[英]Direct connect to SQL Azure vs connection via API service layer?
Currently our DB works in customer's local network and we have client app on C# to consume data.目前我们的数据库在客户的本地网络中工作,我们在 C# 上有客户端应用程序来使用数据。 Due to some business needs, we got order to start moving everything to Azure.
由于某些业务需要,我们接到命令开始将所有内容迁移到 Azure。 DB will be moving to Azure SQL.
DB 将迁移到 Azure SQL。
We had discussion about accessing DB.我们讨论了访问数据库。 There are two points:
有两点:
app(on-premises) -> API service (on Azure)-> SQL Azure
.app(on-premises) -> API service (on Azure)-> SQL Azure
。 This approach looks more reliable and secure, since we are hiding SQL Azure behind facade of API service and the app talks to our API service only.app(on-premises) -> SQL Azure
.app(on-premises) -> SQL Azure
。 So far we don't have any plans to change structure of DB or even increase count of DBs. What would you select and recommend, and why ?你会选择和推荐什么,为什么?
Few notes:几点注意事项:
Certainly an intermediate layer is one way to go.当然,中间层是一种方法。 There isn't enough detail to be sure, but I wonder why you don't try the second option.
没有足够的细节可以确定,但我想知道您为什么不尝试第二个选项。 Usually some redevelopment is normal.
通常一些重建是正常的。 But if you can get away without it, and you get sufficient performance then that's even better.
但是,如果您不用它就可以逃脱,并且获得足够的性能,那就更好了。
I hope this helps.我希望这有帮助。 Thank you.
谢谢你。 Guy
盖伊
If your application is not just a prototype (it sounds like it is not), then I advise you to build the intermediate API.如果您的应用程序不仅仅是一个原型(听起来好像不是),那么我建议您构建中间 API。 The primary reasons for this are:
造成这种情况的主要原因是:
Rolling out a new version of an API is simple: You have either only one deployment or you have something like Octopus Deploy that deploys to a few instances at the same time for you.推出新版本的 API 很简单:您要么只有一个部署,要么拥有像Octopus Deploy这样的东西,可以同时为您部署到几个实例。 Deploying client applications is usually much more involved: Creating installers, distributing them, making sure users install them, etc.
部署客户端应用程序通常更多地参与:创建安装程序,分发它们,确保用户安装它们,等等。
If you build the API, you will be able to make changes to the DB and hide these changes from the client applications by just modifying the API implementation, but keeping the API interfaces the same.如果您构建 API,您将能够对数据库进行更改,并通过修改 API 实现对客户端应用程序隐藏这些更改,但保持 API 接口相同。 Moving forward, this will simplify the tasks for your team considerably.
展望未来,这将大大简化您团队的任务。
As soon as you have different roles/permissions in your system, you will need to implement them with DB security features if you connect to the DB directly.一旦您的系统中有不同的角色/权限,如果您直接连接到数据库,您将需要使用数据库安全功能来实现它们。 This may work for simple cases, but even there it is a pain to manage.
这可能适用于简单的情况,但即使在那里管理也很痛苦。
With an API, you can implement authorization in the API using C#.通过 API,您可以使用 C# 在 API 中实现授权。 Like this, you can build whatever you need and you're not restricted by the security features the DB offers.
像这样,您可以构建您需要的任何东西,并且不受 DB 提供的安全功能的限制。
Also, if you don't take extra care about this, you may end up exposing the DB credentials to the client app, which will be a major security flaw.此外,如果您不特别注意这一点,您最终可能会将数据库凭据暴露给客户端应用程序,这将是一个主要的安全漏洞。
Build the intermediate API.构建中间 API。 Except you have strong reasons not to.
除非你有充分的理由不这样做。 As always with architecture considerations, I'm sure there are cases where the above points don't apply.
与架构方面的考虑一样,我确信在某些情况下上述几点不适用。 Just make sure you understand all the implications if you decide to go the direct route.
如果您决定走直接路线,请确保您了解所有含义。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.