[{"data":1,"prerenderedAt":1994},["ShallowReactive",2],{"blog-\u002Fblog\u002Fcomparison\u002Fduicheng-vs-feiduicheng-jiami":3,"blog-related-\u002Fblog\u002Fcomparison\u002Fduicheng-vs-feiduicheng-jiami":413},{"id":4,"title":5,"author":6,"body":7,"category":383,"cover":384,"date":385,"description":386,"draft":387,"extension":388,"faq":389,"featured":387,"image":384,"keywords":399,"meta":402,"navigation":403,"path":404,"seo":405,"sitemap":406,"stem":407,"tags":408,"updated":385,"__hash__":412},"blog\u002Fblog\u002Fcomparison\u002Fduicheng-vs-feiduicheng-jiami.md","对称加密和非对称加密的区别","HNREIS",{"type":8,"value":9,"toc":356},"minimark",[10,19,22,27,94,97,99,103,110,113,116,121,124,130,133,135,149,151,154,161,164,167,173,176,179,184,187,197,201,204,220,223,226,230,233,237,240,244,247,250,264,267,270,320,323,326,347,350],[11,12,13,14,18],"p",{},"对称和非对称加密是两种加密方式，",[15,16,17],"strong",{},"各有用途，实际常结合用。"," 这篇讲清区别。",[11,20,21],{},"加密是数据安全的基础——无论是网站传输、数据存储、还是数字签名，背后都是加密技术在起作用。很多人听到\"对称\"\"非对称\"就头大，其实核心区别就一条：加密和解密用的是同一把钥匙，还是两把不同的钥匙。这个区别决定了它们各自适合什么场景。这篇用通俗方式把两种加密讲清楚。",[23,24,26],"h2",{"id":25},"对称-vs-非对称","对称 vs 非对称",[28,29,30,46],"table",{},[31,32,33],"thead",{},[34,35,36,40,43],"tr",{},[37,38,39],"th",{},"维度",[37,41,42],{},"对称加密",[37,44,45],{},"非对称加密",[47,48,49,61,72,83],"tbody",{},[34,50,51,55,58],{},[52,53,54],"td",{},"钥匙",[52,56,57],{},"一把（加解密同）",[52,59,60],{},"一对（公钥私钥）",[34,62,63,66,69],{},[52,64,65],{},"速度",[52,67,68],{},"快",[52,70,71],{},"慢",[34,73,74,77,80],{},[52,75,76],{},"钥匙传递",[52,78,79],{},"难（怎么安全传）",[52,81,82],{},"易（公钥可公开）",[34,84,85,88,91],{},[52,86,87],{},"适合",[52,89,90],{},"大量数据",[52,92,93],{},"钥匙交换\u002F签名",[11,95,96],{},"这张表是核心差异。钥匙的数量和传递方式决定了适用场景——对称加密快但钥匙传递难，非对称加密安全解决了钥匙传递但速度慢。实际应用中两者结合，取长补短。",[23,98,42],{"id":42},[100,101,102],"h3",{"id":102},"原理",[11,104,105,106,109],{},"对称加密用",[15,107,108],{},"同一把钥匙","加密和解密。发送方用钥匙 A 加密数据，接收方用同一把钥匙 A 解密数据。常见的对称加密算法有 AES、DES、ChaCha20，其中 AES 是当前主流。",[11,111,112],{},"打个比方：对称加密就像带锁的箱子，你和朋友各有一把同样的钥匙。你把东西放箱子里锁上寄给朋友，朋友用同样的钥匙打开。简单直接，加解密都快。",[100,114,115],{"id":115},"优势",[11,117,118,120],{},[15,119,68],{},"是对称加密的核心优势——算法设计适合大规模数据加密，现代 CPU 还有硬件加速（如 AES-NI），加密 1GB 数据可能只要几百毫秒。适合加密大量数据：文件加密、数据库加密、网络传输加密。",[100,122,123],{"id":123},"劣势",[11,125,126,129],{},[15,127,128],{},"钥匙传递难","是对称加密的核心难题——发送方和接收方要在通信前安全地共享同一把钥匙，但通信信道本身可能不安全（被监听）。如果钥匙在传递过程中被截获，加密就形同虚设。",[11,131,132],{},"这就是著名的\"钥匙分发问题\"——在互联网环境下，两个素未谋面的人怎么安全地共享一把钥匙？这个问题困扰了密码学很多年，直到非对称加密出现才解决。",[100,134,87],{"id":87},[11,136,137,140,141,144,145,148],{},[15,138,139],{},"大量数据加密","——文件加密、数据库加密、磁盘加密。",[15,142,143],{},"本地加密","——本机数据的加解密，不涉及钥匙传递。",[15,146,147],{},"通信双方已建立信任的场景","——双方已经安全共享了钥匙（如内部系统、VPN）。",[23,150,45],{"id":45},[100,152,102],{"id":153},"原理-1",[11,155,156,157,160],{},"非对称加密用",[15,158,159],{},"一对钥匙","：公钥（可公开）和私钥（保密）。公钥加密的数据只有对应的私钥能解密，私钥加密的数据只有对应的公钥能验证（这就是数字签名的基础）。常见的算法有 RSA、ECC（椭圆曲线）。",[11,162,163],{},"继续用箱子比喻：非对称加密像一种特殊的箱子——任何人都能用你的\"公开锁\"（公钥）锁上箱子，但只有你能用你的\"私人钥匙\"（私钥）打开。这就解决了钥匙传递问题：公钥可以随便公开，谁都能用，但只有私钥持有者能解开。",[100,165,115],{"id":166},"优势-1",[11,168,169,172],{},[15,170,171],{},"解决钥匙传递","是非对称加密的核心价值——公钥可以公开给任何人（放证书里、放网站上），谁都能用公钥加密数据发给你，但只有你的私钥能解密。通信双方不用事先共享钥匙。",[11,174,175],{},"这个特性让非对称加密成为互联网安全通信的基础——HTTPS、SSH、数字证书都依赖它。两个素未谋面的人也能安全通信。",[100,177,123],{"id":178},"劣势-1",[11,180,181,183],{},[15,182,71],{},"是非对称加密的主要劣势——算法涉及大数运算（如 RSA 涉及几百位大数的幂运算），速度比对称加密慢几个数量级。加密 1GB 数据用非对称加密可能要几分钟甚至更久，不适合大量数据加密。",[100,185,87],{"id":186},"适合-1",[11,188,189,192,193,196],{},[15,190,191],{},"钥匙交换","——用非对称加密安全地传递对称钥匙，再用对称加密传输数据（HTTPS 的核心机制）。",[15,194,195],{},"数字签名","——用私钥签名，公钥验证，确认数据来源和完整性。",[23,198,200],{"id":199},"实际结合https","实际结合（HTTPS）",[11,202,203],{},"HTTPS 是两种加密结合的典型例子，兼顾安全和速度：",[205,206,207,214],"ol",{},[208,209,210,213],"li",{},[15,211,212],{},"用非对称加密安全交换对称钥匙","——浏览器和服务器通过非对称加密协商出一个对称钥匙，这个过程即使被监听，攻击者也解不开（因为没有私钥）。",[208,215,216,219],{},[15,217,218],{},"用对称加密传输数据","——协商好对称钥匙后，后续所有数据传输都用对称加密，速度快。",[11,221,222],{},"这种\"非对称解决钥匙传递、对称解决数据加密\"的组合，既安全又快速，是现代互联网通信的标准模式。",[23,224,225],{"id":225},"应用场景",[100,227,229],{"id":228},"_1-https","1. HTTPS",[11,231,232],{},"网站加密传输——所有现代网站都用 HTTPS。非对称加密（在 TLS 握手阶段）+ 对称加密（数据传输阶段）结合。没有 HTTPS，用户的密码、支付信息、个人信息都可能被抓包窃取。",[100,234,236],{"id":235},"_2-数据存储加密","2. 数据存储加密",[11,238,239],{},"敏感数据加密存储——数据库里的密码、身份证号、银行卡号要加密存储。通常用对称加密（AES），因为要加密的数据量大、速度要求高。",[100,241,243],{"id":242},"_3-数字签名","3. 数字签名",[11,245,246],{},"签名和验证——软件发布者用私钥签名软件，用户用发布者的公钥验证签名，确认软件没被篡改、确实来自该发布者。代码签名、电子合同、区块链交易都依赖数字签名。",[23,248,249],{"id":249},"别踩的坑",[11,251,252,255,256,259,260,263],{},[15,253,254],{},"不用加密传输","——网站不用 HTTPS，用户数据明文传输，被抓包就能看到。现在主流浏览器对非 HTTPS 网站会标记\"不安全\"，SEO 也会受影响。",[15,257,258],{},"钥匙管理乱","——加密钥匙明文存储、代码里硬编码、权限混乱，泄露风险高。钥匙管理是加密系统最薄弱的环节。",[15,261,262],{},"敏感数据不加密存储","——数据库里密码明文、身份证号明文，一旦数据库泄露所有数据裸奔。",[23,265,266],{"id":266},"成本参考",[11,268,269],{},"加密是技术实现，开源库支持，成本主要在开发：",[28,271,272,285],{},[31,273,274],{},[34,275,276,279,282],{},[37,277,278],{},"方面",[37,280,281],{},"说明",[37,283,284],{},"成本",[47,286,287,298,309],{},[34,288,289,292,295],{},[52,290,291],{},"加密实现",[52,293,294],{},"开源库",[52,296,297],{},"低（开发）",[34,299,300,303,306],{},[52,301,302],{},"钥匙管理",[52,304,305],{},"安全存储",[52,307,308],{},"中",[34,310,311,314,317],{},[52,312,313],{},"证书",[52,315,316],{},"HTTPS证书",[52,318,319],{},"低（有免费）",[11,321,322],{},"加密算法的开源实现成熟完善——OpenSSL、libsodium、Tink 等开源库覆盖所有主流算法，开发工作量小。钥匙管理（密钥的安全存储、轮换、撤销）需要投入，特别是生产环境要用 KMS（密钥管理服务）。HTTPS 证书现在免费（Let's Encrypt）或低价（商业证书），不再是成本门槛。",[23,324,325],{"id":325},"老板要关心的",[327,328,329,335,341],"ul",{},[208,330,331,334],{},[15,332,333],{},"传输加密（HTTPS）","——网站和 APP 的数据传输必须加密，这是基本安全要求。",[208,336,337,340],{},[15,338,339],{},"敏感数据加密存储","——数据库里的密码、身份证、银行卡等敏感信息要加密存储，不能明文。",[208,342,343,346],{},[15,344,345],{},"钥匙和证书管理","——加密钥匙的安全管理是关键，钥匙泄露等于加密失效。",[11,348,349],{},"老板不需要懂算法细节，但要确认这些安全措施到位——这反映系统的安全性和团队的专业度。",[351,352,353],"blockquote",{},[11,354,355],{},"广州市汉诺雷斯（HNREIS）帮企业做数据安全（传输加密\u002F存储加密），用成熟加密方案。把你的安全需求告诉我们，我们给出方案。",{"title":357,"searchDepth":358,"depth":358,"links":359},"",2,[360,361,368,374,375,380,381,382],{"id":25,"depth":358,"text":26},{"id":42,"depth":358,"text":42,"children":362},[363,365,366,367],{"id":102,"depth":364,"text":102},3,{"id":115,"depth":364,"text":115},{"id":123,"depth":364,"text":123},{"id":87,"depth":364,"text":87},{"id":45,"depth":358,"text":45,"children":369},[370,371,372,373],{"id":153,"depth":364,"text":102},{"id":166,"depth":364,"text":115},{"id":178,"depth":364,"text":123},{"id":186,"depth":364,"text":87},{"id":199,"depth":358,"text":200},{"id":225,"depth":358,"text":225,"children":376},[377,378,379],{"id":228,"depth":364,"text":229},{"id":235,"depth":364,"text":236},{"id":242,"depth":364,"text":243},{"id":249,"depth":358,"text":249},{"id":266,"depth":358,"text":266},{"id":325,"depth":358,"text":325},"comparison",null,"2024-11-06","对称加密用一把钥匙，非对称用公私钥一对，各有用途。本文用通俗方式讲清两种加密的区别和应用。",false,"md",[390,393,396],{"q":391,"a":392},"对称和非对称加密什么区别？","对称加密用同一把钥匙加解密（快，但钥匙怎么安全传递是问题）；非对称加密用一对公钥私钥（公钥加密私钥解密，安全，但慢）。实际应用常结合——用非对称安全交换对称钥匙，再用对称加密传输数据（HTTPS就是这样）。",{"q":394,"a":395},"哪种更安全？","各有特点。非对称解决了钥匙传递问题（公钥可公开，私钥保密），更适合需要安全交换钥匙的场景；对称加密速度快，适合大量数据加密。不是哪个更安全，而是各司其职，结合用最实用（HTTPS就是结合）。",{"q":397,"a":398},"老板需要了解吗？","了解概念即可——加密保护数据安全，HTTPS用加密保护传输。具体技术细节是开发的事。老板要关心的是数据安全（传输加密\u002F存储加密）是否做到，这反映系统安全性。",[42,45,400,401],"加密区别","HTTPS加密",{},true,"\u002Fblog\u002Fcomparison\u002Fduicheng-vs-feiduicheng-jiami",{"title":5,"description":386},{"loc":404},"blog\u002Fcomparison\u002Fduicheng-vs-feiduicheng-jiami",[409,410,411],"加密","安全","技术","X1xL_KGdunaM7rxIetkTYwO7HOA3UIB-aAIgxb7Nia4",[414,818,1238,1604],{"id":415,"title":416,"author":6,"body":417,"category":383,"cover":384,"date":791,"description":792,"draft":387,"extension":388,"faq":793,"featured":387,"image":384,"keywords":803,"meta":808,"navigation":403,"path":809,"seo":810,"sitemap":811,"stem":812,"tags":813,"updated":791,"__hash__":817},"blog\u002Fblog\u002Fcomparison\u002Fapi-jiekou-shiye.md","API、接口、集成这些词到底是什么意思",{"type":8,"value":418,"toc":771},[419,425,429,435,438,449,454,457,460,466,469,474,476,487,492,495,498,512,515,529,534,537,541,555,558,569,572,577,580,587,604,609,612,615,637,642,645,682,688,691,717,720,723,749,752,766],[11,420,421,422],{},"老板常被 API、接口、集成这些技术词绕晕。",[15,423,424],{},"这篇用大白话讲清，帮老板听懂技术沟通。",[23,426,428],{"id":427},"api-是什么大白话","API 是什么（大白话）",[11,430,431,434],{},[15,432,433],{},"API 是两个软件\"对话\"的通道","。",[11,436,437],{},"例子：",[327,439,440,443,446],{},[208,441,442],{},"你的小程序要查物流 → 通过物流公司 API 问\"单号到哪了\" → 物流系统回\"已签收\"。",[208,444,445],{},"你的官网要收款 → 通过支付 API 让客户付款 → 支付系统回\"付款成功\"。",[208,447,448],{},"你的系统要发短信 → 通过短信 API 发 → 短信平台发出去。",[11,450,451,434],{},[15,452,453],{},"API 让不同软件自动互通数据，不用人工搬",[11,455,456],{},"打个比方：API 像餐厅的\"服务员\"——你（小程序）告诉服务员（API）要什么，服务员告诉厨房（另一个系统），厨房做好端回来。你不用自己进厨房。",[23,458,459],{"id":459},"接口是什么",[11,461,462,465],{},[15,463,464],{},"接口就是 API","（同义词）。技术人员说\"做个接口\"\"对接接口\"，就是做 API 让系统互通。",[23,467,468],{"id":468},"集成是什么",[11,470,471,434],{},[15,472,473],{},"集成 = 把多个系统通过 API 连起来，数据自动流通",[11,475,437],{},[327,477,478,481,484],{},[208,479,480],{},"独立站 + ERP 集成：独立站订单自动进 ERP，ERP 库存自动同步独立站。",[208,482,483],{},"小程序 + CRM 集成：小程序客户数据自动进 CRM。",[208,485,486],{},"系统 + 支付集成：系统通过支付 API 收款。",[11,488,489,434],{},[15,490,491],{},"集成让数据自动流，替代人工搬数据",[23,493,494],{"id":494},"企业为什么要做接口集成",[100,496,497],{"id":497},"不集成的问题",[327,499,500,503,506,509],{},[208,501,502],{},"多个系统（独立站\u002FERP\u002FCRM\u002F物流），数据不通。",[208,504,505],{},"人工把数据从一个系统搬到另一个（累、易错）。",[208,507,508],{},"数据不同步（独立站卖了 ERP 库存没减，超卖）。",[208,510,511],{},"效率低。",[100,513,514],{"id":514},"集成的好处",[327,516,517,520,523,526],{},[208,518,519],{},"数据自动流通（订单\u002F库存\u002F客户自动同步）。",[208,521,522],{},"替代人工（省人力、避错）。",[208,524,525],{},"实时同步（不超卖、不漏单）。",[208,527,528],{},"数据统一（可分析）。",[11,530,531,434],{},[15,532,533],{},"系统越多，集成价值越大",[23,535,536],{"id":536},"常见的集成场景",[100,538,540],{"id":539},"电商独立站","电商\u002F独立站",[327,542,543,546,549,552],{},[208,544,545],{},"独立站 ↔ ERP（订单\u002F库存同步）。",[208,547,548],{},"独立站 ↔ 物流（发货\u002F追踪）。",[208,550,551],{},"独立站 ↔ 支付（收款）。",[208,553,554],{},"独立站 ↔ CRM（客户管理）。",[100,556,557],{"id":557},"企业内部",[327,559,560,563,566],{},[208,561,562],{},"系统 ↔ OA（审批\u002F通知）。",[208,564,565],{},"系统 ↔ 财务（对账\u002F开票）。",[208,567,568],{},"系统 ↔ 企微\u002F钉钉（消息\u002F工作流）。",[100,570,571],{"id":571},"数据",[327,573,574],{},[208,575,576],{},"系统 ↔ 数据分析（数据汇总\u002F报表）。",[23,578,579],{"id":579},"集成怎么实现",[11,581,582,583,586],{},"通过 ",[15,584,585],{},"API 对接","：",[205,588,589,592,595,598,601],{},[208,590,591],{},"确认要对接的系统（ERP\u002F物流\u002F支付）。",[208,593,594],{},"看各系统是否提供 API（文档）。",[208,596,597],{},"开发对接（系统间调 API 传数据）。",[208,599,600],{},"测试（数据准确、异常处理）。",[208,602,603],{},"上线 + 监控。",[11,605,606,434],{},[15,607,608],{},"自建系统（Nuxt\u002FVue）能灵活对接任意系统，这是它比 SaaS 的优势",[23,610,611],{"id":611},"老板该懂什么",[11,613,614],{},"老板不用懂代码，懂这些：",[327,616,617,622,627,632],{},[208,618,619,434],{},[15,620,621],{},"API = 软件之间自动传数据的通道",[208,623,624,434],{},[15,625,626],{},"集成 = 多系统数据自动流通",[208,628,629,434],{},[15,630,631],{},"集成能替代人工、提效避错",[208,633,634,434],{},[15,635,636],{},"集成成本看系统数量和复杂度",[11,638,639,434],{},[15,640,641],{},"懂这些，就能和技术\u002F服务商沟通集成需求",[23,643,644],{"id":644},"集成的成本",[28,646,647,656],{},[31,648,649],{},[34,650,651,654],{},[37,652,653],{},"集成类型",[37,655,284],{},[47,657,658,666,674],{},[34,659,660,663],{},[52,661,662],{},"对接一个系统（如 ERP）",[52,664,665],{},"1-3 万",[34,667,668,671],{},[52,669,670],{},"多系统集成",[52,672,673],{},"3-8 万",[34,675,676,679],{},[52,677,678],{},"复杂（双向同步\u002F多系统\u002F定制）",[52,680,681],{},"8 万+",[11,683,684,687],{},[15,685,686],{},"ROI 明确","（替代人工、提效、避错）。",[23,689,690],{"id":690},"常见误区",[327,692,693,699,705,711],{},[208,694,695,698],{},[15,696,697],{},"\"接口很复杂不用懂\"","：老板懂概念就行（API = 数据通道）。",[208,700,701,704],{},[15,702,703],{},"\"不集成也能用\"","：人工搬数据累易错，不可持续。",[208,706,707,710],{},[15,708,709],{},"\"集成是一次性的\"","：系统升级\u002F业务变化，集成要维护。",[208,712,713,716],{},[15,714,715],{},"\"SaaS 不用集成\"","：SaaS 也要和其他系统打通。",[23,718,719],{"id":719},"怎么判断要不要集成",[11,721,722],{},"问自己：",[205,724,725,731,737,743],{},[208,726,727,730],{},[15,728,729],{},"有多个系统吗？"," 有 → 可能要集成。",[208,732,733,736],{},[15,734,735],{},"人工搬数据吗？"," 搬 → 该集成。",[208,738,739,742],{},[15,740,741],{},"数据需要同步吗？"," 需要 → 集成。",[208,744,745,748],{},[15,746,747],{},"集成 ROI 划算吗？","（省的人力 > 投入）划算 → 做。",[23,750,751],{"id":751},"怎么做",[205,753,754,757,760,763],{},[208,755,756],{},"梳理要对接的系统 + 数据流。",[208,758,759],{},"确认各系统 API。",[208,761,762],{},"开发对接。",[208,764,765],{},"测试 + 监控。",[351,767,768],{},[11,769,770],{},"广州市汉诺雷斯（HNREIS）提供系统集成（API 对接 ERP\u002F物流\u002F支付\u002FCRM），帮企业打通数据。把你的系统情况告诉我们，我们设计集成方案。",{"title":357,"searchDepth":358,"depth":358,"links":772},[773,774,775,776,780,785,786,787,788,789,790],{"id":427,"depth":358,"text":428},{"id":459,"depth":358,"text":459},{"id":468,"depth":358,"text":468},{"id":494,"depth":358,"text":494,"children":777},[778,779],{"id":497,"depth":364,"text":497},{"id":514,"depth":364,"text":514},{"id":536,"depth":358,"text":536,"children":781},[782,783,784],{"id":539,"depth":364,"text":540},{"id":557,"depth":364,"text":557},{"id":571,"depth":364,"text":571},{"id":579,"depth":358,"text":579},{"id":611,"depth":358,"text":611},{"id":644,"depth":358,"text":644},{"id":690,"depth":358,"text":690},{"id":719,"depth":358,"text":719},{"id":751,"depth":358,"text":751},"2024-05-15","老板常被 API、接口、集成这些技术词绕晕。本文用大白话讲清这些概念和企业集成场景，帮老板听懂技术沟通。",[794,797,800],{"q":795,"a":796},"API 到底是什么，大白话说？","API 是两个软件\"对话\"的通道。比如你的小程序要查物流，就通过物流公司的 API 问\"这个单号到哪了\"，物流系统通过 API 回\"已签收\"。API 让不同软件能互通数据，不用人工搬。你不用懂代码，只要知道\"API = 软件之间自动传数据的通道\"。",{"q":798,"a":799},"我们为什么要做接口集成？","因为你的多个系统要互通。比如独立站订单要进 ERP、库存要同步、物流要追踪，不集成就要人工把数据从一个系统搬到另一个（累、易错）。集成后数据自动流通，提效准确。系统越多，集成价值越大。",{"q":801,"a":802},"接口集成要多少钱？","看对接的系统数量和复杂度。对接一个系统（如 ERP）通常 1-3 万；多系统集成（ERP+物流+支付+CRM）3-8 万。集成能替代人工、提效避错，ROI 明确。",[804,805,806,807],"API接口通俗解释","什么是API","接口集成","系统对接",{},"\u002Fblog\u002Fcomparison\u002Fapi-jiekou-shiye",{"title":416,"description":792},{"loc":809},"blog\u002Fcomparison\u002Fapi-jiekou-shiye",[814,815,816],"API","概念","通俗","A7Jdt6jv4eTPYhdWviHOSLSzOR5pN0xxO_6QT9M2ODg",{"id":819,"title":820,"author":6,"body":821,"category":383,"cover":384,"date":1212,"description":1213,"draft":387,"extension":388,"faq":1214,"featured":387,"image":384,"keywords":1224,"meta":1229,"navigation":403,"path":1230,"seo":1231,"sitemap":1232,"stem":1233,"tags":1234,"updated":1212,"__hash__":1237},"blog\u002Fblog\u002Fcomparison\u002Fapi-wangguan-shi-shenme.md","API网关是什么",{"type":8,"value":822,"toc":1196},[823,830,833,836,839,849,852,855,861,865,879,883,897,901,915,919,933,937,951,955,963,966,1012,1015,1019,1022,1067,1092,1094,1120,1122,1159,1162,1165,1191],[11,824,825,826,829],{},"API 网关是系统架构里常见的组件，",[15,827,828],{},"通俗说就是系统的\"统一前台\"。"," 这篇讲清是什么、解决什么、要不要用。",[23,831,820],{"id":832},"api网关是什么",[11,834,835],{},"在微服务架构里，后端可能拆分成几十个甚至上百个服务。如果每个服务都直接对外提供接口，客户端要记住每个服务的地址、每个服务都要自己处理鉴权限流——这会非常混乱。API 网关就是解决这个问题的。",[11,837,838],{},"所有外部请求先到网关，网关统一处理后转发到后端：",[840,841,846],"pre",{"className":842,"code":844,"language":845},[843],"language-text","客户端 → API网关（鉴权\u002F限流\u002F监控）→ 后端服务\n","text",[847,848,844],"code",{"__ignoreMap":357},[11,850,851],{},"类比公司前台：访客（客户端请求）先到前台登记（鉴权\u002F限流），前台再引导到对应部门（转发到后端服务）。访客不用记每个部门在哪，部门也不用自己设前台。",[23,853,854],{"id":854},"网关做什么",[11,856,857,858,434],{},"API 网关的核心职责是",[15,859,860],{},"把各服务都要做的\"公共事\"统一收口",[100,862,864],{"id":863},"_1-统一入口","1. 统一入口",[327,866,867,873],{},[208,868,869,872],{},[15,870,871],{},"所有请求统一入口","：客户端只需要知道网关地址，不用记每个服务的地址。",[208,874,875,878],{},[15,876,877],{},"后端服务不直接暴露","：后端服务可以部署在内网，只把网关暴露在外网，安全风险降低。",[100,880,882],{"id":881},"_2-鉴权","2. 鉴权",[327,884,885,891],{},[208,886,887,890],{},[15,888,889],{},"统一身份验证","：所有请求的鉴权在网关统一做，比如验证 token、校验权限。",[208,892,893,896],{},[15,894,895],{},"后端不用各自鉴权","：后端服务可以信任网关已通过的请求，专注业务逻辑，不用重复写鉴权代码。",[100,898,900],{"id":899},"_3-限流","3. 限流",[327,902,903,909],{},[208,904,905,908],{},[15,906,907],{},"防止过载和恶意请求","：网关按规则限制每个客户端、每个接口的调用频率，防止恶意刷接口或突发流量压垮后端。",[208,910,911,914],{},[15,912,913],{},"保护后端","：流量超出后端承受能力时，网关可以拒绝或排队，保护后端不被打挂。",[100,916,918],{"id":917},"_4-路由转发","4. 路由转发",[327,920,921,927],{},[208,922,923,926],{},[15,924,925],{},"请求转发到对应服务","：网关根据请求路径、头部等信息，把请求转发到正确的后端服务。",[208,928,929,932],{},[15,930,931],{},"负载均衡","：一个服务有多个实例时，网关把请求分发到不同实例，提升整体处理能力。",[100,934,936],{"id":935},"_5-监控日志","5. 监控日志",[327,938,939,945],{},[208,940,941,944],{},[15,942,943],{},"统一监控和日志","：所有请求的调用量、响应时间、错误率在网关统一采集，不用每个服务各自做。",[208,946,947,950],{},[15,948,949],{},"可观测性","：网关的监控数据是排查问题、优化性能的重要依据。",[100,952,954],{"id":953},"_6-协议转换","6. 协议转换",[327,956,957],{},[208,958,959,962],{},[15,960,961],{},"不同协议转换","：客户端用 HTTP，后端用 gRPC 或 Dubbo，网关可以做协议转换，让前后端用各自适合的协议。",[23,964,965],{"id":965},"为什么用网关",[28,967,968,978],{},[31,969,970],{},[34,971,972,975],{},[37,973,974],{},"问题",[37,976,977],{},"网关解决",[47,979,980,988,996,1004],{},[34,981,982,985],{},[52,983,984],{},"鉴权散在各服务",[52,986,987],{},"统一鉴权",[34,989,990,993],{},[52,991,992],{},"服务直接暴露",[52,994,995],{},"统一入口保护",[34,997,998,1001],{},[52,999,1000],{},"流量过载",[52,1002,1003],{},"限流",[34,1005,1006,1009],{},[52,1007,1008],{},"监控散",[52,1010,1011],{},"统一监控",[11,1013,1014],{},"不用网关的情况下，每个服务都要自己实现鉴权、限流、监控、日志，代码重复、维护成本高，还容易出不一致的问题。网关把这些公共能力收口，后端服务可以更专注业务。",[23,1016,1018],{"id":1017},"用-vs-不用","用 vs 不用",[11,1020,1021],{},"网关不是所有系统都需要，要看规模和复杂度。",[28,1023,1024,1034],{},[31,1025,1026],{},[34,1027,1028,1031],{},[37,1029,1030],{},"情况",[37,1032,1033],{},"建议",[47,1035,1036,1044,1052,1060],{},[34,1037,1038,1041],{},[52,1039,1040],{},"服务少\u002F简单",[52,1042,1043],{},"不一定需要",[34,1045,1046,1049],{},[52,1047,1048],{},"微服务\u002F服务多",[52,1050,1051],{},"价值大",[34,1053,1054,1057],{},[52,1055,1056],{},"开放API",[52,1058,1059],{},"需要",[34,1061,1062,1065],{},[52,1063,1064],{},"多端接入",[52,1066,1059],{},[327,1068,1069,1075,1081,1087],{},[208,1070,1071,1074],{},[15,1072,1073],{},"服务少、简单","：比如一个单体应用就两三个接口，上不上网关差别不大，反而增加复杂度。",[208,1076,1077,1080],{},[15,1078,1079],{},"微服务、服务多","：服务一多，没有网关统一管理会很痛苦，网关价值就体现出来了。",[208,1082,1083,1086],{},[15,1084,1085],{},"开放 API","：对外提供 API 的场景，网关几乎是必需品——鉴权、限流、文档、监控都要在网关层做。",[208,1088,1089,1091],{},[15,1090,1064],{},"：APP、小程序、Web、第三方多端接入，网关统一入口能简化接入复杂度。",[23,1093,249],{"id":249},[327,1095,1096,1102,1108,1114],{},[208,1097,1098,1101],{},[15,1099,1100],{},"简单系统上重网关","：就两三个服务的简单系统，非要上 Kong 或 APISIX 这种重网关，属于过度设计，增加运维负担。",[208,1103,1104,1107],{},[15,1105,1106],{},"自己从头开发","：网关是成熟领域，有很多开源和商业产品（Kong、APISIX、云厂商网关），自己从头开发既慢又容易出问题。",[208,1109,1110,1113],{},[15,1111,1112],{},"网关成单点","：网关挂了整个系统就访问不了，必须做高可用部署（多实例、负载均衡）。",[208,1115,1116,1119],{},[15,1117,1118],{},"鉴权还散在各服务","：上了网关但鉴权还在各服务自己做，等于没用上网关的核心价值。",[23,1121,266],{"id":266},[28,1123,1124,1136],{},[31,1125,1126],{},[34,1127,1128,1131,1133],{},[37,1129,1130],{},"方案",[37,1132,281],{},[37,1134,1135],{},"成本量级",[47,1137,1138,1149],{},[34,1139,1140,1143,1146],{},[52,1141,1142],{},"开源\u002F云网关",[52,1144,1145],{},"Kong\u002FAPISIX\u002F云厂商",[52,1147,1148],{},"低到中",[34,1150,1151,1154,1157],{},[52,1152,1153],{},"定制集成",[52,1155,1156],{},"和业务深度集成",[52,1158,308],{},[11,1160,1161],{},"主流网关产品（Kong、APISIX）开源免费，主要成本是部署运维。云厂商的网关服务（阿里云、腾讯云、AWS）按量计费，用量不大的话成本不高。自己定制集成成本中等，适合有特殊需求的场景。",[23,1163,1164],{"id":1164},"怎么选",[205,1166,1167,1173,1179,1185],{},[208,1168,1169,1172],{},[15,1170,1171],{},"评估服务数量和复杂度","：服务多、架构复杂才考虑网关。",[208,1174,1175,1178],{},[15,1176,1177],{},"简单系统不一定需要","：两三个服务的单体应用不用上网关。",[208,1180,1181,1184],{},[15,1182,1183],{},"微服务\u002F开放API用网关","：服务多、对外开放的场景，网关价值大。",[208,1186,1187,1190],{},[15,1188,1189],{},"优先成熟产品","：用 Kong、APISIX、云厂商网关，不要自己从头开发。",[351,1192,1193],{},[11,1194,1195],{},"广州市汉诺雷斯（HNREIS）帮企业做系统架构设计，含API网关选型和集成。把你的系统需求告诉我们，我们给出架构建议。",{"title":357,"searchDepth":358,"depth":358,"links":1197},[1198,1199,1207,1208,1209,1210,1211],{"id":832,"depth":358,"text":820},{"id":854,"depth":358,"text":854,"children":1200},[1201,1202,1203,1204,1205,1206],{"id":863,"depth":364,"text":864},{"id":881,"depth":364,"text":882},{"id":899,"depth":364,"text":900},{"id":917,"depth":364,"text":918},{"id":935,"depth":364,"text":936},{"id":953,"depth":364,"text":954},{"id":965,"depth":358,"text":965},{"id":1017,"depth":358,"text":1018},{"id":249,"depth":358,"text":249},{"id":266,"depth":358,"text":266},{"id":1164,"depth":358,"text":1164},"2024-05-28","API网关是系统的统一入口，负责转发、鉴权、限流和监控。本文用通俗方式讲清API网关是什么、解决什么问题、企业要不要用。",[1215,1218,1221],{"q":1216,"a":1217},"API网关是什么，简单说？","API网关是系统的\"统一前台\"——所有外部请求先到网关，网关再转发到后端服务。它统一处理鉴权、限流、监控、日志这些公共事，后端服务专注业务。类比公司前台，访客先到前台登记再进去。",{"q":1219,"a":1220},"企业一定要用API网关吗？","不一定。系统简单、服务少，不一定需要网关。服务多（微服务）、要统一鉴权限流监控、对外开放API、多端接入时，网关价值大。建议按规模和复杂度选，不要为用而用。",{"q":1222,"a":1223},"API网关要花多少钱？","看方式。用开源\u002F云网关产品（如Kong\u002FAPISIX\u002F云厂商网关）成本较低，按量或自建运维；定制集成成本中等。建议优先用成熟网关产品，而不是自己从头开发。",[1225,1226,1227,1228],"API网关","网关是什么","API管理","微服务网关",{},"\u002Fblog\u002Fcomparison\u002Fapi-wangguan-shi-shenme",{"title":820,"description":1213},{"loc":1230},"blog\u002Fcomparison\u002Fapi-wangguan-shi-shenme",[814,1235,1236],"网关","架构","CInYK4Or6VhknVKica8mjtvcuqr1CPVLRxjpJ0II3Fc",{"id":1239,"title":1240,"author":6,"body":1241,"category":383,"cover":384,"date":1580,"description":1581,"draft":387,"extension":388,"faq":1582,"featured":387,"image":384,"keywords":1592,"meta":1596,"navigation":403,"path":1597,"seo":1598,"sitemap":1599,"stem":1600,"tags":1601,"updated":1580,"__hash__":1603},"blog\u002Fblog\u002Fcomparison\u002Fbanben-kongzhi-git.md","代码版本控制（Git）是什么",{"type":8,"value":1242,"toc":1566},[1243,1250,1253,1257,1260,1266,1272,1278,1282,1286,1289,1299,1303,1306,1316,1320,1323,1337,1341,1351,1355,1424,1427,1430,1436,1442,1448,1454,1456,1474,1476,1479,1526,1529,1532,1558,1561],[11,1244,1245,1246,1249],{},"Git 是开发团队的必备工具，",[15,1247,1248],{},"通俗说是代码的\"时光机\"和\"协作台\"。"," 这篇讲清老板需要了解的。",[11,1251,1252],{},"软件开发是个高度协作的工作——几个甚至几十个开发同时改同一份代码，如果没有版本控制工具，光是\"谁改了什么\"\"怎么合并\"\"改坏了怎么回退\"这些问题就能让团队崩溃。Git 就是为了解决这些问题而生的工具，它已经成为软件开发行业的标准配置。这篇用通俗方式讲清 Git 是什么、为什么开发要用、老板需要关心什么。",[23,1254,1256],{"id":1255},"git是什么","Git是什么",[11,1258,1259],{},"Git 是代码版本控制工具，核心做三件事：",[11,1261,1262,1265],{},[15,1263,1264],{},"记录历史","——代码的每次改动都有记录（谁、什么时候、改了什么），能回到任何历史版本。相当于代码的\"时光机\"，改坏了随时回退。",[11,1267,1268,1271],{},[15,1269,1270],{},"多人协作","——多个开发同时改代码，Git 能自动合并、识别冲突。相当于代码的\"协作台\"，让团队并行开发而不互相踩踏。",[11,1273,1274,1277],{},[15,1275,1276],{},"分支","——从主线分出独立分支，在分支上做新功能，做完再合并回主线。相当于代码的\"平行宇宙\"，多个功能同时开发互不影响。",[23,1279,1281],{"id":1280},"为什么用git","为什么用Git",[100,1283,1285],{"id":1284},"_1-记录历史","1. 记录历史",[11,1287,1288],{},"代码的每一次改动（commit）都有完整记录——谁改的、什么时候改的、改了哪些文件、改了什么内容。这条记录链形成代码的完整历史。",[11,1290,1291,1294,1295,1298],{},[15,1292,1293],{},"改坏了能回退","——新功能改崩了，一条命令就能回到之前的稳定版本，不用从头再来。",[15,1296,1297],{},"知道谁改了什么","——出问题时能追溯到具体是哪次改动引入的 bug、谁改的，便于排查和复盘。历史记录还让代码审计、合规追溯成为可能——金融、医疗等强监管行业对代码变更有审计要求，Git 历史是天然的审计日志。",[100,1300,1302],{"id":1301},"_2-多人协作","2. 多人协作",[11,1304,1305],{},"没有版本控制时，多人改同一份代码要靠\"文件传来传去\"或\"共享文件夹\"，冲突频发、改动丢失、版本混乱。Git 让多人协作规范化——每个人在本地改，改完提交，Git 自动合并或识别冲突。",[11,1307,1308,1311,1312,1315],{},[15,1309,1310],{},"多人同时开发不冲突","——Git 的合并机制能自动合并不同部分的改动，相同部分的冲突会明确标出，让开发者手动解决。",[15,1313,1314],{},"合并代码规范","——通过 pull request（PR）或 merge request（MR）流程，代码合并前要经过 review（代码审查），保证质量。",[100,1317,1319],{"id":1318},"_3-分支","3. 分支",[11,1321,1322],{},"分支是 Git 的杀手级特性。从主线（main\u002Fmaster）分出独立分支，在分支上开发新功能，开发完成、测试通过后再合并回主线。",[11,1324,1325,1328,1329,1332,1333,1336],{},[15,1326,1327],{},"同时做多个功能","——开发 A 做支付功能、开发 B 做用户中心，两人各自在自己的分支上开发，互不影响。",[15,1330,1331],{},"互不影响","——某个功能开发中出了问题，不会污染主线，主线始终保持稳定。",[15,1334,1335],{},"测试稳定再合并","——功能在分支上开发测试，稳定后才合并到主线，主线始终是可发布的状态。",[100,1338,1340],{"id":1339},"_4-备份","4. 备份",[11,1342,1343,1346,1347,1350],{},[15,1344,1345],{},"代码在远程仓库备份","——本地代码 push 到远程仓库（GitHub、GitLab、Gitee），相当于异地备份。本地电脑坏了、丢了，代码还在远程仓库。",[15,1348,1349],{},"不怕丢","——多人协作时每个人都有一份完整副本，任何一份丢失都能从其他人恢复。",[23,1352,1354],{"id":1353},"git-vs-不用版本控制","Git vs 不用版本控制",[28,1356,1357,1369],{},[31,1358,1359],{},[34,1360,1361,1363,1366],{},[37,1362,39],{},[37,1364,1365],{},"Git",[37,1367,1368],{},"不用",[47,1370,1371,1382,1393,1404,1413],{},[34,1372,1373,1376,1379],{},[52,1374,1375],{},"历史",[52,1377,1378],{},"完整记录",[52,1380,1381],{},"没有",[34,1383,1384,1387,1390],{},[52,1385,1386],{},"协作",[52,1388,1389],{},"规范",[52,1391,1392],{},"手动易冲突",[34,1394,1395,1398,1401],{},[52,1396,1397],{},"回退",[52,1399,1400],{},"能",[52,1402,1403],{},"不能",[34,1405,1406,1408,1411],{},[52,1407,1276],{},[52,1409,1410],{},"支持",[52,1412,1381],{},[34,1414,1415,1418,1421],{},[52,1416,1417],{},"专业性",[52,1419,1420],{},"行业标准",[52,1422,1423],{},"不规范",[11,1425,1426],{},"不用版本控制的开发方式现在已经很少见——连个人开发者都用 Git 管理代码。如果一个开发团队不用 Git，基本可以判断为不规范。",[23,1428,1429],{"id":1429},"老板要了解的",[11,1431,1432,1435],{},[15,1433,1434],{},"规范团队都用 Git","——这是判断开发团队专业性的基本标准。用 Git 意味着团队有规范的开发流程（分支管理、代码审查、持续集成），而不是各自为政。反映专业性。",[11,1437,1438,1441],{},[15,1439,1440],{},"代码资产","——Git 仓库是企业的重要数字资产。仓库里不只是当前代码，还有完整的开发历史、设计决策、问题修复过程。这些是企业知识资产的重要组成部分。",[11,1443,1444,1447],{},[15,1445,1446],{},"源码交付","——服务商交付源码时，Git 仓库（含完整版本记录）是重要资产。只有当前代码没有历史记录，等于丢了开发过程的上下文。规范的源码交付应该包含 Git 仓库。源码含完整版本记录。",[11,1449,1450,1453],{},[15,1451,1452],{},"协作规范","——多人开发有据可查——谁做了什么、什么时候做的、为什么这么做，都有记录。出问题能追溯，避免推诿。",[23,1455,249],{"id":249},[11,1457,1458,1461,1462,1465,1466,1469,1470,1473],{},[15,1459,1460],{},"不用版本控制","——不规范、易丢代码。现在几乎没团队这么做了，但仍有个别服务商交付\"散落的代码文件\"而不是 Git 仓库，要注意。",[15,1463,1464],{},"不提交远程","——只在本地用 Git，不 push 到远程仓库，电脑坏了代码全丢。规范的团队都有远程仓库。",[15,1467,1468],{},"不分分支","——所有改动直接在主线做，功能混在一起乱、出问题难回退。规范团队都有分支策略（如 Git Flow、GitHub Flow）。",[15,1471,1472],{},"不写提交说明","——每次提交不写说明或写\"update\"\"fix\"这种无意义内容，不知道改了什么。规范团队要求写有意义的提交说明。",[23,1475,266],{"id":266},[11,1477,1478],{},"Git 本身免费（开源），成本在团队规范使用：",[28,1480,1481,1491],{},[31,1482,1483],{},[34,1484,1485,1487,1489],{},[37,1486,278],{},[37,1488,281],{},[37,1490,284],{},[47,1492,1493,1504,1515],{},[34,1494,1495,1498,1501],{},[52,1496,1497],{},"Git工具",[52,1499,1500],{},"开源免费",[52,1502,1503],{},"免费",[34,1505,1506,1509,1512],{},[52,1507,1508],{},"托管平台",[52,1510,1511],{},"GitHub\u002FGitLab等",[52,1513,1514],{},"免费\u002F订阅",[34,1516,1517,1520,1523],{},[52,1518,1519],{},"团队规范",[52,1521,1522],{},"培训使用",[52,1524,1525],{},"低",[11,1527,1528],{},"Git 工具完全免费。托管平台有免费档（GitHub 公开仓库免费、GitLab 免费版）和付费档（私有仓库、企业版），按团队规模每月几美元到几十美元。团队规范使用要培训，但 Git 已经是开发行业基础技能，招聘时默认会，培训成本很低。",[23,1530,1531],{"id":1531},"怎么确认团队规范",[205,1533,1534,1540,1546,1552],{},[208,1535,1536,1539],{},[15,1537,1538],{},"确认团队用 Git 管理代码","——这是基本标准。问\"代码在哪个仓库\"\"分支策略是什么\"能快速判断。",[208,1541,1542,1545],{},[15,1543,1544],{},"代码在远程仓库（备份）","——有远程托管（GitHub、GitLab、Gitee 或自建），不只本地。",[208,1547,1548,1551],{},[15,1549,1550],{},"有分支和提交记录","——查看仓库历史，有没有规范的分支、有意义的提交说明、代码审查记录。",[208,1553,1554,1557],{},[15,1555,1556],{},"源码交付含 Git 仓库","——服务商交付时应该交付 Git 仓库（含完整历史），不只是当前代码文件。",[11,1559,1560],{},"按这几点核对，能快速判断开发团队是否规范。规范的 Git 使用是专业开发的基本标志，也是代码资产安全的基本保障。",[351,1562,1563],{},[11,1564,1565],{},"广州市汉诺雷斯（HNREIS）用Git规范管理代码，源码完整交付（含版本记录）。把你的项目需求告诉我们，我们规范交付。",{"title":357,"searchDepth":358,"depth":358,"links":1567},[1568,1569,1575,1576,1577,1578,1579],{"id":1255,"depth":358,"text":1256},{"id":1280,"depth":358,"text":1281,"children":1570},[1571,1572,1573,1574],{"id":1284,"depth":364,"text":1285},{"id":1301,"depth":364,"text":1302},{"id":1318,"depth":364,"text":1319},{"id":1339,"depth":364,"text":1340},{"id":1353,"depth":358,"text":1354},{"id":1429,"depth":358,"text":1429},{"id":249,"depth":358,"text":249},{"id":266,"depth":358,"text":266},{"id":1531,"depth":358,"text":1531},"2024-06-06","Git是代码版本控制工具，记录历史、支持协作和分支。本文用通俗方式讲清Git是什么、为什么开发要用、老板要了解什么。",[1583,1586,1589],{"q":1584,"a":1585},"Git是什么，简单说？","Git是代码版本控制工具，通俗说是代码的\"时光机\"和\"协作台\"——记录每次改动的历史（能回到任何版本）、多人同时改不冲突、支持分支（同时做多个功能）。开发团队用Git管理代码是行业标准。",{"q":1587,"a":1588},"老板为什么要了解Git？","Git关系到代码资产管理和交付。用Git意味着代码有完整历史、多人协作规范、源码可交付（有完整版本记录）。规范的开发团队都用Git，这反映团队专业性。源码交付时Git仓库是重要资产。",{"q":1590,"a":1591},"不用Git会怎样？","不用版本控制，代码改动没记录（改坏了回不去）、多人协作靠手动合并（易冲突丢代码）、没有分支（难同时做多功能）。现在专业开发都用Git，不用版本控制是不规范的表现。",[1365,1593,1594,1595],"版本控制","代码管理","代码版本",{},"\u002Fblog\u002Fcomparison\u002Fbanben-kongzhi-git",{"title":1240,"description":1581},{"loc":1597},"blog\u002Fcomparison\u002Fbanben-kongzhi-git",[1365,1593,1602],"开发","DDOY-P0lE1QLrLUQlE8ZQ8GpIAjcQnAG0lviW8QNo_I",{"id":1605,"title":1606,"author":6,"body":1607,"category":383,"cover":384,"date":1970,"description":1971,"draft":387,"extension":388,"faq":1972,"featured":387,"image":384,"keywords":1982,"meta":1985,"navigation":403,"path":1986,"seo":1987,"sitemap":1988,"stem":1989,"tags":1990,"updated":1970,"__hash__":1993},"blog\u002Fblog\u002Fcomparison\u002Fbendibu-vs-yunduan.md","本地部署和云部署的区别",{"type":8,"value":1608,"toc":1951},[1609,1616,1619,1623,1703,1705,1708,1710,1730,1732,1752,1754,1757,1759,1785,1787,1807,1809,1813,1824,1827,1838,1841,1849,1851,1877,1879,1926,1929,1946],[11,1610,1611,1612,1615],{},"软件部署在自己机房（本地）还是云上？",[15,1613,1614],{},"两者数据位置、成本、运维、弹性不同。"," 这篇讲清区别和选择。",[11,1617,1618],{},"很多企业在做信息化决策时，第一道选择题就是\"上云还是私有化部署\"。这件事看起来只是技术选型，实际上牵涉到数据归属、合规边界、运维投入、长期成本以及未来扩展性。如果一开始选错方向，后期再迁移会付出很大代价——数据迁移、接口改造、业务中断、人员重新培训。所以我们建议在动手之前，把两种方式的本质差异理清楚，再结合自身的数据敏感度、规模和运维能力做选择。",[23,1620,1622],{"id":1621},"本地部署-vs-云部署","本地部署 vs 云部署",[28,1624,1625,1637],{},[31,1626,1627],{},[34,1628,1629,1631,1634],{},[37,1630,39],{},[37,1632,1633],{},"本地部署",[37,1635,1636],{},"云部署",[47,1638,1639,1650,1661,1672,1683,1694],{},[34,1640,1641,1644,1647],{},[52,1642,1643],{},"数据位置",[52,1645,1646],{},"自己机房",[52,1648,1649],{},"云厂商",[34,1651,1652,1655,1658],{},[52,1653,1654],{},"可控性",[52,1656,1657],{},"高",[52,1659,1660],{},"依赖云厂商",[34,1662,1663,1666,1669],{},[52,1664,1665],{},"初期成本",[52,1667,1668],{},"高（买服务器）",[52,1670,1671],{},"低（按需付费）",[34,1673,1674,1677,1680],{},[52,1675,1676],{},"运维",[52,1678,1679],{},"自己负责",[52,1681,1682],{},"云厂商负责部分",[34,1684,1685,1688,1691],{},[52,1686,1687],{},"弹性",[52,1689,1690],{},"难（要买硬件）",[52,1692,1693],{},"强（随时扩容）",[34,1695,1696,1699,1701],{},[52,1697,1698],{},"上线速度",[52,1700,71],{},[52,1702,68],{},[23,1704,1633],{"id":1633},[11,1706,1707],{},"本地部署也叫私有化部署，是把软件连同数据库完整安装在客户自己机房的服务器上，所有数据从产生、存储到流转都在客户自己的硬件和网络环境里。云厂商或其他第三方无法直接访问到这些数据。",[100,1709,115],{"id":115},[327,1711,1712,1718,1724],{},[208,1713,1714,1717],{},[15,1715,1716],{},"数据自主","：数据完全在自己机房，物理上和网络上都可控，敏感行业（金融、政务、医疗、能源、核心商业数据）的合规要求通常通过本地部署满足。",[208,1719,1720,1723],{},[15,1721,1722],{},"完全可控","：不依赖云厂商，不会因为云厂商故障、停服、政策调整影响业务；网络策略、访问权限、加密方式都可以按自己的标准来制定。",[208,1725,1726,1729],{},[15,1727,1728],{},"长期固定成本","：初期一次性投入后，主要成本是电费、机房和运维人员工资，规模上来之后单位成本会被摊薄，长期运营相对划算。",[100,1731,123],{"id":123},[327,1733,1734,1740,1746],{},[208,1735,1736,1739],{},[15,1737,1738],{},"初期贵","：要买服务器、存储、网络设备，还要准备机房或机柜、UPS、空调、带宽等配套，光硬件投入就是几万到几十万，再加上软件授权和实施，初期门槛较高。",[208,1741,1742,1745],{},[15,1743,1744],{},"要运维","：硬件会坏、系统要打补丁、网络要排查、备份要做、安全要防护，需要专门的运维人员，小企业养一支运维团队成本不低。",[208,1747,1748,1751],{},[15,1749,1750],{},"弹性差","：业务量突然上涨，本地机房很难快速扩容——采购周期、上架、配置都要时间；业务量下降，已买的硬件也退不掉，资源闲置。",[23,1753,1636],{"id":1636},[11,1755,1756],{},"云部署是把软件部署在云厂商提供的服务器上（阿里云、腾讯云、华为云、AWS 等），按使用量付费。硬件、机房、网络、基础安全都由云厂商负责，客户只关注应用本身。",[100,1758,115],{"id":166},[327,1760,1761,1767,1773,1779],{},[208,1762,1763,1766],{},[15,1764,1765],{},"初期便宜","：按需付费，不用一次性买服务器，一台云主机从几十元到几百元每月起步，小企业或初创项目几乎零门槛。",[208,1768,1769,1772],{},[15,1770,1771],{},"省运维","：云厂商负责硬件、网络、机房、基础安全，客户只需要关注应用配置和数据，运维压力大幅下降，小团队也能跑稳生产环境。",[208,1774,1775,1778],{},[15,1776,1777],{},"弹性强","：业务高峰可以临时扩容（加机器、加带宽、加存储），低谷再缩容，按实际用量结算，特别适合季节性、活动型、流量波动大的业务。",[208,1780,1781,1784],{},[15,1782,1783],{},"上线快","：开通云主机几分钟，配合容器化部署可以做到当天开服、当天上线，对快速验证、敏捷迭代非常友好。",[100,1786,123],{"id":178},[327,1788,1789,1795,1801],{},[208,1790,1791,1794],{},[15,1792,1793],{},"数据在云","：数据物理上存在云厂商机房，依赖云厂商的安全能力和商业稳定性，敏感行业和强合规场景需要谨慎评估。",[208,1796,1797,1800],{},[15,1798,1799],{},"持续付费","：云资源按月或按年计费，长期累积下来可能比一次性买硬件更贵，规模越大、运行越久越明显。",[208,1802,1803,1806],{},[15,1804,1805],{},"合规限制","：部分行业（金融、政务、医疗、关键信息基础设施）的数据不允许上公有云，或只能上指定云、政务云、行业云。",[23,1808,1164],{"id":1164},[100,1810,1812],{"id":1811},"选本地私有化","选本地（私有化）",[327,1814,1815,1818,1821],{},[208,1816,1817],{},"数据高度敏感，比如金融交易、政务数据、医疗档案、核心商业数据、客户隐私。",[208,1819,1820],{},"要完全自主可控，对外部依赖、对供应商锁定特别敏感。",[208,1822,1823],{},"规模大、长期固定负载，本地部署的总账算下来比持续上云更划算。",[100,1825,1826],{"id":1826},"选云",[327,1828,1829,1832,1835],{},[208,1830,1831],{},"数据不敏感，或合规允许上云，希望轻装上阵。",[208,1833,1834],{},"业务有明显弹性，需要快速扩容、缩容，或处于快速验证阶段。",[208,1836,1837],{},"中小规模，没有专业的运维团队，希望把硬件和网络都外包出去。",[100,1839,1840],{"id":1840},"混合",[327,1842,1843,1846],{},[208,1844,1845],{},"敏感数据放本地（如核心交易、客户隐私），一般业务上云（如官网、营销、内部办公）。",[208,1847,1848],{},"通过专线、VPN、API 网关打通，做到\"敏感在内、弹性在外\"，是很多中大型企业的主流选择。",[23,1850,249],{"id":249},[327,1852,1853,1859,1865,1871],{},[208,1854,1855,1858],{},[15,1856,1857],{},"敏感数据上云","：忽视合规要求把不该上云的数据放公有云，可能面临监管处罚、整改甚至停业。",[208,1860,1861,1864],{},[15,1862,1863],{},"小规模本地部署","：业务量不大却硬上私有化，硬件折旧和运维成本根本摊不开，反而比上云贵。",[208,1866,1867,1870],{},[15,1868,1869],{},"只比单价不算总账","：云单价便宜不等于长期便宜，本地初期贵不等于长期贵，要按 3 年、5 年总成本（TCO）来算。",[208,1872,1873,1876],{},[15,1874,1875],{},"忽视云持续费用","：带宽、存储、CDN、增值服务都会按月累计，业务量起来后账单会快速上涨。",[23,1878,266],{"id":266},[28,1880,1881,1893],{},[31,1882,1883],{},[34,1884,1885,1888,1890],{},[37,1886,1887],{},"方式",[37,1889,281],{},[37,1891,1892],{},"成本特点",[47,1894,1895,1906,1917],{},[34,1896,1897,1900,1903],{},[52,1898,1899],{},"本地",[52,1901,1902],{},"服务器+机房+运维",[52,1904,1905],{},"初期高，长期固定",[34,1907,1908,1911,1914],{},[52,1909,1910],{},"云",[52,1912,1913],{},"按需付费",[52,1915,1916],{},"初期低，持续",[34,1918,1919,1921,1924],{},[52,1920,1840],{},[52,1922,1923],{},"敏感本地+一般云",[52,1925,308],{},[23,1927,1164],{"id":1928},"怎么选-1",[205,1930,1931,1934,1937,1940,1943],{},[208,1932,1933],{},"评估数据敏感度——是否涉及个人信息、重要数据、行业强合规。",[208,1935,1936],{},"评估规模和弹性需求——是稳定负载还是波动剧烈。",[208,1938,1939],{},"算总账（初期 + 长期 3-5 年），不只看月费。",[208,1941,1942],{},"评估运维能力——有没有专门的运维团队。",[208,1944,1945],{},"按需求选本地 \u002F 云 \u002F 混合，必要时分数据域分别部署。",[351,1947,1948],{},[11,1949,1950],{},"广州市汉诺雷斯（HNREIS）帮企业做部署方案，从云部署到本地私有化，按数据合规和成本需求选。把你的部署需求告诉我们，我们给出建议。",{"title":357,"searchDepth":358,"depth":358,"links":1952},[1953,1954,1958,1962,1967,1968,1969],{"id":1621,"depth":358,"text":1622},{"id":1633,"depth":358,"text":1633,"children":1955},[1956,1957],{"id":115,"depth":364,"text":115},{"id":123,"depth":364,"text":123},{"id":1636,"depth":358,"text":1636,"children":1959},[1960,1961],{"id":166,"depth":364,"text":115},{"id":178,"depth":364,"text":123},{"id":1164,"depth":358,"text":1164,"children":1963},[1964,1965,1966],{"id":1811,"depth":364,"text":1812},{"id":1826,"depth":364,"text":1826},{"id":1840,"depth":364,"text":1840},{"id":249,"depth":358,"text":249},{"id":266,"depth":358,"text":266},{"id":1928,"depth":358,"text":1164},"2024-06-18","软件可以部署在自己机房（本地）或云上，两者数据、成本、运维和弹性不同。本文讲清本地部署和云部署的区别和选择。",[1973,1976,1979],{"q":1974,"a":1975},"本地部署和云部署什么区别？","本地部署是软件装在自己机房的服务器上，数据在自己手里，可控但要自己买服务器和维护；云部署是装在云服务器上（阿里云\u002F腾讯云等），不用买服务器、弹性扩容、按需付费，但数据在云厂商。核心区别在数据位置和运维责任。",{"q":1977,"a":1978},"企业该选本地还是云？","看数据敏感度和需求。数据高度敏感、要完全自主（金融\u002F政务\u002F核心商业数据），选本地（私有化）；要弹性、省运维、快速上线，选云。很多企业混合——敏感本地、一般云。建议按数据合规和成本需求选。",{"q":1980,"a":1981},"本地部署比云贵吗？","看规模。本地部署要一次性买服务器（几万到几十万）+持续电费机房运维，初期贵但量大后固定；云部署按需付费，初期便宜但长期持续付费，量大可能累积贵。要算总账，不是简单比单价。",[1633,1636,1983,1984],"部署方式","私有化部署",{},"\u002Fblog\u002Fcomparison\u002Fbendibu-vs-yunduan",{"title":1606,"description":1971},{"loc":1986},"blog\u002Fcomparison\u002Fbendibu-vs-yunduan",[1991,1910,1992],"部署","选型","2aw6C_2og_Eq04KLDnHPhU-NwU6cTqAJMhy_gQJj7tc",1781688908166]