您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

有效地组织 Azure 资源Organize your Azure resources effectively

组织基于云的资源对于保护、管理和跟踪与工作负荷相关的成本至关重要。Organizing your cloud-based resources is critical to securing, managing, and tracking the costs related to your workloads. 若要组织资源,请定义管理组层次结构,遵循已经过仔细考虑的命名约定,并应用资源标记。To organize your resources, define a management group hierarchy, follow a well-considered naming convention and apply resource tagging.

Azure 提供四个级别的管理范围:管理组、订阅、资源组和资源。Azure provides four levels of management scope: management groups, subscriptions, resource groups, and resources. 下图显示了这些级别之间的关系。The following image shows the relationship of these levels.

显示管理层次结构级别关系的关系图 图 1:四个管理范围级别之间的关系。Diagram that shows the relationship of management hierarchy levels Figure 1: How the four management-scope levels relate to each other.

  • 管理组: 管理组是容器,用于为多个订阅管理访问权限、策略与符合性。Management groups: These groups are containers that help you manage access, policy, and compliance for multiple subscriptions. 管理组中的所有订阅都会自动继承应用于管理组的条件。All subscriptions in a management group automatically inherit the conditions applied to the management group.
  • 订阅: 订阅将用户帐户以及由这些用户帐户创建的资源进行逻辑关联。Subscriptions: A subscription logically associates user accounts and the resources that were created by those user accounts. 每个订阅可以创建和使用的资源量存在限制或配额。Each subscription has limits or quotas on the amount of resources you can create and use. 组织可以使用订阅来管理成本,或者由用户、团队或项目创建的资源。Organizations can use subscriptions to manage costs and the resources that are created by users, teams, or projects.
  • 资源组: 资源组是在其中部署和管理 Azure 资源(如 Web 应用、数据库和存储帐户)的逻辑容器。Resource groups: A resource group is a logical container into which Azure resources like web apps, databases, and storage accounts are deployed and managed.
  • 资源: 资源是创建的服务(例如虚拟机、存储或 SQL 数据库)的实例。Resources: Resources are instances of services that you create, like virtual machines, storage, or SQL databases.

管理设置范围Scope of management settings

可在任意管理级别应用管理设置,例如策略和 Azure 基于角色的访问控制。You can apply management settings like policies and Azure role-based access control at any of the management levels. 所选的级别确定应用设置的广泛程度。The level you select determines how widely the setting is applied. 较低级别继承较高级别的设置。Lower levels inherit settings from higher levels. 例如,将某个策略应用到某个订阅时,该策略也会应用到该订阅中的所有资源组和资源。For example, when you apply a policy to a subscription, that policy is also applied to all resource groups and resources in that subscription.

通常情况下,最好在较高级别应用关键设置,在较低级别应用特定于项目的要求。Usually, it makes sense to apply critical settings at higher levels and project-specific requirements at lower levels. 例如,可能想要确保组织的所有资源均已部署到特定区域。For example, you might want to make sure all resources for your organization are deployed to certain regions. 为此,可将一个策略应用到指定允许位置的订阅。To do that, apply a policy to the subscription that specifies the allowed locations. 当组织中的其他用户添加新资源组和资源时,会自动强制实施允许的位置。As other users in your organization add new resource groups and resources, the allowed locations are automatically enforced. 请在本指南的“治理、安全性和符合性”部分详细了解策略。Learn more about policies in the governance, security, and compliance section of this guide.

如果只有几个订阅,则单独管理它们相对简单。If you have only a few subscriptions, it's relatively simple to manage them independently. 如果使用的订阅数增加,请考虑创建管理组层次结构以简化订阅和资源的管理。If the number of subscriptions you use increases, consider creating a management group hierarchy to simplify the management of your subscriptions and resources. 有关详细信息,请参阅组织和管理 Azure 订阅For more information, see Organize and manage your Azure subscriptions.

规划符合性策略时,请与组织中具有以下各方面职能的人员合作:安全性与符合性、IT 管理、企业体系结构、网络、财务和采购。As you plan your compliance strategy, work with people in your organization with these roles: security and compliance, IT administration, enterprise architecture, networking, finance, and procurement.

创建管理级别Create a management level

可以创建管理组、其他订阅或资源组。You can create a management group, additional subscriptions, or resource groups.

创建管理组Create a management group

创建用于为多个订阅管理访问权限、策略与符合性的管理组。Create a management group to help you manage access, policy, and compliance for multiple subscriptions.

  1. 请转到 管理组Go to Management groups.
  2. 选择“添加管理组”。Select Add management group.

创建订阅Create a subscription

使用订阅来管理成本以及由用户、团队或项目创建的资源。Use subscriptions to manage costs and resources that are created by users, teams, or projects.

  1. 请转到 订阅Go to Subscriptions.
  2. 选择 添加Select Add.

备注

也可以编程方式创建订阅。Subscriptions can also be created programmatically. 有关详细信息,请参阅以编程方式创建 Azure 订阅For more information, see Programmatically create Azure subscriptions.

创建资源组Create a resource group

创建资源组来保存 Web 应用、数据库和存储帐户之类的资源,这些资源具有共同的生命周期、权限和策略。Create a resource group to hold resources like web apps, databases, and storage accounts that share the same lifecycle, permissions, and policies.

  1. 转到“资源组”。Go to Resource groups.
  2. 选择 添加Select Add.
  3. 选择要在其下创建资源组的 订阅Select the Subscription that you want your resource group created under.
  4. 输入 资源组 的名称。Enter a name for the Resource group.
  5. 选择资源组位置所对应的 区域Select a Region for the resource group location.

了解详细信息Learn more

若要了解更多信息,请参阅以下文章:To learn more, see:

操作Actions

创建管理组:Create a management group:

创建用于为多个订阅管理访问权限、策略与符合性的管理组。Create a management group to help you manage access, policy, and compliance for multiple subscriptions.

  1. 请转到 管理组Go to Management groups.
  2. 选择“添加管理组”。Select Add management group.

创建其他订阅:Create an additional subscription:

使用订阅来管理成本以及由用户、团队或项目创建的资源。Use subscriptions to manage costs and resources that are created by users, teams, or projects.

  1. 请转到 订阅Go to Subscriptions.
  2. 选择 添加Select Add.

创建资源组:Create a resource group:

创建资源组来保存 Web 应用、数据库和存储帐户之类的资源,这些资源具有共同的生命周期、权限和策略。Create a resource group to hold resources like web apps, databases, and storage accounts that share the same lifecycle, permissions, and policies.

  1. 转到“资源组”。Go to Resource groups.
  2. 选择 添加Select Add.
  3. 选择要在其下创建资源组的 订阅Select the Subscription that you want your resource group created under.
  4. 输入 资源组 的名称。Enter a name for the Resource group.
  5. 选择资源组位置所对应的 区域Select a Region for the resource group location.