您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

教程:监视和更新 Azure 中的 Windows 虚拟机Tutorial: Monitor and update a Windows virtual machine in Azure

Azure 监视使用代理从 Azure VM 收集启动和性能数据,将此数据存储在 Azure 存储中,并使其可供通过门户、Azure PowerShell 模块和 Azure CLI 进行访问。Azure monitoring uses agents to collect boot and performance data from Azure VMs, store this data in Azure storage, and make it accessible through portal, the Azure PowerShell module, and the Azure CLI. 使用更新管理可以管理 Azure Windows VM 的更新和修补程序。Update management allows you to manage updates and patches for your Azure Windows VMs.

本教程介绍如何执行以下操作:In this tutorial, you learn how to:

  • 在 VM 上启用启动诊断Enable boot diagnostics on a VM
  • 查看启动诊断View boot diagnostics
  • 查看 VM 主机指标View VM host metrics
  • 安装诊断扩展Install the diagnostics extension
  • 查看 VM 指标View VM metrics
  • 创建警报Create an alert
  • 管理 Windows 更新Manage Windows updates
  • 监视器更改和清单Monitor changes and inventory
  • 设置高级监视Set up advanced monitoring

本教程需要 Azure PowerShell 模块 5.7.0 或更高版本。This tutorial requires the Azure PowerShell module version 5.7.0 or later. 运行 Get-Module -ListAvailable AzureRM 即可查找版本。Run Get-Module -ListAvailable AzureRM to find the version. 如果需要升级,请参阅安装 Azure PowerShell 模块If you need to upgrade, see Install Azure PowerShell module.

创建虚拟机Create virtual machine

若要在本教程中配置 Azure 监视和更新管理,需要 Azure 中的 Windows VM。To configure Azure monitoring and update management in this tutorial, you need a Windows VM in Azure. 首先,使用 Get-Credential 设置 VM 的管理员用户名和密码:First, set an administrator username and password for the VM with Get-Credential:

$cred = Get-Credential

现在,使用 New-AzureRmVM 创建 VM。Now create the VM with New-AzureRmVM. 以下示例在“EastUS”位置创建一个名为 myVM 的 VM。The following example creates a VM named myVM in the EastUS location. 如果资源组 myResourceGroupMonitorMonitor 和支持的网络资源不存在,则会创建它们:If they do not already exist, the resource group myResourceGroupMonitorMonitor and supporting network resources are created:

New-AzureRmVm `
    -ResourceGroupName "myResourceGroupMonitor" `
    -Name "myVM" `
    -Location "East US" `
    -Credential $cred

创建资源和 VM 需要几分钟的时间。It takes a few minutes for the resources and VM to be created.

查看启动诊断View boot diagnostics

当 Windows 虚拟机启动时,启动诊断代理将捕获屏幕输出,可以使用该输出进行故障排除。As Windows virtual machines boot up, the boot diagnostic agent captures screen output that can be used for troubleshooting purpose. 此功能是默认启用的。This capability is enabled by default. 捕获的屏幕截图存储在一个 Azure 存储帐户中,该帐户也是默认创建的。The captured screen shots are stored in an Azure storage account, which is also created by default.

可以使用 Get-AzureRmVMBootDiagnosticsData 命令获取启动诊断数据。You can get the boot diagnostic data with the Get-AzureRmVMBootDiagnosticsData command. 在下面的示例中,启动诊断下载到了 *c:* 驱动器的根目录中。In the following example, boot diagnostics are downloaded to the root of the *c:* drive.

Get-AzureRmVMBootDiagnosticsData -ResourceGroupName "myResourceGroupMonitor" -Name "myVM" -Windows -LocalPath "c:\"

查看主机指标View host metrics

Windows VM 在 Azure 中有一个与它交互的专用主机 VM。A Windows VM has a dedicated Host VM in Azure that it interacts with. 系统会自动收集该主机的指标,可以在 Azure 门户中查看这些指标。Metrics are automatically collected for the Host and can be viewed in the Azure portal.

  1. 在 Azure 门户中单击“资源组”,选择“myResourceGroupMonitor”,并在资源列表中选择“myVM”。In the Azure portal, click Resource Groups, select myResourceGroupMonitor, and then select myVM in the resource list.
  2. 要查看主机 VM 的性能情况,请在 VM 边栏选项卡上单击“指标”,并选择“可用指标”下的任一主机指标。Click Metrics on the VM blade, and then select any of the Host metrics under Available metrics to see how the Host VM is performing.

    查看主机指标

安装诊断扩展Install diagnostics extension

可以使用基本的主机指标,但若要查看更详细的指标和 VM 特定的指标,需在 VM 上安装 Azure 诊断扩展。The basic host metrics are available, but to see more granular and VM-specific metrics, you to need to install the Azure diagnostics extension on the VM. 使用 Azure 诊断扩展可从 VM 检索其他监视数据和诊断数据。The Azure diagnostics extension allows additional monitoring and diagnostics data to be retrieved from the VM. 可以查看这些性能指标,并根据 VM 的性能情况创建警报。You can view these performance metrics and create alerts based on how the VM performs. 诊断扩展是通过 Azure 门户安装的,如下所述:The diagnostic extension is installed through the Azure portal as follows:

  1. 在 Azure 门户中单击“资源组”,选择“myResourceGroupMonitor”,并在资源列表中选择“myVM”。In the Azure portal, click Resource Groups, select myResourceGroupMonitor, and then select myVM in the resource list.
  2. 单击“诊断设置”。Click Diagnosis settings. 列表中会显示已在上一部分启用的“启动诊断”。The list shows that Boot diagnostics are already enabled from the previous section. 单击“基本指标”对应的复选框。Click the check box for Basic metrics.
  3. 单击“启用来宾级监视”按钮。Click the Enable guest-level monitoring button.

    查看诊断指标

查看 VM 指标View VM metrics

可以像查看主机 VM 指标一样查看 VM 指标:You can view the VM metrics in the same way that you viewed the host VM metrics:

  1. 在 Azure 门户中单击“资源组”,选择“myResourceGroupMonitor”,并在资源列表中选择“myVM”。In the Azure portal, click Resource Groups, select myResourceGroupMonitor, and then select myVM in the resource list.
  2. 要查看 VM 的性能情况,请在 VM 边栏选项卡上单击“指标”,并选择“可用指标”下的任一诊断指标。To see how the VM is performing, click Metrics on the VM blade, and then select any of the diagnostics metrics under Available metrics.

    查看 VM 指标

创建警报Create alerts

可以根据特定的性能指标创建警报。You can create alerts based on specific performance metrics. 例如,当平均 CPU 使用率超过特定的阈值或者可用磁盘空间低于特定的空间量时,警报可以发出通知。Alerts can be used to notify you when average CPU usage exceeds a certain threshold or available free disk space drops below a certain amount, for example. 警报显示在 Azure 门户中,也可以通过电子邮件发送。Alerts are displayed in the Azure portal or can be sent via email. 还可以触发 Azure 自动化 Runbook 或 Azure 逻辑应用来响应生成的警报。You can also trigger Azure Automation runbooks or Azure Logic Apps in response to alerts being generated.

以下示例针对平均 CPU 使用率创建警报。The following example creates an alert for average CPU usage.

  1. 在 Azure 门户中单击“资源组”,选择“myResourceGroupMonitor”,并在资源列表中选择“myVM”。In the Azure portal, click Resource Groups, select myResourceGroupMonitor, and then select myVM in the resource list.
  2. 在 VM 边栏选项卡上单击“警报规则”,并单击警报边栏选项卡顶部的“添加指标警报”。Click Alert rules on the VM blade, then click Add metric alert across the top of the alerts blade.
  3. 为警报提供名称,例如 myAlertRuleProvide a Name for your alert, such as myAlertRule
  4. 若要在 CPU 百分比持续 5 分钟超过 1.0 时触发警报,请保留选中其他所有默认值。To trigger an alert when CPU percentage exceeds 1.0 for five minutes, leave all the other defaults selected.
  5. (可选)选中“电子邮件所有者、参与者和阅读者”对应的框,以便向他们发送电子邮件通知。Optionally, check the box for Email owners, contributors, and readers to send email notification. 默认操作是在门户中显示通知。The default action is to present a notification in the portal.
  6. 单击“确定”按钮。Click the OK button.

管理 Windows 更新Manage Windows updates

使用更新管理可以管理 Azure Windows VM 的更新和修补程序。Update management allows you to manage updates and patches for your Azure Windows VMs. 可以直接在 VM 中快速评估可用更新的状态、计划所需更新的安装以及查看部署结果,验证更新是否已成功应用到 VM。Directly from your VM, you can quickly assess the status of available updates, schedule installation of required updates, and review deployment results to verify updates were applied successfully to the VM.

有关定价信息,请参阅更新管理的自动化定价For pricing information, see Automation pricing for Update management

启用更新管理Enable Update management

为 VM 启用更新管理:Enable Update management for your VM:

  1. 在屏幕的左侧,选择“虚拟机”。On the left-hand side of the screen, select Virtual machines.
  2. 从列表中选择一个虚拟机。From the list, select a VM.
  3. 在 VM 屏幕上的“操作”部分,单击“更新管理”。On the VM screen, in the Operations section, click Update management. “启用更新管理”屏幕随即打开。The Enable Update Management screen opens.

执行验证以确定是否为该 VM 启用了更新管理。Validation is performed to determine if Update management is enabled for this VM. 验证包括检查 Log Analytics 工作区和链接的自动化帐户,以及解决方案是否在工作区中。The validation includes checks for a Log Analytics workspace and linked Automation account, and if the solution is in the workspace.

Log Analytics 工作区用于收集由功能和服务(如更新管理)生成的数据。A Log Analytics workspace is used to collect data that is generated by features and services such as Update management. 工作区提供了一个位置来查看和分析来自多个数据源的数据。The workspace provides a single location to review and analyze data from multiple sources. 若要在需要更新的 VM 上执行其他操作,可使用 Azure 自动化运行针对 VM 的 Runbook,例如下载和应用更新。To perform additional actions on VMs that require updates, Azure Automation allows you to run runbooks against VMs, such as download and apply updates.

验证过程还会检查 VM 是否预配了 Microsoft Monitoring Agent (MMA) 和自动化混合 Runbook 辅助角色。The validation process also checks to see if the VM is provisioned with the Microsoft Monitoring Agent (MMA) and Automation hybrid runbook worker. 此代理用于与虚拟机通信并获取关于更新状态的信息。This agent is used to communicate with the VM and obtain information about the update status.

选择 Log analytics 工作区和自动化帐户,然后单击“启用”以启用此解决方案。Choose the Log analytics workspace and automation account and click Enable to enable the solution. 启用此解决方案最长需要 15 分钟的时间。The solution takes up to 15 minutes to enable.

如果在载入过程中发现缺少下列任何先决条件,则会自动添加这些条件:If any of the following prerequisites were found to be missing during onboarding, they're automatically added:

“更新管理”屏幕随即打开。The Update Management screen opens. 配置要使用的位置、Log Analytics 工作区和自动化帐户,然后单击“启用”。Configure the location, Log analytics workspace and Automation account to use and click Enable. 如果这些字段灰显,则意味着已为 VM 启用其他自动化解决方案,因此必须使用同一工作区和自动化帐户。If the fields are grayed out, that means another automation solution is enabled for the VM and the same workspace and Automation account must be used.

启用“更新管理解决方案”

启用解决方案最多可能需要 15 分钟。Enabling the solution can take up to 15 minutes. 在此期间,不应关闭浏览器窗口。During this time, you shouldn't close the browser window. 启用该解决方案后,VM 中缺少的更新信息会流向 Log Analytics。After the solution is enabled, information about missing updates on the VM flows to Log Analytics. 这些数据需花费 30 分钟到 6 小时的时间才能用于分析。It can take between 30 minutes and 6 hours for the data to be available for analysis.

查看更新评估View update assessment

启用“更新管理”后,“更新管理”屏幕随即显示。After Update management is enabled, the Update management screen appears. 评估更新完成后,可在“缺失更新”选项卡上查看缺失更新的列表。After the evaluation of updates is complete, you see a list of missing updates on the Missing updates tab.

查看更新状态

计划更新部署Schedule an update deployment

若要安装更新,请计划一个遵循你的发布时间和服务窗口的部署。To install updates, schedule a deployment that follows your release schedule and service window. 可选择在部署中包括哪种更新类型。You can choose which update types to include in the deployment. 例如,可包括关键或安全更新,排除更新汇总。For example, you can include critical or security updates and exclude update rollups.

单击“更新管理”屏幕顶部的“计划更新部署”,计划用于虚拟机的新的更新部署。Schedule a new Update Deployment for the VM by clicking Schedule update deployment at the top of the Update management screen. 在“新建更新部署”屏幕中,指定以下信息:In the New update deployment screen, specify the following information:

  • 名称- 提供用于标识更新部署的唯一名称。Name - Provide a unique name to identify the update deployment.
  • 更新分类- 选择部署中包含的更新部署的软件类型。Update classification - Select the types of software the update deployment included in the deployment. 分类类型:The classification types are:

    • 关键更新Critical updates
    • 安全更新Security updates
    • 更新汇总Update rollups
    • 功能包Feature packs
    • 服务包Service packs
    • 定义更新Definition updates
    • 工具Tools
    • 更新Updates
  • 计划设置- 可以接受默认的日期和时间,即当前时间后 30 分钟,或指定不同的时间。Schedule settings - You can either accept the default date and time, which is 30 minutes after current time, or specify a different time. 还可以指定部署是发生一次还是设置定期计划。You can also specify whether the deployment occurs once or set up a recurring schedule. 单击“重复周期”下的“重复执行”选项可设置定期计划。Click the Recurring option under Recurrence to set up a recurring schedule.

    更新计划设置屏幕

  • 维护时段(分钟) - 指定要在其中进行更新部署的时间段。Maintenance window (minutes) - Specify the period of time you want the update deployment to occur within. 这有助于确保在定义的服务时段内执行更改。This helps ensure changes are performed within your defined service windows.

完成配置计划后,单击“创建”按钮,然后返回到状态仪表板。After you have completed configuring the schedule, click Create button and you return to the status dashboard. 请注意,“已计划”表显示你创建的部署计划。Notice that the Scheduled table shows the deployment schedule you created.

警告

对于需要重新启动的更新,VM 将自动重启。For updates that require a reboot, the VM is restarted automatically.

查看更新部署结果View results of an update deployment

在计划性部署开始后,可以在“更新管理”屏幕的“更新部署”选项卡上查看该部署的状态。After the scheduled deployment starts, you can see the status for that deployment on the Update deployments tab on the Update management screen. 如果部署当前正在运行,则状态显示为“正在运行”。If it is currently running, it's status shows as In progress. 如果部署已成功完成,则状态会更改为“成功”。After it completes, if successful, it changes to Succeeded. 如果部署中有一个或多个更新失败,则状态为“部分失败”。If there is a failure with one or more updates in the deployment, the status is Partially failed. 单击已完成的更新部署,查看该更新部署的仪表板。Click the completed update deployment to see the dashboard for that update deployment.

特定部署的更新部署状态仪表板

在“更新结果”中,磁贴总结了 VM 上更新和部署结果的总数。In Update results tile is a summary of the total number of updates and deployment results on the VM. 右侧的表格详细列出了每个更新的细目以及安装结果,结果可能是以下值之一:In the table to the right is a detailed breakdown of each update and the installation results, which could be one of the following values:

  • 未尝试 - 由于定义的维护时段时长不足,因而未安装更新。Not attempted - the update was not installed because there was insufficient time available based on the maintenance window duration defined.
  • 成功- 更新成功Succeeded - the update succeeded
  • 失败- 更新失败Failed - the update failed

单击“所有日志”,查看部署创建的所有日志条目。Click All logs to see all log entries that the deployment created.

单击“输出”磁贴,查看负责管理目标虚拟机更新部署的 runbook 的作业流。Click the Output tile to see job stream of the runbook responsible for managing the update deployment on the target VM.

单击“错误”,查看有关部署中的任何错误的详细信息。Click Errors to see detailed information about any errors from the deployment.

监视器更改和清单Monitor changes and inventory

可以收集和查看清单,了解计算机上的软件、文件、Linux 守护程序、Windows 服务和 Windows 注册表项。You can collect and view inventory for software, files, Linux daemons, Windows Services, and Windows Registry keys on your computers. 跟踪计算机的配置有助于查明环境中的操作问题,更好地了解计算机的状态。Tracking the configurations of your machines can help you pinpoint operational issues across your environment and better understand the state of your machines.

启用更改和清单管理Enable Change and Inventory management

为 VM 启用更改和清单管理:Enable Change and Inventory management for your VM:

  1. 在屏幕的左侧,选择“虚拟机”。On the left-hand side of the screen, select Virtual machines.
  2. 从列表中选择一个虚拟机。From the list, select a VM.
  3. 在 VM 屏幕上的“操作”部分中,单击“清单”或“更改跟踪”。On the VM screen, in the Operations section, click Inventory or Change tracking. 此时会打开“启用更改跟踪和清单”屏幕。The Enable Change Tracking and Inventory screen opens.

配置要使用的位置、Log Analytics 工作区和自动化帐户,然后单击“启用”。Configure the location, Log analytics workspace and Automation account to use and click Enable. 如果这些字段灰显,则意味着已为 VM 启用其他自动化解决方案,因此必须使用同一工作区和自动化帐户。If the fields are grayed out, that means another automation solution is enabled for the VM and the same workspace and Automation account must be used. 即使这些解决方案在菜单上是分开的,它们也是同一解决方案。Eventhough the solutions are separate on the menu, they are the same solution. 启用一个解决方案就会为 VM 启用两个解决方案。Enabling one enables both for your VM.

启用更改和清单跟踪

启用解决方案后,可能需要一些时间在 VM 上收集清单,然后才显示数据。After the solution has been enabled it may take some time while inventory is being collected on the VM before data appears.

跟踪更改Track changes

在 VM 中的“操作”下选择“更改跟踪”。On your VM select Change Tracking under OPERATIONS. 单击“编辑设置”,此时会显示“更改跟踪”页。Click Edit Settings, the Change Tracking page is displayed. 选择要跟踪的设置类型,然后单击“+ 添加”配置设置。Select the type of setting you want to track and then click + Add to configure the settings. 适用于 Windows 的可用选项包括:The available options for Windows are:

  • Windows 注册表Windows Registry
  • Windows 文件Windows Files

有关更改跟踪的详细信息,请参阅排查 VM 上的更改问题For detailed information on Change Tracking see, Troubleshoot changes on a VM

查看清单View inventory

在 VM 中的“操作”下选择“清单”。On your VM select Inventory under OPERATIONS. 在“软件”选项卡上有一个表,列出了已发现的软件。On the Software tab, there is a table list the software that had been found. 可在表中查看每个软件记录的高级详细信息。The high-level details for each software record are viewable in the table. 这些详细信息包括软件名称、版本、发布者和上次刷新时间。These details include the software name, version, publisher, last refreshed time.

查看清单

监视活动日志和更改Monitor Activity logs and changes

在 VM 的“更改跟踪”页中,选择“管理活动日志连接”。From the Change tracking page on your VM, select Manage Activity Log Connection. 此任务打开“Azure 活动日志”页。This task opens the Azure Activity log page. 选择“连接”,将更改跟踪连接到 VM 的 Azure 活动日志。Select Connect to connect Change tracking to the Azure activity log for your VM.

启用此设置后,导航到 VM 的“概览”页,然后选择“停止”以停止 VM。With this setting enabled, navigate to the Overview page for your VM and select Stop to stop your VM. 出现提示时,选择“是”即可停止 VM。When prompted, select Yes to stop the VM. 将 VM 解除分配以后,请选择“启动”以重启 VM。When it is deallocated, select Start to restart your VM.

停止和启动 VM 时,会在活动日志中记录一个事件。Stopping and starting a VM logs an event in its activity log. 导航回到“更改跟踪”页。Navigate back to the Change tracking page. 选择页面底部的“事件”选项卡。Select the Events tab at the bottom of the page. 一段时间后,事件会显示在图表和表中。After a while, the events shown in the chart and the table. 可以选择每个事件来查看其详细信息。Each event can be selected to view detailed information on the event.

在活动日志中查看更改

此图表显示了一段时间内发生的更改。The chart shows changes that have occurred over time. 添加活动日志连接以后,顶部的线形图会显示 Azure 活动日志事件。After you have added an Activity Log connection, the line graph at the top displays Azure Activity Log events. 条形图的每一行代表不同类型的可跟踪更改。Each row of bar graphs represents a different trackable Change type. 这些类型是 Linux 守护程序、文件、Windows 注册表项、软件、Windows 服务。These types are Linux daemons, files, Windows Registry keys, software, and Windows services. “更改”选项卡显示在可视化效果中显示的更改的详细信息,按更改发生时间以降序方式排列(最近发生的排在最前面)。The change tab shows the details for the changes shown in the visualization in descending order of time that the change occurred (most recent first).

高级监视Advanced monitoring

可以使用 Azure 自动化提供的“更新管理”及“更改和清单”等解决方案对 VM 进行更高级的监视。You can do more advanced monitoring of your VM by using the solutions like Update Management and Change and Inventory provided by Azure Automation.

可以访问 Log Analytics 工作区时,可以通过选择“设置”下的“高级设置”来找到工作区密钥和工作区标识符。When you have access to the Log Analytics workspace, you can find the workspace key and workspace identifier on by selecting Advanced settings under SETTINGS. 使用 Set-AzureRmVMExtension 命令将 Microsoft Monitoring agent 扩展添加到 VM。Use the Set-AzureRmVMExtension command to add the Microsoft Monitoring agent extension to the VM. 更新以下示例中的变量值以反映 Log Analytics 工作区密钥和工作区 ID。Update the variable values in the below sample to reflect you Log Analytics workspace key and workspace Id.

$workspaceId = "<Replace with your workspace Id>"
$key = "<Replace with your primary key>"

Set-AzureRmVMExtension -ResourceGroupName "myResourceGroupMonitor" `
  -ExtensionName "Microsoft.EnterpriseCloud.Monitoring" `
  -VMName "myVM" `
  -Publisher "Microsoft.EnterpriseCloud.Monitoring" `
  -ExtensionType "MicrosoftMonitoringAgent" `
  -TypeHandlerVersion 1.0 `
  -Settings @{"workspaceId" = $workspaceId} `
  -ProtectedSettings @{"workspaceKey" = $key} `
  -Location "East US"

几分钟后,应该会在 Log Anaytics 工作区中看到新 VM。After a few minutes, you should see the new VM in the Log Anaytics workspace.

OMS 边栏选项卡

后续步骤Next steps

在本教程中,已使用 Azure 安全中心配置并查看了 VM。In this tutorial, you configured and reviewed VMs with Azure Security Center. 你已了解如何:You learned how to:

  • 创建虚拟网络Create a virtual network
  • 创建资源组和 VMCreate a resource group and VM
  • 在 VM 上启用启动诊断Enable boot diagnostics on the VM
  • 查看启动诊断View boot diagnostics
  • 查看主机指标View host metrics
  • 安装诊断扩展Install the diagnostics extension
  • 查看 VM 指标View VM metrics
  • 创建警报Create an alert
  • 管理 Windows 更新Manage Windows updates
  • 监视器更改和清单Monitor changes and inventory
  • 设置高级监视Set up advanced monitoring

请转到下一教程来了解 Azure 安全中心。Advance to the next tutorial to learn about Azure security center.