Azure Resource Manager 概觀Azure Resource Manager overview

Azure Resource Manager 是 Azure 的部署和管理服務。Azure Resource Manager is the deployment and management service for Azure. 其提供管理層,可讓您建立、更新和刪除您 Azure 訂用帳戶中的資源。It provides a management layer that enables you to create, update, and delete resources in your Azure subscription. 您可以使用存取控制、鎖定和標記等管理功能,在部署後保護及組織您的資源。You use management features, like access control, locks, and tags, to secure and organize your resources after deployment.

若要了解 Azure Resource Manager 範本,請參閱範本部署概觀To learn about Azure Resource Manager templates, see Template deployment overview.

一致的管理層Consistent management layer

當使用者從任何 Azure 工具、API 或 SDK 傳送要求時,Resource Manager 就會收到要求。When a user sends a request from any of the Azure tools, APIs, or SDKs, Resource Manager receives the request. 其會驗證並授權要求。It authenticates and authorizes the request. Resource Manager 會將要求傳送至 Azure 服務,而該服務會接受要求的動作。Resource Manager sends the request to the Azure service, which takes the requested action. 因為所有要求都是透過相同的 API 來處理,所以您會在所有不同工具中看到一致的結果和功能。Because all requests are handled through the same API, you see consistent results and capabilities in all the different tools.

下圖顯示處理 Azure 要求時,Azure Resource Manager 所扮演的角色。The following image shows the role Azure Resource Manager plays in handling Azure requests.

Resource Manager 要求模型

透過 PowerShell、Azure CLI、REST API 和用戶端 SDK 也可以使用入口網站中的所有可用功能。All capabilities that are available in the portal are also available through PowerShell, Azure CLI, REST APIs, and client SDKs. 一開始透過 API 發行的功能將會在初次發行的 180 天內呈現在入口網站中。Functionality initially released through APIs will be represented in the portal within 180 days of initial release.

術語Terminology

如果您不熟悉 Azure Resource Manager,則您可能不熟悉一些詞彙。If you're new to Azure Resource Manager, there are some terms you might not be familiar with.

  • 資源 - 透過 Azure 提供的可管理項目。resource - A manageable item that is available through Azure. 虛擬機器、儲存體帳戶、Web 應用程式、資料庫和虛擬網路都是資源範例。Virtual machines, storage accounts, web apps, databases, and virtual networks are examples of resources.
  • 資源群組 - 保留 Azure 解決方案的相關資源的容器。resource group - A container that holds related resources for an Azure solution. 資源群組包含您要以群組的形式管理的資源。The resource group includes those resources that you want to manage as a group. 您可根據對組織最有利的方式,決定哪些資源要放置到資源群組。You decide which resources belong in a resource group based on what makes the most sense for your organization. 請參閱 資源群組See Resource groups.
  • 資源提供者 - 提供 Azure 資源的服務。resource provider - A service that supplies Azure resources. 例如,Microsoft.Compute 是常見的資源提供者,可提供虛擬機器資源。For example, a common resource provider is Microsoft.Compute, which supplies the virtual machine resource. Microsoft.Storage 是另一個常見的資源提供者。Microsoft.Storage is another common resource provider. 請參閱資源提供者和類型See Resource providers and types.
  • Resource Manager 範本 - JavaScript 物件標記法 (JSON) 檔案,可定義一或多個要部署至資源群組或訂用帳戶的資源。Resource Manager template - A JavaScript Object Notation (JSON) file that defines one or more resources to deploy to a resource group or subscription. 範本可用來以一致性方式重複部署資源。The template can be used to deploy the resources consistently and repeatedly. 請參閱範本部署概觀See Template deployment overview.
  • 宣告式語法 - 可讓您陳述「以下是我想要建立的項目」而不需要撰寫一連串程式設計命令來加以建立的語法。declarative syntax - Syntax that lets you state "Here is what I intend to create" without having to write the sequence of programming commands to create it. Resource Manager 範本便是宣告式語法的其中一個範例。The Resource Manager template is an example of declarative syntax. 在該檔案中,您可以定義要部署至 Azure 之基礎結構的屬性。In the file, you define the properties for the infrastructure to deploy to Azure. 請參閱範本部署概觀See Template deployment overview.

使用 Resource Manager 的優點The benefits of using Resource Manager

搭配 Resource Manager,您可以:With Resource Manager, you can:

  • 透過宣告式範本而非指令碼來管理基礎結構。Manage your infrastructure through declarative templates rather than scripts.

  • 以群組形式部署、管理及監視方案的所有資源,而不是個別處理這些資源。Deploy, manage, and monitor all the resources for your solution as a group, rather than handling these resources individually.

  • 在整個開發週期上重新部署方案,並確信您的資源會部署在一致的狀態中。Redeploy your solution throughout the development lifecycle and have confidence your resources are deployed in a consistent state.

  • 定義之間的相依性,使得以正確的順序部署資源。Define the dependencies between resources so they're deployed in the correct order.

  • 因為角色型存取控制 (RBAC) 會原生整合至管理平台,請將存取控制套用至資源群組中的所有服務。Apply access control to all services in your resource group because Role-Based Access Control (RBAC) is natively integrated into the management platform.

  • 將標籤套用至資源,以便以邏輯方式組織訂用帳戶中的所有資源。Apply tags to resources to logically organize all the resources in your subscription.

  • 檢視共用相同標籤之資源群組的成本,以釐清您的組織的計費方式。Clarify your organization's billing by viewing costs for a group of resources sharing the same tag.

了解範圍Understand scope

Azure 提供四個範圍層級:管理群組、訂用帳戶、資源群組和資源。Azure provides four levels of scope: management groups, subscriptions, resource groups, and resources. 下圖顯示這些層級的範例。The following image shows an example of these layers.

影響範圍

您可以在任何範圍層級套用管理設定。You apply management settings at any of these levels of scope. 您選取的層級會決定套用設定的範圍。The level you select determines how widely the setting is applied. 較低層級會從較高層級繼承設定。Lower levels inherit settings from higher levels. 例如,當您將原則套用到訂用帳戶時,訂用帳戶中的所有資源群組和資源都會套用該原則。For example, when you apply a policy to the subscription, the policy is applied to all resource groups and resources in your subscription. 當您在資源群組上套用原則時,資源群組及其所有資源都會套用該原則。When you apply a policy on the resource group, that policy is applied the resource group and all its resources. 但是,另一個資源群組就不會套用該原則。However, another resource group doesn't have that policy assignment.

您可以將範本部署至管理群組、訂用帳戶或資源群組。You can deploy templates to management groups, subscriptions, or resource groups.

資源群組Resource groups

定義資源群組時,必須考慮一些重要因素:There are some important factors to consider when defining your resource group:

  • 群組中的所有資源應該共用相同的生命週期。All the resources in your group should share the same lifecycle. 您可一起部署、更新和刪除它們。You deploy, update, and delete them together. 如果類似資料庫伺服器這樣的資源必須存在於不同的部署週期,它應該位於另一個資源群組中。If one resource, such as a database server, needs to exist on a different deployment cycle it should be in another resource group.

  • 每個資源只能存在於一個資源群組中。Each resource can only exist in one resource group.

  • 您可以隨時在資源群組中新增或移除資源。You can add or remove a resource to a resource group at any time.

  • 您可以將資源從一個資源群組移動到另一個群組。You can move a resource from one resource group to another group. 如需詳細資訊,請參閱 將資源移動到新的資源群組或訂用帳戶For more information, see Move resources to new resource group or subscription.

  • 資源群組可以包含位於不同區域的資源。A resource group can contain resources that are located in different regions.

  • 資源群組可以用來設定系統管理動作的存取控制範圍。A resource group can be used to scope access control for administrative actions.

  • 資源可與其他資源群組中的資源互動。A resource can interact with resources in other resource groups. 此互動常見於兩個資源彼此連結,但未共用相同的生命週期 (例如,連接至某個資料庫的 Web 應用程式) 時。This interaction is common when the two resources are related but don't share the same lifecycle (for example, web apps connecting to a database).

建立資源群組時,您需要提供該資源群組的位置。When creating a resource group, you need to provide a location for that resource group. 您可能會想:「為什麼資源群組需要位置?You may be wondering, "Why does a resource group need a location? 而且,如果資源可以有不同於資源群組的位置,為什麼資源群組位置這麼重要?」And, if the resources can have different locations than the resource group, why does the resource group location matter at all?" 資源群組會儲存資源相關中繼資料。The resource group stores metadata about the resources. 當您指定資源群組的位置時,您便是指定中繼資料的儲存位置。When you specify a location for the resource group, you're specifying where that metadata is stored. 基於相容性理由,您可能需要確保您的資料存放在特定區域中。For compliance reasons, you may need to ensure that your data is stored in a particular region.

如果資源群組的區域暫時無法使用,您就無法更新資源群組中的資源,因為中繼資料無法使用。If the resource group's region is temporarily unavailable, you can't update resources in the resource group because the metadata is unavailable. 其他區域中的資源仍可如預期般運作,但您無法更新這些資源。The resources in other regions will still function as expected, but you can't update them. 如需如何建置可靠應用程式的詳細資訊,請參閱設計可靠的 Azure 應用程式For more information about building reliable applications, see Designing reliable Azure applications.

Azure Resource Manager 的復原Resiliency of Azure Resource Manager

Azure Resource Manager 服務專門設計來提供復原和持續可用性。The Azure Resource Manager service is designed for resiliency and continuous availability. REST API 中的 Resource Manager 和控制平面作業 (傳送給 management.azure.com 的要求):Resource Manager and control plane operations (requests sent to management.azure.com) in the REST API are:

  • 會跨區域分散。Distributed across regions. 有些服務是區域性的。Some services are regional.

  • 會在有多個可用性區域的位置中跨可用性區域 (以及區域) 分散。Distributed across Availability Zones (as well regions) in locations that have multiple Availability Zones.

  • 不依賴單一邏輯資料中心。Not dependent on a single logical data center.

  • 永遠不會停機進行維護活動。Never taken down for maintenance activities.

這項復原能力適用於透過 Resource Manager 接收要求的服務。This resiliency applies to services that receive requests through Resource Manager. 例如,Key Vault 便會受惠於這項復原能力。For example, Key Vault benefits from this resiliency.

後續步驟Next steps