Azure Resource Manager 與傳統部署:了解資源的部署模型和狀態Azure Resource Manager vs. classic deployment: Understand deployment models and the state of your resources

注意

本文中所提供的資訊,僅會在您從傳統部署遷移至 Azure Resource Manager 部署時使用。The information provided in this article is only used when you migrate from the classic deployment to the Azure Resource Manager deployment.

在本文中,您將了解 Azure Resource Manager 與傳統部署模型。In this article, you learn about Azure Resource Manager and classic deployment models. Resource Manager 和傳統部署模型代表部署和管理 Azure 解決方案的兩個不同方式。The Resource Manager and classic deployment models represent two different ways of deploying and managing your Azure solutions. 您會透過兩個不同的 API 集使用它們,而所部署的資源可能包含重要的差異。You work with them through two different API sets, and the deployed resources can contain important differences. 兩個模型彼此無法相容。The two models are not compatible with each other. 本文將說明這些差異。This article describes those differences.

為了簡化資源的部署和管理,Microsoft 建議您針對所有新資源使用 Resource Manager。To simplify the deployment and management of resources, Microsoft recommends that you use Resource Manager for all new resources. 可能的話,Microsoft 建議您透過 Resource Manager 重新部署現有的資源。If possible, Microsoft recommends that you redeploy existing resources through Resource Manager.

如果您是 Resource Manager 的新使用者,您可能想要先檢閱 Azure Resource Manager 概觀中定義的詞彙。If you are new to Resource Manager, you may want to first review the terminology defined in the Azure Resource Manager overview.

注意

本文已更新為使用新的 Azure PowerShell Az 模組。This article has been updated to use the new Azure PowerShell Az module. AzureRM 模組在至少 2020 年 12 月之前都還會持續收到錯誤 (Bug) 修正,因此您仍然可以持續使用。You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. 若要深入了解新的 Az 模組和 AzureRM 的相容性,請參閱新的 Azure PowerShell Az 模組簡介To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. 如需 Az 模組安裝指示,請參閱安裝 Azure PowerShellFor Az module installation instructions, see Install Azure PowerShell.

部署模型的歷程記錄History of the deployment models

Azure 原本指提供傳統部署模型。Azure originally provided only the classic deployment model. 在此模型中,每個資源會獨立存在;沒辦法將相關的資源群組在一起。In this model, each resource existed independently; there was no way to group related resources together. 因此,您必須手動追蹤哪些資源組成您的解決方案或應用程式,並記得要以協調的方法進行管理。Instead, you had to manually track which resources made up your solution or application, and remember to manage them in a coordinated approach. 若要部署解決方案,您必須透過入口網站個別建立每個資源,或建立會以正確的順序部署所有資源的指令碼。To deploy a solution, you had to either create each resource individually through the portal or create a script that deployed all the resources in the correct order. 若要刪除解決方案,您必須個別刪除每個資源。To delete a solution, you had to delete each resource individually. 您無法輕易套用和更新相關資源的存取控制原則。You could not easily apply and update access control policies for related resources. 最後,您無法將標記套用至資源,以可協助您監視資源和管理計費的詞彙標示資源。Finally, you could not apply tags to resources to label them with terms that help you monitor your resources and manage billing.

在 2014 年,Azure 引進了新增資源群組概念的 Resource Manager。In 2014, Azure introduced Resource Manager, which added the concept of a resource group. 資源群組是共用共同生命週期的資源容器。A resource group is a container for resources that share a common lifecycle. 「資源管理員」部署模型提供數個優點:The Resource Manager deployment model provides several benefits:

  • 您可以以群組形式部署、管理及監視方案的所有服務,而不是個別處理這些服務。You can deploy, manage, and monitor all the services for your solution as a group, rather than handling these services individually.
  • 您可以在整個生命週期中重複部署方案,並確信您的資源會以一致的狀態部署。You can repeatedly deploy your solution throughout its lifecycle and have confidence your resources are deployed in a consistent state.
  • 您可以將存取控制套用至資源群組中的所有資源,而新資源加入至資源群組時,會自動套用這些原則。You can apply access control to all resources in your resource group, and those policies are automatically applied when new resources are added to the resource group.
  • 您可以將標籤套用至資源,以便以邏輯方式組織訂用帳戶中的所有資源。You can apply tags to resources to logically organize all the resources in your subscription.
  • 您可以使用 JavaScript 物件標記法 (JSON) 來定義您的解決方案的基礎結構。You can use JavaScript Object Notation (JSON) to define the infrastructure for your solution. JSON 檔案也稱為 Resource Manager 範本。The JSON file is known as a Resource Manager template.
  • 您可以定義之間的相依性,使得以正確的順序部署資源。You can define the dependencies between resources so they are deployed in the correct order.

加入資源管理員時,所有資源會追溯地加入至預設資源群組。When Resource Manager was added, all resources were retroactively added to default resource groups. 如果您現在透過傳統部署建立資源,資源會自動在該服務的預設資源群組內建立,即使您在部署時未指定該資源群組。If you create a resource through classic deployment now, the resource is automatically created within a default resource group for that service, even though you did not specify that resource group at deployment. 不過,只是存在於資源群組內並不表示該資源已轉換成資源管理員模型。However, just existing within a resource group does not mean that the resource has been converted to the Resource Manager model.

了解模型支援Understand support for the models

以下是三個要注意的情況:There are three scenarios to be aware of:

  1. 雲端服務不支援 Resource Manager 部署模型。Cloud Services does not support Resource Manager deployment model.
  2. 虛擬機器、儲存體帳戶和虛擬網路皆可支援 Resource Manager 和傳統部署模型。Virtual machines, storage accounts, and virtual networks support both Resource Manager and classic deployment models.
  3. 所有其他 Azure 服務皆支援 Resource Manager。All other Azure services support Resource Manager.

若為虛擬機器、儲存體帳戶和虛擬網路,如果資源是透過傳統部署建立,您必須繼續透過傳統作業來運作。For virtual machines, storage accounts, and virtual networks, if the resource was created through classic deployment, you must continue to operate on it through classic operations. 如果虛擬機器、儲存體帳戶或虛擬網路是透過 Resource Manager 部署建立,您必須繼續使用 Resource Manager 作業。If the virtual machine, storage account, or virtual network was created through Resource Manager deployment, you must continue using Resource Manager operations. 當您的訂用帳戶包含透過 Resource Manager 和傳統部署建立的各種資源時,此區別可能讓您困惑。This distinction can get confusing when your subscription contains a mix of resources created through Resource Manager and classic deployment. 此資源的組合可能建立非預期的結果,因為資源不支援相同的作業。This combination of resources can create unexpected results because the resources do not support the same operations.

在某些情況下,Resource Manager 命令可以擷取透過傳統部署建立之資源的相關資訊,或可以執行系統管理工作 (例如將傳統資源移至另一個資源群組)。In some cases, a Resource Manager command can retrieve information about a resource created through classic deployment, or can perform an administrative task such as moving a classic resource to another resource group. 但這些情況下,不應讓您認為該類型支援 Resource Manager 作業。But, these cases should not give the impression that the type supports Resource Manager operations. 例如,假設您的資源群組包含使用傳統部署所建立的虛擬機器。For example, suppose you have a resource group that contains a virtual machine that was created with classic deployment. 若您執行下列 Resource Manager PowerShell 命令:If you run the following Resource Manager PowerShell command:

Get-AzResource -ResourceGroupName ExampleGroup -ResourceType Microsoft.ClassicCompute/virtualMachines

它會傳回虛擬機器:It returns the virtual machine:

Name              : ExampleClassicVM
ResourceId        : /subscriptions/{guid}/resourceGroups/ExampleGroup/providers/Microsoft.ClassicCompute/virtualMachines/ExampleClassicVM
ResourceName      : ExampleClassicVM
ResourceType      : Microsoft.ClassicCompute/virtualMachines
ResourceGroupName : ExampleGroup
Location          : westus
SubscriptionId    : {guid}

不過,Resource Manager Cmdlet Get-AzVM 只會傳回透過 Resource Manager 部署的虛擬機器。However, the Resource Manager cmdlet Get-AzVM only returns virtual machines deployed through Resource Manager. 下列命令不會傳回透過傳統部署所建立的虛擬機器。The following command does not return the virtual machine created through classic deployment.

Get-AzVM -ResourceGroupName ExampleGroup

只有透過資源管理員建立的資源支援標記。Only resources created through Resource Manager support tags. 您無法將標籤套用到傳統資源。You cannot apply tags to classic resources.

計算、網路和儲存體的變更Changes for compute, network, and storage

下圖顯示部署透過 Resource Manager 的計算、網路和儲存體資源。The following diagram displays compute, network, and storage resources deployed through Resource Manager.

Resource Manager 架構

請注意資源之間的下列關聯性:Note the following relationships between the resources:

  • 資源群組內存在的所有資源。All the resources exist within a resource group.
  • 虛擬機器取決於定義於儲存體資源提供者的特定儲存體帳戶,以將其磁碟儲存於 Blob 儲存體中。The virtual machine depends on a specific storage account defined in the Storage resource provider to store its disks in blob storage (required).
  • 虛擬機器會參考定義於網路資源提供者的特定 NIC (必要),以及定義於計算資源提供者的可用性設定組 (選擇性)。The virtual machine references a specific NIC defined in the Network resource provider (required) and an availability set defined in the Compute resource provider (optional).
  • NIC 會參考虛擬機器指派的 IP 位址 (必要)、虛擬機器之虛擬網路的子網路 (必要),以及網路安全性群組 (選擇性)。The NIC references the virtual machine's assigned IP address (required), the subnet of the virtual network for the virtual machine (required), and to a Network Security Group (optional).
  • 虛擬網路內的子網路會參考網路安全性群組 (選擇性)。The subnet within a virtual network references a Network Security Group (optional).
  • 負載平衡器執行個體會參考 IP 位址的後端集區,其中包含虛擬機器的 NIC (選擇性),以及參考負載平衡器的公用或私人 IP 位址 (選擇性)。The load balancer instance references the backend pool of IP addresses that include the NIC of a virtual machine (optional) and references a load balancer public or private IP address (optional).

以下是傳統部署的元件及其關聯性:Here are the components and their relationships for classic deployment:

傳統架構

裝載虛擬機器的傳統解決方案包括:The classic solution for hosting a virtual machine includes:

  • 用來做為裝載虛擬機器 (計算) 之容器所需的雲端服務。A required cloud service that acts as a container for hosting virtual machines (compute). 虛擬機器是利用網路介面卡 (NIC) 和 Azure 所指派的 IP 位址自動提供。Virtual machines are automatically provided with a network interface card (NIC) and an IP address assigned by Azure. 此外,雲端服務包含外部負載平衡器執行個體、共用 IP 位址及預設端點,以允許 Windows 架構虛擬機器的遠端桌面與遠端 PowerShell 流量,以及 Linux 架構虛擬機器的安全殼層 (SSH) 流量。Additionally, the cloud service contains an external load balancer instance, a public IP address, and default endpoints to allow remote desktop and remote PowerShell traffic for Windows-based virtual machines and Secure Shell (SSH) traffic for Linux-based virtual machines.
  • 儲存虛擬機器之 VHD 所需的儲存體帳戶,包括作業系統、暫存磁碟及其他資料磁碟 (儲存體)。A required storage account that stores the VHDs for a virtual machine, including the operating system, temporary, and additional data disks (storage).
  • 可用來做為額外容器的選擇性虛擬網路,您可以在其中建立子網路的結構,並指定虛擬機器所在的子網路 (網路)。An optional virtual network that acts as an additional container, in which you can create a subnetted structure and designate the subnet on which the virtual machine is located (network).

下表描述計算、網路和儲存體資源提供者互動方式的變更:The following table describes changes in how Compute, Network, and Storage resource providers interact:

ItemItem 傳統Classic Resource ManagerResource Manager
虛擬機器的雲端服務Cloud Service for Virtual Machines 雲端服務是一種容器,專門保管那些要求平台和負載平衡可用性的虛擬機器。Cloud Service was a container for holding the virtual machines that required Availability from the platform and Load Balancing. 使用新模型建立虛擬機器時,雲端服務已經不是必要的物件了。Cloud Service is no longer an object required for creating a Virtual Machine using the new model.
虛擬網路Virtual Networks 虛擬網路是虛擬機器的選用項目。A virtual network is optional for the virtual machine. 如果包含,即無法使用 Resource Manager 部署虛擬網路。If included, the virtual network cannot be deployed with Resource Manager. 虛擬機器需要已使用 Resource Manager 部署的虛擬網路。Virtual machine requires a virtual network that has been deployed with Resource Manager.
儲存體帳戶Storage Accounts 虛擬機器需要能儲存作業系統的 VHD、暫存磁碟及其他資料磁碟的儲存體帳戶。The virtual machine requires a storage account that stores the VHDs for the operating system, temporary, and additional data disks. 虛擬機器需要儲存體帳戶,才能將其磁碟儲存在 Blob 儲存體。The virtual machine requires a storage account to store its disks in blob storage.
可用性設定組 (Availability Sets)Availability Sets 在虛擬機器上設定相同的 "AvailabilitySetName" 之後,即表示平台的可用性。Availability to the platform was indicated by configuring the same “AvailabilitySetName” on the Virtual Machines. 容錯網域的最大個數為 2。The maximum count of fault domains was 2. 「可用性設定組」是 Microsoft.Compute 提供者公開的資源。Availability Set is a resource exposed by Microsoft.Compute Provider. 需要高可用性的虛擬機器必須包含在「可用性設定組」中。Virtual Machines that require high availability must be included in the Availability Set. 容錯網域的最大個數現在是 3。The maximum count of fault domains is now 3.
同質群組Affinity Groups 建立虛擬網路時需要同質群組。Affinity Groups were required for creating Virtual Networks. 不過,隨著區域虛擬網路引進,就再也不需要了。However, with the introduction of Regional Virtual Networks, that was not required anymore. 簡而言之,透過 Azure Resource Manager 而公開的 API,其實不存在同質群組這種概念。To simplify, the Affinity Groups concept doesn’t exist in the APIs exposed through Azure Resource Manager.
負載平衡Load Balancing 雲端服務的建立,為部署的虛擬機器提供隱含的負載平衡器。Creation of a Cloud Service provides an implicit load balancer for the Virtual Machines deployed. 負載平衡器是 Microsoft.Network 提供者所公開的資源。The Load Balancer is a resource exposed by the Microsoft.Network provider. 虛擬機器如果需要平衡負載,其主要網路介面應該參考負載平衡器。The primary network interface of the Virtual Machines that needs to be load balanced should be referencing the load balancer. 負載平衡器可以放在內部或外部。Load Balancers can be internal or external. 負載平衡器執行個體會參考 IP 位址的後端集區,其中包含虛擬機器的 NIC (選擇性),以及參考負載平衡器的公用或私人 IP 位址 (選擇性)。A load balancer instance references the backend pool of IP addresses that include the NIC of a virtual machine (optional) and references a load balancer public or private IP address (optional).
虛擬 IP 位址Virtual IP Address 將虛擬機器新增到雲端服務後,雲端服務會得到預設的 VIP (虛擬 IP 位址)。Cloud Services gets a default VIP (Virtual IP Address) when a VM is added to a cloud service. 虛擬 IP 位址是隱含性負載平衡器的相關位址。The Virtual IP Address is the address associated with the implicit load balancer. 公用 IP 位址是 Microsoft.Network 提供者所公開的資源。Public IP address is a resource exposed by the Microsoft.Network provider. 公用 IP 位址可以是靜態 (保留) 或動態。Public IP address can be static (reserved) or dynamic. 動態公用 IP 可以指派至負載平衡器。Dynamic public IPs can be assigned to a Load Balancer. 使用安全性群組可以保護公用 IP。Public IPs can be secured using Security Groups.
保留 IP 位址Reserved IP Address 您可以將 IP 位址保留在 Azure 中,然後與雲端服務建立關聯,確保 IP 位址不會變動。You can reserve an IP Address in Azure and associate it with a Cloud Service to ensure that the IP Address is sticky. 您可以在靜態模式中建立公用 IP 位址,然後它就具有與保留 IP 位址一樣的功能。Public IP Address can be created in static mode and it offers the same capability as a reserved IP address.
每一個 VM 的公用 IP 位址 (PIP)Public IP Address (PIP) per VM 公用 IP 位址也可以直接與 VM 建立關聯。Public IP Addresses can also be associated to a VM directly. 公用 IP 位址是 Microsoft.Network 提供者所公開的資源。Public IP address is a resource exposed by the Microsoft.Network provider. 公用 IP 位址可以是靜態 (保留) 或動態。Public IP Address can be static (reserved) or dynamic.
端點Endpoints 輸入端點需要在開放特定連接埠連線的虛擬機器上設定。Input Endpoints needed to be configured on a Virtual Machine to be open up connectivity for certain ports. 設定輸入端點之後,就能完成幾個常見的虛擬機器連線模式之一。One of the common modes of connecting to virtual machines done by setting up input endpoints. 您可以在負載平衡器上設定「傳入 NAT 規則」,以達到啟用特定連接埠上的端點以連線至 VM 的相同功能。Inbound NAT Rules can be configured on Load Balancers to achieve the same capability of enabling endpoints on specific ports for connecting to the VMs.
DNS 名稱DNS Name 雲端服務會取得隱含的全域唯一 DNS 名稱。A cloud service would get an implicit globally unique DNS Name. 例如: mycoffeeshop.cloudapp.netFor example: mycoffeeshop.cloudapp.net. DNS 名稱是可以在公用 IP 位址資源上指定的選用參數。DNS Names are optional parameters that can be specified on a Public IP Address resource. FQDN 的格式如下 - <domainlabel>.<region>.cloudapp.azure.comThe FQDN is in the following format - <domainlabel>.<region>.cloudapp.azure.com.
網路介面Network Interfaces 主要和次要網路介面與其屬性會定義為虛擬機器的網路組態。Primary and Secondary Network Interface and its properties were defined as network configuration of a Virtual machine. 網路介面是 Microsoft.Network 提供者所公開的資源。Network Interface is a resource exposed by Microsoft.Network Provider. 網路介面的生命週期與虛擬機器無關。The lifecycle of the Network Interface is not tied to a Virtual Machine. 它會參考虛擬機器指派的 IP 位址 (必要)、虛擬機器之虛擬網路的子網路 (必要),以及網路安全性群組 (選擇性)。It references the virtual machine's assigned IP address (required), the subnet of the virtual network for the virtual machine (required), and to a Network Security Group (optional).

若要了解從不同部署模型連接虛擬網路,請參閱在入口網站中從不同部署模型連接虛擬網路To learn about connecting virtual networks from different deployment models, see Connect virtual networks from different deployment models in the portal.

從傳統移轉至 Resource ManagerMigrate from classic to Resource Manager

如果您準備好將資源從傳統部署移轉至 Resource Manager 部署,請參閱:If you are ready to migrate your resources from classic deployment to Resource Manager deployment, see:

  1. 平台支援的從傳統移轉至 Azure Resource Manager 的技術深入探討Technical deep dive on platform-supported migration from classic to Azure Resource Manager
  2. 支援將 IaaS 資源從傳統移轉至 Azure Resource Manager 的平台Platform supported migration of IaaS resources from Classic to Azure Resource Manager
  3. 使用 Azure PowerShell 將 IaaS 資源從傳統移轉至 Azure Resource ManagerMigrate IaaS resources from classic to Azure Resource Manager by using Azure PowerShell
  4. 使用 Azure CLI 將 IaaS 資源從傳統移轉至 Azure Resource ManagerMigrate IaaS resources from classic to Azure Resource Manager by using Azure CLI

常見問題集Frequently asked questions

我可以使用 Resource Manager 來建立虛擬機器,以在使用傳統部署所建立的虛擬網路中進行部署嗎?Can I create a virtual machine using Resource Manager to deploy in a virtual network created using classic deployment?

不支援這樣的設定。This configuration is not supported. 您無法使用 Resource Manager 來將虛擬機器部署到使用傳統部署建立的虛擬網路。You cannot use Resource Manager to deploy a virtual machine into a virtual network that was created using classic deployment.

我可以使用 Resource Manager 透過使用傳統部署建立的使用者映像,來建立虛擬機器嗎?Can I create a virtual machine using Resource Manager from a user image that was created using the classic deployment model?

不支援這樣的設定。This configuration is not supported. 不過,您可以複製使用傳統部署所建立之儲存體帳戶中的 VHD 檔案,並將檔案複製到透過 Resource Manager 建立的新帳戶。However, you can copy the VHD files from a storage account that was created using the classic deployment model, and add them to a new account created through Resource Manager.

對訂閱的配額有何影響?What is the impact on the quota for my subscription?

虛擬機器、虛擬網路和透過新 Azure Resource Manager API 建立的儲存體帳戶的配額,與其他配額是分開的。The quotas for the virtual machines, virtual networks, and storage accounts created through the Azure Resource Manager are separate from other quotas. 每個訂用帳戶會得到配額,然後就可以使用新的 API 建立資源。Each subscription gets quotas to create the resources using the new APIs. 如需其他配額的詳細資訊,請參閱 這裡You can read more about the additional quotas here.

我可以透過 Resource Manager API,繼續使用自動指令碼佈建虛擬機器、虛擬網路、儲存體帳戶嗎?Can I continue to use my automated scripts for provisioning virtual machines, virtual networks, and storage accounts through the Resource Manager APIs?

所有您建立的自動化和指令碼,仍然適用於 Azure 服務管理模式下建立的現有虛擬機器和虛擬網路。All the automation and scripts that you've built continue to work for the existing virtual machines, virtual networks created under the Azure Service Management mode. 不過,您必須更新指令碼,才能使用新的結構描述並透過 Resource Manager 模式建立相同的資源。However, the scripts have to be updated to use the new schema for creating the same resources through the Resource Manager mode.

哪裡可以找到 Azure Resource Manager 範本的範例?Where can I find examples of Azure Resource Manager templates?

一組完整的入門範本可在 Azure Resource Manager 快速入門範本中找到。A comprehensive set of starter templates can be found on Azure Resource Manager Quickstart Templates.

後續步驟Next steps