您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

教程:配置群集的网络设置Tutorial: Configure the cluster's network settings

在使用新创建的 Azure FXT Edge Filer 群集之前,应检查并自定义工作流的多个网络设置。Before you use a newly created Azure FXT Edge Filer cluster, you should check and customize several network settings for your workflow.

本教程介绍可能需要针对新群集进行调整的网络设置。This tutorial explains the network settings that you might need to adjust for a new cluster.

将学习以下内容:You will learn:

  • 创建群集后可能需要更新哪些网络设置Which network settings might need to be updated after creating a cluster
  • 哪些 Azure FXT Edge Filer 用例需要 AD 服务器或 DNS 服务器Which Azure FXT Edge Filer use cases require an AD server or a DNS server
  • 如何配置轮循 DNS (RRDNS) 以自动对发送到 FXT 群集的客户请求进行负载均衡How to configure round-robin DNS (RRDNS) to automatically load balance client requests to the FXT cluster

完成这些步骤所需的时间取决于需要在系统中进行多少项配置更改:The amount of time it takes to complete these steps depends on how many configuration changes are needed in your system:

  • 如果只需阅读本教程并检查一些设置,则需要 10-15 分钟。If you only need to read through the tutorial and check a few settings, it should take 10 to 15 minutes.
  • 如果需要配置轮循 DNS,该任务将需要 1 小时或以上。If you need to configure round-robin DNS, that task can take an hour or more.

调整网络设置Adjust network settings

设置新的 Azure FXT Edge Filer 群集时需要完成多个网络相关任务。Several network-related tasks are part of setting up a new Azure FXT Edge Filer cluster. 请检查此列表并确定哪些项适用于你的系统。Check this list and decide which ones apply to your system.

要详细了解群集的网络设置,请阅读群集配置指南中的配置网络服务To learn more about network settings for the cluster, read Configuring network services in the Cluster Configuration Guide.

  • 为面向客户端的网络配置轮询 DNS(可选)Configure round-robin DNS for the client-facing network (optional)

    根据为 FXT Edge Filer 群集配置 DNS 中所述配置 DNS 系统,对群集流量进行负载均衡。Load balance cluster traffic by configuring the DNS system as described in Configure DNS for the FXT Edge Filer cluster.

  • 验证 NTP 设置Verify NTP settings

  • 配置 Active Directory 和用户名/组名下载(如果需要)Configure Active Directory and username/group name downloads (if needed)

    如果网络主机使用 Active Directory 或另一种外部目录服务,则必须修改群集的目录服务配置,设置群集如何下载用户名和组信息。If your network hosts use Active Directory or another kind of external directory service, you must modify the cluster’s directory services configuration to set up how the cluster downloads username and group information. 有关详细信息,请阅读群集配置指南中的“群集” > “目录服务” 。Read Cluster > Directory Services in the Cluster Configuration Guide for details.

    如果需要 SMB 支持,则需要 AD 服务器。An AD server is required if you want SMB support. 请在开始设置 SMB 之前配置 AD。Configure AD before starting to set up SMB.

  • 定义 VLAN(可选)Define VLANs (optional)

    请在定义群集的 vserver 和全局命名空间之前,配置所需的任何其他 VLAN。Configure any additional VLANs needed before defining your cluster’s vservers and global namespace. 有关详细信息,请阅读群集配置指南中的使用 VLANRead Working with VLANs in the Cluster Configuration Guide to learn more.

  • 配置代理服务器(如果需要)Configure proxy servers (if needed)

    如果群集使用代理服务器来访问外部地址,请执行以下步骤进行设置:If your cluster uses a proxy server to reach external addresses, follow these steps to set it up:

    1. 在“代理配置”设置页面中定义代理服务器 Define the proxy server in the Proxy Configuration settings page
    2. 将代理服务器配置应用于“群集” > “常规设置”页面或“Core Filer 详细信息”页面 。Apply the proxy server configuration with the Cluster > General Setup page or the Core Filer Details page.

    有关详细信息,请阅读群集配置指南中的使用 Web 代理For more information, read Using web proxies in the Cluster Configuration Guide.

  • 上传加密证书供群集使用(可选)Upload encryption certificates for the cluster to use (optional)

加密证书Encryption certificates

FXT Edge Filer 群集使用 X.509 证书执行以下功能:The FXT Edge Filer cluster uses X.509 certificates for these functions:

  • 加密群集管理流量To encrypt cluster administration traffic

  • 代表客户端向第三方 KMIP 服务器进行身份验证To authenticate on behalf of a client to third-party KMIP servers

  • 验证云提供商的服务器证书For verifying cloud providers’ server certificates

如果需要将证书上传到群集,请使用“群集” > “证书”设置页面 。If you need to upload certificates to the cluster, use the Cluster > Certificates settings page. 有关详细信息,请参阅群集配置指南中的群集 > 证书页面。Details are in the Cluster > Certificates page of the Cluster Configuration Guide.

要加密群集管理通信,请使用“群集” > “常规设置”设置页面,选择用于管理 TLS 的证书 。To encrypt cluster management communication, use the Cluster > General Setup settings page to select which certificate to use for administrative TLS.

备注

云服务访问密钥使用“云凭据”配置页面进行保存 。Cloud service access keys are stored by using the Cloud Credentials configuration page. 上文的添加 Core Filer 部分显示了示例;有关详细信息,请参阅群集配置指南中的云凭据部分。The Add a core filer section above shows an example; read the Cluster Configuration Guide Cloud Credentials section for details.

将 DNS 配置为负载均衡Configure DNS for load balancing

本部分介绍将轮循 DNS (RRDNS) 系统配置为在 FXT Edge Filer 群集的所有面向客户端的 IP 地址之间分发客户端负载的基础知识。This section explains the basics of configuring a round-robin DNS (RRDNS) system to distribute client load among all client-facing IP addresses in your FXT Edge Filer cluster.

决定是否使用 DNSDecide whether or not to use DNS

建议始终配置负载均衡,但无需始终使用 DNS。Load balancing is always recommended, but you don't have to always use DNS. 例如,对于某些类型的客户端工作流,使用脚本在装载群集时在客户端之间均匀分配群集 IP 地址可能更有意义。For example, with some types of client workflows it might make more sense to use a script to assign cluster IP addresses evenly among clients when they mount the cluster. 装载群集中介绍了几种方法。Some methods are described in Mount the cluster.

在决定是否使用 DNS 服务器时,请记住以下事项:Keep these things in mind when deciding whether or not to use a DNS server:

  • 如果你的系统只能通过 NFS 客户端访问,则不需要 DNS。If your system is accessed by NFS clients only, DNS is not required. 可以使用数字 IP 地址指定所有网络地址。It is possible to specify all network addresses by using numeric IP addresses.

  • 如果你的系统支持 SMB (CIFS) 访问,则需要 DNS,因为必须为 Active Directory 服务器指定 DNS 域。If your system supports SMB (CIFS) access, DNS is required, because you must specify a DNS domain for the Active Directory server.

  • 如果要使用 Kerberos 身份验证,则需要 DNS。DNS is required if you want to use Kerberos authentication.

轮循 DNS 配置详细信息Round-robin DNS configuration details

当客户端访问群集时,RRDNS 会自动在所有可用接口之间平衡其请求。When clients access the cluster, RRDNS automatically balances their requests among all available interfaces.

为获得最佳性能,请配置 DNS 服务器以处理面向客户端的群集地址,如下图所示。For optimal performance, configure your DNS server to handle client-facing cluster addresses as shown in the following diagram.

左侧显示群集虚拟服务器,IP 地址显示在右侧中间。A cluster vserver is shown on the left, and IP addresses appear in the center and on the right. 如图所示,使用 A 记录和指针配置每个客户端接入点。Configure each client access point with A records and pointers as illustrated.

群集轮询 DNS 图 - 图片的详细替换文字说明 详细文字说明Cluster round-robin DNS diagram - detailed alt text link follows image detailed text description

每个面向客户端的 IP 地址必须具有唯一的名称供群集内部使用。Each client-facing IP address must have a unique name for internal use by the cluster. (在此图中,为了清楚起见,将客户端 IP 命名为 vs1-client-IP- ,但在生产中,应使用更简洁的名称,如 client。)(In this diagram, the client IPs are named vs1-client-IP-* for clarity, but in production you should probably use something more concise, like client*.)

客户端使用 vserver 名称作为服务器参数来装载群集。Clients mount the cluster using the vserver name as the server argument.

修改 DNS 服务器的 named.conf 文件,以设置查询到 vserver 的循环顺序。Modify your DNS server’s named.conf file to set cyclic order for queries to your vserver. 此选项可确保循环显示所有可用值。This option ensures that all of the available values are cycled through. 添加如下语句:Add a statement like the following:

options {
    rrset-order {
        class IN A name "vserver1.example.com" order cyclic;
    };
};

以下 nsupdate 命令提供了正确配置 DNS 的示例:The following nsupdate commands provide an example of configuring DNS correctly:

update add vserver1.example.com. 86400 A 10.0.0.10
update add vserver1.example.com. 86400 A 10.0.0.11
update add vserver1.example.com. 86400 A 10.0.0.12
update add vs1-client-IP-10.example.com. 86400 A 10.0.0.10
update add vs1-client-IP-11.example.com. 86400 A 10.0.0.11
update add vs1-client-IP-12.example.com. 86400 A 10.0.0.12
update add 10.0.0.10.in-addr.arpa. 86400 PTR vs1-client-IP-10.example.com
update add 11.0.0.10.in-addr.arpa. 86400 PTR vs1-client-IP-11.example.com
update add 12.0.0.10.in-addr.arpa. 86400 PTR vs1-client-IP-12.example.com

在群集中启用 DNSEnable DNS in the cluster

在“群集” > “管理网络”设置页面中指定群集使用的 DNS 服务器 。Specify the DNS server that the cluster uses in the Cluster > Administrative Network settings page. 该页面上的设置包括:Settings on that page include:

  • DNS 服务器地址DNS server address
  • DNS 域名DNS domain name
  • DNS 搜索域DNS search domains

有关更多详细信息,请阅读群集配置指南中的 DNS 设置For more details, read DNS Settings in the Cluster Configuration Guide.

后续步骤Next steps

这是 Azure FXT Edge Filer 群集的最后一个基本配置步骤。This is the last basic configuration step for the Azure FXT Edge Filer cluster.