deploying-on-azure

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Azure Patterns

Azure 架构模式

Design and implement Azure cloud architectures following Microsoft's Well-Architected Framework and best practices for service selection, cost optimization, and security.

遵循Microsoft的云架构良好框架，以及服务选型、成本优化和安全领域的最佳实践，设计并实现Azure云架构。

When to Use

适用场景

Use this skill when:

Designing new applications for Azure cloud
Selecting Azure compute services (Container Apps, AKS, Functions, App Service)
Architecting storage solutions (Blob Storage, Files, Cosmos DB)
Integrating Azure OpenAI or Cognitive Services
Implementing messaging patterns (Service Bus, Event Grid, Event Hubs)
Designing secure networks with Private Endpoints
Applying Azure governance and compliance policies
Optimizing Azure costs and performance

在以下场景中使用本技能：

为Azure云设计全新应用程序
选择Azure计算服务（Container Apps、AKS、Functions、App Service）
构建存储解决方案（Blob Storage、Files、Cosmos DB）
集成Azure OpenAI或认知服务
实现消息传递模式（Service Bus、Event Grid、Event Hubs）
使用专用端点设计安全网络
应用Azure治理与合规策略
优化Azure成本与性能

Core Concepts

核心概念

Service Selection Philosophy

服务选型原则

Azure offers 200+ services. Choose based on:

Managed vs. IaaS - Prefer fully managed services (lower operational burden)
Cost Model - Consumption vs. dedicated capacity
Integration Requirements - Microsoft 365, Active Directory, hybrid cloud
Control vs. Simplicity - More control = more operational overhead

Azure提供200+种服务，选型时需基于以下维度：

托管服务vs.基础设施即服务（IaaS） - 优先选择全托管服务（降低运维负担）
成本模型 - 按需付费vs.专用容量
集成需求 - Microsoft 365、Active Directory、混合云
控制度vs.简易性 - 控制度越高，运维开销越大

Azure Well-Architected Framework (Five Pillars)

Azure云架构良好框架（五大支柱）

Pillar	Focus	Key Practices
Cost Optimization	Maximize value within budget	Reserved Instances, auto-scaling, lifecycle management
Operational Excellence	Run reliable systems	Azure Policy, automation, monitoring
Performance Efficiency	Scale to meet demand	Autoscaling, caching, CDN
Reliability	Recover from failures	Availability Zones, multi-region, backup
Security	Protect data and assets	Managed Identity, Private Endpoints, Key Vault

Reference

references/well-architected.md

for detailed pillar implementation patterns.

支柱	核心关注点	关键实践
成本优化	在预算内实现价值最大化	预留实例、自动缩放、生命周期管理
卓越运营	运行可靠系统	Azure Policy、自动化、监控
性能效率	按需扩展以满足需求	自动缩放、缓存、CDN
可靠性	从故障中恢复	可用性区域、多区域部署、备份
安全性	保护数据与资产	托管身份、专用端点、密钥保管库

如需详细的支柱实施模式，请参考

references/well-architected.md

。

Compute Service Selection

计算服务选型

Decision Framework

决策框架

Container-based workload?
  YES → Need Kubernetes control plane?
          YES → Azure Kubernetes Service (AKS)
          NO → Azure Container Apps (recommended)
  NO → Event-driven function?
         YES → Azure Functions
         NO → Web application?
                YES → Azure App Service
                NO → Legacy/specialized → Virtual Machines

Container-based workload?
  YES → Need Kubernetes control plane?
          YES → Azure Kubernetes Service (AKS)
          NO → Azure Container Apps (recommended)
  NO → Event-driven function?
         YES → Azure Functions
         NO → Web application?
                YES → Azure App Service
                NO → Legacy/specialized → Virtual Machines

Service Comparison

服务对比

Service	Best For	Pricing Model	Operational Overhead
Container Apps	Microservices, APIs, background jobs	Consumption or dedicated	Low
AKS	Complex K8s workloads, service mesh	Node-based	High
Functions	Event-driven, short tasks (<10 min)	Consumption or premium	Low
App Service	Web apps, simple APIs	Dedicated plans	Low
Virtual Machines	Legacy apps, specialized software	VM-based	High

Recommendation: Start with Azure Container Apps for 80% of containerized workloads (simpler and cheaper than AKS).

Reference

references/compute-services.md

for detailed comparison with Bicep and Terraform examples.

服务	最佳适用场景	定价模型	运维开销
Container Apps	微服务、API、后台任务	按需付费或专用容量	低
AKS	复杂K8s工作负载、服务网格	基于节点	高
Functions	事件驱动型、短任务（<10分钟）	按需付费或高级版	低
App Service	Web应用、简单API	专用计划	低
Virtual Machines	遗留应用、专用软件	基于虚拟机	高

推荐建议： 80%的容器化工作负载优先选择Azure Container Apps（比AKS更简单、成本更低）。

如需包含Bicep和Terraform示例的详细对比，请参考

references/compute-services.md

。

Storage Architecture

存储架构

Blob Storage Tier Selection

Blob存储层级选型

Tier	Access Pattern	Cost/GB/Month	Minimum Storage Duration
Hot	Daily access	$0.018	None
Cool	<1/month access	$0.010	30 days
Cold	<90 days access	$0.0045	90 days
Archive	Rare access	$0.00099	180 days

Pattern: Use lifecycle management policies to automatically move data to lower-cost tiers.

层级	访问模式	每月每GB成本	最低存储时长
Hot（热层）	每日访问	$0.018	无
Cool（冷层）	每月访问少于1次	$0.010	30天
Cold（归档冷层）	每90天访问少于1次	$0.0045	90天
Archive（归档层）	极少访问	$0.00099	180天

最佳模式： 使用生命周期管理策略自动将数据移动到低成本层级。

Storage Service Decision

存储服务决策框架

File system interface required?
  YES → Protocol?
          SMB → Azure Files (or NetApp Files for high performance)
          NFS → Azure Files (NFS 4.1)
  NO → Object storage → Blob Storage
       Block storage → Managed Disks (Standard/Premium SSD/Ultra)
       Analytics → Data Lake Storage Gen2

Reference

references/storage-patterns.md

for lifecycle policies, redundancy options, and performance tuning.

File system interface required?
  YES → Protocol?
          SMB → Azure Files (or NetApp Files for high performance)
          NFS → Azure Files (NFS 4.1)
  NO → Object storage → Blob Storage
       Block storage → Managed Disks (Standard/Premium SSD/Ultra)
       Analytics → Data Lake Storage Gen2

如需生命周期策略、冗余选项和性能调优的详细内容，请参考

references/storage-patterns.md

。

Database Service Selection

数据库服务选型

Decision Framework

决策框架

Relational data?
  YES → SQL Server compatible?
          YES → Need VM-level access?
                  YES → SQL Managed Instance
                  NO → Azure SQL Database
          NO → Open source?
                 PostgreSQL → PostgreSQL Flexible Server
                 MySQL → MySQL Flexible Server
  NO → Data model?
         Document/JSON → Cosmos DB (NoSQL API)
         Graph → Cosmos DB (Gremlin API)
         Wide-column → Cosmos DB (Cassandra API)
         Key-value cache → Azure Cache for Redis
         Time-series → Azure Data Explorer

Relational data?
  YES → SQL Server compatible?
          YES → Need VM-level access?
                  YES → SQL Managed Instance
                  NO → Azure SQL Database
          NO → Open source?
                 PostgreSQL → PostgreSQL Flexible Server
                 MySQL → MySQL Flexible Server
  NO → Data model?
         Document/JSON → Cosmos DB (NoSQL API)
         Graph → Cosmos DB (Gremlin API)
         Wide-column → Cosmos DB (Cassandra API)
         Key-value cache → Azure Cache for Redis
         Time-series → Azure Data Explorer

Cosmos DB Consistency Levels

Cosmos DB一致性级别

Level	Use Case	Latency	Throughput
Strong	Financial transactions, inventory	Highest	Lowest
Bounded Staleness	Real-time leaderboards with acceptable lag	High	Low
Session	Shopping carts, user sessions (default)	Medium	Medium
Consistent Prefix	Social feeds, IoT telemetry	Low	High
Eventual	Analytics, ML training data	Lowest	Highest

Reference

references/database-selection.md

for capacity planning, indexing strategies, and migration patterns.

级别	适用场景	延迟	吞吐量
Strong（强一致性）	金融交易、库存管理	最高	最低
Bounded Staleness（有限过期）	可接受延迟的实时排行榜	高	低
Session（会话一致性）	购物车、用户会话（默认）	中等	中等
Consistent Prefix（一致前缀）	社交动态、IoT遥测数据	低	高
Eventual（最终一致性）	分析、机器学习训练数据	最低	最高

如需容量规划、索引策略和迁移模式的详细内容，请参考

references/database-selection.md

。

AI and Machine Learning Integration

AI与机器学习集成

Azure OpenAI Service

Azure OpenAI服务

Use Cases:

Chatbots and conversational AI (GPT-4)
Content generation and summarization
Semantic search with embeddings (RAG pattern)
Code generation and completion
Function calling for structured outputs

Key Advantages:

Enterprise data privacy (no model training on customer data)
Regional deployment for data residency
Microsoft enterprise SLAs
Built-in content filtering

Integration Pattern:

python

from openai import AzureOpenAI
from azure.identity import DefaultAzureCredential

credential = DefaultAzureCredential()
client = AzureOpenAI(
    azure_endpoint="https://myopenai.openai.azure.com",
    azure_ad_token_provider=token_provider,
    api_version="2024-02-15-preview"
)

response = client.chat.completions.create(
    model="gpt-4-turbo",
    messages=[{"role": "user", "content": "Hello!"}]
)

适用场景：

聊天机器人与对话式AI（GPT-4）
内容生成与摘要
基于嵌入的语义搜索（RAG模式）
代码生成与补全
结构化输出的函数调用

核心优势：

企业数据隐私（不会使用客户数据训练模型）
区域部署以满足数据驻留要求
Microsoft企业级SLA
内置内容过滤

集成模式：

python

from openai import AzureOpenAI
from azure.identity import DefaultAzureCredential

credential = DefaultAzureCredential()
client = AzureOpenAI(
    azure_endpoint="https://myopenai.openai.azure.com",
    azure_ad_token_provider=token_provider,
    api_version="2024-02-15-preview"
)

response = client.chat.completions.create(
    model="gpt-4-turbo",
    messages=[{"role": "user", "content": "Hello!"}]
)

Other AI Services

其他AI服务

Service	Purpose	Common Use Cases
Cognitive Services	Pre-built AI models	Vision, Speech, Language, Decision
Azure Machine Learning	Custom model training	MLOps, model deployment, feature engineering
Azure AI Search	Semantic search engine	RAG patterns, document search

Reference

references/ai-integration.md

for RAG architecture, function calling, and fine-tuning patterns.

服务	用途	常见场景
Cognitive Services（认知服务）	预构建AI模型	视觉、语音、语言、决策
Azure Machine Learning	自定义模型训练	MLOps、模型部署、特征工程
Azure AI Search	语义搜索引擎	RAG模式、文档搜索

如需RAG架构、函数调用和微调模式的详细内容，请参考

references/ai-integration.md

。

Messaging and Integration

消息传递与集成

Service Selection Matrix

服务选型矩阵

Service	Pattern	Message Size	Ordering	Transactions	Best For
Service Bus	Queue/Topic	256 KB - 100 MB	Yes (sessions)	Yes	Enterprise messaging
Event Grid	Pub/Sub	1 MB	No	No	Event-driven architectures
Event Hubs	Streaming	1 MB	Yes (partitions)	No	Big data ingestion, telemetry
Storage Queues	Simple queue	64 KB	No	No	Async work, <500k msgs/sec

When to Use What:

Service Bus: Reliable messaging with transactions (e.g., order processing)
Event Grid: React to Azure resource events (e.g., blob created, VM stopped)
Event Hubs: High-throughput streaming (e.g., IoT telemetry, application logs)

Reference

references/messaging-patterns.md

for implementation examples, retry policies, and dead-letter handling.

服务	模式	消息大小	有序性	事务支持	最佳适用场景
Service Bus	队列/主题	256 KB - 100 MB	是（会话）	是	企业级消息传递
Event Grid	发布/订阅	1 MB	否	否	事件驱动架构
Event Hubs	流处理	1 MB	是（分区）	否	大数据 ingestion、遥测数据
Storage Queues	简单队列	64 KB	否	否	异步任务、<50万条消息/秒

选型建议：

Service Bus： 支持事务的可靠消息传递（如订单处理）
Event Grid： 响应Azure资源事件（如Blob创建、VM停止）
Event Hubs： 高吞吐量流处理（如IoT遥测、应用日志）

如需实现示例、重试策略和死信处理的详细内容，请参考

references/messaging-patterns.md

。

Networking Architecture

网络架构

Private Endpoints vs. Service Endpoints

专用端点vs.服务端点

Aspect	Private Endpoint	Service Endpoint
Security Model	Private IP in VNet	Optimized route to public endpoint
Data Exfiltration Protection	Yes (network-isolated)	Limited (service firewall only)
Cost	~$7.30/month per endpoint	Free
Recommendation	Production workloads	Dev/test environments

Best Practice: Use Private Endpoints for all PaaS services in production (treat public endpoints as anti-pattern).

维度	专用端点	服务端点
安全模型	虚拟网络中的专用IP	优化路由到公共端点
数据外泄防护	是（网络隔离）	有限（仅服务防火墙）
成本	每个端点约$7.30/月	免费
推荐建议	生产工作负载	开发/测试环境

最佳实践： 生产环境中的所有PaaS服务均使用专用端点（将公共端点视为反模式）。

Hub-and-Spoke Topology

中心辐射型拓扑

Components:

Hub VNet: Shared services (Azure Firewall, VPN Gateway, Private Endpoints)
Spoke VNets: Application workloads (isolated per environment or team)
VNet Peering: Low-latency connectivity between hub and spokes

Benefits:

Centralized security (firewall, DNS)
Cost optimization (shared egress)
Simplified governance

Reference

references/networking-architecture.md

for hub-spoke Bicep templates, NSG patterns, and DNS configuration.

组件：

中心虚拟网络： 共享服务（Azure Firewall、VPN网关、专用端点）
辐射虚拟网络： 应用工作负载（按环境或团队隔离）
虚拟网络对等连接： 中心与辐射网络之间的低延迟连接

优势：

集中式安全（防火墙、DNS）
成本优化（共享出口）
简化治理

如需包含中心辐射型Bicep模板、NSG模式和DNS配置的详细内容，请参考

references/networking-architecture.md

。

Identity and Access Management

身份与访问管理

Managed Identity Pattern

托管身份模式

Always use Managed Identity instead of:

Connection strings in code
Storage account keys
Service principal credentials
API keys

System-Assigned vs. User-Assigned:

Type	Lifecycle	Use Case
System-Assigned	Tied to resource	Single resource needs access
User-Assigned	Independent	Multiple resources share identity

Example Flow:

Enable Managed Identity on Container App
Grant identity access to Key Vault (RBAC or Access Policy)
Application authenticates automatically (no credentials)

python

from azure.identity import DefaultAzureCredential

始终使用托管身份替代：

代码中的连接字符串
存储账户密钥
服务主体凭据
API密钥

系统分配vs.用户分配：

类型	生命周期	适用场景
系统分配	与资源绑定	单个资源需要访问权限
用户分配	独立生命周期	多个资源共享身份

示例流程：

在Container App上启用托管身份
为身份授予Key Vault的访问权限（RBAC或访问策略）
应用程序自动完成身份验证（无需凭据）

python

from azure.identity import DefaultAzureCredential

Works automatically with Managed Identity

与托管身份自动兼容

credential = DefaultAzureCredential() keyvault_client = SecretClient(vault_url="...", credential=credential)

undefined

credential = DefaultAzureCredential() keyvault_client = SecretClient(vault_url="...", credential=credential)

undefined

Azure RBAC Best Practices

Azure RBAC最佳实践

Use built-in roles when possible (Owner, Contributor, Reader)
Apply least privilege principle
Assign roles at resource group level (not subscription)
Use Azure AD groups for user management
Audit role assignments regularly

Reference

references/identity-access.md

for Entra ID integration, Conditional Access policies, and B2C patterns.

尽可能使用内置角色（Owner、Contributor、Reader）
遵循最小权限原则
在资源组级别分配角色（而非订阅级别）
使用Azure AD组管理用户
定期审核角色分配

如需Entra ID集成、条件访问策略和B2C模式的详细内容，请参考

references/identity-access.md

。

Governance and Compliance

治理与合规

Azure Policy for Guardrails

Azure Policy防护策略

Common Policy Patterns:

Require tags on all resources (Environment, Owner, CostCenter)
Restrict allowed Azure regions
Enforce TLS 1.2 minimum
Require Private Endpoints for storage accounts
Deny public IP addresses on VMs

Policy Effects:

Deny: Block non-compliant resource creation
Audit: Log non-compliance but allow creation
DeployIfNotExists: Auto-remediate missing configurations
Modify: Change resource properties during deployment

常见策略模式：

要求所有资源添加标签（Environment、Owner、CostCenter）
限制允许使用的Azure区域
强制要求最低TLS 1.2版本
要求存储账户使用专用端点
禁止VM使用公共IP地址

策略效果：

Deny（拒绝）： 阻止不合规资源的创建
Audit（审核）： 记录不合规情况但允许创建
DeployIfNotExists（不存在则部署）： 自动修复缺失的配置
Modify（修改）： 在部署期间更改资源属性

Cost Management

成本管理

Optimization Strategies:

Pattern	Savings	Use Case
Reserved Instances (1-year)	40-50%	Steady-state workloads (databases, VMs)
Reserved Instances (3-year)	60-70%	Long-term commitments
Spot VMs	Up to 90%	Fault-tolerant batch processing
Auto-shutdown	Variable	Dev/test resources (off-hours)
Storage lifecycle policies	50-90%	Move to Cool/Archive tiers

Monitoring:

Set budgets and alerts in Azure Cost Management
Review Azure Advisor cost recommendations weekly
Tag resources for cost allocation
Use FinOps Toolkit for Power BI dashboards

Reference

references/governance-compliance.md

for Azure Landing Zones, Policy definitions, and Blueprints.

优化策略：

模式	节省比例	适用场景
预留实例（1年）	40-50%	稳定工作负载（数据库、VM）
预留实例（3年）	60-70%	长期承诺
Spot VM（抢占式VM）	最高90%	容错批处理
自动关机	可变	开发/测试资源（非工作时间）
存储生命周期策略	50-90%	移动到Cool/Archive层级

监控建议：

在Azure成本管理中设置预算和警报
每周查看Azure Advisor的成本建议
为资源添加标签以实现成本分配
使用FinOps Toolkit创建Power BI仪表板

如需Azure登陆区、策略定义和蓝图的详细内容，请参考

references/governance-compliance.md

。

Infrastructure as Code

基础设施即代码

Tool Selection

工具选型

Tool	Best For	Azure Integration	Multi-Cloud
Bicep	Azure-native projects	Excellent (official)	No
Terraform	Multi-cloud environments	Good (azurerm provider)	Yes
Pulumi	Developer-first approach	Good (native SDK)	Yes
Azure CLI	Scripts and automation	Excellent	No

Recommendation:

Use Bicep for Azure-only infrastructure (best Azure integration, native type safety)
Use Terraform for multi-cloud or existing Terraform shops
Use Azure CLI for quick scripts and CI/CD automation

工具	最佳适用场景	Azure集成度	多云支持
Bicep	Azure原生项目	极佳（官方支持）	否
Terraform	多云环境	良好（azurerm提供商）	是
Pulumi	开发者优先的方式	良好（原生SDK）	是
Azure CLI	脚本与自动化	极佳	否

推荐建议：

仅Azure环境的基础设施使用Bicep（最佳Azure集成、原生类型安全）
多云环境或已有Terraform使用经验的团队使用Terraform
快速脚本和CI/CD自动化使用Azure CLI

Bicep Best Practices

Bicep最佳实践

Use parameter files for environment-specific values
Leverage Azure Verified Modules (AVM) for tested patterns
Organize by resource lifecycle (networking, data, compute)
Use symbolic names (not string interpolation)
Enable linting and validation in CI/CD

Reference Bicep and Terraform examples in

examples/bicep/

and

examples/terraform/

directories.

使用参数文件存储环境特定值
利用Azure验证模块（AVM）实现经过测试的模式
按资源生命周期组织（网络、数据、计算）
使用符号名称（而非字符串插值）
在CI/CD中启用代码检查和验证

请参考

examples/bicep/

和

examples/terraform/

目录中的Bicep和Terraform示例。

Security Best Practices

安全最佳实践

Essential Security Controls

核心安全控制

Control	Implementation	Priority
Managed Identity	Enable on all compute resources	Critical
Private Endpoints	All PaaS services in production	Critical
Key Vault	Store secrets, keys, certificates	Critical
Network Segmentation	NSGs, application security groups	High
Microsoft Defender	Enable for all resource types	High
Azure Policy	Preventive controls	High
Just-In-Time Access	VMs and privileged access	Medium

控制措施	实施方式	优先级
托管身份	在所有计算资源上启用	关键
专用端点	生产环境中的所有PaaS服务	关键
Key Vault	存储机密、密钥、证书	关键
网络分段	NSG、应用安全组	高
Microsoft Defender	为所有资源类型启用	高
Azure Policy	预防性控制	高
即时访问	VM和特权访问	中

Defense-in-Depth Layers

纵深防御层级

Network: Private Endpoints, NSGs, Azure Firewall
Identity: Entra ID, Managed Identity, Conditional Access
Application: Web Application Firewall, API Management
Data: Encryption at rest, encryption in transit (TLS 1.2+)
Monitoring: Microsoft Defender, Azure Monitor, Sentinel

Reference

references/security-architecture.md

(see also

security-hardening

and

auth-security

skills).

网络层： 专用端点、NSG、Azure Firewall
身份层： Entra ID、托管身份、条件访问
应用层： Web应用防火墙、API管理
数据层： 静态加密、传输加密（TLS 1.2+）
监控层： Microsoft Defender、Azure Monitor、Sentinel

如需详细内容，请参考

references/security-architecture.md

（另请参阅

security-hardening

和

auth-security

技能）。

Cost Estimation

成本估算

Pricing Considerations

定价考量

Compute:

Container Apps: ~$60/month (1 vCPU, 2GB RAM, 24/7)
AKS: ~$400/month (3-node D4s_v5 cluster)
App Service P1v3: ~$145/month (2 vCPU, 8GB RAM)
Functions Consumption: ~$0.20 per 1M executions

Storage:

Blob Hot: $0.018/GB/month
Blob Cool: $0.010/GB/month
Blob Archive: $0.00099/GB/month
Managed Disks Premium SSD: $0.15/GB/month

Database:

Azure SQL Database (2 vCores): ~$280/month
Cosmos DB Serverless: Pay per RU consumed
PostgreSQL Flexible (2 vCores): ~$125/month

Use Azure Pricing Calculator: https://azure.microsoft.com/pricing/calculator/

计算服务：

Container Apps：约$60/月（1 vCPU、2GB RAM、7*24小时运行）
AKS：约$400/月（3节点D4s_v5集群）
App Service P1v3：约$145/月（2 vCPU、8GB RAM）
Functions按需付费：约$0.20/100万次执行

存储服务：

Blob热层：$0.018/GB/月
Blob冷层：$0.010/GB/月
Blob归档层：$0.00099/GB/月
托管磁盘Premium SSD：$0.15/GB/月

数据库服务：

Azure SQL Database（2 vCores）：约$280/月
Cosmos DB Serverless：按消耗的RU付费
PostgreSQL Flexible（2 vCores）：约$125/月

使用Azure定价计算器： https://azure.microsoft.com/pricing/calculator/

Quick Reference Tables

快速参考表

Compute Service Decision Matrix

计算服务决策矩阵

If You Need...	Choose
Kubernetes features (CRDs, operators)	Azure Kubernetes Service
Microservices without K8s complexity	Azure Container Apps
Event-driven functions (<10 min)	Azure Functions
Traditional web app (Node, .NET, Python)	Azure App Service
Batch processing, HPC	Azure Batch or VM Scale Sets
Legacy application migration	Virtual Machines

需求场景	选择服务
需要Kubernetes功能（CRD、Operator）	Azure Kubernetes Service
微服务且无需K8s复杂度	Azure Container Apps
事件驱动型函数（<10分钟）	Azure Functions
传统Web应用（Node、.NET、Python）	Azure App Service
批处理、高性能计算	Azure Batch或VM Scale Sets
遗留应用迁移	Virtual Machines

Storage Service Decision Matrix

存储服务决策矩阵

If You Need...	Choose
SMB file shares	Azure Files
NFS file shares	Azure Files (NFS 4.1)
Object storage (images, backups)	Blob Storage
High-performance file storage	Azure NetApp Files
Block storage for VMs	Managed Disks
Big data analytics	Data Lake Storage Gen2

需求场景	选择服务
SMB文件共享	Azure Files
NFS文件共享	Azure Files（NFS 4.1）
对象存储（图片、备份）	Blob Storage
高性能文件存储	Azure NetApp Files
VM块存储	Managed Disks
大数据分析	Data Lake Storage Gen2

Database Service Decision Matrix

数据库服务决策矩阵

If You Need...	Choose
SQL Server features (T-SQL, SQL Agent)	Azure SQL Database or Managed Instance
PostgreSQL	PostgreSQL Flexible Server
MySQL	MySQL Flexible Server
Global distribution, multi-model	Cosmos DB
In-memory cache	Azure Cache for Redis
Graph database	Cosmos DB (Gremlin API)
Time-series data	Azure Data Explorer

需求场景	选择服务
需要SQL Server功能（T-SQL、SQL Agent）	Azure SQL Database或Managed Instance
PostgreSQL	PostgreSQL Flexible Server
MySQL	MySQL Flexible Server
全局分布、多模型	Cosmos DB
内存缓存	Azure Cache for Redis
图数据库	Cosmos DB（Gremlin API）
时序数据	Azure Data Explorer

Integration with Other Skills

与其他技能的集成

infrastructure-as-code: Implement Azure patterns using Bicep or Terraform
kubernetes-operations: AKS-specific configuration and operations
deploying-applications: Container Apps and App Service deployment
building-ci-pipelines: Azure DevOps and GitHub Actions integration
auth-security: Entra ID authentication and authorization patterns
observability: Azure Monitor and Application Insights
ai-chat: Azure OpenAI Service for chat applications
databases-nosql: Cosmos DB implementation details
secret-management: Azure Key Vault integration patterns

infrastructure-as-code： 使用Bicep或Terraform实施Azure模式
kubernetes-operations： AKS特定配置与运维
deploying-applications： Container Apps和App Service部署
building-ci-pipelines： Azure DevOps和GitHub Actions集成
auth-security： Entra ID身份验证与授权模式
observability： Azure Monitor和Application Insights
ai-chat： Azure OpenAI服务构建聊天应用
databases-nosql： Cosmos DB实施细节
secret-management： Azure Key Vault集成模式

Reference Documentation

参考文档

For detailed implementation guidance, see:

references/compute-services.md
- Container Apps, AKS, Functions, App Service with Bicep/Terraform
references/storage-patterns.md
- Blob Storage, Files, Disks, lifecycle management
references/database-selection.md
- SQL Database, Cosmos DB, PostgreSQL patterns
references/ai-integration.md
- Azure OpenAI, RAG architecture, function calling
references/messaging-patterns.md
- Service Bus, Event Grid, Event Hubs examples
references/networking-architecture.md
- Hub-spoke, Private Endpoints, DNS configuration
references/identity-access.md
- Entra ID, Managed Identity, RBAC
references/governance-compliance.md
- Azure Policy, Landing Zones, cost optimization
references/well-architected.md
- Five pillars implementation guide

如需详细的实施指南，请参阅：

references/compute-services.md
- 包含Bicep/Terraform示例的Container Apps、AKS、Functions、App Service指南
references/storage-patterns.md
- Blob Storage、Files、Disks、生命周期管理
references/database-selection.md
- SQL Database、Cosmos DB、PostgreSQL模式
references/ai-integration.md
- Azure OpenAI、RAG架构、函数调用
references/messaging-patterns.md
- Service Bus、Event Grid、Event Hubs示例
references/networking-architecture.md
- 中心辐射型、专用端点、DNS配置
references/identity-access.md
- Entra ID、托管身份、RBAC
references/governance-compliance.md
- Azure Policy、登陆区、成本优化
references/well-architected.md
- 五大支柱实施指南

Code Examples

代码示例

Working examples available in:

examples/bicep/
- Infrastructure templates (Container Apps, AKS, networking, databases)
examples/terraform/
- Multi-cloud IaC examples
examples/sdk/python/
- Python SDK integration (OpenAI, Managed Identity, messaging)
examples/sdk/typescript/
- TypeScript SDK examples

可用的工作示例位于：

examples/bicep/
- 基础设施模板（Container Apps、AKS、网络、数据库）
examples/terraform/
- 多云IaC示例
examples/sdk/python/
- Python SDK集成（OpenAI、托管身份、消息传递）
examples/sdk/typescript/
- TypeScript SDK示例

Additional Resources

额外资源

Azure Architecture Center: https://learn.microsoft.com/azure/architecture/
Azure Well-Architected Framework: https://learn.microsoft.com/azure/well-architected/
Azure Verified Modules: https://aka.ms/avm
Azure Charts (Service Comparison): https://azurecharts.com/
Azure Updates: https://azure.microsoft.com/updates/

Azure架构中心：https://learn.microsoft.com/azure/architecture/
Azure云架构良好框架：https://learn.microsoft.com/azure/well-architected/
Azure验证模块：https://aka.ms/avm
Azure Charts（服务对比）：https://azurecharts.com/
Azure更新：https://azure.microsoft.com/updates/