您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

云治理指南Cloud governance guides

基于前面所述的治理方法,本部分的可操作治理指南阐释了云采用框架治理模型的增量方法。The actionable governance guides in this section illustrate the incremental approach of the Cloud Adoption Framework governance model, based on the Govern methodology previously described. 你可以建立一种敏捷的云治理方法,该方法将不断改进以满足任何云治理场景的需求。You can establish an agile approach to cloud governance that will grow to meet the needs of any cloud governance scenario.

评审并采用云治理最佳做法Review and adopt cloud governance best practices

若要开始云治理过程,请选择以下治理指南之一。To begin your cloud adoption journey, choose one of the following governance guides. 每个指南都根据一组虚构的客户体验概述了一组最佳做法。Each guide outlines a set of best practices, based on a set of fictional customer experiences. 对于不熟悉云采用框架治理模型增量方法的读者,请在采用任意一组最佳做法之前,先阅读下面的治理理论概述。For readers who are new to the incremental approach of the Cloud Adoption Framework governance model, review the high-level introduction to governance theory below before adopting either set of best practices.

  • 标准治理指南:面向大多数组织的指南,基于建议的双订阅模型,适用于在多个区域中进行但不跨公有云和主权/政府云的部署。Standard governance guide: A guide for most organizations based on the recommended two-subscription model, designed for deployments in multiple regions but not spanning public and sovereign/government clouds.

云治理的增量方法An incremental approach to cloud governance

选择治理指南Choose a governance guide

这些指南展示了如何实现治理 MVP。The guides demonstrate how to implement a governance MVP. 在这里,每个指南都展示了云治理团队如何作为合作伙伴领先于云采用团队进行工作,以便加速采用进程。From there, each guide shows how the cloud governance team can work ahead of the cloud adoption teams as a partner to accelerate adoption efforts. 可以根据云采用框架治理模型来应用治理,从基础到后续改进和演变。The Cloud Adoption Framework governance model guides the application of governance from foundation through subsequent improvements and evolutions.

若要开始治理过程,请选择以下两个选项之一。To begin a governance journey, choose one of the two options below. 这些选项基于综合客户体验。The options are based on synthesized customer experiences. 为便于导航,标题基于企业的复杂程度划分。The titles are based on the complexity of the enterprise for ease of navigation. 您的决策可能会更复杂。Your decision may be more complex. 下表概述了这两个选项之间的差异。The following tables outline the differences between the two options.


可能需要更稳定的治理起始点。A more robust governance starting point may be required. 在这种情况下,请考虑采用 CAF 企业规模登陆区域In such cases, consider the CAF enterprise-scale landing zone. CAF 企业规模登陆区域方法面向中期目标(24 个月以内)为在云中托管超过 1,000 项资产(应用、基础结构或数据资产)的采用团队。The CAF enterprise-scale landing zone approach focuses on adoption teams who have a mid-term objective (within 24 months) to host more than 1,000 assets (apps, infra, or data assets) in the cloud. 在复杂的治理应用场景下,这些较大规模的云采用工作都实际选择了 CAF 企业规模登陆区域。CAF enterprise-scale landing zone is the de facto choice for complex governance scenarios for these larger cloud adoption efforts.


这两个指南都不太可能完全符合你的情况。It's unlikely that either guide aligns completely to your situation. 请选择最接近的指南作为起点。Choose whichever guide is closest and use it as a starting point. 在整个指南中,还提供了其他信息来帮助你自定义决策,以满足特定条件。Throughout the guide, additional information is provided to help you customize decisions to meet specific criteria.

业务特点Business characteristics

特征Characteristic 标准组织Standard organization 复杂企业Complex enterprise
地理位置(国家/地区或地缘政治区域)Geography (country or geopolitical region) 客户或员工主要居住在一个地理位置Customers or staff reside largely in one geography 客户或员工居住在多个地理位置或需要主权云。Customers or staff reside in multiple geographies or require sovereign clouds.
受影响的业务部门Business units affected 共享一个公用 IT 基础设施的业务部门Business units that share a common IT infrastructure 不共享一个公用 IT 基础设施的多个业务部门Multiple business units that do not share a common IT infrastructure
IT 预算IT budget 单个 IT 预算Single IT budget 跨业务部门和币种分配的预算Budget allocated across business units and currencies
IT 投入IT investments 资本支出驱动的投入每年计划一次,通常仅涵盖基本维护。Capital expense-driven investments are planned yearly and usually cover only basic maintenance. 资本支出驱动的投入每年计划一次,通常包括维护和三到五年的更新周期。Capital expense-driven investments are planned yearly and often include maintenance and a refresh cycle of three to five years.

采用云治理之前的当前状态Current state before adopting cloud governance

状态State 标准企业Standard enterprise 复杂企业Complex enterprise
数据中心或第三方托管提供商Datacenter or third-party hosting providers 少于五个数据中心Fewer than five datacenters 五个以上数据中心More than five datacenters
网络Networking 没有 WAN 或 1 – 2 WAN 提供商No WAN, or 1 – 2 WAN providers 复杂网络或全局 WANComplex network or global WAN
标识Identity 单林、单域。Single forest, single domain. 复杂、多个林、多个域。Complex, multiple forests, multiple domains.

云治理增量改进后所需的未来状态Desired future state after incremental improvement of cloud governance

状态State 标准组织Standard organization 复杂企业Complex enterprise
成本管理—云会计Cost management—cloud accounting 成本分析模型。Showback model. 账单通过 IT 集中。Billing is centralized through IT. 退款模型。Chargeback model. 可以通过 IT 采购分发账单。Billing could be distributed through IT procurement.
安全基线—受保护的数据Security baseline—protected data 公司财务数据和 IP。Company financial data and IP. 有限的客户数据。Limited customer data. 无第三方合规性要求。No third-party compliance requirements. 多个包含客户的财务和个人数据的集合。Multiple collections of customers' financial and personal data. 可能需要考虑第三方合规性。May need to consider third-party compliance.

CAF 企业规模登陆区域CAF enterprise-scale landing zone

可以通过 CAF 企业规模登陆区域充分利用 Azure 云平台的功能,同时又能遵循企业的安全和治理要求。CAF enterprise-scale landing zone is an approach to making the most of the Azure cloud platform's capabilities while respecting an enterprise's security and governance requirements.

与传统的本地环境相比,Azure 可以让工作负荷开发团队及其业务赞助商充分利用云平台具有的更强的部署灵活性。Compared to traditional on-premises environments, Azure allows workload development teams and their business sponsors to take advantage of the increased deployment agility that cloud platforms offer. 随着工作的开展,关键数据和工作负荷也采用云,则这种灵活性可能会与 IT 团队制定的公司安全与策略符合性要求相抵触。As your cloud adoption efforts expand to include mission-critical data and workloads, this agility may conflict with corporate security and policy compliance requirements established by your IT teams. 现有的治理与法规要求很复杂的大型企业尤其如此。This is especially true for large enterprises that have existing sophisticated governance and regulatory requirements.

CAF 企业规模登陆区域体系结构旨在通过体系结构、实现和指南在采用生命周期早期解决这些问题,以便在企业云采用工作期间帮助在云采用团队和中心 IT 团队要求之间的实现平衡。The CAF enterprise-scale landing zone architecture aims to address these concerns earlier in the adoption lifecycle by architectures, implementations, and guidance to help achieve a balance between Cloud Adoption teams and central IT team requirements during enterprise cloud adoption efforts. 此方法的核心是共享服务体系结构和管理良好的登录区域的概念。Central to this approach is the concept of a shared service architecture and well-managed landing zones.

CAF 企业规模登陆区域可在 Azure 平台中部署你自己的“独立云”,它集成了治理策略所要求的管理流程、法规要求和安全流程。CAF enterprise-scale landing zone deploys your own "isolated cloud" within the Azure platform, integrating management processes, regulatory requirements, and security processes required by your governance policies. 在此虚拟边界内,CAF 企业规模登陆区域会在确保一致的符合性的同时,提供部署工作负荷所需的示例模型,并就如何在云中实现组织的角色和职责的分离提供基本指导。Within this virtual boundary, CAF enterprise-scale landing zone offers example models for deploying workloads while ensuring consistent compliance and provides basic guidance on implementing an organization's separation of roles and responsibilities in the cloud.

CAF 企业规模登陆区域资格CAF enterprise-scale landing zone qualifications

尽管小型团队可能会受益于 CAF 企业规模登陆区域提供的体系结构和建议,Although smaller teams may benefit from the architecture and recommendations the CAF enterprise-scale landing zone provides. 但我们的目标是继续简化 CAF 企业规模登陆区域实现,使其更适合小型团队。Our objective is to continue to streamline the CAF enterprise-scale landing zone implementations to make them more friendly for smaller teams. 目前,这种方法专用于指导中心 IT 团队管理大型云环境。Currently, this approach is designed to guide Central IT teams managing large cloud environments.

CAF 企业规模登陆区域方法面向中期目标(24 个月以内)为在云中托管超过 1,000 项资产(应用、基础结构或数据资产)的采用团队。The CAF enterprise-scale landing zone approach focuses on adoption teams who have a mid-term objective (within 24 months) to host more than 1,000 assets (apps, infra, or data assets) in the cloud.

对于满足以下条件的组织,你可能也想要首先使用 CAF 企业规模登陆区域For organizations that meet the following criteria, you may also want to start with the CAF enterprise-scale landing zone:

  • 企业必须遵循集中进行监视和审核的合规性要求。Your enterprise is subject to regulatory compliance requirements that require centralized monitoring and audit capabilities.
  • 你需要维护针对核心服务的常见政策和治理合规性与中心化 IT 控制。You need to maintain common policy and governance compliance and centralized IT control over core services.
  • 你的行业依赖于一个复杂平台,治理该平台需要实施复杂的控制并需要具备深厚的专业领域知识。Your industry depends on a complex platform that requires complex controls and deep domain expertise to govern the platform. 这在金融、制造、石油和天然气行业的大型企业中最为常见。This is most common in large enterprises within finance, manufacturing, and oil and gas.
  • 现有的 IT 治理策略要求更严格地遵循现有的功能要求,即使是在采用的早期阶段。Your existing IT governance policies require tighter parity with existing features, even during early stage adoption.

后续步骤Next steps

选择以下指南之一:Choose one of these guides: