ishenwei/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Auto-sync: 2026-04-24 08:02

Browse Source
This commit is contained in:
weishen
2026-04-24 08:02:47 +08:00
parent cc8ebc60e3
commit 7cecf10c79
28 changed files with 2350 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
wiki/concepts/Enterprise-Architecture.md Normal file
View File

@@ -0,0 +1,56 @@
---
title: "Enterprise Architecture (EA)"
type: concept
tags: [Architecture, Cloud, Strategy, Enterprise]
sources: [ctp-topic-23-introduction-to-the-technical-architecture-team-and-function, ctp-topic-47-enterprise-architecture-cloud-standards]
last_updated: 2026-04-14
---
# Enterprise Architecture (EA)
## Definition
**Enterprise Architecture (EA)** 是架构体系中的最高层,负责将业务目标转化为技术原则和标准,确保技术投资与商业战略保持一致。
## Responsibilities
| Responsibility | Description |
|----------------|-------------|
| Business Strategy Alignment | 将业务目标映射到技术投资 |
| Technology Standards | 制定和维护技术标准和最佳实践 |
| Governance | 确保技术决策符合组织目标 |
| Roadmap Planning | 制定长期12-24个月技术路线图 |
## Relationship with Other Architecture Layers
```
Enterprise Architecture (EA)
├── Business Strategy Alignment
Solution Architecture (SA) ◄── Middle Layer
└── Solution Design
Technical Architecture (TA) ◄── Implementation Layer
```
## Key Activities
1. **Strategic Planning**: 制定技术愿景和路线图
2. **Standard Setting**: 定义技术标准和框架
3. **Portfolio Management**: 管理技术资产组合
4. **Stakeholder Communication**: 向业务利益相关者传达技术战略
## Related Concepts
- [[Solution Architecture (SA)]]
- [[Technical Architecture (TA)]]
- [[Cloud-First Strategy]]
- [[Landing Zone Architecture]]
## Sources
- [[ctp-topic-23-introduction-to-the-technical-architecture-team-and-function]]
- [[ctp-topic-47-enterprise-architecture-cloud-standards]]

69
wiki/concepts/Identity-Governance.md Normal file
View File

@@ -0,0 +1,69 @@
---
title: "Identity Governance"
type: concept
tags:
- Identity-Governance
- IAM
- Compliance
- Access-Management
sources:
- learning-sessions-identity-governance-vsm-replacement-20231128-160326-meeting-re
last_updated: 2023-11-28
---
## Identity Governance
身份治理Identity Governance是一个用于高效管理数字身份、最小化风险并保持合规的框架。
## Core Framework
身份治理围绕三个核心问题展开:
1. **谁当前有访问权限?** — 当前权限状态审计Who currently has access to our systems?
2. **谁应该有访问权限?** — 权限需求评估Who should have access?
3. **如何执行访问?** — 访问控制机制How is the access being done?
## Components
### Identity Management身份管理
- 数字身份的创建、维护和生命周期管理
- 用户、组和角色的定义
### Access Management访问管理
- 控制谁可以访问哪些资源
- 认证Authentication和授权Authorization
### Identity Auditing身份审计
- 权限变更追踪
- 合规性报告
- 异常检测
## Identity Governance vs IAM
| 维度 | 身份治理IG | 身份与访问管理IAM |
|------|----------------|----------------------|
| 焦点 | 治理、合规、策略 | 操作、技术实现 |
| 问题 | 谁应该有权访问? | 如何实现访问控制? |
| 受众 | 审计员、合规官、业务经理 | IT 管理员、安全工程师 |
| 工具 | 审批工作流、策略引擎 | 目录服务、SSO、MFA |
## Use Cases
- **内部用户治理**:员工入职/转岗/离职的权限生命周期管理
- **外部用户治理**:承包商、合作伙伴的临时权限管理
- **合规审计**SOX、HIPAA、GDPR 等合规要求的身份报告
- **权限优化**发现并清理过度授权Privilege Creep
## Implementation Example
Micro Focus IGA 的实现架构:
```
User → IGA Portal (申请) → 审批工作流 → AD 组更新 → AWS IAM → 云资源访问
```
## Related Concepts
- [[Micro-Focus-IGA]]:身份治理的具体产品实现
- [[AWS-Identity-Center]]AWS 云平台的身份治理服务
- [[Federated-Access]]:联合身份认证
- [[Service-Control-Policies-SCPs]]AWS 组织层面的权限控制策略

53
wiki/concepts/Solution-Architecture.md Normal file
View File

@@ -0,0 +1,53 @@
---
title: "Solution Architecture (SA)"
type: concept
tags: [Architecture, Cloud, Solution, Middleware]
sources: [ctp-topic-23-introduction-to-the-technical-architecture-team-and-function]
last_updated: 2026-04-14
---
# Solution Architecture (SA)
## Definition
**Solution Architecture (SA)** 是架构体系的中间层,专注于特定项目或服务的优化实施,确保系统组件间的高效协作。
## Responsibilities
| Responsibility | Description |
|----------------|-------------|
| Project-Specific Design | 为特定项目设计解决方案架构 |
| Middleware Optimization | 优化中间件和服务集成 |
| Component Coordination | 协调各系统组件的交互 |
| Technical Guidance | 为开发团队提供技术指导 |
## Relationship with Other Architecture Layers
```
Enterprise Architecture (EA) ◄── Strategy Layer
Solution Architecture (SA) ◄── Middle Layer
├── Middleware & Services
Technical Architecture (TA) ◄── Implementation Layer
```
## Key Activities
1. **Requirements Analysis**: 分析业务需求和技术约束
2. **Architecture Design**: 设计解决方案架构
3. **Technology Selection**: 选择合适的技术和工具
4. **Integration Planning**: 规划系统集成方案
## Related Concepts
- [[Enterprise Architecture (EA)]]
- [[Technical Architecture (TA)]]
- [[Multi-Database-Architecture]]
- [[CI-CD-Pipeline]]
## Sources
- [[ctp-topic-23-introduction-to-the-technical-architecture-team-and-function]]

65
wiki/concepts/Technical-Architecture.md Normal file
View File

@@ -0,0 +1,65 @@
---
title: "Technical Architecture (TA)"
type: concept
tags: [Architecture, Cloud, Infrastructure, Technical]
sources: [ctp-topic-23-introduction-to-the-technical-architecture-team-and-function]
last_updated: 2026-04-14
---
# Technical Architecture (TA)
## Definition
**Technical Architecture (TA)** 是最贴近技术的架构层,负责具体基础设施的设计、实施治理以及技术路线图的维护。
## Responsibilities
| Responsibility | Description |
|----------------|-------------|
| Infrastructure Design | 设计底层基础设施架构 |
| Governance | 实施技术标准和治理 |
| Roadmap Maintenance | 维护技术路线图12-24个月 |
| Domain Ownership | 负责特定技术领域的所有权 |
## Technical Domains
| Domain | Description |
|--------|-------------|
| Identity & Access | 身份认证和访问管理 |
| Networking | 网络架构和安全 |
| Microsoft Stack | Microsoft 技术栈集成 |
| Security | 安全控制和合规 |
## Relationship with Other Architecture Layers
```
Enterprise Architecture (EA) ◄── Strategy Layer
Solution Architecture (SA) ◄── Middle Layer
Technical Architecture (TA) ◄── Implementation Layer
├── Infrastructure Design
├── Governance
└── Technical Roadmaps
```
## Key Activities
1. **Infrastructure Governance**: 确保基础设施符合标准
2. **Landing Zone Maintenance**: 维护 AWS Enterprise Landing Zones
3. **Technical Roadmapping**: 制定和维护技术路线图
4. **Domain Leadership**: 领导特定技术领域的长期发展
## Related Concepts
- [[Enterprise Architecture (EA)]]
- [[Solution Architecture (SA)]]
- [[Cloud-First Strategy]]
- [[AWS-Tagging-Standards]]
- [[Service-Control-Policies-SCPs]]
## Sources
- [[ctp-topic-23-introduction-to-the-technical-architecture-team-and-function]]