您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

Azure 开发人员入门指南Get started guide for Azure developers

什么是 Azure?What is Azure?

Azure 是一个完整的云平台,可以托管你现有的应用程序,简化新应用程序的开发,甚至还可以增强本地应用程序的功能。Azure is a complete cloud platform that can host your existing applications, streamline the development of new applications, and even enhance on-premises applications. 在充分利用云计算效率的同时,Azure 集成了开发、测试、部署和管理应用程序所需的各种云服务。Azure integrates the cloud services that you need to develop, test, deploy, and manage your applications—while taking advantage of the efficiencies of cloud computing.

通过在 Azure 中托管应用程序,你可以随着客户需求的增长,从小规模开始轻松扩展应用程序。By hosting your applications in Azure, you can start small and easily scale your application as your customer demand grows. 另外,Azure 还可以针对高可用性应用程序提供所需的可靠性,甚至包括在两个不同区域之间的故障转移。Azure also offers the reliability that’s needed for high-availability applications, even including failover between different regions. 通过 Azure 门户,可让你轻松管理所有的 Azure 服务。The Azure portal lets you easily manage all your Azure services. 同时,你还可以通过使用特定于服务的 API 和模板以编程方式管理你的服务。You can also manage your services programmatically by using service-specific APIs and templates.

目标读者:本指南介绍面向应用程序开发人员的 Azure 平台。Who should read this: This guide is an introduction to the Azure platform for application developers. 针对在 Azure 中开始生成新的应用程序或将现有应用程序迁移到 Azure 所需的操作,提供相关指导和说明。It provides guidance and direction that you need to start building new applications in Azure or migrating existing applications to Azure.

从哪里开始?Where do I start?

面对 Azure 提供的众多服务,想要从中找出支持你解决方案体系结构的服务,也是一项艰巨的任务。With all the services that Azure offers, it can be a daunting task to figure out which services you need to support your solution architecture. 本部分将重点介绍开发人员通常使用的 Azure 服务。This section highlights the Azure services that developers commonly use. 有关所有 Azure 服务列表,请参阅 Azure 文档For a list of all Azure services, see the Azure documentation.

首先,你必须确定在 Azure 中托管应用程序的方式。First, you must decide on how to host your application in Azure. 是否需要将整个基础结构作为一台虚拟机 (VM) 来管理。Do you need to manage your entire infrastructure as a virtual machine (VM). 是否可以使用 Azure 提供的平台管理功能?Can you use the platform management facilities that Azure provides? 或许你只需要一个无服务器框架来托管代码执行?Maybe you need a serverless framework to host code execution only?

应用程序需要云存储,Azure 为此提供了若干选项。Your application needs cloud storage, which Azure provides several options for. 你可以利用 Azure 的企业身份验证。You can take advantage of Azure's enterprise authentication. 此外,还有用于基于云开发和监视的各种工具,并且大多数托管服务都提供 DevOps 集成。There are also tools for cloud-based development and monitoring, and most hosting services offer DevOps integration.

现在,让我们先看一下我们建议的用于应用程序调查的特定服务。Now, let's look at some of the specific services that we recommend investigating for your applications.

应用程序托管Application hosting

Azure 提供了多个基于云的计算服务来运行你的应用程序,因此,你无需担心基础结构详细信息。Azure provides several cloud-based compute offerings to run your application so that you don't have to worry about the infrastructure details. 随着应用程序使用率的增长,可轻松纵向扩展或横向扩展你的资源。You can easily scale up or scale out your resources as your application usage grows.

Azure 提供了支持应用程序开发和托管需求的服务。Azure offers services that support your application development and hosting needs. Azure 还提供了基础结构即服务 (IaaS),以便让你完全控制应用程序托管。Azure provides Infrastructure as a Service (IaaS) to give you full control over your application hosting. Azure 的平台即服务 (PaaS) 产品提供了支持应用所需的完全托管服务。Azure's Platform as a Service (PaaS) offerings provide the fully managed services needed to power your apps. 在 Azure 中甚至还有真正的无服务器托管,你在其中需要做的就是编写代码。There is even true serverless hosting in Azure where all you need to do is write your code.

Azure 应用程序托管选项

Azure 应用服务Azure App Service

如果你希望以最快路径发布基于 Web 的项目,则可以考虑使用 Azure 应用服务。When you want the quickest path to publish your web-based projects, consider Azure App Service. 通过应用服务,可以轻松扩展 Web 应用以支持移动客户端,并发布易于使用的 REST API。App Service makes it easy to extend your web apps to support your mobile clients and publish easily consumed REST APIs. 此平台通过使用社交提供程序、基于流量的自动缩放、在生产中测试和基于容器的持续部署来提供身份验证。This platform provides authentication by using social providers, traffic-based autoscaling, testing in production, and continuous and container-based deployments.

可以创建 Web 应用、移动应用后端和 API 应用。You can create web apps, mobile app back ends, and API apps.

由于所有上述三个应用类型均共享应用服务运行时,因此,你可以托管网站,支持移动客户端,并在 Azure 中公开你的 API,所有这些均可在同一个项目或解决方案中完成。Because all three app types share the App Service runtime, you can host a website, support mobile clients, and expose your APIs in Azure, all from the same project or solution. 若要了解有关应用服务的详细信息,请参阅什么是 Azure Web 应用To learn more about App Service, see What is Azure Web Apps.

应用服务在设计之初就考虑到了 DevOps。App Service has been designed with DevOps in mind. 它可以支持各种用于发布和持续集成部署的工具,包括 GitHub webhook、Jenkins、Azure DevOps、TeamCity 等。It supports various tools for publishing and continuous integration deployments, including GitHub webhooks, Jenkins, Azure DevOps, TeamCity, and others.

你可以通过使用联机迁移工具将现有应用程序迁移到应用服务。You can migrate your existing applications to App Service by using the online migration tool.

何时使用:在将现有 Web 应用程序迁移到 Azure 的情况下,以及需要一个完全托管的托管平台来支持 Web 应用的情况下,使用应用服务。When to use: Use App Service when you’re migrating existing web applications to Azure, and when you need a fully managed hosting platform for your web apps. 另外,当需要支持移动客户端或者使用你的应用公开 REST API时,也可以使用应用服务。You can also use App Service when you need to support mobile clients or expose REST APIs with your app.

入门:通过应用服务,可以轻松创建和部署你的第一个 Web 应用移动应用API 应用Get started: App Service makes it easy to create and deploy your first web app, mobile app, or API app.

立即试用:通过应用服务,可以预配一个临时应用来试用该平台,而无需注册 Azure 帐户。Try it now: App Service lets you provision a short-lived app to try the platform without having to sign up for an Azure account. 试用平台并创建 Azure 应用服务应用Try the platform and create your Azure App Service app.

Azure 虚拟机Azure Virtual Machines

作为一个基础结构即服务 (IaaS) 提供程序,Azure 可让你部署到或将应用程序迁移到 Windows 或 Linux VM。As an Infrastructure as a Service (IaaS) provider, Azure lets you deploy to or migrate your application to either Windows or Linux VMs. Azure 虚拟机连同 Azure 虚拟网络一起,可支持将 Windows 或 Linux VM 部署到 Azure。Together with Azure Virtual Network, Azure Virtual Machines supports the deployment of Windows or Linux VMs to Azure. 通过 VM,你可以全面控制计算机的配置。With VMs, you have total control over the configuration of the machine. 使用 VM 时,你将负责所有服务器软件的安装、配置、维护和操作系统修补。When using VMs, you’re responsible for all server software installation, configuration, maintenance, and operating system patches.

由于你对 VM 拥有所有控制级别,因此,你可以在 Azure 上运行大量不适合 PaaS 模型的服务器工作负载。Because of the level of control that you have with VMs, you can run a wide range of server workloads on Azure that don’t fit into a PaaS model. 这些工作负载可包括数据库服务器、Windows Server Active Directory 和 Microsoft SharePoint。These workloads include database servers, Windows Server Active Directory, and Microsoft SharePoint. 有关详细信息,请参阅 LinuxWindows 的虚拟机文档。For more information, see the Virtual Machines documentation for either Linux or Windows.

何时使用:在需要完全控制应用程序基础结构的情况下,或者需要将本地应用程序工作负载迁移到 Azure 而无需进行更改的情况下,可以使用虚拟机。When to use: Use Virtual Machines when you want full control over your application infrastructure or to migrate on-premises application workloads to Azure without having to make changes.

入门:从 Azure 门户创建 Linux VMWindows VMGet started: Create a Linux VM or Windows VM from the Azure portal.

Azure Functions(无服务器)Azure Functions (serverless)

你无需担心构建和管理整个应用程序或运行代码的基础结构。Rather than of worrying about building out and managing a whole application or the infrastructure to run your code. 而是,只需编写代码并以响应事件的方式或按计划来运行代码,那会是怎样?What if you could just write your code and have it run in response to events or on a schedule? Azure Functions 是一个“无服务器”样式的产品,可让你仅编写所需的代码。Azure Functions is a "serverless"-style offering that lets you write just the code you need. 借助 Functions,将通过 HTTP 请求、webhook、云服务事件,或按计划触发代码执行。With Functions, code execution is triggered by HTTP requests, webhooks, cloud service events, or on a schedule. 你可以使用所选的开发语言开发编码,如 C#、F#、Node.js、Python 或 PHP。You can code in your development language of choice, such as C#, F#, Node.js, Python, or PHP. 使用基于消耗的计费方式,只需要支付代码执行的时间,并且 Azure 可根据需要进行扩展。With consumption-based billing, you pay only for the time that your code executes, and Azure scales as needed.

何时使用:在代码是由其他 Azure 服务或基于 Web 的事件触发或者按计划触发的情况下,可以使用 Azure Functions。When to use: Use Azure Functions when you have code that is triggered by other Azure services, by web-based events, or on a schedule. 此外,当你不需要完整托管项目的开销或者只想支付代码运行时间时,也可以使用 Functions。You can also use Functions when you don't need the overhead of a complete hosted project or when you only want to pay for the time that your code runs. 有关详细信息,请参阅 Azure Functions 概览To learn more, see Azure Functions Overview.

入门:按照 Functions 快速入门教程,从门户创建你的第一个函数Get started: Follow the Functions quickstart tutorial to create your first function from the portal.

立即试用:Azure Functions 可让你运行代码而无需注册 Azure 帐户。Try it now: Azure Functions lets you run your code without having to sign up for an Azure account. 立即试用并创建你的第一个 Azure FunctionTry it now at and create your first Azure Function.

Azure Service FabricAzure Service Fabric

Azure Service Fabric 是一个分布式系统平台,适用于生成、打包、部署和管理可缩放的可靠微服务。Azure Service Fabric is a distributed systems platform that makes it easy to build, package, deploy, and manage scalable and reliable microservices. 它还提供了全面的应用程序管理功能,用于设置、部署、监视、升级/修补和删除部署的应用程序。It also provides comprehensive application management capabilities for provisioning, deploying, monitoring, upgrading/patching, and deleting deployed applications. 在共享计算机池上运行的应用可以从小规模开始,再根据需要扩展为成百上千个计算机。Apps, which run on a shared pool of machines, can start small and scale to hundreds or thousands of machines as needed.

Service Fabric 支持具有 Open Web Interface for .NET (OWIN) 和 ASP.NET Core 的 WebAPI。Service Fabric supports WebAPI with Open Web Interface for .NET (OWIN) and ASP.NET Core. 它提供了用于在 Linux 上使用 .NET Core 和 Java 构建服务的 SDK。It provides SDKs for building services on Linux in both .NET Core and Java. 若要了解有关 Service Fabric 的详细信息,请参阅 Service Fabric 文档To learn more about Service Fabric, see the Service Fabric documentation.

何时使用: 如果要创建应用程序或重新编写现有应用程序,以使用微服务体系结构,则 Service Fabric 将是一个不错的选择。When to use: Service Fabric is a good choice when you’re creating an application or rewriting an existing application to use a microservice architecture. 当你需要更好地控制或直接访问底层基础结构时,也可以使用 Service Fabric。Use Service Fabric when you need more control over, or direct access to, the underlying infrastructure.

入门: 创建第一个 Azure Service Fabric 应用程序Get started: Create your first Azure Service Fabric application.

使用 Azure 服务增强应用程序Enhance your applications with Azure services

除了应用程序托管,Azure 还在云中和本地提供了可以增强应用程序功能、开发和维护的服务产品。In addition to application hosting, Azure provides service offerings that can enhance the functionality, development, and maintenance of your applications, both in the cloud and on-premises.

托管存储和数据访问Hosted storage and data access

大多数应用程序都必须存储数据,因此,无论你决定如何在 Azure 中托管应用程序,都要考虑下面一个或多个存储和数据服务。Most applications must store data, so regardless of how you decide to host your application in Azure, consider one or more of the following storage and data services.

  • Azure Cosmos DB:一个全球分布式多模型数据库服务,使用它可以跨任意数量的地理区域,根据全面的 SLA,灵活地缩放吞吐量与存储。Azure Cosmos DB: A globally distributed, multi-model database service that enables you to elastically scale throughput and storage across any number of geographical regions with a comprehensive SLA.

    何时使用: 当应用程序需要文档、表或图形数据库(包括具有多个妥善定义的一致性模型的 MongoDB 数据库)时。When to use: When your application needs document, table, or graph databases, including MongoDB databases, with multiple well-defined consistency models.

    入门构建 Azure Cosmos DB Web 应用Get started: Build an Azure Cosmos DB web app. 如果是 MongoDB 开发人员,请参阅构建使用 Azure Cosmos DB 的 MongoDB Web 应用If you’re a MongoDB developer, see Build a MongoDB web app with Azure Cosmos DB.

  • Azure 存储:可针对 Blob、队列、文件和其他类型的非关系数据提供持久且可用性高的存储。Azure Storage: Offers durable, highly available storage for blobs, queues, files, and other kinds of nonrelational data. 存储服务为 VM 提供了存储基础。Storage provides the storage foundation for VMs.

    何时使用:在应用存储非关系数据,如键值对(表)、Blob、文件共享,或消息(队列)的情况下使用。When to use: When your app stores nonrelational data, such as key-value pairs (tables), blobs, files shares, or messages (queues).

    入门:选择这些类型的存储之一:Blob队列文件Get started: Choose from one of these types storage: blobs, tables, queues, or files.

  • Azure SQL 数据库:基于 Azure 的 Microsoft SQL Server 引擎版本,用于在云中存储关系表格数据。Azure SQL Database: An Azure-based version of the Microsoft SQL Server engine for storing relational tabular data in the cloud. SQL 数据库可提供可预测的性能、在不停机情况下进行缩放、业务连续性和数据保护功能。SQL Database provides predictable performance, scalability with no downtime, business continuity, and data protection.

    何时使用:在应用程序需要具有引用完整性、事务支持和 TSQL 查询支持的数据存储时,可以考虑使用。When to use: When your application requires data storage with referential integrity, transactional support, and support for TSQL queries.

    入门使用 Azure 门户在几分钟内创建 SQL 数据库Get started: Create a SQL database in minutes by using the Azure portal.

你可以使用 Azure 数据工厂将现有本地数据移到 Azure。You can use Azure Data Factory to move existing on-premises data to Azure. 如果你还没有准备好将数据移到云中,BizTalk 服务中的混合连接可让你将应用服务托管的应用连接到本地资源。If you aren't ready to move data to the cloud, Hybrid Connections in BizTalk Services lets you connect your App Service hosted app to on-premises resources. 此外,你还可以从本地应用程序连接到 Azure 数据和存储服务。You can also connect to Azure data and storage services from your on-premises applications.

Docker 支持Docker support

Docker 容器是操作系统虚拟化的一种形式,可让你以更高效且可预见的方式部署应用程序。Docker containers, a form of OS virtualization, let you deploy applications in a more efficient and predictable way. 容器化应用程序在生产环境中的工作方式与在开发和测试系统上的工作方式相同。A containerized application works in production the same way as on your development and test systems. 你可以通过使用标准的 Docker 工具来管理容器。You can manage containers by using standard Docker tools. 可以使用现有技能和常用的开源工具在 Azure 上部署和管理基于容器的应用程序。You can use your existing skills and popular open-source tools to deploy and manage container-based applications on Azure.

Azure 提供了多种方式以便在应用程序中使用容器。Azure provides several ways to use containers in your applications.

  • Azure Docker VM 扩展:允许使用 Docker 工具将 VM 配置为一个 Docker 主机。Azure Docker VM extension: Lets you configure your VM with Docker tools to act as a Docker host.

    何时使用:需要在 VM 上为应用程序生成一致的容器部署时,或者需要使用 Docker Compose 时。When to use: When you want to generate consistent container deployments for your applications on a VM, or when you want to use Docker Compose.

    入门在 Azure 中使用 Docker VM 扩展创建 Docker 环境Get started: Create a Docker environment in Azure by using the Docker VM extension.

  • Azure 容器服务:允许你创建、配置和管理预配置的用于运行容器化应用程序的虚拟机群集。Azure Container Service: Lets you create, configure, and manage a cluster of virtual machines that are preconfigured to run containerized applications. 若要了解有关容器服务的详细信息,请参阅 Azure 容器服务简介To learn more about Container Service, see Azure Container Service introduction.

    何时使用:在需要构建生产就绪型可缩放环境以提供其他计划和管理工具时使用,或者在部署 Docker Swarm 群集时使用。When to use: When you need to build production-ready, scalable environments that provide additional scheduling and management tools, or when you’re deploying a Docker Swarm cluster.

    入门部署容器服务群集Get started: Deploy a Container Service cluster.

  • Docker 计算机:允许使用 docker 计算机命令在虚拟主机上安装和管理 Docker 引擎。Docker Machine: Lets you install and manage a Docker Engine on virtual hosts by using docker-machine commands.

    何时使用:当需要通过创建一个 Docker 主机将应用快速原型化时使用。When to use: When you need to quickly prototype an app by creating a single Docker host.

  • 应用服务的自定义 Docker 映像:在 Linux 上部署 Web 应用时,可以使用容器注册表或客户容器中的 Docker 容器。Custom Docker image for App Service: Lets you use Docker containers from a container registry or a customer container when you deploy a web app on Linux.

    何时使用:在 Linux 上将 Web 应用部署到 Docker 映像时使用。When to use: When deploying a web app on Linux to a Docker image.

    入门在 Linux 上使用应用服务的自定义 Docker 映像Get started: Use a custom Docker image for App Service on Linux.

AuthenticationAuthentication

重要的是:不仅要知道谁在使用你的应用程序,而且还要防止对资源的未授权访问。It's crucial to not only know who is using your applications, but also to prevent unauthorized access to your resources. Azure 提供了多种方式来对你的应用客户端进行身份验证。Azure provides several ways to authenticate your app clients.

  • Azure Active Directory (Azure AD) :Microsoft 基于云的多租户标识和访问管理服务。Azure Active Directory (Azure AD): The Microsoft multitenant, cloud-based identity and access management service. 你可以通过与 Azure AD 集成将单一登录 (SSO) 添加到你的应用程序。You can add single-sign on (SSO) to your applications by integrating with Azure AD. 可以通过直接使用 Azure AD Graph API 或 Microsoft Graph API 访问目录属性。You can access directory properties by using the Azure AD Graph API directly or the Microsoft Graph API. 可以通过使用本机 HTTP/REST 终结点和多平台 Azure AD 身份验证库与支持 OAuth2.0 授权框架的 Azure AD 和 Open ID Connect 相集成。You can integrate with Azure AD support for the OAuth2.0 authorization framework and Open ID Connect by using native HTTP/REST endpoints and the multiplatform Azure AD authentication libraries.

    何时使用:当需要提供 SSO 体验、使用基于 Graph 的数据,或者对基于域的用户进行身份验证时使用。When to use: When you want to provide an SSO experience, work with Graph-based data, or authenticate domain-based users.

    入门:若要了解详细信息,请参阅 Azure Active Directory 开发人员指南Get started: To learn more, see the Azure Active Directory developer's guide.

  • 应用服务身份验证:当选择应用服务来托管应用时,还将获得对 Azure AD 以及社交标识提供者(包括 Facebook、Google、Microsoft 和 Twitter)的内置身份验证支持。App Service Authentication: When you choose App Service to host your app, you also get built-in authentication support for Azure AD, along with social identity providers—including Facebook, Google, Microsoft, and Twitter.

    何时使用:在需要通过 Azure AD 和/或社交标识提供者在应用服务应用中启用身份验证时使用。When to use: When you want to enable authentication in an App Service app by using Azure AD, social identity providers, or both.

    入门:若要了解有关应用服务中身份验证的详细信息,请参阅 Azure 应用服务中的身份验证和授权Get started: To learn more about authentication in App Service, see Authentication and authorization in Azure App Service.

若要了解有关 Azure 中安全最佳实践的详细信息,请参阅 Azure 安全最佳实践和模式To learn more about security best practices in Azure, see Azure security best practices and patterns.

监视Monitoring

当应用程序在 Azure 中运行时,需要能够监视性能、关注问题,并了解客户使用应用的方式。With your application up and running in Azure, you need to be able to monitor performance, watch for issues, and see how customers are using your app. 为此,Azure 提供了几个监视选项。Azure provides several monitoring options.

  • Visual Studio Application Insights:一项 Azure 托管的可扩展分析服务,与 Visual Studio 集成后可监视实时 Web 应用。Visual Studio Application Insights: An Azure-hosted extensible analytics service that integrates with Visual Studio to monitor your live web applications. 该服务可为你提供需要不断改进应用性能和可用性的数据,无论它们是否托管在 Azure 上。It gives you the data that you need to continuously improve the performance and usability of your apps, whether they’re hosted on Azure or not.

    入门:按照 Application Insights 教程操作。Get started: Follow the Application Insights tutorial.

  • Azure Monitor:这项服务可帮助你对由 Azure 基础结构和资源生成的指标和日志进行可视化、查询、路由、存档,并对其执行其他操作。Azure Monitor: A service that helps you to visualize, query, route, archive, and act on the metrics and logs that are generated by your Azure infrastructure and resources. 该监视器将提供你在 Azure 门户中看到的数据视图,并且是用于监视 Azure 资源的单一源。Monitor provides the data views that you see in the Azure portal and is a single source for monitoring Azure resources.

    入门Azure Monitor 入门Get started: Get started with Azure Monitor.

DevOps 集成DevOps integration

无论是预配虚拟机还是发布持续集成的 Web 应用,Azure 都将与大部分常用的 DevOps 工具集成。Whether it's provisioning VMs or publishing your web apps with continuous integration, Azure integrates with most of the popular DevOps tools. 在对 Jenkins、GitHub、Puppet、Chef、TeamCity、Ansible、Azure DevOps 以及其他工具的支持下,你可以使用已有工具并在最大程度上提升现有体验。With support for tools like Jenkins, GitHub, Puppet, Chef, TeamCity, Ansible, Azure DevOps, and others, you can work with the tools that you already have and maximize your existing experience.

立即试用: 尝试几个 DevOps 集成Try it now: Try out several of the DevOps integrations.

入门:如需查看应用服务应用的 DevOps 选项,请参阅对 Azure 应用服务的持续部署Get started: To see DevOps options for an App Service app, see Continuous Deployment to Azure App Service.

Azure 区域Azure regions

Azure 是一个全球性云平台,在世界各地的许多区域都可以使用。Azure is a global cloud platform that is generally available in many regions around the world. 当你在 Azure 中设置服务、应用程序或虚拟机时,系统将要求你选择一个表示特定数据中心的区域,将在其中运行应用程序或存储数据。When you provision a service, application, or VM in Azure, you are asked to select a region, which represents a specific datacenter where your application runs or where your data is stored. 这些区域对应于在 Azure 区域页上发布的特定位置。These regions correspond to specific locations, which are published on the Azure regions page.

选择应用程序和数据的最佳区域Choose the best region for your application and data

使用 Azure 的好处之一是,你可以将应用程序部署到全球范围内的各种数据中心。One of the benefits of using Azure is that you can deploy your applications to various datacenters around the globe. 你选择的区域可能会影响应用程序的性能。The region that you choose can affect the performance of your application. 例如,最好选择更接近于大部分客户的区域,以减少网络请求中的延迟。For example, it's better to choose a region that’s closer to most of your customers to reduce latency in network requests. 您可能想要选择你的区域,符合在某些国家/地区分发应用的法律要求。You might also want to select your region to meet the legal requirements for distributing your app in certain countries/regions. 最佳的做法是,始终将应用程序数据存储在相同的数据中心,或尽可能靠近托管应用程序的数据中心的数据中心。It's always a best practice to store application data in the same datacenter or in a datacenter as near as possible to the datacenter that is hosting your application.

多区域应用Multi-region apps

尽管整个数据中心可能会因自然灾害或 Internet 故障等事件而脱机,不过这种情况极少发生。Although unlikely, it’s not impossible for an entire datacenter to go offline because of an event such as a natural disaster or Internet failure. 最佳的做法是,将至关重要的业务应用程序托管在多个数据中心,以提供最大的可用性。It’s a best practice to host vital business applications in more than one datacenter to provide maximum availability. 另外,使用多区域也可以减少全球用户的延迟,并在更新应用程序时提供更多的弹性。Using multiple regions can also reduce latency for global users and provide additional opportunities for flexibility when updating applications.

某些服务,如虚拟机和应用服务,使用 Azure 流量管理器启用在两个区域之间进行故障转移的多区域支持,以支持高可用性的企业应用程序。Some services, such as Virtual Machine and App Services, use Azure Traffic Manager to enable multi-region support with failover between regions to support high-availability enterprise applications. 如需示例,请参阅 Azure 参考体系结构:在多个区域中运行 Web 应用程序For an example, see Azure reference architecture: Run a web application in multiple regions.

何时使用:当拥有的企业和高可用性应用程序受益于故障转移和复制时使用。When to use: When you have enterprise and high-availability applications that benefit from failover and replication.

如何管理我的应用程序和项目?How do I manage my applications and projects?

Azure 提供了一套丰富的体验,可让你同时以编程方式和在 Azure 门户中创建并管理你的 Azure 资源、应用程序和项目。Azure provides a rich set of experiences for you to create and manage your Azure resources, applications, and projects—both programmatically and in the Azure portal.

命令行接口和 PowerShellCommand-line interfaces and PowerShell

Azure 提供了两种方式(通过使用 Bash、终端、命令提示符或你所选的命令行工具)从命令行中管理应用程序和服务。Azure provides two ways to manage your applications and services from the command line by using Bash, Terminal, the command prompt, or your command-line tool of choice. 通常情况下,你可以从命令行执行与在 Azure 门户中一样任务,例如,创建和配置虚拟机、虚拟网络、Web 应用以及其他服务。Usually, you can perform the same tasks from the command line as in the Azure portal—such as creating and configuring virtual machines, virtual networks, web apps, and other services.

  • Azure 命令行界面 (CLI):允许你连接到 Azure 订阅,并从命令行根据 Azure 资源对各种任务进行编程。Azure Command-Line Interface (CLI): Lets you connect to an Azure subscription and program various tasks against Azure resources from the command line.

  • Azure PowerShell:提供了一组带 cmdlet 的模块,可让你通过 Windows PowerShell 来管理 Azure 资源。Azure PowerShell: Provides a set of modules with cmdlets that enable you to manage Azure resources by using Windows PowerShell.

Azure 门户Azure portal

Azure 门户是一个基于 Web 的应用程序,可用于创建、管理和删除 Azure 资源及服务。The Azure portal is a web-based application that you can use to create, manage, and remove Azure resources and services. Azure 门户位于 https://portal.azure.comThe Azure portal is located at https://portal.azure.com. 它包括可自定义的仪表板、用于管理 Azure 资源的工具,以及对订阅设置和计费信息的访问权限。It includes a customizable dashboard, tools for managing Azure resources, and access to subscription settings and billing information. 有关详细信息,请参阅 Azure 门户概述For more information, see the Azure portal overview.

REST APIREST APIs

Azure 是基于一组支持 Azure 门户 UI 的 REST API 构建的。Azure is built on a set of REST APIs that support the Azure portal UI. 其中大多数 REST API 还支持通过编程方式设置和管理来自任何启用 Internet 设备的 Azure 资源和应用程序。Most of these REST APIs are also supported to let you programmatically provision and manage your Azure resources and applications from any Internet-enabled device. 有关完整的 REST API 文档集,请参阅 Azure REST SDK 参考For the complete set of REST API documentation, see the Azure REST SDK reference.

APIAPIs

除了 REST API,许多 Azure 服务还允许以编程方式管理应用程序中的资源,方法是通过使用特定于平台的 Azure SDK,包括用于以下开发平台的 SDK:In addition to REST APIs, many Azure services also let you programmatically manage resources from your applications by using platform-specific Azure SDKs, including SDKs for the following development platforms:

移动应用Azure 媒体服务等服务均提供客户端 SDK,可让你从 Web 和移动客户端应用访问服务。Services such as Mobile Apps and Azure Media Services provide client-side SDKs to let you access services from web and mobile client apps.

Azure 资源管理器Azure Resource Manager

在 Azure 上运行应用可能需要使用多个 Azure 服务,所有这些服务都遵循相同的生命周期,并且可以被视为一个逻辑单元。Running your app on Azure likely involves working with multiple Azure services, all of which follow the same life cycle and can be thought of as a logical unit. 例如,Web 应用可以使用 Web 应用、SQL 数据库、存储、Azure Redis 缓存,以及 Azure 内容分发网络服务。For example, a web app might use Web Apps, SQL Database, Storage, Azure Cache for Redis, and Azure Content Delivery Network services. Azure 资源管理器能够使你以组的方式处理应用程序中的资源。Azure Resource Manager lets you work with the resources in your application as a group. 你可以通过单个协调的操作来部署、更新或删除所有资源。You can deploy, update, or delete all the resources in a single, coordinated operation.

除了逻辑分组和管理相关的资源外,Azure 资源管理器还包括可让你自定义相关资源部署和配置的部署功能。In addition to logically grouping and managing related resources, Azure Resource Manager includes deployment capabilities that let you customize the deployment and configuration of related resources. 例如,通过使用资源管理器,你可以将包含多个虚拟机、负载均衡器和 Azure SQL 数据库的应用程序作为单一单元进行部署和配置。For example, by using Resource Manager, you can deploy and configure an application that consists of multiple virtual machines, a load balancer, and an Azure SQL database as a single unit.

可使用 Azure 资源管理器模板(JSON 格式的文档)来开发这些部署。You develop these deployments by using an Azure Resource Manager template, which is a JSON-formatted document. 借助这些模板,可使用声明性模板(而不是脚本)来定义应用程序的部署和管理。Templates let you define a deployment and manage your applications by using declarative templates, rather than scripts. 模板可用于测试、暂存和生产等不同的环境。Your templates can work for different environments, such as testing, staging, and production. 例如,通过使用模板,可将一个按钮添加到 GitHub 存储库,然后只需单击一下即可将存储库中的代码部署到一组 Azure 服务中。For example, by using templates, you can add a button to a GitHub repo that deploys the code in the repo to a set of Azure services with a single click.

何时使用:在需要对应用执行基于模板的部署时,可以使用资源管理器模板。该应用可以通过 REST API、Azure CLI 和 Azure PowerShell 以编程方式进行管理。When to use: Use Resource Manager templates when you want a template-based deployment for your app that you can manage programmatically by using REST APIs, the Azure CLI, and Azure PowerShell.

入门:若要开始使用模板,请参阅创作 Azure 资源管理器模板Get started: To get started using templates, see Authoring Azure Resource Manager templates.

了解帐户、订阅和计费Understanding accounts, subscriptions, and billing

作为开发人员,我们都喜欢直接深入了解代码,并尽快开始运行我们的应用程序。As developers, we like to dive right into the code and try to get started as fast as possible with making our applications run. 当然,我们也非常希望你尽可能轻松地在 Azure 中开始工作。We certainly want to encourage you to start working in Azure as easily as possible. 为了简化这一过程,Azure 提供了免费试用版To help make it easy, Azure offers a free trial. 某些服务还具有“免费试用”功能,如 Azure 应用服务,甚至不需要你创建帐户。Some services even have a "Try it for free" functionality, like Azure App Service, which doesn't require you to even create an account. 深入了解编码并将应用程序部署到 Azure 固然十分有趣,但花些时间从用户帐户、订阅和计费的角度来了解 Azure 的工作原理同样至关重要。As fun as it is to dive into coding and deploying your application to Azure, it's also important to take some time to understand how Azure works from a standpoint of user accounts, subscriptions, and billing.

什么是 Azure 帐户?What is an Azure account?

必须有一个 Azure 帐户才可创建或使用 Azure 订阅。To be able to create or work with an Azure subscription, you must have an Azure account. Azure 帐户只是 Azure AD 或目录中的一个标识,如受 Azure AD 信任的工作或学校组织。An Azure account is simply an identity in Azure AD or in a directory, such as a work or school organization, that is trusted by Azure AD. 如果你不属于此类组织,则始终可以通过使用受 Azure AD 信任的 Microsoft 帐户来创建订阅。If you don't belong to such an organization, you can always create a subscription by using your Microsoft Account, which is trusted by Azure AD. 若要了解有关将本地 Windows Server Active Directory 与 Azure AD 集成的详细信息,请参阅将本地标识与 Azure Active Directory 集成To learn more about integrating on-premises Windows Server Active Directory with Azure AD, see Integrating your on-premises identities with Azure Active Directory.

每个 Azure 订阅都与某个 Azure AD 实例存在信任关系。Every Azure subscription has a trust relationship with an Azure AD instance. 这意味着,此订阅信任该目录对用户、服务和设备执行身份验证。This means that it trusts that directory to authenticate users, services, and devices. 多个订阅可以信任同一个目录,但一个订阅只能信任一个目录。Multiple subscriptions can trust the same directory, but a subscription trusts only one directory. 有关详细信息,请参阅 Azure 订阅与 Azure Active Directory 的关联方式To learn more, see How Azure subscriptions are associated with Azure Active Directory.

除了定义单个 Azure 帐户标识(也称为用户 )之外,你还可以定义 Azure AD 中的组 。In addition to defining individual Azure account identities, also called users, you can also define groups in Azure AD. 创建用户组是通过使用基于角色的访问控制 (RBAC) 来管理订阅中资源的一种好方式。Creating user groups is a good way to manage access to resources in a subscription by using role-based access control (RBAC). 若要了解如何创建组,请参阅在 Azure Active Directory 预览版中创建组To learn how to create groups, see Create a group in Azure Active Directory preview. 此外,也可以通过使用 PowerShell 创建和管理组。You can also create and manage groups by using PowerShell.

管理订阅Manage your subscriptions

订阅是链接到 Azure 帐户的 Azure 服务的逻辑分组。A subscription is a logical grouping of Azure services that is linked to an Azure account. 一个 Azure 帐户可包含多个订阅。A single Azure account can contain multiple subscriptions. Azure 服务计费是按照订阅量进行计算的。Billing for Azure services is done on a per-subscription basis. 对于按类型提供的可用订阅优惠列表,请参阅 Microsoft Azure 优惠详细信息For a list of the available subscription offers by type, see Microsoft Azure Offer Details. Azure 订阅有一个帐户管理员和一个服务管理员,前者可以完全控制订阅,后者可以控制订阅中的所有服务。Azure subscriptions have an Account Administrator, who has full control over the subscription, and a Service Administrator, who has control over all services in the subscription. 有关经典订阅管理员的信息,请参阅添加或更改 Azure 订阅管理员For information about classic subscription administrators, see Add or change Azure subscription administrators. 除了管理员外,还可以使用基于角色的访问控制 (RBAC) 对单个帐户授予对 Azure 资源的详细控制权限。In addition to administrators, individual accounts can be granted detailed control of Azure resources using role-based access control (RBAC).

资源组Resource groups

预配新的 Azure 服务时,可在给定订阅中执行此操作。When you provision new Azure services, you do so in a given subscription. 各个 Azure 服务(也称为资源)在资源组的上下文中创建。Individual Azure services, which are also called resources, are created in the context of a resource group. 通过资源组,可更加轻松地部署和管理应用程序的资源。Resource groups make it easier to deploy and manage your application's resources. 资源组应包含要作为一个单元使用的应用程序的所有资源。A resource group should contain all the resources for your application that you want to work with as a unit. 可在资源组之间移动资源,甚至可将资源移到不同的订阅。You can move resources between resource groups and even to different subscriptions. 若要了解有关移动资源的信息,请参阅将资源移到新资源组或订阅To learn about moving resources, see Move resources to new resource group or subscription.

Azure 资源浏览器是一款非常出色的工具,可用于可视化已在订阅中创建的资源。The Azure Resource Explorer is a great tool for visualizing the resources that you've already created in your subscription. 若要了解详细信息,请参阅使用 Azure 资源浏览器查看和修改资源To learn more, see Use Azure Resource Explorer to view and modify resources.

授予对资源的访问权限Grant access to resources

当你允许对 Azure 资源进行访问时,最佳做法是,始终为用户提供执行某个给定任务所需的最小特权。When you allow access to Azure resources, it’s always a best practice to provide users with the least privilege that’s required to perform a given task.

  • 基于角色的访问控制 (RBAC) :在 Azure 中,可以在如下指定范围内授予对用户帐户(主体)的访问权限:订阅、资源组或单个资源。Role-based access control (RBAC): In Azure, you can grant access to user accounts (principals) at a specified scope: subscription, resource group, or individual resources. 通过 RBAC,可将一组资源部署到资源组,并为特定用户或组授予权限。RBAC lets you deploy a set of resources into a resource group and grant permissions to a specific user or group. 它还允许您限制对仅属于目标资源组的资源的访问。It also lets you limit access to only the resources that belong to the target resource group. 此外,还可以授予对单个资源的访问权限,例如虚拟机或虚拟网络。You can also grant access to a single resource, such as a virtual machine or virtual network. 若要授予访问权限,请将角色分配给用户、组或服务主体。To grant access, you assign a role to the user, group, or service principal. 预定义角色有很多,但也可定义自己的自定义角色。There are many predefined roles, and you can also define your own custom roles. 有关详细信息,请参阅什么是基于角色的访问控制 (RBAC)?To learn more, see What is role-based access control (RBAC)?.

    何时使用:当需要对用户和组进行细致的访问管理时使用,或者当需要使用户成为订阅的所有者时使用。When to use: When you need fine-grained access management for users and groups or when you need to make a user an owner of a subscription.

    入门:有关详细信息,请参阅使用 RBAC 和 Azure 门户管理访问权限Get started: To learn more, see Manage access using RBAC and the Azure portal.

  • 服务主体对象:除了为用户主体和组提供访问权限外,还可以向服务主体授予相同的访问权限。Service principal objects: In addition to providing access to user principals and groups, you can grant the same access to a service principal.

    何时使用:当你以编程方式管理 Azure 资源或授予应用程序访问权限时。When to use: When you’re programmatically managing Azure resources or granting access for applications. 有关详细信息,请参阅创建 Active Directory 应用程序和服务主体For more information, see Create Active Directory application and service principal.

标记Tags

通过 Azure 资源管理器,你可以将自定义标记分配给单个资源。Azure Resource Manager lets you assign custom tags to individual resources. 标记为键值对,在出于计费或监视目的而需要组织资源时,标记可能会十分有用。Tags, which are key-value pairs, can be helpful when you need to organize resources for billing or monitoring. 标记提供了一种跨多个资源组跟踪的资源方法。Tags provide you a way to track resources across multiple resource groups. 你可以将在门户、Azure 资源管理器模板中,或以编程方式,通过使用 REST API、Azure CLI 或 PowerShell 来分配标记。You can assign tags in the portal, in the Azure Resource Manager template, or programmatically, by using the REST API, the Azure CLI, or PowerShell. 你可以对每个资源分配多个标记。You can assign multiple tags to each resource. 若要了解详细信息,请参阅使用标记来组织 Azure 资源To learn more, see Using tags to organize your Azure resources.

计费Billing

在从本地计算移动到云托管服务的过程中,对服务使用情况以及相关的成本进行跟踪和估计都是非常重要的问题。In the move from on-premises computing to cloud-hosted services, tracking and estimating service usage and related costs are significant concerns. 能够对每月运行的新资源成本进行估算至关重要。It’s important to be able to estimate what new resources cost to run on a monthly basis. 此外,你还需要能够根据当前的支出情况来规划某个给定月份的计费方式。You also need to be able to project how the billing looks for a given month based on the current spending.

获取资源使用情况数据Get resource usage data

Azure 提供了一组允许访问资源消耗和 Azure 订阅的元数据信息的计费 REST API。Azure provides a set of Billing REST APIs that give access to resource consumption and metadata information for Azure subscriptions. 使用这些计费 API,可让你能够更好地预测和管理 Azure 费用。These Billing APIs give you the ability to better predict and manage Azure costs. 可以按每小时的增量跟踪和分析支出,创建支出警报,并根据当前的使用情况趋势来预测未来的计费。You can track and analyze spending in hourly increments, create spending alerts, and predict future billing based on current usage trends.

入门:若要详细了解如何使用计费 API,请参阅 Azure 计费使用情况和 RateCard API 概述Get started: To learn more about using the Billing APIs, see Azure Billing Usage and RateCard APIs overview.

预测未来成本Predict future costs

尽管提前估算成本很有挑战性,但是 Azure 有一个定价计算器,你可以在估计部署资源的成本时使用它。Although it's challenging to estimate costs ahead of time, Azure has a pricing calculator that you can use when you estimate the cost of deployed resources. 此外,你也可以使用门户中的计费边栏选项卡和计费 REST API,根据当前消耗情况来估计未来成本。You can also use the Billing blade in the portal and the Billing REST APIs to estimate future costs, based on current consumption.

入门:请参阅 Azure 计费使用情况和 RateCard API 概述Get started: See Azure Billing Usage and RateCard APIs overview.