您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

在 Azure 中部署迁移登陆区域Deploy a migration landing zone in Azure

迁移登陆区域是已设置并准备好承载从本地环境迁移到 Azure 中的工作负荷的环境。A migration landing zone is an environment that has been provisioned and prepared to host workloads that are being migrated from an on-premises environment into Azure.

部署蓝图Deploy the blueprint

在云采用框架中使用 CAF 迁移登陆区域蓝图之前,请查看以下设计原则、假设、决策和实施指南。Before you use the CAF Migration landing zone blueprint in the Cloud Adoption Framework, review the following design principles, assumptions, decisions, and implementation guidance. 如果本指南与所需的云采用计划相结合,则可以使用部署步骤部署 CAF 迁移登陆区域蓝图If this guidance aligns with the desired cloud adoption plan, the CAF Migration landing zone blueprint can be deployed using the deployment steps.

设计原理Design principles

此实现选项为所有 Azure 登陆区域共享的常见设计区域提供了固执方法。This implementation option provides an opinionated approach to the common design areas shared by all Azure landing zones. 有关详细技术信息,请参阅下面的假设和决策。See the assumptions and decisions below for addition technical detail.

部署选项Deployment options

此实现选项将 (MVP) 部署最低可行的产品来开始迁移。This implementation option deploys a minimum viable product (MVP) to start a migration. 迁移过程中,客户将遵循基于模块化重构的方法,以并行指导的方式使操作模型变得成熟,使用 " 控制方法 " 和 " 管理" 方法 将这些复杂主题与初始迁移工作进行并行处理。As the migration progresses, the customer will follow a modular refactoring-based approach to mature the operating model in parallel guidance, using the Govern methodology and the Manage methodology to address those complex topics in parallel to the initial migration effort.

下面的 决策 部分概述了此 MVP 方法部署的特定资源。The specific resources deployed by this MVP approach are outlined in the decisions section below.

企业注册Enterprise enrollment

此实现选项不会在企业注册上采用内在的位置。This implementation option doesn't take an inherent position on enterprise enrollment. 此方法设计为适用于与 Microsoft 或 Microsoft 合作伙伴签订合同协议无关的客户。This approach is designed to be applicable to customers regardless of contractual agreements with Microsoft or Microsoft partners. 在部署此实现选项之前,假定客户已创建目标订阅。Prior to deployment of this implementation option, it is assumed that the customer has created a target subscription.

标识Identity

此实现选项假定目标订阅已根据标识管理最佳做法与 Azure Active Directory 实例相关联This implementation option assumes that the target subscription is already associated with an Azure Active Directory instance in accordance with identity management best practices

网络拓扑和连接Network topology and connectivity

此实现选项将创建一个虚拟网络,其中包含网关、防火墙、跳转框和登陆区域的子网。This implementation option creates a virtual network with subnets for gateway, firewall, jump box, and landing zone. 作为下一步迭代,团队将按照网络 决策指南 来实现网关子网与其他网络之间的适当连接形式,并与 网络安全最佳做法相一致。As a next step iteration, the team would follow the networking decisions guide to implement the appropriate form of connectivity between the gateway subnet and other networks in alignment with network security best practices.

资源组织Resource organization

此实现选项创建单个登陆区域,其中的资源将组织到特定资源组定义的工作负荷中。This implementation option creates a single landing zone, in which resources will be organized into workloads defined by specific resource groups. 选择此最简单方法,将资源组织的技术决策推迟到团队的云操作模型进行明确定义之前。Choosing this minimalist approach to resource organization defers the technical decision of resource organization until the team's cloud operating model is more clearly defined.

此方法基于云采用工作量不超过 订阅限制的假设。This approach is based on an assumption that the cloud adoption effort will not exceed subscription limits. 此选项还假定在此登陆区域内有有限的体系结构复杂性和安全要求。This option also assumes limited architectural complexity and security requirements within this landing zone.

如果此更改是通过 "云采用计划" 完成的,则可能需要使用 " 控制方法" 中的指导来重构资源组织。If this changes through the course of the cloud adoption plan, the resource organization may need to be refactored using the guidance in the Govern methodology.

治理原则Governance disciplines

此实现选项不实现任何管理工具。This implementation option doesn't implement any governance tooling. 如果没有已定义的策略自动化,则不应将此登录区域用于任何任务关键型工作负荷或敏感数据。In the absence of defined policy automation, this landing zone should not be used for any mission critical workloads or sensitive data. 假设此登陆区域用于有限的生产部署,以与这些早期阶段迁移工作并行启动整个操作模型的学习、迭代和开发。It is assumed that this landing zone is being used for limited production deployment to initiate learning, iteration, and development of the overall operating model in parallel to these early stage migration efforts.

若要加快治理制度的并行开发,请查看 管理方法 ,并考虑部署 CAF Foundation 蓝图 ,以及 CAF 迁移登陆区域蓝图。To accelerate parallel development of governance disciplines, review the Govern methodology and consider deploying the CAF Foundation blueprint in addition to the CAF Migration landing zone blueprint.

警告

随着调控学科的成熟,可能需要进行重构。As the governance disciplines mature, refactoring may be required. 具体而言,以后可能需要将资源 移到新的订阅或资源组Specifically, resources may later need to be moved to a new subscription or resource group.

操作基线Operations baseline

此实现选项不实现任何操作。This implementation option doesn't implement any operations. 如果没有已定义的操作基准,则不应将此登录区域用于任何任务关键型工作负荷或敏感数据。In the absence of a defined operations baseline, this landing zone should not be used for any mission critical workloads or sensitive data. 假设此登陆区域用于有限的生产部署,以与这些早期阶段迁移工作并行启动整个操作模型的学习、迭代和开发。It is assumed that this landing zone is being used for limited production deployment to initiate learning, iteration, and development of the overall operating model in parallel to these early stage migration efforts.

若要加快操作基准的并行开发,请查看 管理方法 ,并考虑部署 Azure 服务器管理指南To accelerate parallel development of an operations baseline, review the Manage methodology and consider deploying the Azure server management guide.

警告

当开发操作基线时,可能需要重构。As the operations baseline is developed, refactoring may be required. 具体而言,以后可能需要将资源 移到新的订阅或资源组Specifically, resources may later need to be moved to a new subscription or resource group.

业务连续性和灾难恢复 (BCDR)Business continuity and disaster recovery (BCDR)

此实现选项未实现任何 BCDR 解决方案。This implementation option doesn't implement any BCDR solution. 假定在开发操作基线时,将会解决保护和恢复解决方案。It is assumed that the solution for protection and recover will be addressed by the development of the operations baseline.

假设Assumptions

此初始登陆区域包括以下假设或约束。This initial landing zone includes the following assumptions or constraints. 如果这些假设与你的约束条件一致,可以使用蓝图创建第一个登陆区域。If these assumptions align with your constraints, you can use the blueprint to create your first landing zone. 还可以将蓝图扩展为创建可满足你的唯一性约束的登陆区域蓝图。The blueprint also can be extended to create a landing zone blueprint that meets your unique constraints.

  • 订阅限制: 此采用工作量不应超过 订阅限制Subscription limits: This adoption effort isn't expected to exceed subscription limits.
  • 符合性: 此登陆区域中不需要第三方符合性要求。Compliance: No third-party compliance requirements are needed in this landing zone.
  • 体系结构复杂性: 体系结构复杂性不需要额外的生产订阅。Architectural complexity: Architectural complexity doesn't require additional production subscriptions.
  • 共享服务: Azure 中的现有共享服务不需要将此订阅视为中心和辐射型体系结构中的分支。Shared services: No existing shared services in Azure require this subscription to be treated like a spoke in a hub and spoke architecture.
  • 有限的生产范围: 此登陆区域可能会托管生产工作负荷。Limited production scope: This landing zone could potentially host production workloads. 它不适合用于敏感数据或任务关键型工作负荷。It is not a suitable environment for sensitive data or mission-critical workloads.

如果这些假设符合您当前的采用需求,则这一蓝图可能是构建登陆区域的起点。If these assumptions align with your current adoption needs, then this blueprint might be a starting point for building your landing zone.

决策Decisions

登陆区域蓝图中显示以下决策。The following decisions are represented in the landing zone blueprint.

组件Component 决策Decisions 替代方法Alternative approaches
迁移工具Migration tools 将部署 Azure Site Recovery 并创建 Azure Migrate 项目。Azure Site Recovery will be deployed and an Azure Migrate project will be created. 迁移工具决策指南Migration tools decision guide
日志记录和监视Logging and monitoring 将预配 Operational insights 工作区和诊断存储帐户。Operational insights workspace and diagnostic storage account will be provisioned.
网络Network 将创建一个虚拟网络,其中包含网关、防火墙、"跳转盒" 和 "登陆区域" 的子网。A virtual network will be created with subnets for gateway, firewall, jump box, and landing zone. 网络决策Networking decisions
标识Identity 假设订阅已与 Azure Active Directory 实例关联。It's assumed that the subscription is already associated with an Azure Active Directory instance. 标识管理最佳做法Identity management best practices
策略Policy 此蓝图目前假定不应用任何 Azure 策略。This blueprint currently assumes that no Azure policies are to be applied.
订阅设计Subscription design 不适用于单个生产订阅。N/A - designed for a single production subscription. 创建初始订阅Create initial subscriptions
资源组Resource groups 不适用于单个生产订阅。N/A - designed for a single production subscription. 缩放订阅Scale subscriptions
管理组Management groups 不适用于单个生产订阅。N/A - designed for a single production subscription. 组织和管理订阅Organize and manage subscriptions
数据Data 不适用N/A 在 Azure 和azure 数据存储指南中选择正确的 SQL Server 选项Choose the correct SQL Server option in Azure and Azure data store guidance
存储Storage 不适用N/A Azure 存储指南Azure Storage guidance
命名和标记标准Naming and tagging standards 不适用N/A 命名和标记最佳做法Naming and tagging best practices
成本管理Cost management 不适用N/A 跟踪成本Tracking costs
计算Compute 不适用N/A 计算选项Compute options

自定义或部署登陆区域Customize or deploy a landing zone

了解更多详细信息,并从 Azure 蓝图示例中下载用于部署或自定义的 CAF 迁移登陆区域蓝图的参考示例。Learn more and download a reference sample of the CAF Migration landing zone blueprint for deployment or customization from the Azure blueprint samples.

有关应该对此蓝图或生成的登陆区域进行的自定义的指南,请参阅 登陆区域注意事项For guidance on customizations that should be made to this blueprint or the resulting landing zone, see the landing zone considerations.

后续步骤Next steps

在部署第一个登陆区域之后,就可以扩展登陆区域了。After deploying your first landing zone, you're ready to expand your landing zone.