您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

管理混合和多云工作负荷的组合Govern your portfolio of hybrid and multicloud workloads

云具有根本性变化的 IT 监管。The cloud has fundamentally changed IT governance. 现在可将大量的手动审查和更改控制流程替换为自动 guardrails 和符合性工具。Intensive manual reviews and change controls processes can now be replaced with automated guardrails and compliance tools. 云采用和工作负荷团队可以满怀信心地创新,知道检测到符合性和监管要求并经常自动进行。Cloud adoption and workload teams can innovate with confidence, knowing that compliance and governance requirements are detected and are often automated. 此 newfound 自由的关键是云的基础结构即代码的基础。The key to this newfound freedom is the infrastructure-as-code foundation of the cloud. 所有资产都等同于可进行测试和控制的已定义代码块,如任何其他基本代码。All assets equate back to a defined block of code that can be tested and governed, like any other code base.

在混合的多云和边缘策略中,云管理的优点现在可以扩展到云中。In a hybrid, multicloud, and edge strategy, the advantages of cloud governance can now be expanded beyond the cloud. 可以结合 azure Arcazure 策略azure 蓝图和其他管理工具。You can combine Azure Arc with Azure Policy, Azure Blueprints, and other governance tools. 这种组合将很多管理 guardrails 扩展到几乎任何云资源、私有或公有云。The combination extends many of your governance guardrails to virtually any cloud resource, private or public clouds alike. 统一操作 是使用本机 Azure 工具扩展调控控制的最佳概念。Unified operations is the best concept to extend your governance controls by using native Azure tools.

部署用于管理的统一操作 MVPDeploy a unified operations MVP for governance

明确定义的监管从合理的资源一致性实践开始。Well-defined governance starts with sound resource consistency practices. 组织资源、资源组、订阅和 管理组可简化管理Organizing resources, resource groups, subscriptions, and management groups allows for ease of governance. 只需几个步骤即可扩展你的云监管方案:Expand your cloud governance practices with a few steps:

  • hosting platform 所有混合、多云和边缘资产添加标记。Add a tag for hosting platform to all hybrid, multicloud, and edge assets.
  • 通过 AWS、GCP 等标记资源。Tag resources from AWS, GCP, and so on.
  • 查询资源,查看每个托管位置。Query your resources to see where each is hosted.

若要开始,请 清点并标记混合和多云资源To get started, inventory and tag your hybrid and multicloud resources.

建立了标记标准并引入了某些资产后,可以使用熟悉的管理工具(如 Azure 策略)开始管理这些资源。After you establish your tagging standards and bring on some of your assets, you can begin governing those resources by using familiar governance tools like Azure Policy. 若要为混合资源和多云资源分配策略,请参阅 使用 Azure 策略管理启用了 Azure Arc 的服务器上的建议做法。To assign policies to your hybrid and multicloud resources, see the recommended practices on managing Azure Arc enabled servers with Azure Policy.

治理原则Governance disciplines

通过对统一操作和 Azure Arc 的基本了解,你可以将云监管的层面扩展到 Azure 环境以外托管的部署。With a basic understanding of unified operations and Azure Arc, you can extend your disciplines of cloud governance to deployments hosted outside of your Azure environments.

安全基线是在统一操作方案中扩展调控学科的最常见方法。Security baselines are among the most common ways that you can expand your governance disciplines in a unified operations scenario. 以下最佳做法将有助于在所有环境中保留安全基线:The following best practices will help preserve your security baseline across all environments:

后续步骤Next steps

有关云采用旅程的更多指导,请参阅以下文章:For more guidance for your cloud adoption journey, see the following article: