您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

Azure 托管磁盘概述Azure Managed Disks Overview

Azure 托管磁盘通过管理与 VM 磁盘关联的存储帐户简化了 Azure IaaS VM 的磁盘管理。Azure Managed Disks simplifies disk management for Azure IaaS VMs by managing the storage accounts associated with the VM disks. 只需指定所需的类型(高级标准)和磁盘大小,Azure 将创建和管理磁盘。You only have to specify the type (Premium or Standard) and the size of disk you need, and Azure creates and manages the disk for you.

托管磁盘的好处Benefits of managed disks

让我们看看使用托管磁盘的一些好处,情观看 9 频道视频 - 托管磁盘使 Azure VM 更加可靠Let's take a look at some of the benefits you gain by using managed disks, starting with this Channel 9 video, Better Azure VM Resiliency with Managed Disks.

简单且可缩放的 VM 部署Simple and scalable VM deployment

托管磁盘在幕后处理存储。Managed Disks handles storage for you behind the scenes. 以前,必须创建存储帐户来存储 Azure VM 的磁盘(VHD 文件)。Previously, you had to create storage accounts to hold the disks (VHD files) for your Azure VMs. 进行扩展时,必须确保创建了额外的存储帐户,以便任何磁盘都不会超出对存储的 IOPS 限制。When scaling up, you had to make sure you created additional storage accounts so you didn't exceed the IOPS limit for storage with any of your disks. 使用托管磁盘处理存储时,不再受限于存储帐户限制(例如 20,000 IOPS / 帐户)。With Managed Disks handling storage, you are no longer limited by the storage account limits (such as 20,000 IOPS / account). 也不再需要将自定义映像(VHD 文件)复制到多个存储帐户。You also no longer have to copy your custom images (VHD files) to multiple storage accounts. 可以在一个中心位置管理自定义映像(每个 Azure 区域一个存储帐户),并使用它们在一个订阅中创建数百台 VM。You can manage them in a central location – one storage account per Azure region – and use them to create hundreds of VMs in a subscription.

托管磁盘允许在一个订阅中创建最多 10,000 个 VM 磁盘,这使得可以在单个订阅中创建数百台 VMManaged Disks will allow you to create up to 10,000 VM disks in a subscription, which will enable you to create thousands of VMs in a single subscription. 通过允许使用某个 Marketplace 映像在一个 VMSS 中创建多达一千台 VM,此功能还可以进一步增加虚拟机规模集 (VMSS) 的可伸缩性。This feature also further increases the scalability of Virtual Machine Scale Sets (VMSS) by allowing you to create up to a thousand VMs in a VMSS using a Marketplace image.

可用性集更加可靠Better reliability for Availability Sets

通过确保可用性集中的 VM 的磁盘彼此之间完全隔离以避免单点故障,托管磁盘为可用性集提供了更佳的可靠性。Managed Disks provides better reliability for Availability Sets by ensuring that the disks of VMs in an Availability Set are sufficiently isolated from each other to avoid single points of failure. 它通过自动将磁盘放置在不同的存储缩放单位(模块)中来实现这一点。It does this by automatically placing the disks in different storage scale units (stamps). 如果某个模块因硬件或软件故障而失败,则只有其磁盘在该模块上的 VM 实例会失败。If a stamp fails due to hardware or software failure, only the VM instances with disks on those stamps fail. 例如,假定某个应用程序在 5 台 VM 上运行并且这些 VM 位于一个可用性集中。For example, let's say you have an application running on five VMs, and the VMs are in an Availability Set. 这些 VM 的磁盘不会存储在同一个模块中,因此,如果一个模块失败,该应用程序的其他实例可以继续运行。The disks for those VMs won't all be stored in the same stamp, so if one stamp goes down, the other instances of the application continue to run.

高度持久和可用Highly durable and available

Azure 磁盘具备 99.999% 的可用性。Azure Disks are designed for 99.999% availability. 数据具有三个副本,高持久性可让用户高枕无忧。Rest easier knowing that you have three replicas of your data that enables high durability. 如果其中一个或两个副本出现问题,剩下的副本能够确保数据的持久性和对故障的高耐受性。If one or even two replicas experience issues, the remaining replicas help ensure persistence of your data and high tolerance against failures. 此架构有助于 Azure 为 IaaS 磁盘持续提供企业级的持久性,年化故障率为 0%,达到行业领先水平。This architecture has helped Azure consistently deliver enterprise-grade durability for IaaS disks, with an industry-leading ZERO% Annualized Failure Rate.

粒度访问控制Granular access control

可以使用 Azure 基于角色的访问控制 (RBAC) 将对托管磁盘的特定权限分配给一个或多个用户。You can use Azure Role-Based Access Control (RBAC) to assign specific permissions for a managed disk to one or more users. 托管磁盘公开了各种操作,包括读取、写入(创建/更新)、删除,以及检索磁盘的共享访问签名 (SAS) URIManaged Disks exposes a variety of operations, including read, write (create/update), delete, and retrieving a shared access signature (SAS) URI for the disk. 可以仅将某人员执行其工作所需的操作的访问权限授予该人员。You can grant access to only the operations a person needs to perform his job. 例如,如果不希望某人员将某个托管磁盘复制到存储帐户,则可以选择不授予对该托管磁盘的导出操作的访问权限。For example, if you don't want a person to copy a managed disk to a storage account, you can choose not to grant access to the export action for that managed disk. 类似地,如果不希望某人员使用 SAS URI 复制某个托管磁盘,则可以选择不授予对该托管磁盘的该权限。Similarly, if you don't want a person to use an SAS URI to copy a managed disk, you can choose not to grant that permission to the managed disk.

Azure 备份服务支持Azure Backup service support

将 Azure 备份服务与托管磁盘配合使用,创建具有基于时间的备份、轻松 VM 还原和备份保留策略的备份作业。Use Azure Backup service with Managed Disks to create a backup job with time-based backups, easy VM restoration and backup retention policies. 托管磁盘仅支持使用本地冗余存储 (LRS) 作为复制选项;这意味着它在单个区域中保留三个数据副本。Managed Disks only support Locally Redundant Storage (LRS) as the replication option; this means it keeps three copies of the data within a single region. 对于区域性灾难恢复,必须使用 Azure 备份服务和作为备份保管库的 GRS 存储帐户来备份不同区域中的 VM 磁盘。For regional disaster recovery, you must backup your VM disks in a different region using Azure Backup service and a GRS storage account as backup vault. 目前 Azure 备份支持将最大 1TB 的数据磁盘大小用于备份。Currently Azure Backup supports data disk sizes up to 1TB for backup. 有关详细信息,请参阅为具有托管磁盘的 VM 使用 Azure 备份服务Read more about this at Using Azure Backup service for VMs with Managed Disks.

定价和计费Pricing and Billing

使用托管磁盘时,将考虑以下计费事项:When using Managed Disks, the following billing considerations apply:

  • 存储类型Storage Type

  • 磁盘大小Disk Size

  • 事务数Number of transactions

  • 出站数据传输Outbound data transfers

  • 托管磁盘快照(全磁盘复制)Managed Disk Snapshots (full disk copy)

下面将更详细地介绍各项。Let's take a closer look at these.

存储类型:托管磁盘提供了 2 个性能层:高级(基于 SSD)和标准(基于 HDD)。Storage Type: Managed Disks offers 2 performance tiers: Premium (SSD-based) and Standard (HDD-based). 托管磁盘的计费取决于为磁盘选择的存储类型。The billing of a managed disk depends on which type of storage you have selected for the disk.

磁盘大小:托管磁盘的计费取决于磁盘的预配大小。Disk Size: Billing for managed disks depends on the provisioned size of the disk. Azure 会将预配大小映射(向上舍入)到下面各表中指定的最接近的托管磁盘选项。Azure maps the provisioned size (rounded up) to the nearest Managed Disks option as specified in the tables below. 每个托管磁盘都映射到其中一种受支持的预配大小并相应地进行计费。Each managed disk maps to one of the supported provisioned sizes and is billed accordingly. 例如,如果创建了一个标准托管磁盘并将预配大小指定为 200 GB,则会根据 S20 磁盘类型的定价向你收费。For example, if you create a standard managed disk and specify a provisioned size of 200 GB, you are billed as per the pricing of the S20 Disk type.

下面是高级托管磁盘可用的磁盘大小:Here are the disk sizes available for a premium managed disk:

高级托管
磁盘类型
Premium Managed
Disk Type
P4P4 P6P6 P10P10 P20P20 P30P30 P40P40 P50P50
磁盘大小Disk Size 32 GB32 GB 64 GB64 GB 128 GB128 GB 512 GB512 GB 1024 GB (1 TB)1024 GB (1 TB) 2048 GB (2 TB)2048 GB (2 TB) 4095 GB (4 TB)4095 GB (4 TB)

下面是标准托管磁盘可用的磁盘大小:Here are the disk sizes available for a standard managed disk:

标准托管
磁盘类型
Standard Managed
Disk Type
S4S4 S6S6 S10S10 S20S20 S30S30 S40S40 S50S50
磁盘大小Disk Size 32 GB32 GB 64 GB64 GB 128 GB128 GB 512 GB512 GB 1024 GB (1 TB)1024 GB (1 TB) 2048 GB (2 TB)2048 GB (2 TB) 4095 GB (4 TB)4095 GB (4 TB)

事务数:会根据你对标准托管磁盘执行的事务数向你收费。Number of transactions: You are billed for the number of transactions that you perform on a standard managed disk. 高级托管磁盘没有事务费用。There is no cost for transactions for a premium managed disk.

出站数据传输出站数据传输(Azure 数据中心送出的数据)会产生带宽使用费。Outbound data transfers: Outbound data transfers (data going out of Azure data centers) incur billing for bandwidth usage.

有关托管磁盘的详细定价信息,请参阅托管磁盘定价For detailed information on pricing for Managed Disks, see Managed Disks Pricing.

托管磁盘快照Managed Disk Snapshots

托管快照是托管磁盘的只读完整副本,默认情况下它作为标准托管磁盘进行存储。A Managed Snapshot is a read-only full copy of a managed disk which is stored as a standard managed disk by default. 使用快照,可以在任意时间点备份托管磁盘。With snapshots, you can back up your managed disks at any point in time. 这些快照独立于源磁盘而存在,并可用来创建新的托管磁盘。These snapshots exist independent of the source disk and can be used to create new Managed Disks. 基于已使用大小对这些快照进行计费。They are billed based on the used size. 例如,如果创建预配容量为 64 GB、实际使用数据大小为 10 GB 的托管磁盘的快照,将仅针对已用数据大小 10 GB 对该快照进行计费。For example, if you create a snapshot of a managed disk with provisioned capacity of 64 GB and actual used data size of 10 GB, snapshot will be billed only for the used data size of 10 GB.

托管磁盘当前不支持增量快照,但将来会支持。Incremental snapshots are currently not supported for Managed Disks, but will be supported in the future.

若要了解有关如何使用托管磁盘创建快照的详细信息,请查看下列资源:To learn more about how to create snapshots with Managed Disks, please check out these resources:

映像Images

托管磁盘还支持创建托管自定义映像。Managed Disks also support creating a managed custom image. 可以从存储帐户中的自定义 VHD 创建映像或者直接从通用化 (sys-prepped) VM 创建映像。You can create an image from your custom VHD in a storage account or directly from a generalized (sys-prepped) VM. 这会将与 VM 关联的所有托管磁盘捕获到单个映像中,包括 OS 和数据磁盘。This captures in a single image all managed disks associated with a VM, including both the OS and data disks. 这会允许使用自定义映像创建数百台 VM,且不需要复制或管理任何存储帐户。This enables creating hundreds of VMs using your custom image without the need to copy or manage any storage accounts.

有关创建映像的信息,请查看以下文章:For information on creating images, please check out the following articles:

映像与快照Images versus snapshots

经常看到词语“映像”与 VM 一起使用,现在还看到了“快照”。You often see the word "image" used with VMs, and now you see "snapshots" as well. 了解它们之间的区别很重要。It's important to understand the difference between these. 使用托管磁盘,可以创建已解除分配的通用 VM 的映像。With Managed Disks, you can take an image of a generalized VM that has been deallocated. 此映像将包括附加到该 VM 的所有磁盘。This image will include all of the disks attached to the VM. 可以使用此映像创建新的 VM,并且它将包括所有磁盘。You can use this image to create a new VM, and it will include all of the disks.

快照是磁盘在创建快照那一刻的副本。A snapshot is a copy of a disk at the point in time it is taken. 它仅应用于一个磁盘。It only applies to one disk. 如果存在仅具有一个磁盘(OS)的 VM,则可以为其创建快照或映像,并且可以通过该快照或映像创建 VM。If you have a VM that only has one disk (the OS), you can take a snapshot or an image of it and create a VM from either the snapshot or the image.

如果 VM 具有五个磁盘且这些磁盘是条带化的,会怎样?What if a VM has five disks and they are striped? 可以创建每个磁盘的快照,但是系统对于 VM 中的磁盘状况没有意识 – 快照只知道那一个磁盘的状况。You could take a snapshot of each of the disks, but there is no awareness within the VM of the state of the disks – the snapshots only know about that one disk. 在这种情况下,快照彼此之间需要相互协调,目前不支持此功能。In this case, the snapshots would need to be coordinated with each other, and that is not currently supported.

托管磁盘和加密Managed Disks and Encryption

以下介绍托管磁盘的两种加密方式。There are two kinds of encryption to discuss in reference to managed disks. 第一种是存储服务加密 (SSE),由存储服务执行。The first one is Storage Service Encryption (SSE), which is performed by the storage service. 第二种是 Azure 磁盘加密,可以在 VM 的 OS 和数据磁盘上启用。The second one is Azure Disk Encryption, which you can enable on the OS and data disks for your VMs.

存储服务加密 (SSE)Storage Service Encryption (SSE)

Azure 存储服务加密 可提供静态加密和保护你的数据,使你的组织能够信守在安全性与符合性方面所做的承诺。Azure Storage Service Encryption provides encryption-at-rest and safeguard your data to meet your organizational security and compliance commitments. 默认情况下,所有托管磁盘都启用了 SSE,所有可用托管磁盘的区域都有快照和映像。SSE is enabled by default for all Managed Disks, Snapshots and Images in all the regions where managed disks is available. 从 2017 年 6 月 10 日起,写入现有的托管磁盘中的所有新的托管磁盘/快照/映像和新数据都会通过 Microsoft 密钥管理自动静态加密。Starting June 10th, 2017, all new managed disks/snapshots/images and new data written to existing managed disks are automatically encrypted-at-rest with keys managed by Microsoft. 有关详细信息请访问托管磁盘常见问题解答页Visit the Managed Disks FAQ page for more details.

Azure 磁盘加密 (ADE)Azure Disk Encryption (ADE)

Azure 磁盘加密允许加密 IaaS 虚拟机使用的 OS 磁盘和数据磁盘。Azure Disk Encryption allows you to encrypt the OS and Data disks used by an IaaS Virtual Machine. 这包括托管磁盘。This includes managed disks. 对于 Windows,驱动器是使用行业标准 BitLocker 加密技术加密的。For Windows, the drives are encrypted using industry-standard BitLocker encryption technology. 对于 Linux,磁盘是使用 DM-Crypt 技术加密的。For Linux, the disks are encrypted using the DM-Crypt technology. 这会与 Azure 密钥保管库集成,可让你控制和管理磁盘加密密钥。This is integrated with Azure Key Vault to allow you to control and manage the disk encryption keys. 有关详细信息,请参阅适用于 Windows 和 Linux IaaS VM 的 Azure 磁盘加密For more information, please see Azure Disk Encryption for Windows and Linux IaaS VMs.

后续步骤Next steps

有关托管磁盘的详细信息,请参考以下文章。For more information about Managed Disks, please refer to the following articles.

托管磁盘入门Get started with Managed Disks

比较托管磁盘存储选项Compare Managed Disks storage options

操作指南Operational guidance