. 建议在大多数情况下使用 Azure 存储。Recommended for most scenarios using Azure Storage.
  • 常规用途 v1 帐户:Blob、文件、队列和表的旧帐户类型。General-purpose v1 accounts: Legacy account type for blobs, files, queues, and tables. 如果可能,请改用常规用途 v2 帐户。Use general-purpose v2 accounts instead when possible.
  • Blob 存储帐户:仅限 Blob 的存储帐户。Blob storage accounts: Blob-only storage accounts. 如果可能,请改用常规用途 v2 帐户。Use general-purpose v2 accounts instead when possible.

下表描述了存储帐户的类型及其功能:The following table describes the types of storage accounts and their capabilities:

存储帐户类型Storage account type 支持的服务Supported services 支持的性能层Supported performance tiers 支持的访问层Supported access tiers 复制选项Replication options 部署模型Deployment model
11
加密Encryption
22
常规用途 V2General-purpose V2 Blob、文件、队列、表和磁盘Blob, File, Queue, Table, and Disk 标准、高级Standard, Premium
44
热、 冷、 存档Hot, Cool, Archive
33
LRS, GRS, RA-GRSLRS, GRS, RA-GRS 资源管理器Resource Manager 加密Encrypted
常规用途 V1General-purpose V1 Blob、文件、队列、表和磁盘Blob, File, Queue, Table, and Disk 标准、高级Standard, Premium
44
不适用N/A LRS、GRS、RA-GRSLRS, GRS, RA-GRS 资源管理器、经典Resource Manager, Classic 加密Encrypted
Blob 存储Blob storage Blob(仅限块 Blob 和追加 Blob)Blob (block blobs and append blobs only) 标准Standard 热、 冷、 存档Hot, Cool, Archive
33
LRS、GRS、RA-GRSLRS, GRS, RA-GRS 资源管理器Resource Manager 加密Encrypted
1建议使用 Azure 资源管理器部署模型。1Using the Azure Resource Manager deployment model is recommended. 仍将在某些位置创建使用经典部署模型的存储帐户,继续支持现有的经典帐户。Storage accounts using the classic deployment model can still be created in some locations, and existing classic accounts continue to be supported. 有关详细信息,请参阅 Azure 资源管理器与经典部署:了解部署模型和资源状态For more information, see Azure Resource Manager vs. classic deployment: Understand deployment models and the state of your resources.
2使用针对静态数据的存储服务加密 (SSE) 来加密所有存储帐户。2All storage accounts are encrypted using Storage Service Encryption (SSE) for data at rest. 有关详细信息,请参阅静态数据的 Azure 存储服务加密For more information, see Azure Storage Service Encryption for Data at Rest.
3存档层仅在单个 Blob 级别可用,在存储帐户级别不可用。3The Archive tier is available at level of an individual blob only, not at the storage account level. 只能存档块 Blob 和追加 Blob。Only block blobs and append blobs can be archived. 有关详细信息,请参阅 Azure Blob 存储:热、冷、存档存储层For more information, see Azure Blob storage: Hot, Cool, and Archive storage tiers.
4高级性能的常规用途 v2 和常规用途 v1 帐户是可用于磁盘和页 blob。4Premium performance for general-purpose v2 and general-purpose v1 accounts is available for disk and page blob only.

有关存储帐户类型的详细信息,请参阅 Azure 存储帐户概述For more information about storage account types, see Azure storage account overview.

确保对存储帐户进行安全访问Securing access to storage accounts

对 Azure 存储的每个请求必须获得授权。Every request to Azure Storage must be authorized. Azure 存储支持以下授权方法:Azure Storage supports the following authorization methods:

  • 用于 Blob 和队列数据的 Azure Active Directory (Azure AD) 集成。Azure Active Directory (Azure AD) integration for blob and queue data. Azure 存储支持通过基于角色的访问控制 (RBAC) 使用 Azure AD 凭据为 Blob 和队列服务进行身份验证和授权。Azure Storage supports authentication and authorization with Azure AD credentials for the Blob and Queue services via role-based access control (RBAC). 建议使用 Azure AD 进行授权请求,以确保极高的安全性和易用性。Authorizing requests with Azure AD is recommended for superior security and ease of use. 有关详细信息,请参阅使用 Azure Active Directory 对 Azure blob 和队列访问进行身份验证For more information, see Authenticate access to Azure blobs and queues using Azure Active Directory.
  • 通过共享密钥进行授权。Authorization with Shared Key. Azure 存储 Blob、队列和表服务以及 Azure 文件存储支持使用共享密钥进行授权。使用共享密钥授权的客户端会随使用存储帐户访问密钥签名的每个请求传递一个标头。The Azure Storage Blob, Queue, and Table services and Azure Files support authorization with Shared Key.A client using Shared Key authorization passes a header with every request that is signed using the storage account access key. 有关详细信息,请参阅通过共享密钥进行授权For more information, see Authorize with Shared Key.
  • 使用共享访问签名 (SAS) 进行授权。Authorization using shared access signatures (SAS). 共享访问签名 (SAS) 是一个字符串,其中包含的安全令牌可以追加到存储资源的 URI。A shared access signature (SAS) is a string containing a security token that can be appended to the URI for a storage resource. 安全令牌封装了各种约束,例如权限、访问时间间隔。The security token encapsulates constraints such as permissions and the interval of access. 有关详细信息,请参阅使用共享访问签名 (SAS)For more information, refer to Using Shared Access Signatures (SAS).
  • 对容器和 Blob 的匿名访问。Anonymous access to containers and blobs. 容器及其 Blob 也许可以公开使用。A container and its blobs may be publicly available. 指定某个容器或 Blob 为公用的时,任何人都可以匿名读取它,不需要进行身份验证。When you specify that a container or blob is public, anyone can read it anonymously; no authentication is required. 有关详细信息,请参阅管理对容器和 Blob 的匿名读取访问For more information, see Manage anonymous read access to containers and blobs

EncryptionEncryption

有两种适用于存储服务的基本加密类型。There are two basic kinds of encryption available for the Storage services. 若要详细了解安全性和加密,请参阅 Azure 存储安全指南For more information about security and encryption, see the Azure Storage security guide.

静态加密Encryption at rest

静态 Azure 存储服务加密 (SSE) 可帮助保护数据,使组织能够信守在安全性与符合性方面所做的承诺。Azure Storage Service Encryption (SSE) at rest helps you protect and safeguard your data to meet your organizational security and compliance commitments. 使用此功能,Azure 存储可以先自动加密数据,再将数据保存到存储,并在检索之前解密数据。With this feature, Azure Storage automatically encrypts your data prior to persisting to storage and decrypts prior to retrieval. 加密、解密和密钥管理对于用户而言是完全透明的。The encryption, decryption, and key management are totally transparent to users.

SSE 自动加密所有性能层(标准和高级)、所有部署模型(Azure 资源管理器和经典)、所有 Azure 存储服务(Blob、队列、表和文件)中的数据。SSE automatically encrypts data in all performance tiers (Standard and Premium), all deployment models (Azure Resource Manager and Classic), and all of the Azure Storage services (Blob, Queue, Table, and File). SSE 不影响 Azure 存储性能。SSE does not affect Azure Storage performance.

有关 SSE 静态加密的详细信息,请参阅静态数据的 Azure 存储服务加密For more information about SSE encryption at rest, see Azure Storage Service Encryption for Data at Rest.

客户端加密Client-side encryption

可以调用存储客户端库的方法以编程方式加密数据,然后再将数据通过网络从客户端发送到 Azure。The storage client libraries have methods you can call to programmatically encrypt data before sending it across the wire from the client to Azure. 数据以加密方式存储,这意味着数据也是静态加密的。It is stored encrypted, which means it also is encrypted at rest. 读回数据时,会在收到数据信息后再将其解密。When reading the data back, you decrypt the information after receiving it.

有关客户端加密的详细信息,请参阅 Microsoft Azure 存储的使用 .NET 的客户端加密For more information about client-side encryption, see Client-Side Encryption with .NET for Microsoft Azure Storage.

冗余Redundancy

为了确保数据的持久性,Azure 存储会复制多个数据副本。In order to ensure that your data is durable, Azure Storage replicates multiple copies of your data. 设置存储帐户时,可选择冗余选项。When you set up your storage account, you select a redundancy option.

存储帐户的复制选项包括:Replication options for a storage account include:

有关灾难恢复的详细信息,请参阅在 Azure 存储中断时该怎么办For more information about disaster recovery, see What to do if an Azure Storage outage occurs.

将数据传输到和移出 Azure 存储Transferring data to and from Azure Storage

有多个选项用于将数据移入或移出 Azure 存储。You have several options for moving data into or out of Azure Storage. 选择哪个选项取决于数据集的大小和网络带宽。Which option you choose depends on the size of your dataset and your network bandwidth. 有关详细信息,请参阅选择 Azure 数据传输解决方案For more information, see Choose an Azure solution for data transfer.

定价Pricing

有关 Azure 存储定价的详细信息,请参阅定价页For detailed information about pricing for Azure Storage, see the Pricing page.

存储 API、库和工具Storage APIs, libraries, and tools

Azure 存储资源可以通过任何发出 HTTP/HTTPS 请求的语言来进行访问。Azure Storage resources can be accessed by any language that can make HTTP/HTTPS requests. 另外,Azure 存储还为多种主流语言提供了编程库。Additionally, Azure Storage offers programming libraries for several popular languages. 这些库通过对细节进行处理简化了使用 Azure 存储的许多方面,这些细节包括同步和异步调用、操作的批处理、异常管理、自动重试、操作行为,等等。These libraries simplify many aspects of working with Azure Storage by handling details such as synchronous and asynchronous invocation, batching of operations, exception management, automatic retries, operational behavior, and so forth. 这些库当前可供下列语言和平台以及正在筹备的其他语言和平台使用:Libraries are currently available for the following languages and platforms, with others in the pipeline:

Azure 存储数据 API 和库参考Azure Storage data API and library references

Azure 存储管理 API 和库参考Azure Storage management API and library references

Azure 存储数据移动 API 和库参考Azure Storage data movement API and library references

工具和实用程序Tools and utilities

后续步骤Next steps

若要启动并运行 Azure 存储,请参阅创建存储帐户To get up and running with Azure Storage, see Create a storage account.