Azure 托管磁盘简介Introduction to Azure managed disks

Azure 托管磁盘是虚拟硬盘 (VHD)。An Azure managed disk is a virtual hard disk (VHD). 可以将其视为本地服务器中的物理磁盘,但它是虚拟化的。You can think of it like a physical disk in an on-premises server but, virtualized. Azure 托管磁盘作为页 blob 存储,后者是 Azure 中的随机 IO 存储对象。Azure managed disks are stored as page blobs, which are a random IO storage object in Azure. 我们之所以将托管磁盘称为“托管”是因为,它是对页 blob、blob 容器和 Azure 存储帐户的抽象。We call a managed disk 'managed' because it is an abstraction over page blobs, blob containers, and Azure storage accounts. 对于托管磁盘,你所要做的就是预配磁盘,而 Azure 负责其余的工作。With managed disks, all you have to do is provision the disk, and Azure takes care of the rest.

如果选择将 Azure 托管磁盘与工作负荷配合使用,Azure 将为你创建和管理该磁盘。When you select to use Azure managed disks with your workloads, Azure creates and manages the disk for you. 可用的磁盘类型包括高级固态硬盘 (SSD)、标准 SSD 和标准硬盘驱动器 (HDD)。The available types of disks are Premium solid state drive (SSD), Standard SSD, and Standard hard disk drive (HDD). 有关每种磁盘类型的详细信息,请参阅选择适用于 IaaS VM 的磁盘类型For more information about each individual disk type, see Select a disk type for IaaS VMs.

托管磁盘的优势Benefits of managed disks

接下来让我们看一下使用托管磁盘可以获得的一些好处。Let's go over some of the benefits you gain by using managed disks.

高度持久和可用Highly durable and available

托管磁盘具备 99.999% 的可用性。Managed disks are designed for 99.999% availability. 托管磁盘实现这一点的方式是:提供三个包含数据的副本,确保高持久性。Managed disks achieve this by providing you with three replicas of your data, allowing for high durability. 如果其中一个或两个副本出现问题,剩下的副本能够确保数据的持久性和对故障的高耐受性。If one or even two replicas experience issues, the remaining replicas help ensure persistence of your data and high tolerance against failures. 此架构有助于 Azure 为基础结构即服务 (IaaS) 磁盘持续提供企业级的持久性,年化故障率为 0%,达到行业领先水平。This architecture has helped Azure consistently deliver enterprise-grade durability for infrastructure as a service (IaaS) disks, with an industry-leading ZERO% annualized failure rate.

简单且可缩放的 VM 部署Simple and scalable VM deployment

托管磁盘支持在每个区域中的一个订阅中创建最多 50,000 个同一类型的 VM 磁盘 ,这样就可以在单个订阅中创建数以千计的 VM 。Using managed disks, you can create up to 50,000 VM disks of a type in a subscription per region, allowing you to create thousands of VMs in a single subscription. 此功能允许使用 Marketplace 映像,在一个虚拟机规模集中创建多达 1000 台 VM,进一步增加虚拟机规模集的可伸缩性。This feature also further increases the scalability of virtual machine scale sets by allowing you to create up to 1,000 VMs in a virtual machine scale set using a Marketplace image.

集成可用性集Integration with availability sets

托管磁盘集成可用性集,可确保可用性集中的 VM 的磁盘彼此之间完全隔离以避免单点故障。Managed disks are integrated with availability sets to ensure that the disks of VMs in an availability set are sufficiently isolated from each other to avoid a single point of failure. 磁盘自动放置于不同的存储缩放单元(模块)。Disks are automatically placed in different storage scale units (stamps). 如果某个模块因硬件或软件故障而失败,则只有其磁盘在该模块上的 VM 实例会失败。If a stamp fails due to hardware or software failure, only the VM instances with disks on those stamps fail. 例如,假定某个应用程序在 5 台 VM 上运行并且这些 VM 位于一个可用性集中。For example, let's say you have an application running on five VMs, and the VMs are in an Availability Set. 这些 VM 的磁盘不会存储在同一个模块中,因此,如果一个模块失败,该应用程序的其他实例可以继续运行。The disks for those VMs won't all be stored in the same stamp, so if one stamp goes down, the other instances of the application continue to run.

Azure 备份支持Azure Backup support

若要防范区域灾难,可以使用 Azure 备份创建具有基于时间的备份和备份保留策略的备份作业。To protect against regional disasters, Azure Backup can be used to create a backup job with time-based backups and backup retention policies. 这样就可以随意执行简单的 VM 还原。This allows you to perform easy VM restorations at will. 目前,Azure 备份支持高达 4 TB (TiB) 的磁盘大小。Currently Azure Backup supports disk sizes up to four tebibyte (TiB) disks. Azure 备份支持备份和还原托管磁盘。Azure Backup supports backup and restore of managed disks. 详细了解 Azure VM 备份支持。Learn more about Azure VM backup support.

粒度访问控制Granular access control

可以使用 Azure 基于角色的访问控制 (RBAC) 将对托管磁盘的特定权限分配给一个或多个用户。You can use Azure role-based access control (RBAC) to assign specific permissions for a managed disk to one or more users. 托管磁盘公开了各种操作,包括读取、写入(创建/更新)、删除,以及检索磁盘的共享访问签名 (SAS) URIManaged disks expose a variety of operations, including read, write (create/update), delete, and retrieving a shared access signature (SAS) URI for the disk. 可以仅将某人员执行其工作所需的操作的访问权限授予该人员。You can grant access to only the operations a person needs to perform their job. 例如,如果不希望某人员将某个托管磁盘复制到存储帐户,则可以选择不授予对该托管磁盘的导出操作的访问权限。For example, if you don't want a person to copy a managed disk to a storage account, you can choose not to grant access to the export action for that managed disk. 类似地,如果不希望某人员使用 SAS URI 复制某个托管磁盘,则可以选择不授予对该托管磁盘的该权限。Similarly, if you don't want a person to use an SAS URI to copy a managed disk, you can choose not to grant that permission to the managed disk.

上传 vhdUpload your vhd

通过直接上传,可以轻松地将 vhd 传输到 Azure 托管磁盘。Direct upload makes it easy to transfer your vhd to an Azure managed disk. 以前,必须遵循一个更复杂的过程,包括将数据暂存到存储帐户中。Previously, you had to follow a more involved process that included staging your data in a storage account. 现在,步骤更少了。Now, there are fewer steps. 可以更方便地将本地 VM 上传到 Azure、上传到大型托管磁盘,并简化了备份和还原过程。It is easier to upload on premises VMs to Azure, upload to large managed disks, and the backup and restore process is simplified. 通过允许你直接将数据上传到托管磁盘而不将它们附加到 VM,还降低了成本。It also reduces cost by allowing you to upload data to managed disks directly without attaching them to VMs. 可以使用直接上传来上传最大为 32 TiB 的 vhd。You can use direct upload to upload vhds up to 32 TiB in size.

若要了解如何将 vhd 传输到 Azure,请参阅 CLIPowerShell 文章。To learn how to transfer your vhd to Azure, see the CLI or PowerShell articles.


托管磁盘提供两种不同的加密。Managed disks offer two different kinds of encryption. 第一种是服务器端加密 (SSE),由存储服务执行。The first is Server Side Encryption (SSE), which is performed by the storage service. 第二种是 Azure 磁盘加密 (ADE),可以在 VM 的 OS 和数据磁盘上启用。The second one is Azure Disk Encryption (ADE), which you can enable on the OS and data disks for your VMs.

服务器端加密Server-side encryption

Azure 服务器端加密可提供静态加密并保护数据,让你的组织能够信守安全性与合规性方面所做的承诺。Azure Server-side Encryption provides encryption-at-rest and safeguards your data to meet your organizational security and compliance commitments. 默认情况下,在所有可用托管磁盘的区域中,所有托管磁盘、快照和映像都启用了服务器端加密。Server-side encryption is enabled by default for all managed disks, snapshots, and images in all the regions where managed disks are available. 有关详细信息请访问托管磁盘常见问题解答页Visit the Managed Disks FAQ page for more details.

Azure 磁盘加密Azure Disk Encryption

Azure 磁盘加密允许加密 IaaS 虚拟机使用的 OS 磁盘和数据磁盘。Azure Disk Encryption allows you to encrypt the OS and Data disks used by an IaaS Virtual Machine. 此加密包括托管磁盘。This encryption includes managed disks. 对于 Windows,驱动器是使用行业标准 BitLocker 加密技术加密的。For Windows, the drives are encrypted using industry-standard BitLocker encryption technology. 对于 Linux,磁盘是使用 DM-Crypt 技术加密的。For Linux, the disks are encrypted using the DM-Crypt technology. 加密过程与 Azure Key Vault 集成,可让你控制和管理磁盘加密密钥。The encryption process is integrated with Azure Key Vault to allow you to control and manage the disk encryption keys. 有关详细信息,请参阅适用于 IaaS VM 的 Azure 磁盘加密For more information, see Azure Disk Encryption for IaaS VMs.

磁盘角色Disk roles

在 Azure 中有三个主要磁盘角色:数据磁盘、OS 磁盘和临时磁盘。There are three main disk roles in Azure: the data disk, the OS disk, and the temporary disk. 这些角色将映射到附加到虚拟机的磁盘。These roles map to disks that are attached to your virtual machine.


数据磁盘Data disk

数据磁盘是附加到虚拟机的托管磁盘,用于存储应用程序数据或其他需要保留的数据。A data disk is a managed disk that's attached to a virtual machine to store application data, or other data you need to keep. 数据磁盘注册为 SCSI 驱动器并且带有所选择的字母标记。Data disks are registered as SCSI drives and are labeled with a letter that you choose. 每个数据磁盘的最大容量为 32,767 gibibytes (GiB)。Each data disk has a maximum capacity of 32,767 gibibytes (GiB). 虚拟机的大小决定了可附加的磁盘数目,以及可用来托管磁盘的存储类型。The size of the virtual machine determines how many data disks you can attach to it and the type of storage you can use to host the disks.

OS 磁盘OS disk

每个虚拟机都附加了一个操作系统磁盘。Every virtual machine has one attached operating system disk. 该 OS 磁盘有一个预先安装的 OS,是在创建 VM 时选择的。That OS disk has a pre-installed OS, which was selected when the VM was created. 此磁盘包含启动卷。This disk contains the boot volume.

此磁盘最大容量为 2,048 GiB。This disk has a maximum capacity of 2,048 GiB.

临时磁盘Temporary disk

每个 VM 包含一个不是托管磁盘的临时磁盘。Every VM contains a temporary disk, which is not a managed disk. 临时磁盘为应用程序和进程提供短期存储,仅用于存储页面或交换文件等数据。The temporary disk provides short-term storage for applications and processes and is intended to only store data such as page or swap files. 维护事件期间或重新部署 VM 时,临时磁盘上的数据可能会丢失。Data on the temporary disk may be lost during a maintenance event event or when you redeploy a VM. 在 Azure Linux VM 上,临时磁盘默认为 /dev/sdb,而在 Windows VM 上,临时磁盘默认为 D:。On Azure Linux VMs, the temporary disk is /dev/sdb by default and on Windows VMs the temporary disk is D: by default. 在 VM 成功标准重启期间,临时磁盘上的数据将保留。During a successful standard reboot of the VM, the data on the temporary disk will persist.

托管磁盘快照Managed disk snapshots

托管磁盘快照是托管磁盘的只读崩溃一致性完整副本,默认情况下它作为标准托管磁盘进行存储。A managed disk snapshot is a read-only crash-consistent full copy of a managed disk that is stored as a standard managed disk by default. 使用快照可以在任意时间点备份托管磁盘。With snapshots, you can back up your managed disks at any point in time. 这些快照独立于源磁盘而存在,并可用来创建新的托管磁盘。These snapshots exist independent of the source disk and can be used to create new managed disks.

基于已使用大小对快照计费。Snapshots are billed based on the used size. 例如,如果创建预配容量为 64 GiB 且实际使用数据大小为 10 GiB 的托管磁盘的快照,则仅针对已用数据大小 10 GiB 对该快照计费。For example, if you create a snapshot of a managed disk with provisioned capacity of 64 GiB and actual used data size of 10 GiB, that snapshot is billed only for the used data size of 10 GiB. 可以通过查看 Azure 使用情况报告来了解快照的已使用大小。You can see the used size of your snapshots by looking at the Azure usage report. 例如,如果快照的已用数据大小为 10 GiB,则使用情况报告将显示 10 GiB/(31 天 x 24 小时) = 0.013441 GiB 作为已使用数量。For example, if the used data size of a snapshot is 10 GiB, the usage report will show 10 GiB/(31 days x 24 hours) = 0.013441 GiB as the consumed quantity.

若要了解有关如何使用托管磁盘创建快照的详细信息,请查看下列资源:To learn more about how to create snapshots with managed disks, see the following resources:


托管磁盘还支持创建托管自定义映像。Managed disks also support creating a managed custom image. 可以从存储帐户中的自定义 VHD 创建映像或者直接从通用化 (sysprepped) VM 创建映像。You can create an image from your custom VHD in a storage account or directly from a generalized (sysprepped) VM. 此过程捕获单个映像。This process captures a single image. 该映像包含与 VM 关联的所有托管磁盘,包括 OS 磁盘和数据磁盘。This image contains all managed disks associated with a VM, including both the OS and data disks. 该托管自定义映像支持使用自定义映像创建数百台 VM,且不需要复制或管理任何存储帐户。This managed custom image enables creating hundreds of VMs using your custom image without the need to copy or manage any storage accounts.

有关创建映像的信息,请查看以下文章:For information on creating images, see the following articles:

映像与快照Images versus snapshots

了解映像与快照之间的区别很重要。It's important to understand the difference between images and snapshots. 使用托管磁盘,可以创建已解除分配的通用 VM 的映像。With managed disks, you can take an image of a generalized VM that has been deallocated. 此映像包括附加到该 VM 的所有磁盘。This image includes all of the disks attached to the VM. 可以使用此映像创建 VM,它包括所有磁盘。You can use this image to create a VM, and it includes all of the disks.

快照是磁盘在创建快照那一刻的副本。A snapshot is a copy of a disk at the point in time the snapshot is taken. 它仅应用于一个磁盘。It applies only to one disk. 如果 VM 有一个磁盘(OS 磁盘),则可以为其创建快照或映像,并且可以通过该快照或映像创建 VM。If you have a VM that has one disk (the OS disk), you can take a snapshot or an image of it and create a VM from either the snapshot or the image.

除了所包含的磁盘,快照无法感知任何其他磁盘。A snapshot doesn't have awareness of any disk except the one it contains. 因此,如果在要求对多个磁盘进行协调的方案(例如条带化方案)中使用,则会出现问题。This makes it problematic to use in scenarios that require the coordination of multiple disks, such as striping. 快照彼此之间将需要相互协调,而目前并不支持此功能。Snapshots would need to be able to coordinate with each other and this is currently not supported.

磁盘分配和性能Disk allocation and performance

下图描绘了如何使用三级预配系统为磁盘实时分配带宽和 IOPS:The following diagram depicts real-time allocation of bandwidth and IOPS for disks, using a three-level provisioning system:

显示带宽和 IOPS 分配的三级预配系统

第一级预配设置单磁盘 IOPS 和带宽分配。The first level provisioning sets the per-disk IOPS and bandwidth assignment. 在第二级,计算服务器主机实施 SSD 预配,将其仅应用到存储在服务器的 SSD 上的数据,该 SSD 包括使用缓存的磁盘(ReadWrite 和 ReadOnly)以及本地和临时磁盘。At the second level, compute server host implements SSD provisioning, applying it only to data that is stored on the server's SSD, which includes disks with caching (ReadWrite and ReadOnly) as well as local and temp disks. 最后,VM 网络预配发生在第三级,它针对可供计算主机发送到 Azure 存储后端的任何 I/O。Finally, VM network provisioning takes place at the third level for any I/O that the compute host sends to Azure Storage's backend. 使用此方案时,VM 的性能依赖于多种因素,从 VM 使用本地 SSD 的方式,到附加的磁盘数,再到所附加的磁盘的性能和缓存类型,不一而足。With this scheme, the performance of a VM depends on a variety of factors, from how the VM uses the local SSD, to the number of disks attached, as well as the performance and caching type of the disks it has attached.

对于这些限制,举例来说,Standard_DS1v1 VM 无法达到 P30 磁盘的 5,000 IOPS 的极限,不管它是否为缓存型,因为在 SSD 和网络级别存在限制:As an example of these limitations, a Standard_DS1v1 VM is prevented from achieving the 5,000 IOPS potential of a P30 disk, whether it is cached or not, because of limits at the SSD and network levels:

Standard_DS1v1 示例分配

Azure 将设置了优先级的网络通道用于磁盘流量,该流量获得的优先级高于其他低优先级网络流量。Azure uses prioritized network channel for disk traffic, which gets the precedence over other low priority of network traffic. 这样有助于磁盘在发生网络争用的情况下保持其预期的性能。This helps disks maintain their expected performance in case of network contentions. 类似地,Azure 存储在后台使用自动负载均衡来处理资源争用等问题。Similarly, Azure Storage handles resource contentions and other issues in the background with automatic load balancing. Azure 存储会在你创建磁盘时分配必需的资源,并对资源应用主动和被动均衡以处理流量级别问题。Azure Storage allocates required resources when you create a disk, and applies proactive and reactive balancing of resources to handle the traffic level. 这进一步确保磁盘可以保持其预期的 IOPS 和吞吐量目标。This further ensures disks can sustain their expected IOPS and throughput targets. 可以根据需要使用 VM 级别和磁盘级别的指标来跟踪性能并设置警报。You can use the VM-level and Disk-level metrics to track the performance and setup alerts as needed.

请参阅高性能设计一文,了解优化 VM + 磁盘配置的最佳做法,以便实现所需的性能。Refer to our design for high performance article, to learn the best practices for optimizing VM + Disk configurations so that you can achieve your desired performance

后续步骤Next steps

在有关磁盘类型的文章中,详细了解 Azure 提供的各个磁盘类型以及哪个类型符合自己的需求,并了解其性能目标。Learn more about the individual disk types Azure offers, which type is a good fit for your needs, and learn about their performance targets in our article on disk types.