您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

评估 Microsoft 合作伙伴的 Azure 登陆区域Evaluate a Microsoft partner's Azure landing zone

云采用框架将云采用视为自助服务活动。The Cloud Adoption Framework approaches cloud adoption as a self-service activity. 其目标是通过标准化方法为支持采用的每个团队做准备。The objective is to empower each team that supports adoption through standardized approaches. 在实践中,您不能假定自助服务方法对于所有采用活动都已足够。In practice, you can't assume that a self-service approach is sufficient for all adoption activities.

成功的云采用计划通常至少涉及一级第三方支持。Successful cloud adoption programs typically involve at least one level of third-party support. 许多云采用情况都需要系统集成商提供的支持 (SI) 或咨询合作伙伴,后者提供可加速云采用的服务。Many cloud adoption efforts require support from a systems integrator (SI) or consulting partner who provides services that accelerate cloud adoption. 托管服务提供商 (Msp) 通过支持登陆区域和云采用来提供持久值,但它们也提供了采用后的操作管理支持。Managed service providers (MSPs) provide enduring value by supporting landing zones and cloud adoption, but they also provide post-adoption operations management support. 此外,成功的云采用工作往往会使一个或多个独立的软件供应商 (ISV) ,这些供应商提供基于软件的服务来加速云采用。Additionally, successful cloud adoption efforts tend to engage one or more independent software vendors (ISV) who provide software-based services that accelerate cloud adoption. SIs、Isv、Msp 和其他形式的 Microsoft 合作伙伴的丰富合作伙伴生态系统已将他们的产品/服务与云采用框架中的特定方法进行了协调。The rich partner ecosystems of SIs, ISVs, MSPs, and other forms of Microsoft partners have aligned their offerings to specific methodologies found in the Cloud Adoption Framework. 当合作伙伴与此框架的 "就绪" 方法对齐时,它们可能会提供自己的 Azure 登陆区域实现选项。When a partner is aligned to the Ready methodology of this framework, they will likely offer their own Azure landing zone implementation option.

本文提供一系列问题,帮助你了解合作伙伴的 Azure 登陆区域实现选项的范围。This article provides a set of questions that help create an understanding of the scope of the partner's Azure landing zone implementation options.

重要

合作伙伴产品/服务和 Azure 登陆区域实施选项由合作伙伴定义,基于其在帮助客户采用云的丰富经验。Partner offers and Azure landing zone implementation options are defined by the partner, based on their extensive experience helping customers adopt the cloud.

合作伙伴可以选择忽略初始登陆区域实现中特定设计区域的实现。Partners might choose to omit the implementation of specific design areas in their initial landing zone implementation. 但是,它们应该能够在每个设计区域的实现时间和方式之间进行通信,以及在可能的情况下完成设计区域的一系列成本。However, they should be able to communicate when and how each design area is implemented, as well as a range of costs for completing that design area whenever possible.

其他合作伙伴解决方案的灵活性可能足以满足以下每个问题的多种选项的需要。Other partner solutions might be flexible enough to support multiple options for each of the questions below. 使用这些问题可以确保同时比较合作伙伴产品/服务和自助服务选项。Use these questions to ensure you're comparing partner offers and self-service options equally.

查找合作伙伴Find a partner

如果需要合作伙伴来实现 Azure 登陆区域,请从已批准的云采用框架协调伙伴列表开始。If you need a partner to implement your Azure landing zones, start with the approved list of Cloud Adoption Framework aligned partners. 具体而言,请从已与 "就绪" 方法一致的合作伙伴那里着手。Specifically, start with partners who have offers aligned to the Ready methodology.

此外,已审核所有 Azure 专家托管服务提供商 (msp) ,以验证它们是否能够提供云采用框架的每个方法。Additionally, all Azure expert managed service providers (MSPs) have been audited to validate their ability to deliver each methodology of the Cloud Adoption Framework. 尽管特定合作伙伴可能没有对齐的产品/服务,但所有合作伙伴都已在技术交付过程中演示了关联。While a particular partner might not have an aligned offer, all partners have demonstrated alignment during technical delivery.

验证合作伙伴产品Validate a partner offer

选择合作伙伴后,请使用本文的其余部分指导你验证合作伙伴产品/服务。Once a partner is selected, use the remainder of this article to guide your validation of the partner offer. 每个部分都包含要查找的内容的摘要,以及要询问合作伙伴的问题列表。Each section includes a summary of what to look for and a list of questions to ask the partner. 合作伙伴对这些问题的答案不应视为正确或错误。The partner's answers to these questions shouldn't be considered as right or wrong. 相反,这些问题旨在帮助你评估合作伙伴产品/服务是否能满足你的业务要求。Instead, the questions are designed to help you evaluate whether the partner offer will meet your business requirements.

平台开发速度Platform development velocity

Azure 登陆区域实现选项中所述,有两种用于登录区域实现的高级方法,具体取决于你想要如何开发登陆区域。As outlined in the Azure landing zone implementation options, there are two high-level approaches to landing zone implementation based on how you want to develop your landing zones.

合作伙伴问题: 合作伙伴的 Azure 登陆区域解决方案支持以下哪种方法?Question for the partner: Which of the following approaches are supported by the partner's Azure landing zone solution?

  • 从小 开始,展开: 从轻型模板开始。Start small and expand: Begin with a lightweight template. 当所需的云操作模型变得更清晰时,登陆区域解决方案会经过一段时间的成熟。The landing zone solution is matured over time as your desired cloud operating model becomes clearer.
  • 企业规模入门: 从更全面的参考实现开始。Start with enterprise-scale: Begin with a more comprehensive reference implementation. 参考体系结构建立在定义完善的云操作模型之上,需要较少的迭代来实现成熟的解决方案。The reference architecture builds on a well-defined cloud operating model that requires less iteration to reach a mature solution.
  • 其他: 该合作伙伴具有修改后的方法,应该能够描述这种方法。Other: The partner has a modified approach and should be able to describe the approach.

设计原理Design principles

所有 Azure 登陆区域都必须考虑以下一组常用的设计区域。All Azure landing zones must consider the following set of common design areas. 我们将这些设计领域的实现方式视为设计原则。We refer to the way those design areas are implemented as design principles. 以下部分将帮助验证合作伙伴的设计原则,这些原则定义 Azure 登陆区域实现。The following sections will help validate the partner's design principles that define the Azure landing zone implementation.

部署选项Deployment options

提供 Azure 登陆区域解决方案的合作伙伴可能会支持一个或多个选项来部署 (或修改/展开登陆区域) 解决方案部署到你的 Azure 租户。Partners who offer an Azure landing zone solution might support one or more options to deploy (or modify/expand the landing zone) the solution to your Azure tenant.

合作伙伴问题: Azure 登陆区域解决方案支持以下哪些功能?Question for the partner: Which of the following does your Azure landing zone solution support?

  • 配置自动化: 解决方案是否从部署管道或部署工具部署登陆区域?Configuration automation: Does the solution deploy the landing zone from a deployment pipeline or deployment tool?
  • 手动配置: 解决方案是否使 IT 团队能够手动配置登陆区域,而无需将错误注入登陆区域源代码?Manual configuration: Does the solution empower the IT team to manually configure the landing zone, without injecting errors into the landing zone source code?

合作伙伴问题: 合作伙伴的解决方案支持哪些 Azure 登陆区域实现选项?Question for the partner: Which of the Azure landing zone implementation options are supported by the partner's solution? 有关选项的完整列表,请参阅 Azure 登陆区域实现选项 一文。See the Azure landing zone implementation options article for a full list of options.

标识Identity

标识可能是在合作伙伴解决方案中评估的最重要的设计区域。Identity is perhaps the most important design area to evaluate in the partner solution.

合作伙伴问题: 以下哪个标识管理选项支持合作伙伴解决方案?Question for the partner: Which of the following identity management options does the partner solution support?

  • Azure AD: 建议的最佳做法是使用 Azure AD 和 Azure 基于角色的访问控制来管理 Azure 中的标识和访问。Azure AD: The suggested best practice is to use Azure AD and Azure role-based access control to manage identity and access in Azure.
  • Active Directory: 如果需要,合作伙伴解决方案是否提供将 Active Directory 作为服务解决方案部署的选项?Active Directory: If required, does the partner solution provide an option to deploy Active Directory as an infrastructure as a service solution?
  • 第三方标识提供者: 如果你的公司使用第三方标识解决方案,请确定合作伙伴的 Azure 登陆区域是否与第三方解决方案集成。Third-party identity provider: If your company uses a third-party identity solution, determine whether and how the partner's Azure landing zone integrates with the third-party solution.

网络拓扑和连接Network topology and connectivity

网络可能是评估的第二个最重要的设计区域。Networking is arguably the second most important design area to evaluate. 对于网络拓扑和连接,有几种最佳做法方法。There are several best practice approaches to network topology and connectivity.

合作伙伴问题: 合作伙伴的 Azure 登陆区域解决方案中包含以下哪些选项?Question for the partner: Which of the following options is included with the partner's Azure landing zone solution? 以下任何选项是否与合作伙伴的解决方案不兼容?Are any of the following options incompatible with the partner's solution?

  • 虚拟网络: 合作伙伴解决方案是否配置了虚拟网络?Virtual network: Does the partner solution configure a virtual network? 是否可以对其拓扑进行修改以满足你的技术或业务限制?Can its topology be modified to meet your technical or business constraints?
  • 虚拟专用网络 (VPN) : 合作伙伴的登陆区域设计中是否包含 VPN 配置,以将云连接到现有数据中心或办公室?Virtual private network (VPN): Is VPN configuration included in the partner's landing zone design to connect the cloud to existing datacenters or offices?
  • 高速 连接: 是否在登陆区域设计中包含了高速连接,如 Azure ExpressRoute?High-speed connectivity: Is a high-speed connection such as Azure ExpressRoute included in the landing zone design?
  • 虚拟网络对等互连: 设计是否包括 Azure 中不同订阅或虚拟网络之间的连接?Virtual network peering: Does the design include connectivity between different subscriptions or virtual networks in Azure?

资源组织Resource organization

云的实际管理和操作管理从最佳实践资源组织开始。Sound governance and operational management of the cloud starts with best practice resource organization.

合作伙伴问题: 合作伙伴的登录区域设计是否包括以下资源组织做法的注意事项?Question for the partner: Does the partner's landing zone design include considerations for the following resource organization practices?

  • 命名标准: 此产品将遵循的 命名标准 ,并通过策略自动强制实施标准?Naming standards: What naming standards will this offering follow and is that standard automatically enforced through policy?
  • 标记标准: 登陆区域配置是否遵循并强制执行 标记资产的特定标准Tagging standards: Does the landing zone configuration follow and enforce specific standards for tagging assets?
  • 订阅设计: 合作伙伴产品/服务支持哪些 订阅设计策略Subscription design: What subscription design strategies are supported by the partner offer?
  • 管理组设计: 合作伙伴产品/服务是否遵循 Azure 管理组层次结构 的定义模式来组织订阅?Management group design: Does the partner offer follow a defined pattern for the Azure management group hierarchy to organize subscriptions?
  • 资源组对齐方式: 如何使用资源组对部署到云的资产进行分组?Resource group alignment: How are resource groups used to group assets deployed to the cloud? 在合作伙伴产品中,是否使用了资源组将资产分组到工作负荷、部署包或其他组织标准?In the partner offer, are resource groups used to group assets into workloads, deployment packages, or other organization standards?

合作伙伴问题: 合作伙伴是否提供载入文档来 跟踪基础决策 和教育员工?Question for the partner: Does the partner provide onboarding documentation to track foundational decisions and educate staff? 有关此类文档的示例,请参阅 初始决策模板See the initial decision template for an example of such documentation.

治理原则Governance disciplines

你的监管要求会对任何复杂的登录区域设计产生严重影响。Your governance requirements can heavily influence any complex landing zone designs. 许多合作伙伴提供了一个单独的产品/服务,用于在部署登陆区域后完全实现调控规范。Many partners provide a separate offering to fully implement governance disciplines after landing zones are deployed. 以下问题将有助于在将内置到任何登陆区域中的管辖方面产生清晰。The following questions will help create clarity around the aspects of governance that will be built into any landing zones.

合作伙伴问题: 合作伙伴解决方案在登陆区域实现中包含哪些调控工具?Question for the partner: What governance tooling does the partner solution include as part of the landing zone implementation?

  • 策略相容性监视: 合作伙伴的登录区域解决方案是否包括定义的管理策略以及用于监视符合性的工具和过程?Policy compliance monitoring: Does the partner's landing zone solution includes defined governance policies along with tools and processes to monitor compliance? 此产品/服务是否包括用于满足你的管理需求的策略自定义?Does the offer include customization of policies to fit your governance needs?
  • 策略实施: 合作伙伴的登陆区域解决方案是否包括自动强制工具和过程?Policy enforcement: Does the partner's landing zone solution include automated enforcement tools and processes?
  • 云平台管理: 合作伙伴产品/服务是否包含用于维护所有订阅中的一组通用策略的解决方案?Cloud platform governance: Does the partner offer include a solution for maintaining compliance to a common set of policies across all subscriptions? 或者范围限制为单独的订阅?Or is the scope limited to individual subscriptions?
  • 适用: 开始-小型方法会在团队已将低风险工作负荷部署到 Azure 之前,特意推迟了监管决策。N/A: Start-small approaches intentionally postpone governance decisions until the team has deployed low-risk workloads to Azure. 部署登陆区域解决方案后,可以在单独的产品/服务中解决此问题。This can be addressed in a separate offer after the landing zone solution has been deployed.

合作伙伴问题: 合作伙伴提供的管理工具是否超出了管理工具的功能,还包括用于提供以下任何云监管准则的流程和实践?Question for the partner: Does the partner offer go beyond governance tooling to also include processes and practices for delivering any of the following cloud governance disciplines?

  • 成本管理: 合作伙伴是否允许团队在通过工作负荷团队创建成本责任的同时,对花费进行评估、监视和优化?Cost management: Does the partner offer prepare the team to evaluate, monitor, and optimize spend while creating cost accountability with workload teams?
  • 安全基线: 合作伙伴是否允许团队在安全要求变化和成熟时,为维护合规性做好准备?Security baseline: Does the partner offer prepare the team to maintain compliance as security requirements change and mature?
  • 资源一致性: 合作伙伴是否提供准备团队,以确保云中的所有资产都载入相关的运营管理流程?Resource consistency: Does the partner offer prepare the team to ensure that all assets in the cloud are onboarded into relevant operations management processes?
  • 标识基线: 合作伙伴是否提供在部署初始登陆区域后准备团队维护标识、角色定义和分配?Identity baseline: Does the partner offer prepare the team to maintain identity, role definitions, and assignments after the initial landing zone is deployed?

操作基线Operations baseline

你的操作管理要求可能会影响在登陆区域实现期间特定 Azure 产品的配置。Your operations management requirements could influence configuration of specific Azure products during landing zone implementation. 许多合作伙伴提供了一个单独的产品/服务,用于在云采用旅程后期完全实现操作基准和高级操作,但在发布第一个工作负荷以供生产使用之前。Many partners provide a separate offering to fully implement the operations baseline and advanced operations later in the cloud adoption journey, but before your first workload is released for production use. 但在默认情况下,合作伙伴的登录区域解决方案可能包括多种操作管理工具的配置。But, the partner's landing zone solution might include configuration for a number of operations management tools by default.

合作伙伴问题: 合作伙伴解决方案是否包含支持任何云运营学科的设计选项?Question for the partner: Does the partner solution include design options to support any of the cloud operations disciplines?

  • 清单和可见性: 登陆区域是否包含用于确保集中监控100% 的资产的工具?Inventory and visibility: Does the landing zone include tooling to ensure that 100% of assets are centrally monitored?
  • 操作符合性: 该体系结构是否包括用于强制修补或其他操作符合性要求的工具和自动化过程?Operational compliance: Does the architecture include tooling and automated processes to enforce patching or other operational compliance requirements?
  • 保护和恢复: 合作伙伴产品/服务是否包含工具和配置,以确保最小标准的备份和恢复为部署的资产100%?Protect and recover: Does the partner offer include tooling and configuration to ensure a minimal standard of backup and recovery for 100% of assets deployed?
  • 平台操作: 登陆区域是否包含用于优化整个项目组合中操作的工具或流程?Platform operations: Does the landing zone offering include tooling or processes to optimize operations across the portfolio?
  • 工作负荷操作: 登陆区域是否包含用于管理特定于工作负荷的操作要求的工具,并确保每个工作负荷都进行良好构建?Workload operations: Does the landing zone offering include tooling to manage workload-specific operations requirements and ensure that each workload is well-architected?

执行操作Take action

使用上述问题查看合作伙伴的 Azure 登陆区域产品/服务或解决方案后,你的团队将能够更好地选择其 Azure 登陆区域与云操作模型最接近的合作伙伴。After reviewing the partner's Azure landing zone offer or solution using the questions above, your team will be better equipped to choose the partner whose Azure landing zone most closely aligns to your cloud operating model.

如果确定 Azure 登陆区域部署的自助服务方法更适合,请查看或重新访问 azure 登陆区域实现选项 ,以查找与云操作模型最相符的模板登录区域方法。If you determine that a self-service approach to Azure landing zone deployment is a better fit, review or revisit the Azure landing zone implementation options to find the templated landing zone approach that best aligns with your cloud operating model.

后续步骤Next steps

了解重构登陆区域的过程。Learn about the process for refactoring landing zones.