{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"近期,微軟希望通過將Azure Active Directory (Azure AD)的“中斷模式”擴展到 Web 和桌面應用程序來提高其雲服務的彈性。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/advancing-service-resilience-in-azure-active-directory-with-its-backup-authentication-service","title":null,"type":null},"content":[{"type":"text","text":"據悉"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":",備份服務在正常運行的情況下保存必要的認證數據。對於從Azure AD到應用的成功認證過程的數據,備份服務可以安全地存儲這些數據三天。當Azure AD主服務出現故障時,備份身份驗證服務自動啓動,保證用戶的應用程序繼續運行。當主服務恢復時,身份驗證請求將被重新切換到主Azure AD服務。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/30\/a4\/30dee2aea48dfa736f066078d54711a4.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"Azure AD 備份工作原理"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"Azure AD 是 Microsoft 推出的基於雲的標識和訪問管理服務,可幫助員工登錄及訪問以下位置的資源:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"外部資源,例如 Microsoft Office 365、Azure 門戶以及成千上萬的其他 SaaS 應用程序。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"內部資源,例如公司網絡和 Intranet 上的應用,以及由自己的組織開發的任何雲應用。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"使用 AzureActive Directory 組管理應用和資源訪問。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"據悉,微軟 Azure AD 月活躍用戶(MAU)超過 4 億,每天要處理的認證達百億次。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"微軟稱,自 2019 年以來,Outlook Web Access 和 SharePoint Online 一直在運行,但在去年 9 月發生的Azure AD中斷期間,Outlook 和 SharePoint 都受到了影響。當時給出的原因是“最近的配置更改影響了後端存儲層”。這種情況下,備份服務似乎是不夠的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"微軟一直在忙於提高Azure AD的可靠性。在過去的幾個月裏,微軟通過認證服務轉移到 “蜂窩化架構”、備份認證服務、與區域認證端點透明集成、持續投資服務可擴展性和彈性、正在推出認證系統創新等,提高 Azure AD 的可靠性。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"今年 3 月,微軟由於誤刪了一個支持Azure AD使用OpenID或其它加密簽章標準協定的密鑰,導致Azure AD服務中斷。微軟當時引用了備份服務,但表示該服務並沒有提供幫助。“它提供了令牌發佈的覆蓋範圍,但沒有提供令牌驗證的覆蓋範圍,而故障來源於受影響的元數據端點。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"因此,備份服務的擴展顯然不會解決所有可能影響 Azure AD 的問題,即使它是有益的。今年 8 月,Gartner 分析師"},{"type":"link","attrs":{"href":"https:\/\/www.theregister.com\/2021\/08\/03\/gartner_verdict_on_public_cloud\/","title":null,"type":null},"content":[{"type":"text","text":"報告稱"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":",儘管 Azure 的性能從絕對意義上講並不差,但客戶“仍然擔心 Azure 可靠性對現實世界的影響”。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]}]}
微軟通過備份認證提高Azure AD 可靠性,但效果有限
{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"近期,微軟希望通過將Azure Active Directory (Azure AD)的“中斷模式”擴展到 Web 和桌面應用程序來提高其雲服務的彈性。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/advancing-service-resilience-in-azure-active-directory-with-its-backup-authentication-service","title":null,"type":null},"content":[{"type":"text","text":"據悉"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":",備份服務在正常運行的情況下保存必要的認證數據。對於從Azure AD到應用的成功認證過程的數據,備份服務可以安全地存儲這些數據三天。當Azure AD主服務出現故障時,備份身份驗證服務自動啓動,保證用戶的應用程序繼續運行。當主服務恢復時,身份驗證請求將被重新切換到主Azure AD服務。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/30\/a4\/30dee2aea48dfa736f066078d54711a4.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"Azure AD 備份工作原理"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"Azure AD 是 Microsoft 推出的基於雲的標識和訪問管理服務,可幫助員工登錄及訪問以下位置的資源:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"外部資源,例如 Microsoft Office 365、Azure 門戶以及成千上萬的其他 SaaS 應用程序。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"內部資源,例如公司網絡和 Intranet 上的應用,以及由自己的組織開發的任何雲應用。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"使用 AzureActive Directory 組管理應用和資源訪問。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"據悉,微軟 Azure AD 月活躍用戶(MAU)超過 4 億,每天要處理的認證達百億次。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"微軟稱,自 2019 年以來,Outlook Web Access 和 SharePoint Online 一直在運行,但在去年 9 月發生的Azure AD中斷期間,Outlook 和 SharePoint 都受到了影響。當時給出的原因是“最近的配置更改影響了後端存儲層”。這種情況下,備份服務似乎是不夠的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"微軟一直在忙於提高Azure AD的可靠性。在過去的幾個月裏,微軟通過認證服務轉移到 “蜂窩化架構”、備份認證服務、與區域認證端點透明集成、持續投資服務可擴展性和彈性、正在推出認證系統創新等,提高 Azure AD 的可靠性。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"今年 3 月,微軟由於誤刪了一個支持Azure AD使用OpenID或其它加密簽章標準協定的密鑰,導致Azure AD服務中斷。微軟當時引用了備份服務,但表示該服務並沒有提供幫助。“它提供了令牌發佈的覆蓋範圍,但沒有提供令牌驗證的覆蓋範圍,而故障來源於受影響的元數據端點。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"因此,備份服務的擴展顯然不會解決所有可能影響 Azure AD 的問題,即使它是有益的。今年 8 月,Gartner 分析師"},{"type":"link","attrs":{"href":"https:\/\/www.theregister.com\/2021\/08\/03\/gartner_verdict_on_public_cloud\/","title":null,"type":null},"content":[{"type":"text","text":"報告稱"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":",儘管 Azure 的性能從絕對意義上講並不差,但客戶“仍然擔心 Azure 可靠性對現實世界的影響”。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章