您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

Azure 自动化简介An introduction to Azure Automation

Azure 自动化提供基于云的自动化和配置服务,用于支持 Azure 环境和非 Azure 环境之间的一致管理。Azure Automation delivers a cloud-based automation and configuration service that supports consistent management across your Azure and non-Azure environments. Azure 自动化包括流程自动化、配置管理、更新管理、共享功能和异类功能。It comprises process automation, configuration management, update management, shared capabilities, and heterogeneous features. 在部署、操作和解除工作负荷与资源期间,自动化可以提供全面的控制。Automation gives you complete control during deployment, operations, and decommissioning of workloads and resources.

自动化功能

过程自动化Process Automation

利用 Azure 自动化中的流程自动化可以自动完成频繁进行的、耗时的、易出错的云管理任务。Process Automation in Azure Automation allows you to automate frequent, time-consuming, and error-prone cloud management tasks. 此服务使你可以专注于能够让业务增值的工作。This service helps you focus on work that adds business value. 还可以通过自动化来减少错误和提升效率,从而降低运营成本。By reducing errors and boosting efficiency, it also helps to lower your operational costs. 在 Azure 自动化中执行 Runbook中详细介绍了流程自动化操作环境。The process automation operating environment is detailed in Runbook execution in Azure Automation.

流程自动化支持将 Azure 服务与部署、配置和管理端到端流程时所需的其他公共系统相集成。Process automation supports the integration of Azure services and other public systems required in deploying, configuring, and managing your end-to-end processes. 该服务允许以图形方式、在 PowerShell 中或使用 Python 创作 RunbookThe service allows you to author runbooks graphically, in PowerShell, or using Python. 可以使用混合 Runbook 辅助角色跨本地环境进行协调,实现统一管理。By using a Hybrid Runbook Worker, you can unify management by orchestrating across on-premises environments. 可以通过 Webhook 从 ITSM、DevOps 和监视系统触发自动化,从而满足相关请求并确保持续交付和操作。Webhooks let you fulfill requests and ensure continuous delivery and operations by triggering automation from ITSM, DevOps, and monitoring systems.

配置管理Configuration Management

Azure 自动化中的配置管理允许访问以下两项功能:Configuration Management in Azure Automation allows access to two features:

  • 更改跟踪和库存Change Tracking and Inventory
  • Azure 自动化状态配置Azure Automation State Configuration

更改跟踪和库存Change Tracking and Inventory

“更改跟踪和库存”结合了更改跟踪和库存功能,可跟踪虚拟机和服务器基础结构的更改。Change Tracking and Inventory combines change tracking and inventory functions to allow you to track virtual machine and server infrastructure changes. 该服务支持对环境中的不同服务、守护程序、软件、注册表和文件执行“更改跟踪”,以帮助诊断不需要的更改和引发警报。The service supports change tracking across services, daemons, software, registry, and files in your environment to help you diagnose unwanted changes and raise alerts. 库存支持可让你查询来宾中的资源,以洞察已安装的应用程序和其他配置项。Inventory support allows you to query in-guest resources for visibility into installed applications and other configuration items. 有关此功能的详细信息,请参阅更改跟踪和库存For details of this feature, see Change Tracking and Inventory.

Azure 自动化状态配置Azure Automation State Configuration

Azure 自动化 State Configuration 是一个基于云的功能,适用于为企业环境提供服务的 PowerShell Desired State Configuration (DSC)。Azure Automation State Configuration is a cloud-based feature for PowerShell desired state configuration (DSC) that provides services for enterprise environments. 使用此功能可以在 Azure 自动化中管理 DSC 资源,并将配置应用于 Azure 云中 DSC 拉取服务器上的虚拟机或物理机。Using this feature, you can manage your DSC resources in Azure Automation and apply configurations to virtual or physical machines from a DSC pull server in the Azure cloud.

更新管理Update management

Azure 自动化包含适用于跨混合环境的 Windows 和 Linux 系统的更新管理Azure Automation includes the Update Management feature for Windows and Linux systems across hybrid environments. 使用更新管理可以洞察 Azure、其他云和本地的更新合规性。Update Management gives you visibility into update compliance across Azure and other clouds, and on-premises. 使用此功能可以创建计划的部署,用于在定义的维护时段内协调更新的安装。The feature allows you to create scheduled deployments that orchestrate the installation of updates within a defined maintenance window. 如果不应在计算机上安装某项更新,可以使用更新管理功能从部署中排除该项更新。If an update shouldn't be installed on a machine, you can use Update Management functionality to exclude it from a deployment.

共享功能Shared capabilities

Azure 自动化提供许多共享功能,包括共享资源、基于角色的访问控制、灵活计划、源代码管理集成、审核和标记。Azure Automation offers a number of shared capabilities, including shared resources, role-based access control, flexible scheduling, source control integration, auditing, and tagging.

共享资源Shared resources

Azure 自动化包含一组共享资源,方便用户大规模地完成环境的自动化操作和配置。Azure Automation consists of a set of shared resources that make it easier to automate and configure your environments at scale.

  • 计划 - 在预定义的时间触发自动化操作。Schedules - Trigger Automation operations at predefined times.
  • 模块 - 管理 Azure 和其他系统。Modules - Manage Azure and other systems. 可将模块导入到适用于 Microsoft、第三方、社区或自定义 cmdlet 和 DSC 资源的自动化帐户中。You can import modules into the Automation account for Microsoft, third-party, community, and custom-defined cmdlets and DSC resources.
  • 模块库 - 支持与 PowerShell 库的本机集成,使你能够查看 Runbook 并将其导入自动化帐户。Modules gallery - Supports native integration with the PowerShell Gallery to let you view runbooks and import them into the Automation account. 利用该库可以快速开始从 PowerShell 库与 Microsoft 脚本中心集成和创作流程。The gallery allows you to quickly get started integrating and authoring your processes from PowerShell gallery and Microsoft Script Center.
  • Python 2 包 - 支持用于自动化帐户的 Python 2 Runbook。Python 2 packages - Support Python 2 runbooks for your Automation account.
  • 凭据 - 安全地存储可供 Runbook 和配置在运行时使用的敏感信息。Credentials - Securely store sensitive information that runbooks and configurations can use at runtime.
  • 连接 - 存储用于连接到系统的常用信息的名称/值对。Connections - Store name-value pairs of common information for connections to systems. 模块作者将在 Runbook 和配置中定义连接,以便在运行时使用。The module author defines connections in runbooks and configurations for use at runtime.
  • 证书 - 定义要在身份验证中使用的信息,以及用于保护由 Runbook 或 DSC 配置在运行时访问的已部署资源的信息。Certificates - Define information to be used in authentication and securing of deployed resources when accessed by runbooks or DSC configurations at runtime.
  • 变量 - 保存可在不同的 Runbook 和配置中使用的内容。Variables - Hold content that can be used across runbooks and configurations. 可以更改变量值,而无需修改引用这些值的 Runbook 或配置。You can change variable values without having to modify any of the runbooks or configurations that reference them.

基于角色的访问控制Role-based access control

Azure 自动化支持使用基于角色的访问控制 (RBAC) 来调控对自动化帐户及其资源的访问。Azure Automation supports role-based access control (RBAC) to regulate access to the Automation account and its resources. 若要详细了解如何对自动化帐户、Runbook 和作业配置 RBAC,请参阅 Azure 自动化的基于角色的访问控制To learn more about configuring RBAC on your Automation account, runbooks, and jobs, see Role-based access control for Azure Automation.

源代码管理集成Source control integration

Azure 自动化支持源代码管理集成Azure Automation supports source control integration. 在可以将 Runbook 或配置签入源代码管理系统的情况下,此功能会以代码的形式提升配置。This feature promotes configuration as code where runbooks or configurations can be checked into a source control system.

异类支持(Windows 和 Linux)Heterogeneous support (Windows and Linux)

自动化已设计为可在整个混合云环境以及 Windows 和 Linux 系统中运行。Automation is designed to work across your hybrid cloud environment and also your Windows and Linux systems. 它提供一致的方式,用于自动化和配置所部署的工作负荷以及运行这些工作负荷的操作系统。It delivers a consistent way to automate and configure deployed workloads and the operating systems that run them.

常用自动化方案Common scenarios for Automation

Azure 自动化支持在基础结构和应用程序的整个生命周期内进行管理。Azure Automation supports management throughout the lifecycle of your infrastructure and applications. 常见方案包括:Common scenarios include:

  • 编写 Runbook - 以常用的语言创作 PowerShell、PowerShell 工作流、图形、Python 2 和 DSC Runbook。Write runbooks - Author PowerShell, PowerShell Workflow, graphical, Python 2, and DSC runbooks in common languages.
  • 生成和部署资源 - 使用 Runbook 和 Azure 资源管理器模板在整个混合环境中部署虚拟机。Build and deploy resources - Deploy virtual machines across a hybrid environment using runbooks and Azure Resource Manager templates. 集成到 Jenkins 和 Azure DevOps 等开发工具中。Integrate into development tools, such as Jenkins and Azure DevOps.
  • 配置 VM - 使用基础结构和应用程序的配置评估和配置 Windows 与 Linux 计算机。Configure VMs - Assess and configure Windows and Linux machines with configurations for the infrastructure and application.
  • 分享知识 - 将有关组织如何交付和维护工作负荷的知识传输到系统中。Share knowledge - Transfer knowledge into the system on how your organization delivers and maintains workloads.
  • 检索库存 - 获取已部署资源的完整库存,以确定目标、提供报告和了解合规情况。Retrieve inventory - Get a complete inventory of deployed resources for targeting, reporting, and compliance.
  • 查找更改 - 确定哪些更改可导致配置错误,哪些更改可改善运营合规性。Find changes - Identify changes that can cause misconfiguration and improve operational compliance.
  • 监视 - 隔离导致问题的计算机更改,采取补救措施,或者将这些更改上报到管理系统。Monitor - Isolate machine changes that are causing issues and remediate or escalate them to management systems.
  • 保护 - 在安全警报被引发时隔离计算机。Protect - Quarantine machines if security alerts are raised. 设置来宾内要求。Set in-guest requirements.
  • 监管 - 为团队设置 RBAC。Govern - Set up RBAC for teams. 恢复未使用的资源。Recover unused resources.

备注

此服务支持Azure Lighthouse,后者允许服务提供商登录到自己的租户,以管理客户已委派的订阅和资源组。This service supports Azure Lighthouse, which lets service providers sign in to their own tenant to manage subscriptions and resource groups that customers have delegated.

Azure 自动化的定价Pricing for Azure Automation

可以在定价页上查看与 Azure 自动化相关的价格。You can review the prices associated with Azure Automation on the pricing page.

后续步骤Next steps