您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

存储帐户概述Storage account overview

Azure 存储帐户包含所有的 Azure 存储数据对象:Blob、文件、队列、表和磁盘。An Azure storage account contains all of your Azure Storage data objects: blobs, files, queues, tables, and disks. 存储帐户为你的 Azure 存储数据提供了一个唯一的命名空间,可以从世界上的任何位置通过 HTTP 或 HTTPS 访问该命名空间。The storage account provides a unique namespace for your Azure Storage data that is accessible from anywhere in the world over HTTP or HTTPS. Azure 存储帐户中的数据是持久的,高度可用、安全且可大规模缩放。Data in your Azure storage account is durable and highly available, secure, and massively scalable.

若要了解如何创建 Azure 存储帐户,请参阅创建存储帐户To learn how to create an Azure storage account, see Create a storage account.

存储帐户的类型Types of storage accounts

Azure 存储提供多种类型的存储帐户。Azure Storage offers several types of storage accounts. 每种类型支持不同的功能,并且具有自己的定价模型。Each type supports different features and has its own pricing model. 在创建存储帐户之前,需考虑到这些差异,以便确定最适合应用程序的帐户类型。Consider these differences before you create a storage account to determine the type of account that is best for your applications. 存储帐户的类型包括:The types of storage accounts are:

  • 常规用途 v2 帐户:Blob、文件、队列和表的基本存储帐户类型。General-purpose v2 accounts: Basic storage account type for blobs, files, queues, and tables. 建议在大多数情况下使用 Azure 存储。Recommended for most scenarios using Azure Storage.
  • 常规用途 v1 帐户:Blob、文件、队列和表的旧帐户类型。General-purpose v1 accounts: Legacy account type for blobs, files, queues, and tables. 如果可能,请改用常规用途 v2 帐户。Use general-purpose v2 accounts instead when possible.
  • BlockBlobStorage 帐户;具有适用于块 Blob 和追加 Blob 的高级性能特征的存储帐户。BlockBlobStorage accounts: Storage accounts with premium performance characteristics for block blobs and append blobs. 建议用于事务率较高的方案,或者用于使用较小对象或需要存储延迟始终较低的方案。Recommended for scenarios with high transactions rates, or scenarios that use smaller objects or require consistently low storage latency.
  • FileStorage 帐户:仅支持文件的存储帐户,具有高级性能特征。FileStorage accounts: Files-only storage accounts with premium performance characteristics. 建议用于企业级应用程序或高性能级应用程序。Recommended for enterprise or high performance scale applications.
  • Blob 存储帐户:旧版仅限 Blob 存储帐户。BlobStorage accounts: Legacy Blob-only storage accounts. 如果可能,请改用常规用途 v2 帐户。Use general-purpose v2 accounts instead when possible.

下表介绍存储帐户的类型及其功能:The following table describes the types of storage accounts and their capabilities:

存储帐户类型Storage account type 支持的服务Supported services 支持的性能层Supported performance tiers 支持的访问层Supported access tiers 复制选项Replication options 部署模型Deployment model
11
EncryptionEncryption
22
常规用途 V2General-purpose V2 Blob、文件、队列、表、磁盘和 Data Lake Gen2Blob, File, Queue, Table, Disk, and Data Lake Gen2
66
标准、高级Standard, Premium
55
热、冷、存档Hot, Cool, Archive
33
LRS、GRS、RA-GRS、ZRS、GZRS(预览版)、RA-GZRS(预览版)LRS, GRS, RA-GRS, ZRS, GZRS (preview), RA-GZRS (preview)
44
Resource ManagerResource Manager 加密Encrypted
常规用途 V1General-purpose V1 Blob、文件、队列、表和磁盘Blob, File, Queue, Table, and Disk 标准、高级Standard, Premium
55
空值N/A LRS、GRS、RA-GRSLRS, GRS, RA-GRS 资源管理器、经典Resource Manager, Classic 加密Encrypted
BlockBlobStorageBlockBlobStorage Blob(仅块 Blob 和追加 Blob)Blob (block blobs and append blobs only) PremiumPremium 空值N/A LRS、ZRSLRS, ZRS
44
Resource ManagerResource Manager 加密Encrypted
FileStorageFileStorage 仅文件File only PremiumPremium 空值N/A LRS、ZRSLRS, ZRS
44
Resource ManagerResource Manager 加密Encrypted
BlobStorageBlobStorage Blob(仅块 Blob 和追加 Blob)Blob (block blobs and append blobs only) 标准Standard 热、冷、存档Hot, Cool, Archive
33
LRS、GRS、RA-GRSLRS, GRS, RA-GRS Resource ManagerResource Manager 加密Encrypted
1建议使用 Azure 资源管理器部署模型。1Using the Azure Resource Manager deployment model is recommended. 使用经典部署模型的存储帐户仍可在某些位置创建,而现有的经典帐户仍然会受支持。Storage accounts using the classic deployment model can still be created in some locations, and existing classic accounts continue to be supported. 有关详细信息,请参阅 Azure 资源管理器与经典部署:了解部署模型和资源状态For more information, see Azure Resource Manager vs. classic deployment: Understand deployment models and the state of your resources.

2使用针对静态数据的存储服务加密 (SSE) 来加密所有存储帐户。2All storage accounts are encrypted using Storage Service Encryption (SSE) for data at rest. 有关详细信息,请参阅静态数据的 Azure 存储服务加密For more information, see Azure Storage Service Encryption for Data at Rest.

3 存档存储和 Blob 级别分层仅支持块 Blob。3 Archive storage and blob-level tiering only support block blobs. 存档层仅在单个 Blob 的级别可用,在存储帐户级别不可用。The Archive tier is available at the level of an individual blob only, not at the storage account level. 有关详细信息,请参阅 Azure Blob 存储:热、冷、存档存储层For more information, see Azure Blob storage: Hot, Cool, and Archive storage tiers.

4区域冗余存储 (ZRS) 和异地区域冗余存储 (GZRS/RA-GZRS)(预览版)在某些区域中仅可用于标准常规用途 V2 帐户、BlockBlobStorage 帐户和 FileStorage 帐户。4Zone-redundant storage (ZRS) and geo-zone-redundant storage (GZRS/RA-GZRS) (preview) are available only for standard general-purpose V2, BlockBlobStorage, and FileStorage accounts in certain regions. 有关 Azure 存储冗余选项的详细信息,请参阅 Azure 存储冗余For more information about Azure Storage redundancy options, see Azure Storage redundancy.

5常规用途 v2 帐户和常规用途 v1 帐户的高级性能只为磁盘和页 Blob 提供。5Premium performance for general-purpose v2 and general-purpose v1 accounts is available for disk and page blob only. 用于块或追加 Blob 的高级性能仅在 BlockBlobStorage 帐户中提供。Premium performance for block or append blobs are only available on BlockBlobStorage accounts. 用于文件的高级性能仅在 FileStorage 帐户中提供。Premium performance for files are only available on FileStorage accounts.

6Azure Data Lake Storage Gen2 是一组专用于大数据分析的功能,基于 Azure Blob 存储而构建。6Azure Data Lake Storage Gen2 is a set of capabilities dedicated to big data analytics, built on Azure Blob storage. 只有启用了分层命名空间的常规用途 V2 存储帐户才支持 Data Lake Storage Gen2。Data Lake Storage Gen2 is only supported on General-purpose V2 storage accounts with Hierarchical namespace enabled. 有关 Data Lake Storage Gen2 的详细信息,请参阅 Azure Data Lake Storage Gen2 简介For more information on Data Lake Storage Gen2, see Introduction to Azure Data Lake Storage Gen2.

常规用途 v2 帐户General-purpose v2 accounts

常规用途 v2 存储帐户支持最新的 Azure 存储功能,并纳入了常规用途 v1 存储帐户和 Blob 存储帐户的所有功能。General-purpose v2 storage accounts support the latest Azure Storage features and incorporate all of the functionality of general-purpose v1 and Blob storage accounts. 常规用途 v2 帐户提供适用于 Azure 存储的最低单 GB 容量价格,以及具有行业竞争力的事务价格。General-purpose v2 accounts deliver the lowest per-gigabyte capacity prices for Azure Storage, as well as industry-competitive transaction prices. 常规用途 v2 存储帐户支持以下 Azure 存储服务:General-purpose v2 storage accounts support these Azure Storage services:

  • Blob(所有类型:块、追加、页)Blobs (all types: Block, Append, Page)
  • Data Lake Gen2Data Lake Gen2
  • 文件Files
  • 磁盘Disks
  • 队列Queues
  • Tables

备注

Microsoft 建议对大多数方案使用常规用途 v2 存储帐户。Microsoft recommends using a general-purpose v2 storage account for most scenarios. 可以轻松将常规用途 v1 或 Blob 存储帐户升级到常规用途 v2 帐户,无需停机且无需复制数据。You can easily upgrade a general-purpose v1 or Blob storage account to a general-purpose v2 account with no downtime and without the need to copy data.

若要详细了解如何升级到常规用途 v2 帐户,请参阅升级到常规用途 v2 存储帐户For more information on upgrading to a general-purpose v2 account, see Upgrade to a general-purpose v2 storage account.

常规用途 v2 存储帐户提供多个访问层,可以根据使用模式来存储数据。General-purpose v2 storage accounts offer multiple access tiers for storing data based on your usage patterns. 有关详细信息,请参阅块 Blob 数据的访问层For more information, see Access tiers for block blob data.

常规用途 v1 帐户General-purpose v1 accounts

常规用途 v1 存储帐户可以访问所有 Azure 存储服务,但可能没有最新功能,其单 GB 定价也可能不是最低的。General-purpose v1 storage accounts provide access to all Azure Storage services, but may not have the latest features or the lowest per gigabyte pricing. 常规用途 v1 存储帐户支持以下 Azure 存储服务:General-purpose v1 storage accounts support these Azure Storage services:

  • Blob(所有类型)Blobs (all types)
  • 文件Files
  • 磁盘Disks
  • 队列Queues
  • Tables

大多数情况下,应使用常规用途 v2 帐户。You should use general-purpose v2 accounts in most cases. 以下情况可以使用常规用途 v1 帐户:You can use general-purpose v1 accounts for these scenarios:

  • 应用程序要求使用 Azure 经典部署模型。Your applications require the Azure classic deployment model. 常规用途 v2 帐户和 Blob 存储帐户只支持 Azure 资源管理器部署模型。General-purpose v2 accounts and Blob storage accounts support only the Azure Resource Manager deployment model.

  • 应用程序为事务密集型,或者使用很大的异地复制带宽,但不需要大的容量。Your applications are transaction-intensive or use significant geo-replication bandwidth, but don't require large capacity. 在这种情况下,常规用途 v1 可能是最经济的选择。In this case, general-purpose v1 may be the most economical choice.

  • 使用的存储服务 REST API 版本早于 2014-02-14,或使用的客户端库的版本低于 4.x,You use a version of the Storage Services REST API that is earlier than 2014-02-14 or a client library with a version lower than 4.x. 并且无法升级应用程序。You can't upgrade your application.

BlockBlobStorage 帐户BlockBlobStorage accounts

BlockBlobStorage 帐户是高级性能层中的专用存储帐户,用于将非结构化对象数据作为块 Blob 或追加 Blob 存储。A BlockBlobStorage account is a specialized storage account in the premium performance tier for storing unstructured object data as block blobs or append blobs. 与常规用途 v2 和 BlobStorage 帐户相比,BlockBlobStorage 帐户提供低且一致的延迟和更高的事务速率。Compared with general-purpose v2 and BlobStorage accounts, BlockBlobStorage accounts provide low, consistent latency and higher transaction rates.

BlockBlobStorage 帐户目前不支持分层为 “热”、“冷”或“存档”访问层。BlockBlobStorage accounts don't currently support tiering to hot, cool, or archive access tiers. 此类型的存储帐户不支持页 blob、表或队列。This type of storage account does not support page blobs, tables, or queues.

FileStorage 帐户FileStorage accounts

FileStorage 帐户是用于存储和创建高级文件共享的专用存储帐户。A FileStorage account is a specialized storage account used to store and create premium file shares. 此存储帐户类型支持文件,但不支持块 blob、追加 blob、页 blob、表或队列。This storage account kind supports files but not block blobs, append blobs, page blobs, tables, or queues.

FileStorage 帐户提供了独特的性能专用特征,例如 IOPS 突发。FileStorage accounts offer unique performance dedicated characteristics such as IOPS bursting. 有关这些特征的更多信息,请参阅文件规划指南的文件共享存储层部分。For more information on these characteristics, see the File share storage tiers section of the Files planning guide.

为存储帐户命名Naming storage accounts

为存储帐户命名时,请记住以下规则:When naming your storage account, keep these rules in mind:

  • 存储帐户名称必须为 3 到 24 个字符,并且只能包含数字和小写字母。Storage account names must be between 3 and 24 characters in length and may contain numbers and lowercase letters only.
  • 存储帐户名称在 Azure 中必须是唯一的。Your storage account name must be unique within Azure. 没有两个存储帐户可以有相同的名称。No two storage accounts can have the same name.

性能层Performance tiers

根据所创建的存储帐户类型,可以在标准性能层和高级性能层之间进行选择。Depending on the type of storage account you create, you can choose between standard and premium performance tiers.

通用存储帐户General-purpose storage accounts

可以针对下述两个性能层之一配置常规用途存储帐户:General-purpose storage accounts may be configured for either of the following performance tiers:

  • 用于存储 Blob、文件、表、队列和 Azure 虚拟机磁盘的标准性能层。A standard performance tier for storing blobs, files, tables, queues, and Azure virtual machine disks. 有关标准存储帐户的可伸缩性目标的详细信息,请参阅标准存储帐户的可伸缩性目标For more information about scalability targets for standard storage accounts, see Scalability targets for standard storage accounts.
  • 用于存储非托管虚拟机磁盘的高级性能层。A premium performance tier for storing unmanaged virtual machine disks. Microsoft 建议将托管磁盘与 Azure 虚拟机配合使用,而不是使用非托管磁盘。Microsoft recommends using managed disks with Azure virtual machines instead of unmanaged disks. 若要详细了解高级性能层的可伸缩性目标,请参阅高级页 Blob 存储帐户的可伸缩性目标For more information about scalability targets for the premium performance tier, see Scalability targets for premium page blob storage accounts.

BlockBlobStorage 存储帐户BlockBlobStorage storage accounts

BlockBlobStorage 存储帐户提供用于存储块 blob 和追加 blob 的高级性能层。BlockBlobStorage storage accounts provide a premium performance tier for storing block blobs and append blobs. 有关详细信息,请参阅高级块 blob 存储帐户的可伸缩性目标For more information, see Scalability targets for premium block blob storage accounts.

FileStorage 存储帐户FileStorage storage accounts

FileStorage 存储帐户为 Azure 文件共享提供高级性能层。FileStorage storage accounts provide a premium performance tier for Azure file shares. 有关详细信息,请参阅 Azure 文件存储可伸缩性和性能目标For more information, see Azure Files scalability and performance targets.

块 Blob 数据的访问层Access tiers for block blob data

Azure 存储提供不同的选项,适用于根据使用模型访问块 Blob 数据。Azure Storage provides different options for accessing block blob data based on usage patterns. Azure 存储中的每个访问层都针对特定的数据使用模式进行了优化。Each access tier in Azure Storage is optimized for a particular pattern of data usage. 根据需要选择适当的访问层以后,即可以最经济有效的方式存储块 Blob 数据。By selecting the right access tier for your needs, you can store your block blob data in the most cost-effective manner.

可用的访问层包括:The available access tiers are:

  • 访问层。The Hot access tier. 此层已优化,适合频繁访问存储帐户中的对象。This tier is optimized for frequent access of objects in the storage account. 访问热层中的数据最经济高效,但存储费用较高。Accessing data in the hot tier is most cost-effective, while storage costs are higher. 新的存储帐户默认在热层中创建。New storage accounts are created in the hot tier by default.
  • 访问层。The Cool access tier. 此层已优化,适合存储大量不常访问且存储时间至少为 30 天的数据。This tier is optimized for storing large amounts of data that is infrequently accessed and stored for at least 30 days. 将数据存储在冷层中更经济高效,但与访问热层中的数据相比,访问该数据的费用可能较高。Storing data in the cool tier is more cost-effective, but accessing that data may be more expensive than accessing data in the hot tier.
  • 存档层。The Archive tier. 此层仅适用于单个块 Blob。This tier is available only for individual block blobs. 存档层已针对可以容忍数小时的检索延迟且会保留在存档层至少 180 天的数据进行优化。The archive tier is optimized for data that can tolerate several hours of retrieval latency and that will remain in the archive tier for at least 180 days. 存档层是最经济高效的数据存储选项。The archive tier is the most cost-effective option for storing data. 但是,访问这些数据的开销比访问热层或冷层中的数据要高。However, accessing that data is more expensive than accessing data in the hot or cool tiers.

如果数据的使用模式有所更改,可以随时在这些访问层之间切换。If there's a change in the usage pattern of your data, you can switch between these access tiers at any time. 有关访问层的详细信息,请参阅 Azure Blob 存储:热、冷和存档访问层For more information about access tiers, see Azure Blob storage: hot, cool, and archive access tiers.

重要

更改现有存储帐户或 Blob 的访问层可能会产生额外费用。Changing the access tier for an existing storage account or blob may result in additional charges. 有关详细信息,请参阅“存储帐户计费”部分For more information, see the Storage account billing section.

冗余Redundancy

存储帐户的冗余选项包括:Redundancy options for a storage account include:

  • 本地冗余存储 (LRS):简单的低成本冗余策略。Locally redundant storage (LRS): A simple, low-cost redundancy strategy. 数据将在主要区域中同步复制三次。Data is copied synchronously three times within the primary region.
  • 区域冗余存储 (ZRS):针对需要高可用性的方案的冗余。Zone-redundant storage (ZRS): Redundancy for scenarios requiring high availability. 跨主要区域中的 3 个 Azure 可用性区域同步复制数据。Data is copied synchronously across three Azure availability zones in the primary region.
  • 异地冗余存储 (GRS):用于防范区域性服务中断的跨区域冗余。Geo-redundant storage (GRS): Cross-regional redundancy to protect against regional outages. 在主要区域同步复制数据三次,然后将数据异步复制到次要区域。Data is copied synchronously three times in the primary region, then copied asynchronously to the secondary region. 若要对次要区域中的数据进行读取访问,请启用读取访问异地冗余存储 (RA-GRS)。For read access to data in the secondary region, enable read-access geo-redundant storage (RA-GRS).
  • 异地区域冗余存储 (GZRS)(预览版):针对需要高可用性和最大持续性的方案的冗余。Geo-zone-redundant storage (GZRS) (preview): Redundancy for scenarios requiring both high availability and maximum durability. 跨主要区域中的 3 个 Azure 可用性区域同步复制数据,然后将数据异步复制到次要区域。Data is copied synchronously across three Azure availability zones in the primary region, then copied asynchronously to the secondary region. 若要对次要区域进行读取访问,可启用读取访问异地区域冗余存储 (RA-GZRS)。For read access to data in the secondary region, enable read-access geo-zone-redundant storage (RA-GZRS).

若要详细了解 Azure 存储中的冗余选项,请参阅 Azure 存储冗余For more information about redundancy options in Azure Storage, see Azure Storage redundancy.

EncryptionEncryption

存储帐户中的所有数据均在服务端加密。All data in your storage account is encrypted on the service side. 有关加密的详细信息,请参阅静态数据的 Azure 存储服务加密For more information about encryption, see Azure Storage Service Encryption for data at rest.

存储帐户终结点Storage account endpoints

存储帐户在 Azure 中为数据提供唯一的命名空间。A storage account provides a unique namespace in Azure for your data. 存储在 Azure 存储中的每个对象都有一个地址,其中包含唯一的帐户名称。Every object that you store in Azure Storage has an address that includes your unique account name. 将帐户名称与 Azure 存储服务终结点组合在一起,即可构成适用于存储帐户的终结点。The combination of the account name and the Azure Storage service endpoint forms the endpoints for your storage account.

例如,如果常规用途存储帐户名为 mystorageaccount,则该帐户的默认终结点为:For example, if your general-purpose storage account is named mystorageaccount, then the default endpoints for that account are:

  • Blob 存储:https://*mystorageaccount*.blob.core.windows.netBlob storage: https://*mystorageaccount*.blob.core.windows.net
  • 表存储:https://*mystorageaccount*.table.core.windows.netTable storage: https://*mystorageaccount*.table.core.windows.net
  • 队列存储:https://*mystorageaccount*.queue.core.windows.netQueue storage: https://*mystorageaccount*.queue.core.windows.net
  • Azure 文件存储:https://*mystorageaccount*.file.core.windows.netAzure Files: https://*mystorageaccount*.file.core.windows.net
  • Azure Data Lake Storage Gen2: https://*mystorageaccount*.dfs.core.windows.net (使用 专门针对大数据进行优化的 ABFS 驱动程序。 ) Azure Data Lake Storage Gen2: https://*mystorageaccount*.dfs.core.windows.net (Uses the ABFS driver optimized specifically for big data.)

备注

块 blob 和 blob 存储帐户仅公开 Blob 服务终结点。Block blob and blob storage accounts expose only the Blob service endpoint.

构造用于访问存储帐户中某个对象的 URL,方法是:将对象在存储帐户中的位置追加到终结点。Construct the URL for accessing an object in a storage account by appending the object's location in the storage account to the endpoint. 例如,Blob 地址可能具有以下格式: http://mystorageaccount.blob.core.windows.net/mycontainer/myblobFor example, a blob address might have this format: http://mystorageaccount.blob.core.windows.net/mycontainer/myblob.

也可将存储帐户配置为对 Blob 使用自定义域。You can also configure your storage account to use a custom domain for blobs. 有关详细信息,请参阅为 Azure 存储帐户配置自定义域名For more information, see Configure a custom domain name for your Azure Storage account.

控制对帐户数据的访问Control access to account data

默认情况下,只有你,即帐户所有者,才能使用帐户中的数据。By default, the data in your account is available only to you, the account owner. 你可以控制哪些用户可以访问你的数据,以及这些用户可以有什么权限。You have control over who may access your data and what permissions they have.

对存储帐户发出的每个请求都必须获得授权。Every request made against your storage account must be authorized. 在服务级别,请求必须包含有效的 Authorization 标头。At the level of the service, the request must include a valid Authorization header. 具体说来,该标头包含服务在执行请求之前对其进行验证所需的所有信息。Specifically, this header includes all of the information necessary for the service to validate the request before executing it.

可以通过下述任意方法授予对存储帐户中数据的访问权限:You can grant access to the data in your storage account using any of the following approaches:

  • Azure Active Directory: 使用 Azure Active Directory (Azure AD) 凭据对访问 Blob 和队列数据的用户、组或其他标识进行身份验证。Azure Active Directory: Use Azure Active Directory (Azure AD) credentials to authenticate a user, group, or other identity for access to blob and queue data. 如果某个标识的身份验证成功,则 Azure AD 会返回一个令牌,在对访问 Azure Blob 存储或队列存储的请求授权时可以使用该令牌。If authentication of an identity is successful, then Azure AD returns a token to use in authorizing the request to Azure Blob storage or Queue storage. 有关详细信息,请参阅使用 Azure Active Directory 对 Azure 存储访问进行身份验证For more information, see Authenticate access to Azure Storage using Azure Active Directory.
  • 共享密钥授权: 使用存储帐户访问密钥构造一个连接字符串,应用程序在运行时将使用该连接字符串来访问 Azure 存储。Shared Key authorization: Use your storage account access key to construct a connection string that your application uses at runtime to access Azure Storage. 连接字符串中的值用于构造传递给 Azure 存储的 Authorization 标头。The values in the connection string are used to construct the Authorization header that is passed to Azure Storage. 有关详细信息,请参阅配置 Azure 存储连接字符串For more information, see Configure Azure Storage connection strings.
  • 共享访问签名: 如果不使用 Azure AD 授权,则使用共享访问签名来委托对存储帐户中资源的访问权限。Shared access signature: Use a shared access signature to delegate access to resources in your storage account, if you aren't using Azure AD authorization. 共享访问签名是一个令牌,其中封装了对目标对象为 URL 上的 Azure 存储的请求进行授权所需的所有信息。A shared access signature is a token that encapsulates all of the information needed to authorize a request to Azure Storage on the URL. 可以在共享访问签名中指定存储资源、授予的权限以及权限有效时间间隔。You can specify the storage resource, the permissions granted, and the interval over which the permissions are valid as part of the shared access signature. 有关详细信息,请参阅使用共享访问签名 (SAS)For more information, see Using shared access signatures (SAS).

备注

与其他授权方式相比,使用 Azure AD 凭据对用户或应用程序进行身份验证可以提供优越的安全性和易用性。Authenticating users or applications using Azure AD credentials provides superior security and ease of use over other means of authorization. 虽然可以继续为应用程序使用共享密钥授权,但是,使用 Azure AD 不需要将帐户访问密钥与代码存储在一起。While you can continue to use Shared Key authorization with your applications, using Azure AD circumvents the need to store your account access key with your code. 也可以继续使用共享访问签名 (SAS) 授予对存储帐户中的资源的精细访问权限,但 Azure AD 提供了类似的功能,并且不需要管理 SAS 令牌,也不需要担心吊销已泄露的 SAS。You can also continue to use shared access signatures (SAS) to grant fine-grained access to resources in your storage account, but Azure AD offers similar capabilities without the need to manage SAS tokens or worry about revoking a compromised SAS.

Microsoft 建议尽可能使用 Azure 存储 blob 的 Azure AD 授权和队列应用程序。Microsoft recommends using Azure AD authorization for your Azure Storage blob and queue applications when possible.

将数据复制到存储帐户中Copying data into a storage account

Microsoft 提供了用于从本地存储设备或第三方云存储提供程序导入数据的实用工具和库。Microsoft provides utilities and libraries for importing your data from on-premises storage devices or third-party cloud storage providers. 使用哪种解决方案取决于要传输的数据量。Which solution you use depends on the quantity of data you're transferring.

从常规用途 v1 存储帐户或 Blob 存储帐户升级到常规用途 v2 帐户时,数据会自动迁移。When you upgrade to a general-purpose v2 account from a general-purpose v1 or Blob storage account, your data is automatically migrated. Microsoft 建议使用这种路径来升级帐户。Microsoft recommends this pathway for upgrading your account. 但是,如果决定将数据从常规用途 v1 帐户移到 Blob 存储帐户,则使用下述工具和库手动迁移数据。However, if you decide to move data from a general-purpose v1 account to a Blob storage account, then you'll migrate your data manually, using the tools and libraries described below.

AzCopyAzCopy

AzCopy 是一个 Windows 命令行实用程序,用于将数据高性能复制到 Azure 存储(或从中进行复制)。AzCopy is a Windows command-line utility designed for high-performance copying of data to and from Azure Storage. 可以使用 AzCopy 将数据从现有的常规用途存储帐户复制到 Blob 存储帐户,或者将数据从本地存储设备上传。You can use AzCopy to copy data into a Blob storage account from an existing general-purpose storage account, or to upload data from on-premises storage devices. 有关详细信息,请参阅使用 AzCopy 命令行实用程序传输数据For more information, see Transfer data with the AzCopy Command-Line Utility.

数据移动库Data movement library

适用于 .NET 的 Azure 存储数据移动库基于为 AzCopy 提供技术支持的核心数据移动框架。The Azure Storage data movement library for .NET is based on the core data movement framework that powers AzCopy. 库旨在实现类似于 AzCopy 的高性能、可靠且简单的数据传输操作。The library is designed for high-performance, reliable, and easy data transfer operations similar to AzCopy. 可以通过数据移动库以本机方式利用 AzCopy 功能。You can use the data movement library to take advantage of AzCopy features natively. 有关详细信息,请参阅适用于 .NET 的 Azure 存储数据移动库For more information, see Azure Storage Data Movement Library for .NET

REST API 或客户端库REST API or client library

可以创建自定义应用程序,以便将数据从常规用途 v1 存储帐户迁移到 Blob 存储帐户中。You can create a custom application to migrate your data from a general-purpose v1 storage account into a Blob storage account. 使用其中一个 Azure 客户端库或 Azure 存储服务 REST API。Use one of the Azure client libraries or the Azure Storage services REST API. Azure 存储对多种语言和平台(如 .NET、Java、C++、Node.JS、PHP、Ruby 和 Python)提供了内容丰富的客户端库。Azure Storage provides rich client libraries for multiple languages and platforms like .NET, Java, C++, Node.JS, PHP, Ruby, and Python. 客户端库提供高级功能,如重试逻辑、日志记录和并行上传。The client libraries offer advanced capabilities such as retry logic, logging, and parallel uploads. 也可以直接针对 REST API(可发出 HTTP/HTTPS 请求的任何语言都可调用它)进行开发。You can also develop directly against the REST API, which can be called by any language that makes HTTP/HTTPS requests.

有关 Azure 存储 REST API 的详细信息,请参阅 Azure Storage Services REST API Reference(Azure 存储服务 REST API 参考)。For more information about the Azure Storage REST API, see Azure Storage Services REST API Reference.

重要

使用客户端加密进行加密的 Blob 会将与加密相关的元数据与 Blob 一起存储。Blobs encrypted using client-side encryption store encryption-related metadata with the blob. 如果复制使用客户端加密来加密的 Blob,请确保复制操作保留 Blob 元数据,尤其是与加密相关的元数据。If you copy a blob that is encrypted with client-side encryption, ensure that the copy operation preserves the blob metadata, and especially the encryption-related metadata. 如果复制不包含此加密元数据的 Blob,则不能再次检索 Blob 内容。If you copy a blob without the encryption metadata, the blob content cannot be retrieved again. 有关加密相关元数据的详细信息,请参阅 Azure 存储客户端加密For more information regarding encryption-related metadata, see Azure Storage Client-Side Encryption.

存储帐户计费Storage account billing

我们会根据存储帐户使用情况,对 Azure 存储进行计费。You're billed for Azure Storage based on your storage account usage. 存储帐户中的所有对象会作为组共同计费。All objects in a storage account are billed together as a group.

存储成本根据以下因素计算:Storage costs are calculated according to the following factors:

  • 区域指的是帐户所在的地理区域。Region refers to the geographical region in which your account is based.
  • 帐户类型是指所使用的存储帐户类型。Account type refers to the type of storage account you're using.
  • 访问层是指你为常规用途 v2 或 Blob 存储帐户指定的数据使用模式。Access tier refers to the data usage pattern you've specified for your general-purpose v2 or Blob storage account.
  • 存储容量是指你使用多少存储帐户配额来存储数据。Storage Capacity refers to how much of your storage account allotment you're using to store data.
  • 复制可以确定一次保留的数据副本的数量以及保留位置。Replication determines how many copies of your data are maintained at one time, and in what locations.
  • 事务指的是对 Azure 存储进行的所有读取和写入操作。Transactions refer to all read and write operations to Azure Storage.
  • 数据流出量指的是传出某个 Azure 区域的数据。Data egress refers to any data transferred out of an Azure region. 当存储帐户中的数据被不在同一区域中运行的应用程序访问时,需要为数据流出量付费。When the data in your storage account is accessed by an application that isn't running in the same region, you're charged for data egress. 有关使用资源组对同一区域内的数据和服务进行分组以限制数据流出费用的信息,请参阅什么是 Azure 资源组?For information about using resource groups to group your data and services in the same region to limit egress charges, see What is an Azure resource group?.

Azure 存储定价 页提供基于帐户类型、存储容量、复制和交易的详细定价信息。The Azure Storage Pricing page provides detailed pricing information based on account type, storage capacity, replication, and transactions. 数据传输定价详细信息 提供了针对数据流出量的详细定价信息。The Data Transfers Pricing Details provides detailed pricing information for data egress. 可以使用 Azure 存储定价计算器 来帮助估算成本。You can use the Azure Storage Pricing Calculator to help estimate your costs.

Azure 服务是要花钱的。Azure services cost money. Azure 成本管理有助于你设置预算并配置警报,使支出保持在控制范围之内。Azure Cost Management helps you set budgets and configure alerts to keep spending under control. 使用成本管理分析、管理和优化 Azure 成本。Analyze, manage, and optimize your Azure costs with Cost Management. 要了解详细信息,请参阅分析成本快速入门To learn more, see the quickstart on analyzing your costs.

后续步骤Next steps