核心 Azure 儲存體服務簡介Introduction to the core Azure Storage services

Azure 儲存體平臺是適用于新式資料儲存案例的 Microsoft 雲端儲存體解決方案。The Azure Storage platform is Microsoft's cloud storage solution for modern data storage scenarios. 核心儲存體服務提供可高度調整的資料物件存放區、適用于 Azure 虛擬機器的磁片儲存體 (Vm) 、適用于雲端的檔案系統服務、可靠訊息的訊息存放區,以及 NoSQL 存放區。Core storage services offer a massively scalable object store for data objects, disk storage for Azure virtual machines (VMs), a file system service for the cloud, a messaging store for reliable messaging, and a NoSQL store. 這些服務包括:The services are:

  • 持久與高可用性。Durable and highly available. 備援功能可在發生暫時性硬體失敗時,確保您的資料安全無虞。Redundancy ensures that your data is safe in the event of transient hardware failures. 您也可以選擇在資料中心或地理區域間複寫資料,以便在發生地方性災難或天然災害時獲得額外保護。You can also opt to replicate data across datacenters or geographical regions for additional protection from local catastrophe or natural disaster. 以此方式複寫資料,可在發生未預期的中斷事件時保持高可用性。Data replicated in this way remains highly available in the event of an unexpected outage.
  • 安全。Secure. 所有寫入 Azure 儲存體帳戶的資料都會由服務加密。All data written to an Azure storage account is encrypted by the service. Azure 儲存體在存取您資料的人員控管上,提供更細微的控制。Azure Storage provides you with fine-grained control over who has access to your data.
  • 可 伸縮。Scalable. Azure 儲存體設計為可大幅調整,以符合現今應用程式的資料儲存和效能需求。Azure Storage is designed to be massively scalable to meet the data storage and performance needs of today's applications.
  • 管理。Managed. Azure 會為您處理硬體維護、更新和重大問題。Azure handles hardware maintenance, updates, and critical issues for you.
  • 可存取。Accessible. 您可以從世界各地透過 HTTP 或 HTTPS 存取 Azure 儲存體中的資料。Data in Azure Storage is accessible from anywhere in the world over HTTP or HTTPS. Microsoft 提供以各種語言 Azure 儲存體的用戶端程式庫,包括 .NET、JAVA、Node.js、Python、PHP、Ruby、Go 和其他語言,以及成熟的 REST API。Microsoft provides client libraries for Azure Storage in a variety of languages, including .NET, Java, Node.js, Python, PHP, Ruby, Go, and others, as well as a mature REST API. Azure 儲存體支援在 Azure PowerShell 或 Azure CLI 中使用指令碼。Azure Storage supports scripting in Azure PowerShell or Azure CLI. 而且在使用資料方面,Azure 入口網站和 Azure 儲存體總管提供簡易的視覺式解決方案。And the Azure portal and Azure Storage Explorer offer easy visual solutions for working with your data.

核心儲存體服務Core storage services

Azure 儲存體平臺包含下列資料服務:The Azure Storage platform includes the following data services:

  • Azure Blob:適用於文字和二進位資料且可大幅調整的物件存放區。Azure Blobs: A massively scalable object store for text and binary data. 也包含透過 Data Lake Storage Gen2 的大型資料分析支援。Also includes support for big data analytics through Data Lake Storage Gen2.
  • Azure 檔案儲存體:適用于雲端或內部部署的受控檔案共用。Azure Files: Managed file shares for cloud or on-premises deployments.
  • Azure 佇列:可在應用程式元件之間可靠傳訊的訊息存放區。Azure Queues: A messaging store for reliable messaging between application components.
  • Azure 資料表:以無結構描述方式儲存結構化資料的 NoSQL 存放區。Azure Tables: A NoSQL store for schemaless storage of structured data.
  • Azure 磁片:適用于 azure vm 的區塊層級儲存體磁片區。Azure Disks: Block-level storage volumes for Azure VMs.

每個服務都會透過儲存體帳戶存取。Each service is accessed through a storage account. 若要開始使用,請參閱建立儲存體帳戶To get started, see Create a storage account.

範例案例Example scenarios

下表比較檔案、Blob、磁片、佇列和資料表,並顯示每個檔案、Blob、磁片、佇列和資料表的範例案例。The following table compares Files, Blobs, Disks, Queues, and Tables, and shows example scenarios for each.

功能Feature 描述Description 使用時機When to use
Azure 檔案Azure Files 提供完全受控的雲端檔案共用,您可以從任何地方透過業界標準伺服器訊息區 (SMB) 通訊協定來存取。Offers fully managed cloud file shares that you can access from anywhere via the industry standard Server Message Block (SMB) protocol.

您可以從 Windows、Linux 和 macOS 的雲端或內部部署環境掛接 Azure 檔案共用。You can mount Azure file shares from cloud or on-premises deployments of Windows, Linux, and macOS.
您想要將應用程式「隨即轉移」至已使用原生檔案系統 Api 的雲端,以在其和在 Azure 中執行的其他應用程式之間共用資料。You want to "lift and shift" an application to the cloud that already uses the native file system APIs to share data between it and other applications running in Azure.

您想要取代或補充內部部署檔案伺服器或 NAS 裝置。You want to replace or supplement on-premises file servers or NAS devices.

您想要儲存需要從許多虛擬機器存取的開發和偵錯工具。You want to store development and debugging tools that need to be accessed from many virtual machines.
Azure BlobAzure Blobs 允許在區塊 blob 中大規模地儲存和存取非結構化資料。Allows unstructured data to be stored and accessed at a massive scale in block blobs.

也支援將 Azure Data Lake Storage Gen2 用於企業巨量資料分析解決方案。Also supports Azure Data Lake Storage Gen2 for enterprise big data analytics solutions.
您想要應用程式支援串流及隨機存取案例。You want your application to support streaming and random access scenarios.

您想要能夠從任何位置存取應用程式資料。You want to be able to access application data from anywhere.

您想要在 Azure 上建置企業 Data Lake,並執行巨量資料分析。You want to build an enterprise data lake on Azure and perform big data analytics.
Azure 磁碟Azure Disks 允許從連接的虛擬硬碟持續儲存和存取資料。Allows data to be persistently stored and accessed from an attached virtual hard disk. 您想要「隨即轉移」使用原生檔案系統 Api 的應用程式,以讀取和寫入持續性磁片的資料。You want to "lift and shift" applications that use native file system APIs to read and write data to persistent disks.

您想要儲存不需要從連結磁碟的虛擬機器之外存取的資料。You want to store data that is not required to be accessed from outside the virtual machine to which the disk is attached.
Azure 佇列Azure Queues 允許應用程式元件之間的非同步訊息佇列。Allows for asynchronous message queueing between application components. 您想要分離應用程式元件,並使用非同步訊息在兩者之間進行通訊。You want to decouple application components and use asynchronous messaging to communicate between them.

如需有關何時使用佇列儲存體與服務匯流排佇列的指引,請參閱 儲存體佇列和服務匯流排佇列-比較和對比For guidance around when to use Queue storage versus Service Bus queues, see Storage queues and Service Bus queues - compared and contrasted.
Azure 資料表Azure Tables 可讓您將結構化的 NoSQL 資料儲存在雲端,並提供具有無架構設計的索引鍵/屬性存放區。Allow you to store structured NoSQL data in the cloud, providing a key/attribute store with a schemaless design. 您想要儲存具彈性的資料集,例如 web 應用程式的使用者資料、通訊錄、裝置資訊,或服務所需的其他元資料類型。You want to store flexible datasets like user data for web applications, address books, device information, or other types of metadata your service requires.

如需有關何時使用資料表儲存體和 Azure Cosmos DB 資料表 API 的指引,請參閱 使用 Azure Cosmos DB 資料表 API 和 Azure 資料表儲存體進行開發For guidance around when to use Table storage versus the Azure Cosmos DB Table API, see Developing with Azure Cosmos DB Table API and Azure Table storage.

Blob 儲存體Blob storage

Azure Blob 儲存體是 Microsoft 針對雲端推出的物件儲存體解決方案。Azure Blob storage is Microsoft's object storage solution for the cloud. Blob 儲存體已針對儲存大量非結構化物件資料 (例如文字或二進位資料) 最佳化。Blob storage is optimized for storing massive amounts of unstructured data, such as text or binary data.

Blob 儲存體是適合用於:Blob storage is ideal for:

  • 直接提供映像或文件給瀏覽器。Serving images or documents directly to a browser.
  • 儲存檔案供分散式存取。Storing files for distributed access.
  • 串流影片和音訊。Streaming video and audio.
  • 儲存備份和還原、災害復原和封存資料。Storing data for backup and restore, disaster recovery, and archiving.
  • 儲存資料供內部部署或 Azure 裝載服務進行分析。Storing data for analysis by an on-premises or Azure-hosted service.

使用者可從世界各地透過 HTTP 或 HTTPS 存取 Blob 儲存體中的物件。Objects in Blob storage can be accessed from anywhere in the world via HTTP or HTTPS. 使用者或用戶端應用程式可以透過 URL、Azure 儲存體 REST APIAzure PowerShellAzure CLI 或 Azure 儲存體用戶端程式庫存取 Blob。Users or client applications can access blobs via URLs, the Azure Storage REST API, Azure PowerShell, Azure CLI, or an Azure Storage client library. 儲存體用戶端程式庫提供多種語言,包括 .NETJavaNode.jsPythonPHPRubyThe storage client libraries are available for multiple languages, including .NET, Java, Node.js, Python, PHP, and Ruby.

如需有關 Blob 儲存體的詳細資訊,請參閱 Blob 儲存體簡介For more information about Blob storage, see Introduction to Blob storage.

Azure 檔案Azure Files

Azure 檔案儲存體 可讓您設定高可用性網路檔案共用,其可使用標準伺服器訊息區 (SMB) 通訊協定來存取。Azure Files enables you to set up highly available network file shares that can be accessed by using the standard Server Message Block (SMB) protocol. 這表示多個 VM 可以透過讀取和寫入權限共用相同的檔案。That means that multiple VMs can share the same files with both read and write access. 您也可以使用 REST 介面或儲存體用戶端程式庫來讀取檔案。You can also read the files using the REST interface or the storage client libraries.

區分 Azure 檔案服務與公司檔案共用上的檔案的方法之一,就是您可以使用指向檔案並包含共用存取簽章 (SAS) 權杖的 URL,從世界各地存取檔案。One thing that distinguishes Azure Files from files on a corporate file share is that you can access the files from anywhere in the world using a URL that points to the file and includes a shared access signature (SAS) token. 您可以產生 SAS 權杖;SAS 權杖可允許特定一段時間內私人資產的特定存取。You can generate SAS tokens; they allow specific access to a private asset for a specific amount of time.

檔案共用可以用於許多常見案例:File shares can be used for many common scenarios:

  • 許多內部部署應用程式會使用檔案共用。Many on-premises applications use file shares. 這項功能可讓您更輕鬆地將共用資料的應用程式移轉至 Azure。This feature makes it easier to migrate those applications that share data to Azure. 如果您將檔案共用掛接至內部部署應用程式使用的相同磁碟機代號,則存取檔案共用的應用程式部分應會在變動最小 (如果有的話) 的情況下運作。If you mount the file share to the same drive letter that the on-premises application uses, the part of your application that accesses the file share should work with minimal, if any, changes.

  • 組態檔可以儲存在檔案共用上並從多個 VM 進行存取。Configuration files can be stored on a file share and accessed from multiple VMs. 由群組中多個開發人員所用的工具和公用程式可以儲存於檔案共用,確保所有人都可以找到它們並使用相同的版本。Tools and utilities used by multiple developers in a group can be stored on a file share, ensuring that everybody can find them, and that they use the same version.

  • 資源記錄、計量和損毀傾印只是三個數據範例,可寫入檔案共用並在稍後處理或分析。Resource logs, metrics, and crash dumps are just three examples of data that can be written to a file share and processed or analyzed later.

如需 Azure 檔案服務的詳細資訊,請參閱 Azure 檔案服務簡介For more information about Azure Files, see Introduction to Azure Files.

某些 SMB 功能並不適用於雲端。Some SMB features are not applicable to the cloud. 如需詳細資訊,請參閱 Azure 檔案服務不支援的功能For more information, see Features not supported by the Azure File service.

佇列儲存體Queue storage

Azure 佇列服務用來儲存及擷取訊息。The Azure Queue service is used to store and retrieve messages. 佇列訊息的大小上限為 64 KB,而一個佇列可以包含數百萬則訊息。Queue messages can be up to 64 KB in size, and a queue can contain millions of messages. 佇列通常用來儲存要以非同步方式處理的訊息清單。Queues are generally used to store lists of messages to be processed asynchronously.

例如,假設您希望客戶能夠上傳圖片,而且要建立每張圖片的縮圖。For example, say you want your customers to be able to upload pictures, and you want to create thumbnails for each picture. 您可以讓客戶在上傳圖片時等候您建立縮圖。You could have your customer wait for you to create the thumbnails while uploading the pictures. 另外,也可以使用佇列。An alternative would be to use a queue. 當客戶完成上傳時,請將訊息寫入佇列。When the customer finishes their upload, write a message to the queue. 然後讓 Azure Function 從佇列擷取訊息並建立縮圖。Then have an Azure Function retrieve the message from the queue and create the thumbnails. 這項處理的每個部分都可以個別調整,讓您在針對您的使用量進行微調時有更多控制權。Each of the parts of this processing can be scaled separately, giving you more control when tuning it for your usage.

如需 Azure 佇列的詳細資訊,請參閱佇列簡介For more information about Azure Queues, see Introduction to Queues.

資料表儲存體Table storage

Azure 資料表儲存體現在屬於 Azure Cosmos DB。Azure Table storage is now part of Azure Cosmos DB. 若要查看 Azure 資料表儲存體文件,請參閱 Azure 資料表儲存體概觀To see Azure Table storage documentation, see the Azure Table Storage Overview. 除了現有的 Azure 資料表儲存體服務,有新的 Azure Cosmos DB 資料表 API 供應項目,可提供輸送量最佳化的資料表、全域發佈,以及自動次要索引。In addition to the existing Azure Table storage service, there is a new Azure Cosmos DB Table API offering that provides throughput-optimized tables, global distribution, and automatic secondary indexes. 若要深入瞭解並試用新的 premium 體驗,請參閱 Azure Cosmos DB 資料表 APITo learn more and try out the new premium experience, see Azure Cosmos DB Table API.

如需資料表儲存體的詳細資訊,請參閱 Azure 資料表儲存體概觀For more information about Table storage, see Overview of Azure Table storage.

磁碟儲存體Disk storage

Azure 受控磁碟是虛擬硬碟 (VHD)。An Azure managed disk is a virtual hard disk (VHD). 您可以將它視為內部部署伺服器中虛擬化的實體磁碟。You can think of it like a physical disk in an on-premises server but, virtualized. Azure 受控磁片會儲存為分頁 blob,這是 Azure 中的隨機 IO 儲存物件。Azure-managed disks are stored as page blobs, which are a random IO storage object in Azure. 我們會呼叫受控磁片「受控」,因為它是分頁 blob、blob 容器和 Azure 儲存體帳戶的抽象概念。We call a managed disk 'managed' because it is an abstraction over page blobs, blob containers, and Azure storage accounts. 使用受控磁碟,您所要做的就是佈建磁碟,Azure 會負責執行剩餘的部分。With managed disks, all you have to do is provision the disk, and Azure takes care of the rest.

如需受控磁片的詳細資訊,請參閱 Azure 受控磁片簡介For more information about managed disks, see Introduction to Azure managed disks.

儲存體帳戶類型Types of storage accounts

Azure 儲存體提供數種儲存體帳戶。Azure Storage offers several types of storage accounts. 每個類型都支援不同的功能,而且都有自己的計價模式。Each type supports different features and has its own pricing model. 如需有關儲存體帳戶類型的詳細資訊,請參閱 Azure 儲存體帳戶概觀For more information about storage account types, see Azure storage account overview.

保護對儲存體帳戶的存取Secure access to storage accounts

每個對 Azure 儲存體的要求都必須獲得授權。Every request to Azure Storage must be authorized. Azure 儲存體支援下列授權方法:Azure Storage supports the following authorization methods:

  • Azure Active Directory (Azure AD blob 和佇列資料的) 整合。Azure Active Directory (Azure AD) integration for blob and queue data. Azure 儲存體透過 Azure 角色型存取控制 (Azure RBAC) ,支援對 Blob 和佇列服務的 Azure AD 進行驗證和授權。Azure Storage supports authentication and authorization with Azure AD for the Blob and Queue services via Azure role-based access control (Azure RBAC). 建議使用 Azure AD 的授權,以提供更佳的安全性和易用性。Authorizing requests with Azure AD is recommended for superior security and ease of use. 如需詳細資訊,請參閱 使用 Azure Active Directory 授與 Azure blob 和佇列的存取權For more information, see Authorize access to Azure blobs and queues using Azure Active Directory.
  • Azure AD 透過 SMB 進行 Azure 檔案儲存體的授權。Azure AD authorization over SMB for Azure Files. Azure 檔案儲存體透過 Azure Active Directory Domain Services (Azure AD DS) 或內部部署 Active Directory Domain Services (preview) ,支援透過 SMB (Server Message Block) 進行以身分識別為基礎的授權。Azure Files supports identity-based authorization over SMB (Server Message Block) through either Azure Active Directory Domain Services (Azure AD DS) or on-premises Active Directory Domain Services (preview). 您已加入網域的 Windows Vm 可以使用 Azure AD 認證來存取 Azure 檔案共用。Your domain-joined Windows VMs can access Azure file shares using Azure AD credentials. 如需詳細資訊,請參閱 AZURE 檔案儲存體 SMB 存取的身分識別型驗證支援規劃 Azure 檔案儲存體部署的總覽。For more information, see Overview of Azure Files identity-based authentication support for SMB access and Planning for an Azure Files deployment.
  • 使用共用金鑰進行授權。Authorization with Shared Key. Azure 儲存體 Blob、檔案、佇列和表格服務都支援具有共用金鑰的授權。The Azure Storage Blob, Files, Queue, and Table services support authorization with Shared Key. 使用共用金鑰授權的用戶端會將標頭傳遞給使用儲存體帳戶存取金鑰簽署的每個要求。A client using Shared Key authorization passes a header with every request that is signed using the storage account access key. 如需詳細資訊,請參閱使用共用金鑰進行授權For more information, see Authorize with Shared Key.
  • 使用共用存取簽章 (SAS) 的授權。Authorization using shared access signatures (SAS). (SAS) 的共用存取簽章是一個字串,其中包含可附加至儲存體資源之 URI 的安全性權杖。A shared access signature (SAS) is a string containing a security token that can be appended to the URI for a storage resource. 安全性權杖會封裝條件約束,例如許可權和存取間隔。The security token encapsulates constraints such as permissions and the interval of access. 如需詳細資訊,請參閱 使用共用存取簽章 (SAS) For more information, see Using Shared Access Signatures (SAS).
  • 對容器和 blob 的匿名存取。Anonymous access to containers and blobs. 容器及其 blob 可能可公開使用。A container and its blobs may be publicly available. 當您將容器或 blob 指定為公用時,任何人都可以匿名讀取它;不需要驗證。When you specify that a container or blob is public, anyone can read it anonymously; no authentication is required. 如需詳細資訊,請參閱 管理對容器與 Blob 的匿名讀取權限For more information, see Manage anonymous read access to containers and blobs.

加密Encryption

有兩種基本加密可用於核心儲存體服務。There are two basic kinds of encryption available for the core storage services. 如需安全性和加密的詳細資訊,請參閱 Azure 儲存體安全性指南For more information about security and encryption, see the Azure Storage security guide.

待用加密Encryption at rest

Azure 儲存體加密可保護您的資料安全,以符合組織的安全性和合規性承諾。Azure Storage encryption protects and safeguards your data to meet your organizational security and compliance commitments. Azure 儲存體會在保存到儲存體帳戶之前自動加密所有資料,並在抓取之前將其解密。Azure Storage automatically encrypts all data prior to persisting to the storage account and decrypts it prior to retrieval. 加密、解密和金鑰管理程式對使用者而言是透明的。The encryption, decryption, and key management processes are transparent to users. 客戶也可以選擇使用 Azure Key Vault 管理自己的金鑰。Customers can also choose to manage their own keys using Azure Key Vault. 如需詳細資訊,請參閱待用資料的 Azure 儲存體加密For more information, see Azure Storage encryption for data at rest.

用戶端加密Client-side encryption

Azure 儲存體的用戶端程式庫會提供方法,以便在透過網路傳送和解密回應之前,先從用戶端程式庫加密資料。The Azure Storage client libraries provide methods for encrypting data from the client library before sending it across the wire and decrypting the response. 透過用戶端加密來加密的資料也會 Azure 儲存體待用加密。Data encrypted via client-side encryption is also encrypted at rest by Azure Storage. 如需用戶端加密的詳細資訊,請參閱 使用 .Net 用戶端加密進行 Azure 儲存體For more information about client-side encryption, see Client-side encryption with .NET for Azure Storage.

備援性Redundancy

為了確保您的資料持久,Azure 儲存體儲存資料的多個複本。To ensure that your data is durable, Azure Storage stores multiple copies of your data. 當您設定儲存體帳戶時,您可選取備援選項。When you set up your storage account, you select a redundancy option. 如需詳細資訊,請參閱 Azure 儲存體備援 (部分機器翻譯)。For more information, see Azure Storage redundancy.

將資料傳入和傳出 Azure 儲存體Transfer data to and from Azure Storage

您可以透過數個選項將資料移入或移出 Azure 儲存體。You have several options for moving data into or out of Azure Storage. 應選擇哪個選項,取決於您的資料集大小和網路頻寬。Which option you choose depends on the size of your dataset and your network bandwidth. 如需詳細資訊,請參閱選擇適合資料轉送的 Azure 解決方案For more information, see Choose an Azure solution for data transfer.

定價Pricing

決定如何儲存及存取資料時,您也應考慮牽涉的成本。When making decisions about how your data is stored and accessed, you should also consider the costs involved. 如需詳細資訊,請參閱 Azure 儲存體定價For more information, see Azure Storage pricing.

儲存體 API、程式庫和工具Storage APIs, libraries, and tools

您可以使用任何可發出 HTTP/HTTPS 要求的語言來存取儲存體帳戶中的資源。You can access resources in a storage account by any language that can make HTTP/HTTPS requests. 此外,核心 Azure 儲存體服務也提供數種熱門語言的程式設計程式庫。Additionally, the core Azure Storage services offer programming libraries for several popular languages. 這些程式庫可透過處理詳細資料 (例如同步和非同步叫用、進行批次作業、例外狀況管理、自動重試、運作方式等等) 來簡化使用 Azure 儲存體的許多項目。These libraries simplify many aspects of working with Azure Storage by handling details such as synchronous and asynchronous invocation, batching of operations, exception management, automatic retries, operational behavior, and so forth. 程式庫目前適用於下列語言和平台,以及正在研發的其他語言和平台:Libraries are currently available for the following languages and platforms, with others in the pipeline:

Azure 儲存體資料 API 和程式庫參考Azure Storage data API and library references

Azure 儲存體管理 API 和程式庫參考Azure Storage management API and library references

Azure 儲存體資料移動 API 和程式庫參考Azure Storage data movement API and library references

工具和公用程式Tools and utilities

下一步Next steps

若要啟動並執行核心 Azure 儲存體服務,請參閱 建立儲存體帳戶To get up and running with core Azure Storage services, see Create a storage account.