特权访问工作站和特权终结点访问Privileged Access Workstation and privileged endpoint access

概述Overview

对于此过程,你必须连接到特权访问工作站 (PAW) 。For this procedure, you must connect to the Privileged Access Workstation (PAW). 客户需要为你提供使用远程桌面连接到 PAW 的能力。The customer will need to provide you with the ability to connect to the PAW using Remote Desktop.

配置 WinRMConfiguring the WinRM

若要允许从 PAW 连接到特权终结点,请确保在 PAW 上将特权终结点 IP Azure Stack 地址设置为受信任的主机。To allow connections to the privileged endpoint from the PAW, ensure that the privileged endpoint IP addresses, as defined in the Azure Stack Hub Admin Portal, are set as a trusted host on the PAW. 从管理员门户获取这些 IP 地址的说明是在验证第16页上的 "缩放单元节点访问" 和 "运行状况"。The instructions for obtaining these IP addresses from the Administrator Portal are in Verifying Scale Unit node access and health on page 16.

若要查看或编辑 WinRM 受信任的主机,请启动提升的 PowerShell 会话:To view or edit the WinRM trusted hosts, launch an elevated PowerShell session:

  • 查看受信任的主机。View trusted hosts.

若要查看当前受信任的主机,请在 PowerShell 中运行:To view the current trusted hosts, in PowerShell run:

  • 编辑受信任的主机。Edit trusted hosts.

如果 () ERCS 的紧急恢复控制台服务器不存在,请运行以下内容,为受信任的主机设置新值,并将 * < ERCS01_IP * 、* < ERCS02_IP * 和 * < ERCS03_IP 替换为 * 在 Azure Stack 中心管理门户中定义的三个特权终结点 ip:If the Emergency Recovery Console Server (ERCS) IPs are not present, then run the following to set a new value for trusted hosts, replacing *<ERCS01_IP*, *<ERCS02_IP* and *<ERCS03_IP* with the three privileged endpoint IPs defined within the Azure Stack Hub Admin Portal:

连接到特权终结点Connect to the privileged endpoint

在 PAW 上,打开提升的 PowerShell 会话,并运行以下两个命令。On the PAW, open an elevated PowerShell session and run the following two commands. 将 * < ERCS_IP 替换为 * 某个特权终结点实例的 IP,如本过程前面所述。Replace *<ERCS_IP* with an IP of one of the privileged endpoint instances as noted earlier in this procedure. 出现提示时,请输入特权终结点 (PEP) 客户提供的凭据。When prompted enter the privileged endpoint (PEP) credentials supplied by the customer.

关闭特权终结点Close the privileged endpoint

若要关闭特权终结点会话,请运行以下内容:To close the privileged endpoint session, run the following:

延伸阅读Further reading

若要详细了解如何连接到特权终结点并使用这些终结点,请参阅使用 Azure Stack 中心中的特权终结点 For more information on connecting to and working with the privileged endpoint see Use the privileged endpoint in Azure Stack Hub.