雲端治理指南Cloud governance guides

本節中可採取動作的治理指南,根據先前描述的治理方法,說明了雲端採用架構治理模型的漸進式方法。The actionable governance guides in this section illustrate the incremental approach of the Cloud Adoption Framework governance model, based on the Govern methodology previously described. 您可以建立一個敏捷式雲端治理方法,以滿足任何雲端治理案例的需求。You can establish an agile approach to cloud governance that will grow to meet the needs of any cloud governance scenario.

檢閱並採用雲端治理最佳作法Review and adopt cloud governance best practices

若要開始進行雲端採用旅程,請選擇下列其中一個治理指南。To begin your cloud adoption journey, choose one of the following governance guides. 每個指南分別根據一組的虛構客戶體驗,概述了一系列最佳做法。Each guide outlines a set of best practices, based on a set of fictional customer experiences. 讀者若不熟悉雲端採用架構治理模型的漸進式方法,請先檢閱以下高階治理理論簡介,然後再採用其中一組最佳做法。For readers who are new to the incremental approach of the Cloud Adoption Framework governance model, review the high-level introduction to governance theory below before adopting either set of best practices.

  • 標準治理指南:此指南適用於使用建議的兩個訂用帳戶模型的大部分組織,設計訴求為在多個區域中部署,但不橫跨公用和主權/政府雲端。Standard governance guide: A guide for most organizations based on the recommended two-subscription model, designed for deployments in multiple regions but not spanning public and sovereign/government clouds.

雲端治理的漸進式方法An incremental approach to cloud governance

選擇治理指南Choose a governance guide

此指南示範如何實作治理 MVP。The guides demonstrate how to implement a governance MVP. 從該處開始,每個指南都顯示了雲端治理小組如何與雲端採用小組合作,為其完成前置作業,以加速進行採用工作。From there, each guide shows how the cloud governance team can work ahead of the cloud adoption teams as a partner to accelerate adoption efforts. 從基礎到後續改良和演進,雲端採用架構治理模型都會引導治理的應用。The Cloud Adoption Framework governance model guides the application of governance from foundation through subsequent improvements and evolutions.

若要開始治理旅程,請選擇下列兩個選項其中之一。To begin a governance journey, choose one of the two options below. 這些選項是依據綜合的客戶體驗。The options are based on synthesized customer experiences. 標題會依據企業複雜度制定,以便於瀏覽。The titles are based on the complexity of the enterprise for ease of navigation. 您的決策可能更為複雜。Your decision may be more complex. 下表概述了這兩個選項之間的差異。The following tables outline the differences between the two options.


您可能需要更強固的治理起點。A more robust governance starting point may be required. 在這類情況下,請考慮使用 CAF 企業級登陸區域In such cases, consider the CAF enterprise-scale landing zone. 此方法著重於具有以下中期目標 (24 個月內) 的採用小組:在雲端裝載 1000 個以上的資產 (基礎結構、應用程式或資料)。This approach focuses on adoption teams who have a mid-term objective (within 24 months) to host more than 1,000 assets (infrastructure, apps, or data) in the cloud. 對於較大型的雲端採用工作而言,CAF 企業級登陸區域是複雜治理案例的典型選擇。The CAF enterprise-scale landing zone is the typical choice for complex governance scenarios in large cloud adoption efforts.


每個指南都不太可能完全符合您的狀況。It's unlikely that either guide aligns entirely with your situation. 請選擇最接近您的狀況的指南,並用它當作起點。Choose whichever guide is closest and use it as a starting point. 在整個指南中,會提供額外資訊來協助您自訂決策,以符合特定準則。Throughout the guide, additional information is provided to help you customize decisions to meet specific criteria.

商務特性Business characteristics

特性Characteristic 標準組織Standard organization 複雜企業Complex enterprise
地理位置 (國家或地緣政治區域)Geography (country or geopolitical region) 客戶或員工主要位於一個地理位置Customers or staff reside largely in one geography 客戶或員工位於多個地理位置或需要主權雲端。Customers or staff reside in multiple geographies or require sovereign clouds.
受影響的營業單位Business units affected 共用一般 IT 基礎結構的業務單位Business units that share a common IT infrastructure 未共用一般 IT 基礎結構的業務單位。Multiple business units that do not share a common IT infrastructure.
IT 預算IT budget 單一 IT 預算Single IT budget 以不同的貨幣在多個營業單位間分配預算。Budget allocated across business units and currencies.
IT 投資IT investments 資本支出導向的投資是每年計劃一次,而且通常僅涵蓋基本維護。Capital expense-driven investments are planned yearly and usually cover only basic maintenance. 資本支出導向的投資是每年計劃一次,而且通常包含三到五年的維護和更新週期。Capital expense-driven investments are planned yearly and often include maintenance and a refresh cycle of three to five years.

採用雲端治理之前的目前狀態Current state before adopting cloud governance

StateState 標準企業Standard enterprise 複雜企業Complex enterprise
資料中心或協力廠商主機服務提供者Datacenter or third-party hosting providers 少於五個資料中心Fewer than five datacenters 超過五個資料中心More than five datacenters
網路功能Networking 無 WAN,或是 1 – 2 個 WAN 提供者No WAN, or 1 – 2 WAN providers 複雜網路或全域 WANComplex network or global WAN
身分識別Identity 單一樹系、單一網域。Single forest, single domain. 複雜、多個樹系、多個網域。Complex, multiple forests, multiple domains.

雲端治理累加式改進後所需的未來狀態Desired future state after incremental improvement of cloud governance

StateState 標準組織Standard organization 複雜企業Complex enterprise
成本管理:雲端帳戶處理Cost Management: cloud accounting 回報模型。Showback model. 透過 IT 集中計費。Billing is centralized through IT. 退款模型。Chargeback model. 可透過 IT 採購來散發計費。Billing could be distributed through IT procurement.
安全性基準:受保護的資料Security Baseline: protected data 公司財務資料和 IP。Company financial data and IP. 有限的客戶資料。Limited customer data. 沒有協力廠商合規性需求。No third-party compliance requirements. 客戶的財務和個人資料有多個集合。Multiple collections of customers' financial and personal data. 可能必須考慮協力廠商合規性。Might need to consider third-party compliance.

CAF 企業級登陸區域CAF enterprise-scale landing zone

CAF 企業級登陸區域能充分發揮 Azure 雲端平台的功能,同時還能遵循企業的安全性與治理需求。CAF enterprise-scale landing zone is an approach to making the most of the Azure cloud platform's capabilities while respecting an enterprise's security and governance requirements.

相較於傳統內部部署環境,Azure 可讓工作負載開發團隊和其業務贊助者善用雲端平台所提供的更佳部署靈活度。Compared to traditional on-premises environments, Azure allows workload development teams and their business sponsors to take advantage of the increased deployment agility that cloud platforms offer. 當雲端採用工作擴大而要納入關鍵任務資料和工作負載時,此靈活度可能會與 IT 小組所建立的公司安全性和原則合規性需求衝突。As your cloud adoption efforts expand to include mission-critical data and workloads, this agility may conflict with corporate security and policy compliance requirements established by your IT teams. 已有複雜治理和法規需求的大型企業尤其會如此。This is especially true for large enterprises that have existing sophisticated governance and regulatory requirements.

CAF 企業級登陸區域架構的目的在於經由架構、實作和指引來處理採用生命週期早期的這些疑慮,協助在企業雲端採用期間達到雲端採用小組需求與中央 IT 小組需求之間的平衡。The CAF enterprise-scale landing zone architecture aims to address these concerns earlier in the adoption lifecycle by architectures, implementations, and guidance to help achieve a balance between cloud adoption team requirements and central IT team requirements during enterprise cloud adoption efforts. 這種方法的核心是共用服務架構和妥善管理登陸區域的概念。Central to this approach is the concept of a shared service architecture and well-managed landing zones.

CAF 企業級登陸區域會在 Azure 平台內部署您自己的「孤立雲端」,整合管理程序、法規需求和治理原則所需的安全性程序。CAF enterprise-scale landing zone deploys your own "isolated cloud" within the Azure platform, integrating management processes, regulatory requirements, and security processes required by your governance policies. 在此虛擬邊界內,CAF 企業級登陸區域會在確保一致合規性的同時,提供用於部署工作負載的模型範例,並提供基本指引來讓您了解如何在雲端中為組織實作角色和職責的隔離。Within this virtual boundary, CAF enterprise-scale landing zone offers example models for deploying workloads while ensuring consistent compliance and provides basic guidance on implementing an organization's separation of roles and responsibilities in the cloud.

CAF 企業級登陸區域規格CAF enterprise-scale landing zone qualifications

雖然較小型的小組可受益於 CAF 企業級登陸區域所提供的架構和建議。Although smaller teams may benefit from the architecture and recommendations the CAF enterprise-scale landing zone provides. 但我們的目標是要持續簡化 CAF 企業級登陸區域實作,使其更方便較小型的小組進行實作。Our objective is to continue to streamline the CAF enterprise-scale landing zone implementations to make them more friendly for smaller teams. 此方法目前的設計訴求是要引導中央 IT 小組管理大型雲端環境。Currently, this approach is designed to guide central IT teams managing large cloud environments.

CAF 企業級登陸區域方法著重於具有以下中期目標 (24 個月內) 的採用小組:在雲端 裝載 1000 個以上的資產 (應用程式、基礎結構或資料資產)The CAF enterprise-scale landing zone approach focuses on adoption teams who have a mid-term objective (within 24 months) to host more than 1,000 assets (applications, infrastructure, or data assets) in the cloud.

對於符合下列準則的組織,您也可以開始使用 CAF 企業級登陸區域For organizations that meet the following criteria, you may also want to start with the CAF enterprise-scale landing zone:

  • 貴企業受到法規合規性需求規範,而需要集中的監視和稽核功能。Your enterprise is subject to regulatory compliance requirements that require centralized monitoring and audit capabilities.
  • 您需要維護一般原則和治理合規性,以及對核心服務的集中式 IT 控制。You need to maintain common policy and governance compliance and centralized IT control over core services.
  • 您的行業依賴復雜的平台,需要復雜的控制項和深入網域的專業知識來管理平台。Your industry depends on a complex platform that requires complex controls and deep domain expertise to govern the platform. 這在金融、製造業、石油和天然氣的大型企業中最為常見。This is most common in large enterprises within finance, manufacturing, and oil and gas.
  • 現有的 IT 治理原則需要與現有功能更加緊密地保持對應,即使在早期階段採用期間也是如此。Your existing IT governance policies require tighter parity with existing features, even during early stage adoption.

後續步驟Next steps

請選擇其中一個指南:Choose one of these guides: