您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

Azure 自动化入门Getting Started with Azure Automation

本入门指南介绍了与 Azure 自动化部署相关的核心概念。This getting started guide introduces core concepts related to the deployment of Azure Automation. 不管是 Azure 自动化新手,还是已有自动化工作流软件(例如 System Center Orchestrator)使用经验,都可以通过本指南了解如何准备和载入自动化。If you are new to Automation in Azure or have experience with automation workflow software like System Center Orchestrator, this guide helps you understand how to prepare and onboard Automation. 之后便可开始开发 runbook,支持流程自动化需求。Afterwards, you will be prepared to begin developing runbooks in support of your process automation needs.

自动化体系结构概述Automation architecture overview

Azure 自动化概述

Azure 自动化是软件即服务 (SaaS) 型应用程序,提供可缩放且可靠的多租户环境,可以在本地、Azure 或其他云服务中通过 Runbook 实现过程的自动化,并使用 Desired State Configuration (DSC) 管理对 Windows 和 Linux 系统的配置更改。Azure Automation is a software as a service (SaaS) application that provides a scalable and reliable, multi-tenant environment to automate processes with runbooks and manage configuration changes to Windows and Linux systems using Desired State Configuration (DSC) in Azure, other cloud services, or on-premises. 包含在自动化帐户中的实体(例如 Runbook、资产、运行方式帐户)与订阅以及其他订阅中的其他自动化帐户相互隔离。Entities contained within your Automation account, such as runbooks, assets, Run As accounts are isolated from other Automation accounts within your subscription and other subscriptions.

Azure 中运行的 Runbook 在自动化沙盒中执行,这些沙盒托管在 Azure 平台即服务 (PaaS) 型虚拟机中。Runbooks that you run in Azure are executed on Automation sandboxes, which are hosted in Azure platform as a service (PaaS) virtual machines. 自动化沙盒针对 Runbook 执行的所有方面(模块、存储、内存、网络通信、作业流等)提供租户隔离。此角色由服务管理,不可从 Azure 或 Azure 自动化帐户访问,因此,无法控制它。Automation sandboxes provide tenant isolation for all aspects of runbook execution – modules, storage, memory, network communication, job streams, etc. This role is managed by the service and is not accessible from your Azure or Azure Automation account for you to control.

若要在本地数据中心或其他云服务中自动部署和管理资源,可在创建自动化帐户后,指定一台或多台计算机运行混合 Runbook 辅助角色 (HRW)To automate the deployment and management of resources in your local datacenter or other cloud services, after creating an Automation account, you can designate one or more machines to run the Hybrid Runbook Worker (HRW) role. 每个 HRW 都需要 Microsoft 管理代理,同时需要连接到 Log Analytics 工作区以及一个自动化帐户。Each HRW requires the Microsoft Management Agent with a connection to a Log Analytics workspace and an Automation account. Log Analytics 用于启动安装、维护 Microsoft 管理代理,以及监视 HRW 的功能。Log Analytics is used to bootstrap the installation, maintain the Microsoft Management Agent, and monitor the functionality of the HRW. Runbook 及其运行指令的传送由 Azure 自动化来执行。The delivery of runbooks and the instruction to run them are performed by Azure Automation.

可以部署多个 HRW,以便为 Runbook 提供高可用性、对 Runbook 作业进行负载均衡,以及在某些情况下将其专用于特定的工作负荷或环境。You can deploy multiple HRW to provide high availability for your runbooks, load balance runbook jobs, and in some cases dedicate them for particular workloads or environments. HRW 上的 Microsoft Monitoring Agent 通过 TCP 端口 443 启动与自动化服务的通信,没有入站防火墙要求。The Microsoft Monitoring Agent on the HRW initiates communication with the Automation service over TCP port 443 and there are no inbound firewall requirements. 在环境中的 HRW 上运行 Runbook 以后,如果希望 Runbook 针对该环境中的其他计算机或服务执行管理任务,则 Runbook 可能需访问其他端口。Once you have runbook running on an HRW within the environment, and you want the runbook to perform management tasks against other machines or services within that environment, there may be other ports that the runbook needs access to. 如果 IT 安全策略不允许网络上的计算机连接到 Internet,请参阅 OMS 网关一文,了解如何让该网关充当 HRW 的代理,以便从自动化帐户收集作业状态以及接收配置信息。If your IT security policies do not allow computers on your network to connect to the Internet, review the article OMS Gateway, which acts as a proxy for the HRW to collect job status and receive configuration information from your Automation account.

在 HRW 上运行时,Runbook 是在计算机的本地系统帐户上下文中运行,这是在本地 Windows 计算机上执行管理操作时,建议采用的安全上下文。Runbooks running on an HRW run in the context of the local System account on the computer, which is the recommended security context when performing administrative actions on the local Windows machine. 如果希望 Runbook 针对本地计算机的外部资源运行任务,则可能需要在自动化帐户中定义安全的凭据资产,以便从 Runbook 对其进行访问,并用其对外部资源进行身份验证。If you want the runbook to run tasks against resources outside of the local machine, you may need to define secure credential assets in the Automation account that you can access from the runbook and use to authenticate with the external resource. 可以将 Runbook 中的凭据证书连接资产用于 cmdlet,以便指定身份验证凭据。You can use Credential, Certificate, and Connection assets in your runbook with cmdlets that allow you to specify credentials so you can authenticate them.

存储在 Azure 自动化中的 DSC 配置可直接应用于 Azure 虚拟机。DSC configurations stored in Azure Automation can be directly applied to Azure virtual machines. 其他物理计算机和虚拟机可从 Azure 自动化 DSC 拉取服务器请求配置。Other physical and virtual machines can request configurations from the Azure Automation DSC pull server. 管理本地物理或虚拟 Windows 系统和 Linux 系统的配置时,不需部署任何支持自动化 DSC 请求服务器的基础结构,只需确保要通过自动化 DSC 管理每个系统能够进行出站 Internet 访问(经 TCP 端口 443 与 OMS 服务通信)即可。For managing configurations of your on-premise physical or virtual Windows and Linux systems, you don't need to deploy any infrastructure to support the Automation DSC pull server, only outbound Internet access from each system to be managed by Automation DSC, communicating over TCP port 443 to the OMS service.

系统必备Prerequisites

自动化 DSCAutomation DSC

Azure 自动化 DSC 可用于管理各种计算机:Azure Automation DSC can be used to manage various machines:

  • 运行 Windows 或 Linux 的 Azure 虚拟机(经典)Azure virtual machines (classic) running Windows or Linux
  • 运行 Windows 或 Linux 的 Azure 虚拟机Azure virtual machines running Windows or Linux
  • 运行 Windows 或 Linux 的 Amazon Web Services (AWS) 虚拟机Amazon Web Services (AWS) virtual machines running Windows or Linux
  • 位于本地或者 Azure 或 AWS 以外的云中的物理/虚拟 Windows 计算机Physical/virtual Windows computers on-premises, or in a cloud other than Azure or AWS
  • 位于本地或者 Azure 或 AWS 以外的云中的物理/虚拟 Linux 计算机Physical/virtual Linux computers on-premises, or in a cloud other than Azure or AWS

必须先安装最新版的 WMF 5,然后适用于 Windows 的 PowerShell DSC 代理才能与 Azure 自动化通信。The latest version of WMF 5 must be installed for the PowerShell DSC agent for Windows to be able to communicate with Azure Automation. 只有安装了适用于 Linux 的 PowerShell DSC 代理的最新版本,Linux 才能与 Azure 自动化通信。The latest version of the PowerShell DSC agent for Linux must be installed for Linux to be able to communicate with Azure Automation.

混合 Runbook 辅助角色Hybrid Runbook Worker

指定某台计算机运行混合 Runbook 作业时,该计算机必须满足以下要求:When designating a computer to run hybrid runbook jobs, this computer must have the following:

  • Windows Server 2012 或更高版本Windows Server 2012 or later
  • Windows PowerShell 4.0 或更高版本。Windows PowerShell 4.0 or later. 建议在计算机上安装 Windows PowerShell 5.0 以提高可靠性。We recommend installing Windows PowerShell 5.0 on the computer for increased reliability. 可以从 Microsoft 下载中心下载新版本You can download the new version from the Microsoft Download Center
  • .NET Framework 4.6.2 或更高版本.NET Framework 4.6.2 or later
  • 至少双核Minimum of two cores
  • 至少 4 GB RAMMinimum of 4 GB of RAM

创建自动化帐户所需的权限Permissions required to create Automation account

若要创建或更新自动化帐户,必须具有完成本主题所需的下述特定权限。To create or update an Automation account, you must have the following specific privileges and permissions required to complete this topic.

  • 若要创建自动化帐户,需将 AD 用户帐户添加到一个角色,该角色的权限相当于 Microsoft.Automation 资源的所有者角色,如 Azure 自动化中基于角色的访问控制一文所述。In order to create an Automation account, your AD user account needs to be added to a role with permissions equivalent to the Owner role for Microsoft.Automation resources as outlined in article Role-based access control in Azure Automation.
  • Azure AD 租户中的非管理员用户可以 注册 AD 应用程序,前提是应用注册设置已设置为 If the App registrations setting is set to Yes, non-admin users in your Azure AD tenant can register AD applications. 如果“应用注册设置”设置为“否”,则执行此操作的用户必须是 Azure AD 中的全局管理员。If the app registrations setting is set to No, the user performing this action must be a global administrator in Azure AD.

如果你在被添加到订阅的全局管理员/共同管理员角色之前不是订阅的 Active Directory 实例的成员,则会将你作为来宾添加到 Active Directory。If you are not a member of the subscription’s Active Directory instance before you are added to the global administrator/co-administrator role of the subscription, you are added to Active Directory as a guest. 在这种情况下,“添加自动化帐户”边栏选项卡中会显示In this situation, you receive a “You do not have permissions to create…” “你无权创建...”警告。warning on the Add Automation Account blade. 可以先从订阅的 Active Directory 实例中删除已添加到全局管理员/共同管理员角色的用户,然后重新添加,使其成为 Active Directory 中的完整用户。Users who were added to the global administrator/co-administrator role first can be removed from the subscription's Active Directory instance and re-added to make them a full User in Active Directory. 若要验证这种情况,可在 Azure 门户的“Azure Active Directory”窗格中选择“用户和组”,选择“所有用户”,在选择特定的用户后再选择“配置文件”。To verify this situation, from the Azure Active Directory pane in the Azure portal, select Users and groups, select All users and, after you select the specific user, select Profile. 用户配置文件下的“用户类型”属性值不应等于“来宾”。The value of the User type attribute under the users profile should not equal Guest.

身份验证规划Authentication planning

可以通过 Azure 自动化,针对本地资源、Azure 资源以及其他云提供程序资源自动执行任务。Azure Automation allows you to automate tasks against resources in Azure, on-premises, and with other cloud providers. 为了使 Runbook 执行所需操作,Runbook 必须有权使用订阅中所需的最小权限来安全地访问资源。In order for a runbook to perform its required actions, it must have permissions to securely access the resources with the minimal rights required within the subscription.

什么是自动化帐户What is an Automation Account

所有使用 Azure 自动化中的 Azure cmdlet 针对资源执行的自动化任务在向 Azure 进行身份验证时,都使用基于 Azure Active Directory 组织标识凭据的身份验证。All the automation tasks you perform against resources using the Azure cmdlets in Azure Automation authenticate to Azure using Azure Active Directory organizational identity credential-based authentication. 自动化帐户独立于用来登录到门户,对 Azure 资源进行配置和使用的帐户。An Automation account is separate from the account you use to sign in to the portal to configure and use Azure resources. 随附于帐户的自动化资源有:Automation resources included with an account are the following:

  • 证书 - 包含用于从 runbook 或 DSC 配置进行身份验证的证书或用于添加这些证书。Certificates - contains a certificate used for authentication from a runbook or DSC configuration or add them.
  • 连接 - 包含从 runbook 或 DSC 配置连接到外部服务或应用程序所需的身份验证和配置信息。Connections - contains authentication and configuration information required to connect to an external service or application from a runbook or DSC configuration.
  • 凭据 - 一个 PSCredential 对象,包含从 runbook 或 DSC 配置进行身份验证所需的用户名和密码等安全凭据。Credentials - is a PSCredential object which contains security credentials such as a username and password required to authenticate from a runbook or DSC configuration.
  • 集成模块 - Azure 自动化帐户中包含的 PowerShell 模块,用于在 runbook 和 DSC 配置中使用 cmdlet。Integration modules - are PowerShell modules included with an Azure Automation account to make use of cmdlets within runbooks and DSC configurations.
  • 计划 - 包含在指定时间启动或停止 runbook(包括重复频率)的计划。Schedules - contains schedules that starts or stops a runbook at a specified time, including recurring frequencies.
  • 变量 - 包含来自于 runbook 或 DSC 配置的值。Variables - contain values that are available from a runbook or DSC configuration.
  • DSC 配置 - 属于 PowerShell 脚本,说明如何在 Windows 或 Linux 计算机上配置操作系统功能或设置,或者如何安装应用程序。DSC Configurations - are PowerShell scripts that describes how to configure an operating system feature or setting or install an application on a Windows or Linux computer.
  • Runbooks - 是基于 Windows PowerShell 的 Azure 自动化中执行某些自动化过程的一组任务。Runbooks - are a set of tasks that perform some automated process in Azure Automation based on Windows PowerShell.

每个自动化帐户的自动化资源与单个 Azure 区域相关联,但自动化帐户可以管理订阅中的所有资源。The Automation resources for each Automation account are associated with a single Azure region, but Automation accounts can manage all the resources in your subscription. 如果策略要求将数据和资源隔离到特定的区域,请在不同区域中创建自动化帐户。Create Automation accounts in different regions if you have policies that require data and resources to be isolated to a specific region.

在 Azure 门户中创建自动化帐户时,会自动创建两个身份验证实体:When you create an Automation account in the Azure portal, you automatically create two authentication entities:

  • 运行方式帐户。A Run As account. 此帐户在 Azure Active Directory (Azure AD) 中创建一个服务主体,并创建一个证书。This account creates a service principal in Azure Active Directory (Azure AD) and a certificate. 此外,它还向参与者分配基于角色的访问控制 (RBAC),以便使用 Runbook 管理 Resource Manager 资源。It also assigns the Contributor role-based access control (RBAC), which manages Resource Manager resources by using runbooks.
  • 经典运行方式帐户。A Classic Run As account. 此帐户上传一个管理证书,用于通过 Runbook 管理经典资源。This account uploads a management certificate, which is used to manage classic resources by using runbooks.

基于角色的访问控制在 Azure 资源管理器中可用,向 Azure AD 用户帐户和运行方式帐户授予允许的操作,并对该服务主体进行身份验证。Role-based access control is available with Azure Resource Manager to grant permitted actions to an Azure AD user account and Run As account, and authenticate that service principal. 请阅读 Azure 自动化中基于角色的访问控制一文,详细了解如何开发自动化权限管理模型。Read Role-based access control in Azure Automation article for further information to help develop your model for managing Automation permissions.

身份验证方法Authentication methods

下表总结了 Azure 自动化所支持的每个环境的不同身份验证方法。The following table summarizes the different authentication methods for each environment supported by Azure Automation.

方法Method 环境Environment
Azure 运行方式帐户和经典运行方式帐户Azure Run As and Classic Run As account Azure 资源管理器部署和 Azure 经典部署Azure Resource Manager and Azure classic deployment
Azure AD 用户帐户Azure AD User account Azure 资源管理器部署和 Azure 经典部署Azure Resource Manager and Azure classic deployment
Windows 身份验证Windows authentication 使用混合 Runbook 辅助角色的本地数据中心或其他云提供程序Local data center or other cloud provider using the Hybrid Runbook Worker
AWS 凭据AWS credentials Amazon Web ServicesAmazon Web Services

如何\身份验证和安全性部分是支持文章,这些文章概述了如何通过专用于上述环境的现有帐户或新帐户为此类环境配置身份验证,并提供了相应的实现步骤。Under the How to\Authentication and security section, are supporting articles providing overview and implementation steps to configure authentication for those environments, either with an existing or new account you dedicate for that environment. 更新自动化运行方式帐户主题适用于 Azure 运行方式和经典运行方式帐户,介绍了如何从门户或使用 PowerShell 对现有的自动化帐户进行运行方式帐户更新(如果最初没有为其配置运行方式或经典运行方式帐户)。For the Azure Run As and Classic Run As account, the topic Update Automation Run As account describes how to update your existing Automation account with the Run As accounts from the portal or using PowerShell if it was not originally configured with a Run As or Classic Run As account. 如果要使用企业证书颁发机构 (CA) 颁发的证书创建运行方式和经典运行方式帐户,请参阅本文,了解如何使用此配置创建帐户。If you want to create a Run As and a Classic Run As account with a certificate issued by your enterprise certification authority (CA), review this article to learn how to create the accounts using this configuration.

网络规划Network planning

要使混合 Runbook 辅助角色连接并注册到 Microsoft Operations Management Suite (OMS),必须让其有权访问下述端口号和 URL。For the Hybrid Runbook Worker to connect to and register with Microsoft Operations Management Suite (OMS), it must have access to the port number and the URLs described below. 除了这些端口和 URL 以外,还需有权访问连接到 OMS 时 Microsoft Monitoring Agent 需要的端口和 URLThis is in addition to the ports and URLs required for the Microsoft Monitoring Agent to connect to OMS. 如果使用代理服务器在代理与 OMS 服务之间通信,则需确保能够访问相应的资源。If you use a proxy server for communication between the agent and the OMS service, you need to ensure that the appropriate resources are accessible. 如果使用防火墙来限制对 Internet 的访问,则需要将防火墙配置为允许访问。If you use a firewall to restrict access to the Internet, you need to configure your firewall to permit access.

下面的信息列出了混合 Runbook 辅助角色与自动化通信时所要使用的端口和 URL。The information below list the port and URLs that are required for the Hybrid Runbook Worker to communicate with Automation.

  • 端口:只需使用 TCP 443 进行出站 Internet 访问Port: Only TCP 443 is required for outbound Internet access
  • 全局 URL:*.azure-automation.netGlobal URL: *.azure-automation.net

如果为特定的区域定义了自动化帐户并想要限制与该区域数据中心之间的通信,请参考下表中为每个区域提供的 DNS 记录。If you have an Automation account defined for a specific region and you want to restrict communication with that regional data center, the following table provides the DNS record for each region.

区域Region DNS 记录DNS Record
美国中南部South Central US scus-jobruntimedata-prod-su1.azure-automation.netscus-jobruntimedata-prod-su1.azure-automation.net
美国东部 2East US 2 eus2-jobruntimedata-prod-su1.azure-automation.neteus2-jobruntimedata-prod-su1.azure-automation.net
美国中西部West Central US wcus-jobruntimedata-prod-su1.azure-automation.netwcus-jobruntimedata-prod-su1.azure-automation.net
欧洲西部West Europe we-jobruntimedata-prod-su1.azure-automation.netwe-jobruntimedata-prod-su1.azure-automation.net
北欧North Europe ne-jobruntimedata-prod-su1.azure-automation.netne-jobruntimedata-prod-su1.azure-automation.net
加拿大中部Canada Central cc-jobruntimedata-prod-su1.azure-automation.netcc-jobruntimedata-prod-su1.azure-automation.net
东南亚South East Asia sea-jobruntimedata-prod-su1.azure-automation.netsea-jobruntimedata-prod-su1.azure-automation.net
印度中部Central India cid-jobruntimedata-prod-su1.azure-automation.netcid-jobruntimedata-prod-su1.azure-automation.net
日本东部Japan East jpe-jobruntimedata-prod-su1.azure-automation.netjpe-jobruntimedata-prod-su1.azure-automation.net
澳大利亚东南部Australia South East ase-jobruntimedata-prod-su1.azure-automation.netase-jobruntimedata-prod-su1.azure-automation.net
英国南部UK South uks-jobruntimedata-prod-su1.azure-automation.netuks-jobruntimedata-prod-su1.azure-automation.net
美国政府弗吉尼亚州US Gov Virginia usge-jobruntimedata-prod-su1.azure-automation.ususge-jobruntimedata-prod-su1.azure-automation.us

有关 IP 地址列表(非名称列表),请从 Microsoft 下载中心下载 Azure 数据中心 IP 地址 xml 文件并进行查看。For a list of IP addresses instead of names, download and review the Azure Datacenter IP address xml file from the Microsoft Download Center.

备注

此文件包含 Microsoft Azure 数据中心使用的 IP 地址范围(包括计算、SQL 和存储范围)。This file contains the IP address ranges (including Compute, SQL and Storage ranges) used in the Microsoft Azure Datacenters. 每周都将发布更新的文件,反映当前已部署的范围和任何即将对 IP 范围进行的更改。An updated file is posted weekly which reflects the currently deployed ranges and any upcoming changes to the IP ranges. 数据中心至少在一周后才会使用文件中显示的新范围。New ranges appearing in the file will not be used in the datacenters for at least one week. 请每周下载新的 xml 文件,并在网站上执行必要的更改以正确地标识 Azure 中运行的服务。Please download the new xml file every week and perform the necessary changes on your site to correctly identify services running in Azure. 快速路由用户可能会注意到,此文件用于在每个月第一周更新 Azure 空间的 BGP 播发。Express Route users may note this file used to update the BGP advertisement of Azure space in the first week of each month.

创建自动化帐户Creating an Automation account

可以通过不同方式在 Azure 门户中创建自动化帐户。There are different ways you can create an Automation account in the Azure portal. 下表介绍了每种类型的部署体验以及其间的差异。The following table introduces each type of deployment experience and differences between them.

方法Method 说明Description
从 Marketplace 选择“自动化与控制”Select Automation & Control from the Marketplace 一种服务,用于创建自动化帐户和 OMS 工作区,二者在同一资源组和区域中互相关联。An offering, which creates both an Automation account and OMS workspace linked to one another in the same resource group and region. 与 OMS 的集成还包括使用 Log Analytics 监视和分析随时间推移的 runbook 作业状态和作业流,以及利用高级功能上报或调查问题的好处。Integration with OMS also includes the benefit of using Log Analytics to monitor and analyze runbook job status and job streams over time and utilize advanced features to escalate or investigate issues. 该服务还部署更改跟踪和更新管理解决方案(默认启用)。The offering also deploys the Change Tracking & Update Management solutions, which are enabled by default.
从 Marketplace 选择“自动化”Select Automation from the Marketplace 在新的或现有的资源组中创建自动化帐户,该资源组与 OMS 工作区没有关联,也不包含“自动化与控制”服务提供的任何解决方案。Creates an Automation account in a new or existing resource group that is not linked to an OMS workspace and does not include any available solutions from the Automation & Control offering. 这是自动化操作入门的基本配置,可以借此了解如何编写 Runbook 和 DSC 配置,以及如何使用该服务的功能。This is a basic configuration that introduces you to Automation and can help you learn how to write runbooks, DSC configurations, and use the capabilities of the service.
选定管理解决方案Selected Management solutions 如果从更新管理在空闲时间启动/停止 VM更改跟踪中选择一个解决方案,系统会提示你选择现有的自动化与 OMS 工作区,或者允许你同时创建二者,这是在订阅中部署解决方案所必需的。If you select a solution – Update Management, Start/Stop VMs during off hours, or Change Tracking they prompt you to select an existing Automation and OMS workspace, or offer you the option to create both as required for the solution to be deployed in your subscription.

本主题演示如何载入“自动化与控制”服务,以便创建自动化帐户和 OMS 工作区。This topic walks you through creating an Automation account and OMS workspace by onboarding the Automation & Control offering. 若要创建独立的自动化帐户,以便进行测试或对服务进行预览,请参阅创建独立的自动化帐户一文。To create a standalone Automation account for testing or to preview the service, review the following article Create standalone Automation account.

创建与 OMS 集成的自动化帐户Create Automation account integrated with OMS

若要载入自动化,建议的方法是从 Marketplace 选择“自动化与控制”服务。The recommended method to onboard Automation is by selecting the Automation & Control offering from the Marketplace. 这将创建自动化帐户并建立与 OMS 工作区的集成,包括安装服务中提供的管理解决方案的选项。This creates both an Automation account and establishes the integration with an OMS workspace, including the option to install the management solutions that are available with the offering.

  1. 以订阅管理员角色成员和订阅共同管理员的帐户登录 Azure 门户。Sign in to the Azure portal with an account that is a member of the Subscription Admins role and co-administrator of the subscription.

  2. 单击“新建” 。Click New.

    在 Azure 门户中选择“新建”选项Select New option in Azure portal

  3. 搜索“自动化”,并在搜索结果中选择“自动化与控制”*。Search for Automation and then in the search results select **Automation & Control***.

    从 Marketplace 搜索并选择“自动化和控制”Search and select Automation & Control from Marketplace.

  4. 在阅读服务说明后,单击“创建”。After reading the description for the offering, click Create.

  5. 在“自动化与控制”设置边栏选项卡上,选择“OMS 工作区”。On the Automation & Control settings blade, select OMS Workspace. 在“OMS 工作区”边栏选项卡上,选择一个 OMS 工作区(其链接到的 Azure 订阅正是自动化帐户所在的订阅),或创建一个 OMS 工作区。On the OMS Workspaces blade, select an OMS workspace linked to the same Azure subscription that the Automation account is in or create an OMS workspace. 如果没有 OMS 工作区,请选择“新建工作区”,并在“OMS 工作区”边栏选项卡上执行以下操作:If you do not have an OMS workspace, select Create New Workspace and on the OMS Workspace blade perform the following:

    • 指定新 OMS 工作区的名称。Specify a name for the new OMS Workspace.
    • 如果选择的默认值不合适,请从下拉列表中选择要链接到的订阅Select a Subscription to link to by selecting from the drop-down list if the default selected is not appropriate.
    • 对于“资源组”,可以创建资源组,也可以选择现有资源组。For Resource Group, you can create a resource group or select an existing resource group.
    • 选择“位置” 。Select a Location. 如需其他信息,请参阅提供 Azure 自动化的区域For additional information, see which regions Azure Automation is available in. 解决方案提供两种定价层:“免费”层和“按节点(OMS)”层。Solutions are offered in two tiers: free and Per Node (OMS) tier. 免费层的每日可收集数据量、保留期和 Runbook 作业运行时分钟数有限制。The free tier has a limit on the amount of data collected daily, retention period, and runbook job runtime minutes. “按节点 (OMS)”层对每日收集的数据量没有限制。The Per Node (OMS) tier does not have a limit on the amount of data collected daily.
    • 选择“自动化帐户”。Select Automation Account. 若要创建新的 OMS 工作区,则还需创建一个与前面指定的新 OMS 工作区相关联的自动化帐户,其中包括 Azure 订阅、资源组和区域。If you are creating a new OMS workspace, you are required to also create an Automation account that is associated with the new OMS workspace specified earlier, including your Azure subscription, resource group, and region. 可以选择“创建自动化帐户”,并在“自动化帐户”边栏选项卡上提供以下信息:You can select Create an Automation account and on the Automation Account blade, provide the following:
    • 在“名称”字段中输入自动化帐户的名称。In the Name field, enter the name of the Automation account.

      系统会根据所选的 OMS 工作区自动填充所有其他选项,无法修改这些选项。All other options are automatically populated based on the OMS workspace selected and these options cannot be modified. Azure 运行方式帐户是此服务的默认身份验证方法。An Azure Run As account is the default authentication method for the offering. 单击“确定”后,系统会验证配置选项并创建自动化帐户。Once you click OK, the configuration options are validated and the Automation account is created. 可以在菜单中的“通知”下面跟踪操作进度。You can track its progress under Notifications from the menu.

      否则,请选择现有的自动化运行方式帐户。Otherwise, select an existing Automation Run As account. 选择的帐户不能已关联到另一 OMS 工作区,否则会在边栏选项卡中显示一条通知消息。The account you select cannot already be linked to another OMS workspace, otherwise a notification message is presented in the blade. 如果该帐户已进行关联,则需选择其他自动化运行方式帐户,或者创建一个。If it is already linked, you need to select a different Automation Run As account or create one.

      提供完所需信息以后,请单击“创建”。After completing the information required, click Create. 此时会对信息进行验证,并创建自动化帐户和运行方式帐户。The information is verified and the Automation Account and Run As accounts are created. 会自动返回到“OMS 工作区”边栏选项卡。You are returned to the OMS workspace blade automatically.

  6. 在“OMS 工作区”边栏选项卡上提供所需信息后,单击“创建”。After providing the required information on the OMS Workspace blade, click Create. 在验证信息和创建工作区时,可以在菜单中的“通知”下面跟踪操作进度。While the information is verified and the workspace is created, you can track its progress under Notifications from the menu. 随后将返回到“添加解决方案”边栏选项卡。You are returned to the Add Solution blade.

  7. 在“自动化与控制”设置边栏选项卡上,确认你想要安装建议的预选解决方案。On the Automation & Control settings blade, confirm you want to install the recommended pre-selected solutions. 如果取消选择某个解决方案,可以稍后单独进行安装。If you deselect any, you can install them individually later.

  8. 单击“创建”,继续载入自动化和 OMS 工作区。Click Create to proceed with onboarding Automation and an OMS workspace. 系统会验证所有设置,然后尝试在订阅中部署该服务。All settings are validated and then it attempts to deploy the offering in your subscription. 此过程需要几秒钟才能完成,可以在菜单中的“通知”下面跟踪进度。This process can take several seconds to complete and you can track its progress under Notifications from the menu.

载入该服务以后,即可开始创建 runbook,运行已启用的管理解决方案,部署混合 Runbook 辅助角色,或者开始使用 Log Analytics 收集云或本地环境中的资源所生成的数据。After the offering is onboarded, you can begin creating runbooks, work with the management solutions you enabled, deploy a Hybrid Runbook worker role, or start working with Log Analytics to collect data generated by resources in your cloud or on-premises environment.

后续步骤Next steps