您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

平台支持的从经典部署模型到 Azure 资源管理器的 IaaS 资源迁移Platform-supported migration of IaaS resources from classic to Azure Resource Manager

本文介绍如何将服务架构 (IaaS) 资源从经典部署模型迁移到资源管理器部署模型,并详细说明如何使用虚拟网络站点到站点网关连接两个在订阅中共存的两个部署模型的资源。This article describes how to migrate infrastructure as a service (IaaS) resources from the Classic to Resource Manager deployment models and details how to connect resources from the two deployment models that coexist in your subscription by using virtual network site-to-site gateways. 用户可以阅读有关 Azure 资源管理器功能和优点的更多内容。You can read more about Azure Resource Manager features and benefits.

迁移目标Goal for migration

资源管理器除了可让你通过模板部署复杂的应用程序之外,还可使用 VM 扩展来配置虚拟机,并且纳入访问管理和标记。Resource Manager enables deploying complex applications through templates, configures virtual machines by using VM extensions, and incorporates access management and tagging. Azure 资源管理器将虚拟机的可缩放并行部署包含在可用性集内。Azure Resource Manager includes scalable, parallel deployment for virtual machines into availability sets. 新部署模型还针对计算、网络和存储单独提供生命周期管理。The new deployment model also provides lifecycle management of compute, network, and storage independently. 最后,将重点介绍为了默认启用安全性而要在虚拟网络中实施虚拟机的做法。Finally, there’s a focus on enabling security by default with the enforcement of virtual machines in a virtual network.

在 Azure 资源管理器之下,针对来自经典部署模型的几乎所有功能,均提供计算、网络和存储支持。Almost all the features from the classic deployment model are supported for compute, network, and storage under Azure Resource Manager. 要充分利用 Azure 资源管理器中的新功能,可将现有部署从经典部署模型中迁移出来。To benefit from the new capabilities in Azure Resource Manager, you can migrate existing deployments from the Classic deployment model.

迁移支持的资源Supported resources for migration

迁移过程中支持以下经典 IaaS 资源These classic IaaS resources are supported during migration

  • 虚拟机Virtual Machines
  • 可用性集Availability Sets
  • 使用虚拟机的云服务Cloud Services with Virtual Machines
  • 存储帐户Storage Accounts
  • 虚拟网络Virtual Networks
  • VPN 网关VPN Gateways
  • 快速路由网关 (仅限在虚拟网络所在的同一订阅中)Express Route Gateways (in the same subscription as Virtual Network only)
  • 网络安全组Network Security Groups
  • 路由表Route Tables
  • 保留 IPReserved IPs

支持的迁移范围Supported scopes of migration

可通过四种不同的方式完成计算、网络和存储资源的迁移:There are four different ways to complete migration of compute, network, and storage resources:

迁移(不在虚拟网络中的)虚拟机Migration of virtual machines (NOT in a virtual network)

在 Resource Manager 部署模型中,默认情况下会针对应用程序强制实施安全性。In the Resource Manager deployment model, security is enforced for your applications by default. 在 Resource Manager 模型中,所有 VM 都必须位于虚拟网络内。All VMs need to be in a virtual network in the Resource Manager model. Azure 平台会在迁移过程中重新启动(StopDeallocateStart)VM。The Azure platform restarts (Stop, Deallocate, and Start) the VMs as part of the migration. 对于虚拟机将迁移到的虚拟网络,有两个选项:You have two options for the virtual networks that the Virtual Machines will be migrated to:

  • 可以请求平台创建新的虚拟网络,并将虚拟机迁移到新的虚拟网络。You can request the platform to create a new virtual network and migrate the virtual machine into the new virtual network.
  • 可以将虚拟机迁移到 Resource Manager 中的现有虚拟网络。You can migrate the virtual machine into an existing virtual network in Resource Manager.

备注

在此迁移范围内,迁移期间可能有一段时间不允许进行管理平面操作和数据平面操作。In this migration scope, both the management-plane operations and the data-plane operations may not be allowed for a period of time during the migration.

迁移(虚拟网络中的)虚拟机Migration of virtual machines (in a virtual network)

对于大多数 VM 配置来说,在经典部署模型和 Resource Manager 部署模型之间迁移的只有元数据。For most VM configurations, only the metadata is migrating between the Classic and Resource Manager deployment models. 基础 VM 在相同硬件、相同网络上,使用相同的存储来运行。The underlying VMs are running on the same hardware, in the same network, and with the same storage. 在迁移过程中,可能有一段时间不允许进行管理平面操作。The management-plane operations may not be allowed for a certain period of time during the migration. 不过,数据平面可继续运行。However, the data plane continues to work. 也就是说,在 VM(经典)之上运行的应用程序不会在迁移期间造成停机。That is, your applications running on top of VMs (classic) do not incur downtime during the migration.

目前不支持以下配置。The following configurations are not currently supported. 如果在将来添加支持,可能会造成这一配置中的某些 VM 停机(经历停止、解除分配和重新启动 VM 等操作)。If support is added in the future, some VMs in this configuration might incur downtime (go through stop, deallocate, and restart VM operations).

  • 在单个云服务中有一个以上的可用性集。You have more than one availability set in a single cloud service.
  • 在单个云服务中有一个或多个可用性集和不在可用性集中的 VM。You have one or more availability sets and VMs that are not in an availability set in a single cloud service.

备注

在此迁移范围内,迁移期间可能有一段时间不允许进行管理平面操作。In this migration scope, the management plane may not be allowed for a period of time during the migration. 上述某些配置会造成数据平面停机。For certain configurations as described earlier, data-plane downtime occurs.

存储帐户的迁移Migration of storage accounts

为了让迁移顺畅进行,可以在经典存储帐户中部署 Resource Manager VM。To allow seamless migration, you can deploy Resource Manager VMs in a classic storage account. 通过此功能,就可以并且应该迁移计算和网络资源,而不必受到存储帐户的约束。With this capability, compute and network resources can and should be migrated independently of storage accounts. 迁移虚拟机和虚拟网络后,需要迁移存储帐户才能完成迁移过程。Once you migrate over your Virtual Machines and Virtual Network, you need to migrate over your storage accounts to complete the migration process.

如果存储帐户没有任何关联的磁盘或虚拟机数据,并且只有 blob、文件、表和队列,那么到 Azure 资源管理器的迁移可以作为独立的迁移完成,而不需要依赖项。If your storage account does not have any associated disks or Virtual Machines data and only has blobs, files, tables, and queues then the migration to Azure Resource Manager can be done as a standalone migration without dependencies.

备注

Resource Manager 部署模型没有经典映像和磁盘的概念。The Resource Manager deployment model doesn't have the concept of Classic images and disks. 迁移存储帐户时,经典映像和磁盘不在 Resource Manager 堆栈中可见,但后备 VHD 保留在存储帐户中。When the storage account is migrated, Classic images and disks are not visible in the Resource Manager stack but the backing VHDs remain in the storage account.

未附加资源的迁移Migration of unattached resources

没有关联的磁盘或虚拟机数据的存储帐户可以单独迁移。Storage Accounts with no associated disks or Virtual Machines data may be migrated independently.

未附加到任何虚拟机和虚拟网络的网络安全组、路由表和保留 IP 也可以单独迁移。Network Security Groups, Route Tables & Reserved IPs that are not attached to any Virtual Machines and Virtual Networks can also be migrated independently.


不支持的功能和配置Unsupported features and configurations

目前不支持某些功能和配置;以下各节将围绕这些功能和配置介绍我们的建议。Some features and configurations are not currently supported; the following sections describe our recommendations around them.

不支持的功能Unsupported features

目前不支持以下功能。The following features are not currently supported. 可以选择删除这些设置、迁移 VM,然后在 Resource Manager 部署模型中重新启用这些设置。You can optionally remove these settings, migrate the VMs, and then re-enable the settings in the Resource Manager deployment model.

资源提供程序Resource provider 功能Feature 建议Recommendation
计算Compute 不关联的虚拟机磁盘。Unassociated virtual machine disks. 迁移存储帐户时,将迁移这些磁盘后面的 VHD blobThe VHD blobs behind these disks will get migrated when the Storage Account is migrated
计算Compute 虚拟机映像。Virtual machine images. 迁移存储帐户时,将迁移这些磁盘后面的 VHD blobThe VHD blobs behind these disks will get migrated when the Storage Account is migrated
网络Network 终结点 ACL。Endpoint ACLs. 删除终结点 ACL 并重试迁移。Remove Endpoint ACLs and retry migration.
网络Network 应用程序网关Application Gateway 开始迁移之前请删除应用程序网关,并在迁移完成后重新创建应用程序网关。Remove the Application Gateway before beginning migration and then recreate the Application Gateway once migration is complete.
网络Network 使用 VNet 对等互连的虚拟网络。Virtual networks using VNet Peering. 将虚拟网络迁移到 Resource Manager,然后对等互连。Migrate Virtual Network to Resource Manager, then peer. 详细了解 VNet 对等互连Learn more about VNet Peering.

不支持的配置Unsupported configurations

目前不支持以下配置。The following configurations are not currently supported.

服务Service 配置Configuration 建议Recommendation
资源管理器Resource Manager 经典资源的基于角色的访问控制 (RBAC)Role Based Access Control (RBAC) for classic resources 由于资源的 URI 在迁移后会进行修改,因此建议用户规划需要在迁移后进行的 RBAC 策略更新。Because the URI of the resources is modified after migration, it is recommended that you plan the RBAC policy updates that need to happen after migration.
计算Compute 与 VM 关联的多个子网Multiple subnets associated with a VM 将子网配置更新为只引用一个子网。Update the subnet configuration to reference only one subnet. 这可能需要从 VM 中删除辅助 NIC(该 NIC 引用另一个子网) ,完成迁移后再将其重新附加。This may require you to remove a secondary NIC (that is referring to another subnet) from the VM and reattach it after migration has completed.
计算Compute 属于虚拟网络,但未分配显式子网的虚拟机Virtual machines that belong to a virtual network but don't have an explicit subnet assigned 可以选择性地删除 VM。You can optionally delete the VM.
计算Compute 具有警报、自动缩放策略的虚拟机Virtual machines that have alerts, Autoscale policies 迁移进行下去时,这些设置会删除。The migration goes through and these settings are dropped. 强烈建议用户在进行迁移之前先评估其环境。It is highly recommended that you evaluate your environment before you do the migration. 或者,也可以在迁移完成之后重新配置警报设置。Alternatively, you can reconfigure the alert settings after migration is complete.
计算Compute XML VM 扩展(BGInfo 1.*、Visual Studio 调试器、Web 部署和远程调试)XML VM extensions (BGInfo 1.*, Visual Studio Debugger, Web Deploy, and Remote Debugging) 此操作不受支持。This is not supported. 建议用户在继续迁移之前从虚拟机中删除这些扩展,否则系统会在迁移过程中自动删除它们。It is recommended that you remove these extensions from the virtual machine to continue migration or they will be dropped automatically during the migration process.
计算Compute 使用高级存储启动诊断Boot diagnostics with Premium storage 在继续执行迁移之前,为 VM 禁用启动诊断功能。Disable Boot Diagnostics feature for the VMs before continuing with migration. 在迁移完成之后,可以在 Resource Manager 堆栈中重新启用启动诊断。You can re-enable boot diagnostics in the Resource Manager stack after the migration is complete. 此外,应删除正用于屏幕截图和串行日志的 blob,以便不会再针对这些 blob 向你收费。Additionally, blobs that are being used for screenshot and serial logs should be deleted so you are no longer charged for those blobs.
计算Compute 包含 Web 角色/辅助角色的云服务Cloud services that contain web/worker roles 目前不支持。This is currently not supported.
计算Compute 云服务包含一个以上可用性集或多个可用性集。Cloud services that contain more than one availability set or multiple availability sets. 目前不支持。This is currently not supported. 在迁移之前,请将虚拟机移到同一可用性集中。Please move the Virtual Machines to the same availability set before migrating.
计算Compute 带 Azure 安全中心扩展的 VMVM with Azure Security Center extension Azure 安全中心在虚拟机上自动安装扩展,用于监视其安全性并引发警报。Azure Security Center automatically installs extensions on your Virtual Machines to monitor their security and raise alerts. 如果在订阅上启用了 Azure 安全中心策略,通常会自动安装这些扩展。These extensions usually get installed automatically if the Azure Security Center policy is enabled on the subscription. 若要迁移虚拟机,则禁用订阅上的安全中心策略,这将从虚拟机删除监视扩展的安全中心。To migrate the Virtual Machines, disable the security center policy on the subscription, which will remove the Security Center monitoring extension from the Virtual Machines.
计算Compute 带备份或快照扩展的 VMVM with backup or snapshot extension 这些扩展安装在配置有 Azure 备份服务的虚拟机上。These extensions are installed on a Virtual Machine configured with the Azure Backup service. 当不支持迁移这些 VM 时,请按照此处的指导,在迁移前保留备份。While the migration of these VMs is not supported, follow the guidance here to keep backups that were taken prior to migration.
网络Network 包含虚拟机和 Web 角色/辅助角色的虚拟网络Virtual networks that contain virtual machines and web/worker roles 目前不支持。This is currently not supported. 在迁移之前,请将 Web/辅助角色移动到其自己的虚拟网络。Please move the Web/Worker roles to their own Virtual Network before migrating. 一旦迁移经典虚拟网络,就可以将迁移的 Azure 资源管理器虚拟网络与经典虚拟网络对等,从而实现与以前类似的配置。Once the classic Virtual Network is migrated, the migrated Azure Resource Manager Virtual Network can be peered with the classic Virtual Network to achieve similar configuration as before.
网络Network 经典 Express Route 线路Classic Express Route circuits 目前不支持。This is currently not supported. 这些线路需要在开始迁移 IaaS 之前迁移到 Azure 资源管理器。These circuits need to be migrated to Azure Resource Manager before beginning IaaS migration. 有关详细信息,请参阅将 ExpressRoute 线路从经典部署模型转移到资源管理器部署模型To learn more, see Moving ExpressRoute circuits from the classic to the Resource Manager deployment model.
Azure 应用服务Azure App Service 包含应用服务环境的虚拟网络Virtual networks that contain App Service environments 目前不支持。This is currently not supported.
Azure HDInsightAzure HDInsight 包含 HDInsight 服务的虚拟网络Virtual networks that contain HDInsight services 目前不支持。This is currently not supported.
Microsoft Dynamics Lifecycle ServicesMicrosoft Dynamics Lifecycle Services 包含由 Dynamics Lifecycle Services 管理的虚拟机的虚拟网络Virtual networks that contain virtual machines that are managed by Dynamics Lifecycle Services 目前不支持。This is currently not supported.
Azure AD 域服务Azure AD Domain Services 包含 Azure AD 域服务的虚拟网络Virtual networks that contain Azure AD Domain services 目前不支持。This is currently not supported.
Azure RemoteAppAzure RemoteApp 包含 Azure RemoteApp 部署的虚拟网络Virtual networks that contain Azure RemoteApp deployments 目前不支持。This is currently not supported.
Azure API 管理Azure API Management 包含 Azure API 管理部署的虚拟网络Virtual networks that contain Azure API Management deployments 目前不支持。This is currently not supported. 若要迁移 IaaS VNET,则更改 API 管理部署的 VNET(该部署不会造成停机)。To migrate the IaaS VNET, change the VNET of the API Management deployment, which is a no downtime operation.

后续步骤Next steps