您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

Azure 自动化入门Get started with Azure Automation

本文介绍了与 Azure 自动化部署相关的核心概念。This article introduces core concepts related to the deployment of Azure Automation. 不管是 Azure 自动化新手,还是已有自动化工作流软件(例如 System Center Orchestrator)使用经验,都可以了解如何准备和载入自动化。If you are new to Automation in Azure or have experience with automation workflow software like System Center Orchestrator, you can learn how to prepare and onboard Automation. 阅读本文后便可开始开发 Runbook,以支持过程自动化需求。After you read this article, you'll be ready to begin developing runbooks to support your process automation needs.

自动化体系结构概述Automation architecture overview

Azure 自动化概述

Azure 自动化是一种服务型软件 (SaaS) 应用程序,提供可缩放且可靠的多租户环境,用户可在该环境中使用 Runbook 实现过程自动化。Azure Automation is a software as a service (SaaS) application that provides a scalable and reliable multitenant environment in which you can use runbooks to automate processes. 可在 Azure、其他云服务或本地环境中使用 Desired State Configuration (DSC) 管理对 Windows 和 Linux 系统的配置更改。You can use Desired State Configuration (DSC) in Azure, other cloud services, or in an on-premises environment to manage configuration changes to Windows and Linux systems. 自动化帐户中的实体(包括 Runbook、资产和运行方式帐户)与订阅以及其他订阅中的其他自动化帐户相互隔离。Entities in your Automation account, including runbooks, assets, and Run As accounts, are isolated from other Automation accounts in your subscription, and from other subscriptions.

Azure 中运行的 Runbook 在自动化沙盒中执行。Runbooks that you run in Azure are executed on Automation sandboxes. 这些沙盒托管在 Azure 平台即服务 (PaaS) 型虚拟机中。Sandboxes are hosted in Azure platform as a service (PaaS) virtual machines.

自动化沙盒针对 Runbook 执行的所有方面(包括模块、存储、内存、网络通信和作业流)提供租户隔离。Automation sandboxes provide tenant isolation for all aspects of runbook execution, including modules, storage, memory, network communication, and job streams. 此角色由服务管理。This role is managed by the service. 不能从 Azure 或自动化帐户访问或管理此角色。You can't access or manage the role from your Azure or Automation account.

若要在本地数据中心或其他云服务中自动部署和管理资源,可在创建自动化帐户后,指定一台或多台 VM 运行混合 Runbook 辅助角色To automate the deployment and management of resources in your local datacenter or other cloud services, after you create an Automation account, you can designate one or more VMs to run the Hybrid Runbook Worker role. 每个混合 Runbook 辅助角色都需要一个自动化帐户并安装 Microsoft 管理代理。Each Hybrid Runbook Worker requires Microsoft Management Agent to be installed and an Automation account. 该代理必须连接到 Azure Log Analytics 工作区。The agent must have a connection to an Azure Log Analytics workspace. Log Analytics 可用于启动安装、维护 Microsoft 管理代理,以及监视混合 Runbook 辅助角色的功能。You can use Log Analytics to bootstrap the installation, maintain Microsoft Management Agent, and monitor the functionality of the Hybrid Runbook Worker. Azure 自动化执行 Runbook 及其运行指令的传送。Azure Automation performs the delivery of runbooks and the instruction to run them.

可以部署多个混合 Runbook 辅助角色。You can deploy multiple Hybrid Runbook Workers. 使用混合 Runbook 辅助角色为 Runbook 提供高可用性并对 Runbook 作业进行负载均衡。Use Hybrid Runbook Workers to provide high availability for your runbooks and load-balance runbook jobs. 在某些情况下,可将 Runbook 作业专用于特定的工作负荷或环境。In some cases, you can dedicate runbook jobs for specific workloads or environments. 混合 Runbook 辅助角色上的 Microsoft Monitoring Agent 通过 TCP 端口 443 启动与自动化服务的通信。Microsoft Monitoring Agent on the Hybrid Runbook Worker initiates communication with the Automation service over TCP port 443. 混合 Runbook 辅助角色没有入站防火墙要求。Hybrid Runbook Workers have no inbound firewall requirements.

用户可能希望使用混合 Runbook 辅助角色上运行的某个 Runbook 针对环境中的其他计算机或服务执行管理任务。You might want a runbook that's running on a Hybrid Runbook Worker to perform management tasks against other machines or services in your environment. 在这种情况下,该 Runbook 可能还需要访问其他端口。In that scenario, the runbook might also need to access other ports. 如果 IT 安全策略不允许网络上的计算机连接到 Internet,请参阅 OMS 网关If your IT security policies don't allow computers on your network to connect to the internet, review OMS Gateway. OMS 网关充当混合 Runbook 辅助角色的代理。The OMS Gateway acts as a proxy for the Hybrid Runbook Worker. 它从自动化帐户中收集作业状态以及接收配置信息。It collects job status and receives configuration information from your Automation account.

在混合 Runbook 辅助角色上运行时,Runbook 是在计算机的本地系统帐户上下文中运行。Runbooks that run on a Hybrid Runbook Worker run in the context of the local System account on the computer. 在本地 Windows 计算机上执行管理操作时,建议采用安全上下文。We recommend a security context when you perform administrative actions on the local Windows machine. 如果希望 Runbook 针对本地计算机的外部资源运行任务,则可能需要在自动化帐户中定义安全凭据资产。If you want the runbook to run tasks against resources that are outside the local machine, you might need to define secure credential assets in the Automation account. 可以从 Runbook 访问安全凭据资产,并用它们对外部资源进行身份验证。You can access secure credential assets from the runbook and use them to authenticate with the external resource. 可以使用 Runbook 中的凭据证书连接资产。You can use Credential, Certificate, and Connection assets in your runbook. 将资产与 cmdlet 搭配使用,这些 cmdlet 可用于指定凭据以对资产进行身份验证。Use the assets with cmdlets that you can use to specify credentials to authenticate them.

可以将存储在 Azure 自动化中的 DSC 配置应用于虚拟机。You can apply DSC configurations that are stored in Azure Automation to virtual machines. 其他物理计算机和虚拟机可从 Automation DSC 请求服务器请求配置。Other physical and virtual machines can request configurations from the Automation DSC pull server. 无需部署任何支持 Automation DSC 请求服务器的基础结构,来管理本地物理或虚拟 Windows 系统和 Linux 系统的配置。You don't need to deploy any infrastructure to support the Automation DSC pull server to manage configurations of your on-premises physical or virtual Windows and Linux systems. 只需确保通过 Automation DSC 管理的每个系统能够进行出站 Internet 访问即可。You only need outbound internet access from each system that you will manage by using Automation DSC. 与 Log Analytics 服务通信时使用 TCP 端口 443。Communication occurs over TCP port 443 to the Log Analytics service.

先决条件Prerequisites

自动化 DSCAutomation DSC

Automation DSC 可用于管理以下计算机:You can use Automation DSC to manage these machines:

  • 运行 Windows 或 Linux 的 Azure 虚拟机(经典)。Azure virtual machines (classic) running Windows or Linux.
  • 运行 Windows 或 Linux 的 Azure 虚拟机。Azure virtual machines running Windows or Linux.
  • 运行 Windows 或 Linux 的 Amazon Web Services (AWS) 虚拟机。Amazon Web Services (AWS) virtual machines running Windows or Linux.
  • 位于本地或者 Azure 或 AWS 以外的云中的物理和虚拟 Windows 计算机。Physical and virtual Windows computers that are on-premises or in a cloud other than Azure or AWS.
  • 位于本地或者 Azure 或 AWS 以外的云中的物理和虚拟 Linux 计算机。Physical and virtual Linux computers that are on-premises or in a cloud other than Azure or AWS.

对于 Windows 计算机,必须安装最新版的 Windows Management Framework (WMF) 5。For Windows machines, the latest version of Windows Management Framework (WMF) 5 must be installed. 对于 Linux 计算机,必须安装最新版的 PowerShell DSC agent for LinuxFor Linux machines, the latest version of the PowerShell DSC agent for Linux must be installed. PowerShell DSC 代理使用 WMF 5 与自动化通信。The PowerShell DSC agent uses WMF 5 to communicate with Automation.

混合 Runbook 辅助角色Hybrid Runbook Worker

指定某台计算机运行混合 Runbook 作业时,该计算机必须满足以下先决条件:When you designate a computer to run hybrid runbook jobs, the computer must meet the following prerequisites:

  • Windows Server 2012 或更高版本。Windows Server 2012 or later.
  • Windows PowerShell 4.0 或更高版本。Windows PowerShell 4.0 or later. 为了提高可靠性,建议安装 Windows PowerShell 5.0。For increased reliability, we recommend Windows PowerShell 5.0. 可以从 Microsoft 下载中心下载新版本You can download the new version from the Microsoft Download Center.
  • .NET Framework 4.6.2 或更高版本。.NET Framework 4.6.2 or later.
  • 至少双核。A minimum of two cores.
  • 至少 4 GB RAM。A minimum of 4 GB of RAM.

创建自动化帐户所需的权限Permissions required to create an Automation account

若要创建或更新自动化帐户,并完成本文所述的任务,必须具有以下特权和权限:To create or update an Automation account, and to complete the tasks described in this article, you must have the following privileges and permissions:

  • 若要创建自动化帐户,必须将 Azure Active Directory (Azure AD) 用户帐户添加到一个角色,该角色的权限相当于 Microsoft.Automation 资源的所有者角色。To create an Automation account, your Azure Active Directory (Azure AD) user account must be added to a role with permissions equivalent to the Owner role for Microsoft.Automation resources. 有关详细信息,请参阅 Azure 自动化中基于角色的访问控制For more information, see Role-Based Access Control in Azure Automation.
  • 在 Azure 门户的“Azure Active Directory” > “管理” > “应用注册”下,如果“应用注册”设置为“是”,则 Azure AD 租户中的非管理员用户可以注册 Active Directory 应用程序In the Azure portal, under Azure Active Directory > MANAGE > App registrations, if App registrations is set to Yes, non-admin users in your Azure AD tenant can register Active Directory applications. 如果“应用注册”设置为“否”,则执行此操作的用户必须是 Azure AD 中的全局管理员。If App registrations is set to No, the user who performs this action must be a global administrator in Azure AD.

如果在被添加到订阅的全局管理员/共同管理员角色之前不是订阅的 Active Directory 实例的成员,则将作为来宾添加到 Active Directory。If you aren't a member of the subscription’s Active Directory instance before you are added to the subscription's global administrator/coadministrator role, you are added to Active Directory as a guest. 在这种情况下,“添加自动化帐户”页中会显示此消息:“你无权创建”。In this scenario, you see this message on the Add Automation Account page: “You do not have permissions to create."

如果用户已被添加到全局管理员/共同管理员角色,可以先将其从订阅的 Active Directory 实例中删除,然后重新添加到 Active Directory 中的完整用户角色。If a user is added to the global administrator/coadministrator role first, you can remove them from the subscription's Active Directory instance, and then re-add them to the full User role in Active Directory.

若要验证用户角色,请执行以下操作:To verify user roles:

  1. 在 Azure 门户中,转到“Azure Active Directory”窗格。In the Azure portal, go to the Azure Active Directory pane.
  2. 选择“用户和组”。Select Users and groups.
  3. 选择“所有用户”。Select All users.
  4. 选择特定的用户后,选择“配置文件”。After you select a specific user, select Profile. 用户配置文件下的“用户类型”属性值不应为“来宾”。The value of the User type attribute under the user's profile should not be Guest.

身份验证规划Plan for authentication

在 Azure 自动化中,可以针对 Azure 资源、本地资源以及其他云服务资源自动执行任务。In Azure Automation, you can automate tasks against resources that are in Azure, on-premises, and in other cloud services. 为了使 Runbook 执行所需操作,Runbook 必须有权安全地访问资源。For a runbook to perform its required actions, it must have permissions to securely access the resources. 它必须具有订阅中所需的最小权限。It must have the minimal rights required within the subscription.

什么是自动化帐户What is an Automation account

所有使用 Azure 自动化中的 cmdlet 针对资源执行的自动化任务在向 Azure 进行身份验证时,都使用基于 Azure AD 组织标识凭据的身份验证。All the automation tasks that you perform against resources by using the cmdlets in Azure Automation authenticate to Azure by using Azure AD organizational identity credentials-based authentication. 自动化帐户独立于用来登录到门户,对 Azure 资源进行配置和使用的帐户。An Automation account is separate from the account that you use to sign in to the portal for configuring and using Azure resources.

自动化帐户附带以下资源:The following resources are included with an Automation account:

  • 证书Certificates. 包含用于从 Runbook 或 DSC 配置进行身份验证的证书。Contains a certificate that's used for authentication from a runbook or DSC configuration. 还可以添加证书。You can also add certificates.
  • 连接Connections. 包含从 Runbook 或 DSC 配置连接到外部服务或应用程序所需的身份验证和配置信息。Contains authentication and configuration information that's required to connect to an external service or application from a runbook or DSC configuration.
  • 凭据Credentials. 包含 PSCredential 对象,该对象包含用户名和密码等安全凭据。Contains a PSCredential object, which has security credentials such as a username and password. 从 Runbook 或 DSC 配置进行身份验证时需要这些凭据。The credentials are required to authenticate from a runbook or DSC configuration.
  • 集成模块Integration modules. Azure 自动化帐户中包含的 PowerShell 模块。PowerShell modules that are included with an Automation account. PowerShell 模块用于在 Runbook 和 DSC 配置中运行 cmdlet。Use the PowerShell modules to run cmdlets in runbooks and DSC configurations.
  • 计划Schedules. 包含在指定时间启动或停止 Runbook(包括重复频率)的计划。Contains schedules that start or stop a runbook at a specified time, including recurring frequencies.
  • 变量Variables. 包含来自于 Runbook 或 DSC 配置的值。Contain values that are available from a runbook or DSC configuration.
  • DSC 配置DSC configurations. 属于 PowerShell 脚本,说明如何配置操作系统功能或设置,或者如何在 Windows 或 Linux 计算机上安装应用程序。PowerShell scripts that describe how to configure an operating system feature or setting, or how to install an application on a Windows or Linux computer.
  • RunbookRunbooks. 基于 Windows PowerShell 在自动化中执行自动化过程的一组任务。A set of tasks that perform an automated process in Automation based on Windows PowerShell.

每个自动化帐户的自动化资源都与单个 Azure 区域相关联。Automation resources for each Automation account are associated with a single Azure region. 但是,可以使用自动化帐户管理订阅中的所有资源。However, you can use Automation accounts to manage all the resources in your subscription. 如果策略要求将数据和资源隔离到特定的区域,请在不同区域中创建自动化帐户。Create Automation accounts in different regions if you have policies that require data and resources to be isolated to a specific region.

在 Azure 门户中创建自动化帐户时,会自动创建两个身份验证实体:When you create an Automation account in the Azure portal, two authentication entities are automatically created:

  • 运行方式帐户Run As account. 此帐户执行以下任务:This account does the following tasks:
    • 在 Azure AD 中创建服务主体。Creates a service principal in Azure AD.
    • 创建证书。Creates a certificate.
    • 向参与者分配基于角色的访问控制 (RBAC),以便使用 Runbook 管理 Azure 资源管理器资源。Assigns the Contributor Role-Based Access Control (RBAC), which manages Azure Resource Manager resources by using runbooks.
  • 经典运行方式帐户Classic Run As account. 此帐户会上传一个管理证书。This account uploads a management certificate. 该证书用于通过 Runbook 管理经典资源。The certificate is used to manage classic resources by using runbooks.

可在资源管理器中使用 RBAC 向 Azure AD 用户帐户和运行方式帐户授予允许的操作。RBAC is available with Resource Manager to grant permitted actions to an Azure AD user account and Run As account. RBAC 还可用于对该服务主体进行身份验证。You can also use RBAC to authenticate that service principal. 有关详细信息以及如何帮助开发用于管理自动化权限的模型,请参阅 Azure 自动化中基于角色的访问控制一文。For more information, and for help developing a model for managing Automation permissions, see Role-Based Access Control in Azure Automation article.

身份验证方法Authentication methods

下表总结了 Azure 自动化所支持的可用于每个环境的身份验证方法。The following table summarizes the authentication methods that you can use for each environment that Azure Automation supports.

方法Method 环境Environment
Azure 运行方式帐户和经典运行方式帐户Azure Run As and Classic Run As account Azure 资源管理器部署和 Azure 经典部署Azure Resource Manager and Azure classic deployment
Azure AD 用户帐户Azure AD User account Azure 资源管理器部署和 Azure 经典部署Azure Resource Manager and Azure classic deployment
Windows 身份验证Windows authentication 使用混合 Runbook 辅助角色的本地数据中心或其他云服务提供程序Local datacenter or other cloud services provider by using the Hybrid Runbook Worker role
Amazon Web Services 凭据Amazon Web Services credentials Amazon Web ServicesAmazon Web Services

以下文章概述了如何为这些环境配置身份验证,并提供了相应的实现步骤。The following articles provide overview and implementation steps to configure authentication for those environments. 它们介绍了如何使用专用于该环境的现有帐户和新帐户。The articles describe using an existing and using a new account that you dedicate for that environment.

对于 Azure 运行方式帐户和经典运行方式帐户,更新自动化运行方式帐户介绍了如何从门户使用运行方式帐户更新现有的自动化帐户。For the Azure Run As and Classic Run As accounts, Update Automation Run As account describes how to update your existing Automation account with the Run As accounts from the portal. 它还介绍了如何在最初没有为自动化帐户配置运行方式帐户或经典运行方式帐户的情况下使用 PowerShell。It also describes how to use PowerShell if the Automation account wasn't originally configured with a Run As or Classic Run As account. 可以使用企业证书颁发机构 (CA) 颁发的证书创建运行方式帐户和经典运行方式帐户。You can create a Run As account and a Classic Run As account by using a certificate that's issued by your enterprise certificate authority (CA). 请查看更新自动化运行方式帐户,了解如何使用此配置创建帐户。Review Update Automation Run As account to learn how to create the accounts by using this configuration.

网络规划Plan your network

要使混合 Runbook 辅助角色连接并注册到 Log Analytics,必须让其有权访问此部分所述的端口号和 URL。For the Hybrid Runbook Worker to connect to and register with Log Analytics, it must have access to the port number and the URLs that are described in this section. 除了这些端口和 URL 以外,还需要有权访问 Microsoft Monitoring Agent 连接到 Log Analytics 时要使用的端口和 URLThis is in addition to the ports and URLs required for Microsoft Monitoring Agent to connect to Log Analytics.

如果使用代理服务器在代理与 Log Analytics 服务之间通信,请确保能够访问相应的资源。If you use a proxy server for communication between the agent and the Log Analytics service, ensure that the appropriate resources are accessible. 如果使用防火墙来限制对 Internet 的访问,则必须将防火墙配置为允许访问。If you use a firewall to restrict access to the internet, you must configure your firewall to permit access.

混合 Runbook 辅助角色与自动化通信时需要以下端口和 URL:The following port and URLs are required for the Hybrid Runbook Worker role to communicate with Automation:

  • 端口:只需使用 TCP 443 进行出站 Internet 访问。Port: Only TCP 443 is required for outbound internet access.
  • 全局 URL:*.azure-automation.net。Global URL: *.azure-automation.net.

如果为特定的区域定义了自动化帐户,则可以限制与该区域数据中心之间的通信。If you have an Automation account that's defined for a specific region, you can restrict communication to that regional datacenter. 下表提供了每个区域的 DNS 记录。The following table provides the DNS record for each region.

区域Region DNS 记录DNS record
美国中南部South Central US scus-jobruntimedata-prod-su1.azure-automation.netscus-jobruntimedata-prod-su1.azure-automation.net
美国东部 2East US 2 eus2-jobruntimedata-prod-su1.azure-automation.neteus2-jobruntimedata-prod-su1.azure-automation.net
美国中西部West Central US wcus-jobruntimedata-prod-su1.azure-automation.netwcus-jobruntimedata-prod-su1.azure-automation.net
欧洲西部West Europe we-jobruntimedata-prod-su1.azure-automation.netwe-jobruntimedata-prod-su1.azure-automation.net
北欧North Europe ne-jobruntimedata-prod-su1.azure-automation.netne-jobruntimedata-prod-su1.azure-automation.net
加拿大中部Canada Central cc-jobruntimedata-prod-su1.azure-automation.netcc-jobruntimedata-prod-su1.azure-automation.net
东南亚South East Asia sea-jobruntimedata-prod-su1.azure-automation.netsea-jobruntimedata-prod-su1.azure-automation.net
印度中部Central India cid-jobruntimedata-prod-su1.azure-automation.netcid-jobruntimedata-prod-su1.azure-automation.net
日本东部Japan East jpe-jobruntimedata-prod-su1.azure-automation.netjpe-jobruntimedata-prod-su1.azure-automation.net
澳大利亚东南部Australia South East ase-jobruntimedata-prod-su1.azure-automation.netase-jobruntimedata-prod-su1.azure-automation.net
英国南部UK South uks-jobruntimedata-prod-su1.azure-automation.netuks-jobruntimedata-prod-su1.azure-automation.net
美国政府弗吉尼亚州US Gov Virginia usge-jobruntimedata-prod-su1.azure-automation.ususge-jobruntimedata-prod-su1.azure-automation.us

有关区域 IP 地址列表(非区域名称列表),请从 Microsoft 下载中心下载 Azure 数据中心 IP 地址 XML 文件。For a list of region IP addresses instead of region names, download the Azure Datacenter IP address XML file from the Microsoft Download Center.

备注

Azure 数据中心 IP 地址 XML 文件列出了 Microsoft Azure 数据中心使用的 IP 地址范围。The Azure Datacenter IP address XML file lists the IP address ranges that are used in the Microsoft Azure datacenters. 文件中包含计算、SQL 和存储范围。Compute, SQL, and storage ranges are included in the file.

每周都将发布更新的文件。An updated file is posted weekly. 该文件反映当前已部署的范围和任何即将对 IP 范围进行的更改。The file reflects the currently deployed ranges and any upcoming changes to the IP ranges. 数据中心至少在一周后才会使用文件中显示的新范围。New ranges that appear in the file aren't used in the datacenters for at least one week.

建议每周下载新的 XML 文件。It's a good idea to download the new XML file every week. 然后,更新网站以正确地标识 Azure 中运行的服务。Then, update your site to correctly identify services running in Azure. Azure ExpressRoute 用户应注意,此文件过去经常在每个月的第一周更新 Azure 空间的边界网关协议 (BGP) 播发。Azure ExpressRoute users should note that this file used to update the Border Gateway Protocol (BGP) advertisement of Azure space the first week of each month.

创建自动化帐户Create an Automation account

下表介绍了在 Azure 门户中创建自动化帐户的不同方法。The following table introduces methods for creating an Automation account in the Azure portal. 它还介绍了每种类型的部署体验以及其间的差异。The table describes each type of deployment experience, and the differences between them.

方法Method 说明Description
在 Azure Marketplace 中选择“自动化与控制”Select Automation & Control in the Azure Marketplace 一种 Azure Marketplace 服务,用于创建自动化帐户和 Log Analytics 工作区,二者在同一资源组和区域中互相关联。An Azure Marketplace offering creates an Automation account and Log Analytics workspace that are linked and in the same resource group and region. 与 Log Analytics 集成带来的另一项好处是可以使用它监视和分析随时间推移的 Runbook 作业状态和作业流。Integration with Log Analytics also includes the benefit of using it to monitor and analyze runbook job status and job streams over time. 此外,还可以使用 Log Analytics 中的高级功能上报或调查问题。You can also use the advanced features in Log Analytics to escalate or investigate issues. 该服务部署更改跟踪更新管理解决方案(默认启用)。The offering deploys the Change Tracking and Update Management solutions, which are enabled by default.
在 Marketplace 中选择“自动化”Select Automation in the Marketplace 此方法可在新的或现有的资源组中创建自动化帐户,该资源组与 Log Analytics 工作区没有关联。This method creates an Automation account in a new or existing resource group that isn't linked to a Log Analytics workspace. 它不包含“自动化与控制”服务提供的任何解决方案。It doesn't include any available solutions from the Automation & Control offering. 此方法是自动化操作入门的基本配置。This method is a basic configuration that introduces you to Automation. 可以借此了解如何编写 Runbook 和 DSC 配置,以及如何使用该服务的各项功能。It can help you learn how to write runbooks and DSC configurations, and learn how to use the capabilities of the service.
选择管理解决方案Select Management solutions 如果选择管理解决方案,包括更新管理在空闲时间启动/停止 VM更改跟踪,该解决方案会提示选择现有的自动化帐户与 Log Analytics 工作区。If you select a Management solution, including Update Management, Start/Stop VMs during off hours, or Change Tracking, the solution prompts you to select an existing Automation account and Log Analytics workspace. 该解决方案也允许选择创建自动化帐户与 Log Analytics 工作区,这是在订阅中部署解决方案所必需的。The solution offers you the option of creating an Automation account and Log Analytics workspace as required for the solution to be deployed in your subscription.

创建与 Log Analytics 集成的自动化帐户Create an Automation account that's integrated with Log Analytics

若要载入自动化,建议在 Marketplace 中选择“自动化与控制”服务。To onboard Automation, we recommend that you select the Automation & Control offering in the Marketplace. 使用此方法创建自动化帐户,并建立与 Log Analytics 工作区的集成。Using this method creates an Automation account and establishes integration with a Log Analytics workspace. 使用此方法时,还可以选择安装该服务提供的管理解决方案。When you use this method, you also have the option to install the management solutions that are available with the offering.

创建独立的自动化帐户演示如何载入“自动化与控制”服务,以便创建自动化帐户和 Log Analytics 工作区。Create a standalone Automation account walks you through the process of creating an Automation account and Log Analytics workspace by onboarding the Automation & Control offering. 可以了解如何创建独立的自动化帐户以便进行测试或对服务进行预览。You can learn how to create a standalone Automation account for testing or preview the service.

若要使用“自动化与控制”Marketplace 服务创建自动化帐户和 Log Analytics 工作区,请执行以下操作:To create an Automation account and Log Analytics workspace by using the Automation & Control Marketplace offering:

  1. 使用帐户登录到 Azure 门户,该帐户应当是订阅管理员角色的成员并且是订阅的共同管理员。Sign in to the Azure portal with an account that's a member of the subscription Administrators role and a coadministrator of the subscription.
  2. 选择“新建”。Select New.

    在 Azure 门户中选择“新建”Select New in the Azure portal
  3. 搜索“自动化”。Search for Automation. 在搜索结果中,选择“自动化与控制”。In the search results, select Automation & Control.

    在 Azure Marketplace 中搜索并选择“自动化与控制”Search for and select Automation & Control in the Azure Marketplace.
  4. 查看服务说明,然后选择“创建”。Review the description for the offering, and then select Create.
  5. 在“自动化与控制”下,选择“OMS 工作区”。Under Automation & Control, select OMS Workspace. 在“OMS 工作区”下,选择与自动化帐户所在的 Azure 订阅相关联的 Log Analytics 工作区。Under OMS Workspaces, select a Log Analytics workspace that's linked to the Azure subscription that the Automation account is in. 如果没有 Log Analytics 工作区,请选择“新建工作区”。If you don't have a Log Analytics workspace, select Create New Workspace. 在“OMS 工作区”下:Under OMS Workspace:
    1. 对于“OMS 工作区”,输入新工作区的名称。For OMS Workspace, enter a name for the new workspace.
    2. 对于“订阅”,选择要关联的订阅。For Subscription, select a subscription to link to. 如果默认选择不合适,请从下拉列表中选择订阅。If the default selection isn't the subscription that you want to use, select the subscription from the drop-down list.
    3. 对于“资源组”,可以创建资源组,也可以选择现有资源组。For Resource Group, you can create a resource group, or select an existing resource group.
    4. 对于“位置”,选择一个区域。For Location, select a region. 有关详细信息,请参阅提供 Azure 自动化的区域For more information, see which regions Azure Automation is available in. 解决方案提供两种定价层:免费层和“按节点(OMS)”层。Solutions are offered in two tiers: free and per node (OMS) tier. 免费层的每日可收集数据量、保留期和 Runbook 作业运行时分钟数有限制。The free tier has a limit on the amount of data that's collected daily, retention period, and runbook job runtime minutes. “按节点(OMS)”层对每日收集的数据量没有限制。The per node (OMS) tier doesn't have a limit on the amount of data collected daily.
    5. 选择“自动化帐户”。Select Automation Account. 如果创建新的 Log Analytics 工作区,则还需创建一个与新 Log Analytics 工作区相关联的自动化帐户。If you create a new Log Analytics workspace, you must also create an Automation account that's associated with the new Log Analytics workspace. 包括 Azure 订阅、资源组和区域。Include your Azure subscription, resource group, and region.
      1. 选择“创建自动化帐户”。Select Create an Automation account.
      2. 在“自动化帐户”下的“名称”字段中输入自动化帐户的名称。Under Automation Account, in the Name field, enter the name of the Automation account. 系统会根据所选的 Log Analytics 工作区自动填充所有其他选项。All other options are automatically populated based on the Log Analytics workspace selected. 无法修改这些选项。You can't modify these options.
      3. Azure 运行方式帐户是此服务的默认身份验证方法。An Azure Run As account is the default authentication method for the offering. 选择“确定”后,系统会验证配置选项并创建自动化帐户。After you select OK, the configuration options are validated and the Automation account is created. 若要跟踪其进度,请在菜单上选择“通知”。To track its progress, on the menu, select Notifications.
      4. 否则,请选择现有的自动化运行方式帐户。Otherwise, select an existing Automation Run As account. 选择的帐户不能已关联到另一个 Log Analytics 工作区,The account you select cannot already be linked to another Log Analytics workspace. 否则会显示一条通知消息。If it is, a notification message appears. 如果该帐户已关联到一个 Log Analytics 工作区,请选择其他自动化运行方式帐户,或者创建一个。If the account is already linked to a Log Analytics workspace, select a different Automation Run As account or create one.
      5. 输入或选择必填信息后,选择“创建”。After you enter or select the required information, select Create. 此时会对信息进行验证,并创建自动化帐户和运行方式帐户。The information is verified, and the Automation Account and Run As accounts are created. 用户会自动返回到“OMS 工作区”窗格。You are automatically returned to the OMS workspace pane.
  6. 在“OMS 工作区”窗格上输入或选择必填信息后,选择“创建”。After you enter or select the required information on the OMS Workspace pane, select Create. 此时会对信息进行验证并创建工作区。The information is verified and the workspace is created. 若要跟踪其进度,请在菜单上选择“通知”。To track its progress, on the menu, select Notifications. 随后将返回到“添加解决方案”窗格。You are returned to the Add Solution pane.
  7. 在“自动化与控制”设置下,确认想要安装建议的预选解决方案。Under Automation & Control settings, confirm that you want to install the recommended preselected solutions. 如果更改任意默认选项,可以稍后单独安装解决方案。If you change any of the default options, you can install the solutions individually later.
  8. 若要继续载入自动化和 Log Analytics 工作区,请选择“创建”。To proceed with onboarding Automation and a Log Analytics workspace, select Create. 在验证所有设置后,Azure 会尝试在订阅中部署该服务。All settings are validated, and then Azure attempts to deploy the offering in your subscription. 此过程可能需要数秒钟的时间。This process might take several seconds. 若要跟踪其进度,请在菜单中选择“通知”。To track its progress, in the menu, select Notifications.

载入该服务后,可执行以下任务:After the offering is onboarded, you can do the following tasks:

  • 开始创建 Runbook。Begin creating runbooks.
  • 运行已启用的管理解决方案。Work with the management solutions that you enabled.
  • 部署混合 Runbook 辅助角色Deploy a Hybrid Runbook Worker role.
  • 开始使用 Log Analytics 收集云或本地环境中的资源所生成的数据。Start working with Log Analytics to collect data that's generated by resources in your cloud or on-premises environment.

后续步骤Next steps