天蓝色在ps中的色值_用天蓝色构建混合云

天蓝色在ps中的色值

In this day and age who would bother developing solutions on anything but the public cloud? The answer: more people than you would think. Many companies provide essential services to a loyal customer base but have not invested in moving their infrastructure to the cloud. Why is this?

在当今时代，除了公共云之外，谁还会为开发解决方案而烦恼？ 答案：人数超出您的想象。 许多公司为忠实的客户群提供必要的服务，但没有投资将其基础架构迁移到云中。 为什么是这样？

In many cases, companies achieved early success with applications running on-premise or in a data center, which naturally led to costly investment into incremental improvements and maintenance. Often, this sunk cost and perceived risk of moving solutions to the cloud may not seem worth the rewards that come with building a cloud infrastructure such as cost-savings, scalability, and developer productivity. However, companies do not have to make a massive upfront investment to move their infrastructure to the cloud. Cloud resources can be built gradually alongside the existing legacy system, and services can be moved to the cloud as dictated by business needs. This is called a hybrid cloud.

在许多情况下，公司通过在内部部署或在数据中心运行的应用程序取得了早期的成功，这自然导致对增量改进和维护进行了昂贵的投资。 通常，沉没成本和将解决方案迁移到云的风险似乎不值得构建云基础架构所带来的回报，例如节省成本，可扩展性和开发人员生产力。 但是，公司不必进行大量的前期投资即可将其基础架构迁移到云中。 可以与现有的遗留系统一起逐步构建云资源，并且可以根据业务需求将服务移至云中。 这称为混合云。

什么是混合云？ (What is a Hybrid Cloud?)

A hybrid cloud combines resources built on a cloud provider such as Microsoft Azure, with resources running on an internal network. According to Microsoft “Hybrid cloud computing is a ‘best of all possible worlds’ platform, delivering all the benefits of cloud computing — flexibility, scalability, and cost efficiencies — with the lowest possible risk of data exposure.” In practical terms, a hybrid cloud allows you to build new applications on the cloud while leveraging on-premise data and services that have made the business successful up to that point. These services developed on the cloud can more easily incorporate DevOps best practices such as Continuous Integration/Deployment and Infrastructure as Code which often relies on access to cloud services. This all seems vague…because it is. Let’s see an example.

混合云将在Microsoft Azure等云提供商上构建的资源与在内部网络上运行的资源相结合。 根据Microsoft的说法，“混合云计算是“世界上最好的”平台，可提供云计算的所有优势-灵活性，可扩展性和成本效益-并尽可能降低数据暴露风险。” 实际上，混合云使您可以在云上构建新应用程序，同时利用前提数据和服务使到目前为止的业务成功。 在云上开发的这些服务可以更轻松地结合DevOps最佳实践，例如持续集成/部署和基础架构即代码(通常依赖对云服务的访问)。 这一切似乎都含糊不清……因为是这样。 让我们来看一个例子。

汽车销售公司 (An Automotive Sales Company)

Let’s take a look at a hypothetical company that sells cars. This particular company relies on servers running on-premise on an internal network to provide their salespeople with information about the cars in their inventory. The system works brilliantly for the steady amount of salespeople who access the system. But what if the business wants to begin selling their cars on a public-facing website? The on-premise servers may not have the capacity to handle the spike in traffic, leaving you with a decision: invest in additional, expensive on-prem hardware or begin developing the new website on the cloud.

让我们看一个假设的汽车销售公司。 这家特定的公司依靠内部网络上运行的服务器为销售人员提供有关库存中汽车的信息。 对于访问该系统的稳定的销售人员来说，该系统非常出色。 但是，如果企业希望开始在面向公众的网站上出售汽车怎么办？ 本地服务器可能没有能力处理流量激增的问题，因此您需要做出以下决定：投资于其他昂贵的本地硬件或开始在云上开发新网站。

Even if you decide to develop this new website on the cloud, you still run into a fundamental problem. How do you access the car inventory data to display on the website? Also, how would you interact with other systems running on the company’s internal network? A hybrid cloud architecture shines in this exact scenario.

即使您决定在云上开发此新网站，仍然会遇到一个基本问题。 您如何访问汽车库存数据以显示在网站上？ 另外，您将如何与公司内部网络上运行的其他系统进行交互？ 混合云架构在这种精确的场景中大放异彩。

创建混合云架构 (Creating a Hybrid Cloud Architecture)

Let’s assume you’re developing your car website with a standard 3-tier architecture:

假设您要使用标准的3层架构来开发汽车网站：

A standard 3-tier architecture for our car website

我们汽车网站的标准3层架构

The website user requests a page from a web server that displays a list of cars. On Azure, this could be an application running on App Services or even an Azure Storage instance that serves static files. In order to display car data, the web server would make a request to the application server, which could also be an application running on App Services. When the application server receives a request for car data, it queries the cloud database and returns the results.

网站用户从Web服务器请求显示汽车列表的页面。 在Azure上，这可能是运行在App Services上的应用程序，甚至可能是提供静态文件的Azure存储实例。 为了显示汽车数据，Web服务器将向应用程序服务器发出请求，该应用程序服务器也可以是在App Services上运行的应用程序。 当应用程序服务器收到汽车数据请求时，它将查询云数据库并返回结果。

创建虚拟网络 (Creating a Virtual Network)

Despite our efforts, the car data we need is still located on-premise and cannot be accessed by our cloud application. The simple, but risky solution is to expose resources on the internal network via port forwarding and access them directly. A more secure option is to create an Azure Virtual Network that will house our Azure resources, then connect this network to our internal network. Here is our updated architecture after creating the Azure Virtual Network and connecting the application server:

尽管我们付出了很多努力，但所需的汽车数据仍然位于企业内部，无法由我们的云应用程序访问。 一种简单但有风险的解决方案是通过端口转发在内部网络上公开资源并直接访问它们。 一个更安全的选择是创建一个Azure虚拟网络来容纳我们的Azure资源，然后将该网络连接到我们的内部网络。 这是创建Azure虚拟网络并连接应用程序服务器之后的更新后的体系结构：

System architecture after creating our Azure Virtual Network

创建我们的Azure虚拟网络后的系统体系结构

连接网络 (Connecting the Networks)

A simple, secure way to connect our two networks together is via Site-to-Site VPN. A Site-to-Site (S2S) connection uses a VPN tunnel to securely transfer data between networks. Under the hood, the VPN tunnel embeds packets within other packets to ensure that only the desired recipient can access its contents. Note that an on-prem VPN device with a public IP is required for this type of connection. We must then create a VPN Gateway in our Azure Virtual Network and configure our on-prem VPN device to connect to this gateway. More details can be found in this article. Once this connection is complete we can access on-premise car inventory data from any Azure resource connected to the virtual network.

将我们的两个网络连接在一起的一种简单，安全的方法是通过站点到站点VPN。 站点到站点(S2S)连接使用VPN隧道在网络之间安全地传输数据。 在后台，VPN隧道将数据包嵌入其他数据包中，以确保只有所需的收件人才能访问其内容。 请注意，这种类型的连接需要具有公共IP的本地VPN设备。 然后，我们必须在Azure虚拟网络中创建一个VPN网关，并配置本地VPN设备以连接到该网关。 可以在本文中找到更多详细信息。 一旦此连接完成，我们就可以从连接到虚拟网络的任何Azure资源访问本地汽车库存数据。

System architecture after connecting Azure VNet to an internal network

将Azure VNet连接到内部网络后的系统体系结构

处理交通高峰 (Handling Spikes in Traffic)

The application server can now access car inventory data from the on-prem database and display it on the website. But what if our on-prem database cannot handle the spikes in traffic during peak website hours? One solution is to create a service on our Azure Virtual Network that performs a periodic ETL (Extract, Translate, Load) job that extracts data from our the on-premise database and loads it into a cloud database:

应用服务器现在可以从本地数据库访问汽车库存数据，并将其显示在网站上。 但是，如果我们的本地数据库无法处理网站高峰时段的流量高峰，该怎么办？ 一种解决方案是在我们的Azure虚拟网络上创建一项服务，该服务执行定期的ETL(提取，翻译，加载)作业，该作业将从我们的本地数据库中提取数据并将其加载到云数据库中：

System architecture after adding cloud database and ETL job

添加云数据库和ETL作业后的系统架构

Now if our application server receives an influx of requests, this load is handled entirely by cloud resources. Isolating this problem to the cloud opens up a variety of solutions including scaling up the cloud database to a higher tier or adding an Azure Cache for Redis. Also, our interaction with the on-prem database is restricted to the ETL service, thereby isolating any database retry logic or job scheduling considerations. Now our application server can simply focus on pulling car inventory data from our cloud database.

现在，如果我们的应用程序服务器收到大量请求，则此负载将完全由云资源处理。 将此问题隔离到云中可以提供多种解决方案，包括将云数据库扩展到更高的层或添加Azure Redis缓存。 同样，我们与本地数据库的交互仅限于ETL服务，从而隔离了任何数据库重试逻辑或作业调度注意事项。 现在，我们的应用服务器可以轻松地专注于从我们的云数据库中提取汽车库存数据。

利用混合云解决安全问题 (Addressing Security with the Hybrid Cloud)

By connecting to the hybrid cloud via an Azure Virtual Network, we have now enabled many security improvements. First of all, we have avoided publicly exposing resources on the internal network that may not have been designed with that consideration in mind. Secondly, we can now utilize Azure’s many security features including Azure Firewall, role-based access control (RBAC), Front Door DDOS protection, and KeyVault secret storage. Best of all, these features can be added virtually without the need for additional hardware or manual installations.

通过Azure虚拟网络连接到混合云，我们现在实现了许多安全性改进。 首先，我们避免在内部网络上公开公开那些可能不是出于这种考虑而设计的资源。 其次，我们现在可以利用Azure的许多安全功能，包括Azure防火墙，基于角色的访问控制(RBAC)，前门DDOS保护和KeyVault秘密存储。 最重要的是，这些功能几乎可以添加，而无需其他硬件或手动安装。

根据真实故事 (Based on a True Story)

Although the car dealership is fictional, it is inspired by actual problems that Callibrity solves for clients whose business previously depended upon on-premise resources. We’ve utilized this architecture for a company in the healthcare industry that allowed their website to handle a prolonged spike in traffic due to COVID-19 with ease that previously would have caused their business to grind to a halt. A hybrid cloud can promote the development of ambitious, cloud-based applications and enable a gradual low-risk migration of essential services to a cloud infrastructure.

尽管汽车经销店是虚构的，但它受到实际问题的启发，Callibrity为以前业务依赖内部资源的客户解决了这些问题。 我们已经为医疗保健行业的公司采用了这种架构，该公司允许其网站轻松处理由于COVID-19而导致的长时间流量高峰，而以前这很容易导致其业务停顿。 混合云可以促进雄心勃勃的基于云的应用程序的开发，并使基本服务逐渐向低风险迁移到云基础架构。

翻译自: https://medium.com/callibrity/building-a-hybrid-cloud-with-azure-4ebaef1a297c

天蓝色在ps中的色值