您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

使用 Azure PowerShell 监视和更新 Windows 虚拟机Monitor and update a Windows Virtual Machine with Azure PowerShell

Azure 监视使用代理从 Azure VM 收集启动和性能数据,将此数据存储在 Azure 存储中,并使其可供通过门户、Azure PowerShell 模块和 Azure CLI 进行访问。Azure monitoring uses agents to collect boot and performance data from Azure VMs, store this data in Azure storage, and make it accessible through portal, the Azure PowerShell module, and the Azure CLI. 使用更新管理可以管理 Azure Windows VM 的更新和修补程序。Update management allows you to manage updates and patches for your Azure Windows VMs.

本教程介绍如何执行下列操作:In this tutorial, you learn how to:

  • 在 VM 上启用启动诊断Enable boot diagnostics on a VM
  • 查看启动诊断View boot diagnostics
  • 查看 VM 主机指标View VM host metrics
  • 安装诊断扩展Install the diagnostics extension
  • 查看 VM 指标View VM metrics
  • 创建警报Create an alert
  • 管理 Windows 更新Manage Windows updates
  • 设置高级监视Set up advanced monitoring

本教程需要 Azure PowerShell 模块 3.6 或更高版本。This tutorial requires the Azure PowerShell module version 3.6 or later. 可以运行 Get-Module -ListAvailable AzureRM 来查找版本。Run Get-Module -ListAvailable AzureRM to find the version. 如果需要升级,请参阅安装 Azure PowerShell 模块If you need to upgrade, see Install Azure PowerShell module.

若要完成本教程中的示例,必须具备现有虚拟机。To complete the example in this tutorial, you must have an existing virtual machine. 必要时,此脚本示例可为你创建一个。If needed, this script sample can create one for you. 根据教程进行操作时,请根据需要替换资源组、VM 名称和位置。When working through the tutorial, replace the resource group, VM name, and location where needed.

查看启动诊断View boot diagnostics

当 Windows 虚拟机启动时,启动诊断代理将捕获屏幕输出,可以使用该输出进行故障排除。As Windows virtual machines boot up, the boot diagnostic agent captures screen output that can be used for troubleshooting purpose. 此功能是默认启用的。This capability is enabled by default. 捕获的屏幕截图存储在一个 Azure 存储帐户中,该帐户也是默认创建的。The captured screen shots are stored in an Azure storage account, which is also created by default.

可以使用 Get-AzureRmVMBootDiagnosticsData 命令获取启动诊断数据。You can get the boot diagnostic data with the Get-AzureRmVMBootDiagnosticsData command. 在下面的示例中,启动诊断下载到了 *c:* 驱动器的根目录中。In the following example, boot diagnostics are downloaded to the root of the *c:* drive.

Get-AzureRmVMBootDiagnosticsData -ResourceGroupName myResourceGroup -Name myVM -Windows -LocalPath "c:\"

查看主机指标View host metrics

Windows VM 在 Azure 中有一个与它交互的专用主机 VM。A Windows VM has a dedicated Host VM in Azure that it interacts with. 系统会自动收集该主机的指标,可以在 Azure 门户中查看这些指标。Metrics are automatically collected for the Host and can be viewed in the Azure portal.

  1. 在 Azure 门户中,单击“资源组”,选择“myResourceGroup”,并在资源列表中选择“myVM”。In the Azure portal, click Resource Groups, select myResourceGroup, and then select myVM in the resource list.
  2. 要查看主机 VM 的性能情况,请在 VM 边栏选项卡上单击“指标”,并选择“可用指标”下的任一主机指标。Click Metrics on the VM blade, and then select any of the Host metrics under Available metrics to see how the Host VM is performing.

    查看主机指标

安装诊断扩展Install diagnostics extension

可以使用基本的主机指标,但若要查看更详细的指标和 VM 特定的指标,需在 VM 上安装 Azure 诊断扩展。The basic host metrics are available, but to see more granular and VM-specific metrics, you to need to install the Azure diagnostics extension on the VM. 使用 Azure 诊断扩展可从 VM 检索其他监视数据和诊断数据。The Azure diagnostics extension allows additional monitoring and diagnostics data to be retrieved from the VM. 可以查看这些性能指标,并根据 VM 的性能情况创建警报。You can view these performance metrics and create alerts based on how the VM performs. 诊断扩展是通过 Azure 门户安装的,如下所述:The diagnostic extension is installed through the Azure portal as follows:

  1. 在 Azure 门户中,单击“资源组”,选择“myResourceGroup”,并在资源列表中选择“myVM”。In the Azure portal, click Resource Groups, select myResourceGroup, and then select myVM in the resource list.
  2. 单击“诊断设置”。Click Diagnosis settings. 列表中会显示已在上一部分启用的“启动诊断”。The list shows that Boot diagnostics are already enabled from the previous section. 单击“基本指标”对应的复选框。Click the check box for Basic metrics.
  3. 单击“启用来宾级监视”按钮。Click the Enable guest-level monitoring button.

    查看诊断指标

查看 VM 指标View VM metrics

可以像查看主机 VM 指标一样查看 VM 指标:You can view the VM metrics in the same way that you viewed the host VM metrics:

  1. 在 Azure 门户中,单击“资源组”,选择“myResourceGroup”,并在资源列表中选择“myVM”。In the Azure portal, click Resource Groups, select myResourceGroup, and then select myVM in the resource list.
  2. 要查看 VM 的性能情况,请在 VM 边栏选项卡上单击“指标”,并选择“可用指标”下的任一诊断指标。To see how the VM is performing, click Metrics on the VM blade, and then select any of the diagnostics metrics under Available metrics.

    查看 VM 指标

创建警报Create alerts

可以根据特定的性能指标创建警报。You can create alerts based on specific performance metrics. 例如,当平均 CPU 使用率超过特定的阈值或者可用磁盘空间低于特定的空间量时,警报可以发出通知。Alerts can be used to notify you when average CPU usage exceeds a certain threshold or available free disk space drops below a certain amount, for example. 警报显示在 Azure 门户中,也可以通过电子邮件发送。Alerts are displayed in the Azure portal or can be sent via email. 还可以触发 Azure 自动化 Runbook 或 Azure 逻辑应用来响应生成的警报。You can also trigger Azure Automation runbooks or Azure Logic Apps in response to alerts being generated.

以下示例针对平均 CPU 使用率创建警报。The following example creates an alert for average CPU usage.

  1. 在 Azure 门户中,单击“资源组”,选择“myResourceGroup”,并在资源列表中选择“myVM”。In the Azure portal, click Resource Groups, select myResourceGroup, and then select myVM in the resource list.
  2. 在 VM 边栏选项卡上单击“警报规则”,并单击警报边栏选项卡顶部的“添加指标警报”。Click Alert rules on the VM blade, then click Add metric alert across the top of the alerts blade.
  3. 为警报提供名称,例如 myAlertRuleProvide a Name for your alert, such as myAlertRule
  4. 若要在 CPU 百分比持续 5 分钟超过 1.0 时触发警报,请保留选中其他所有默认值。To trigger an alert when CPU percentage exceeds 1.0 for five minutes, leave all the other defaults selected.
  5. (可选)选中“电子邮件所有者、参与者和阅读者”对应的框,以便向他们发送电子邮件通知。Optionally, check the box for Email owners, contributors, and readers to send email notification. 默认操作是在门户中显示通知。The default action is to present a notification in the portal.
  6. 单击“确定”按钮。Click the OK button.

管理 Windows 更新Manage Windows updates

使用更新管理可以管理 Azure Windows VM 的更新和修补程序。Update management allows you to manage updates and patches for your Azure Windows VMs. 可以直接在 VM 中快速评估可用更新的状态、计划所需更新的安装以及查看部署结果,验证更新是否已成功应用到 VM。Directly from your VM, you can quickly assess the status of available updates, schedule installation of required updates, and review deployment results to verify updates were applied successfully to the VM.

有关定价信息,请参阅更新管理的自动化定价For pricing information, see Automation pricing for Update management

启用更新管理Enable Update management

为 VM 启用更新管理:Enable Update management for your VM:

  1. 在屏幕的左侧,选择“虚拟机”。On the left-hand side of the screen, select Virtual machines.
  2. 从列表中选择一个虚拟机。From the list, select a VM.
  3. 在 VM 屏幕上的“操作”部分,单击“更新管理”。On the VM screen, in the Operations section, click Update management. “启用更新管理”屏幕随即打开。The Enable Update Management screen opens.

执行验证以确定是否为该 VM 启用了更新管理。Validation is performed to determine if Update management is enabled for this VM. 验证包括检查 Log Analytics 工作区和链接的自动化帐户,以及解决方案是否在工作区中。The validation includes checks for a Log Analytics workspace and linked Automation account, and if the solution is in the workspace.

Log Analytics 工作区用于收集由功能和服务(如更新管理)生成的数据。A Log Analytics workspace is used to collect data that is generated by features and services such as Update management. 工作区提供了一个位置来查看和分析来自多个数据源的数据。The workspace provides a single location to review and analyze data from multiple sources. 要在需要更新的 VM 上执行其他操作,可使用 Azure 自动化运行针对 VM 的脚本,例如下载和应用更新。To perform additional action on VMs that require updates, Azure Automation allows you to run scripts against VMs, such as to download and apply updates.

验证过程还会检查 VM 是否预配了 Microsoft Monitoring Agent (MMA) 和混合辅助角色。The validation process also checks to see if the VM is provisioned with the Microsoft Monitoring Agent (MMA) and hybrid worker. 此代理用于与虚拟机通信并获取关于更新状态的信息。This agent is used to communicate with the VM and obtain information about the update status.

如果未满足这些先决条件,则会显示横幅,可在其中选择启用该解决方案。If these prerequisites are not met, a banner appears that gives you the option to enable the solution.

更新管理载入配置横幅

单击横幅以启用该解决方案。Click the banner to enable the solution. 如果在验证后发现缺少下列任何先决条件,将自动添加这些条件:If any of the following prerequisites were found to be missing after the validation, they will be automatically added:

“启用更新管理”屏幕随即打开。The Enable Update Management screen opens. 配置设置,然后单击“启用”。Configure the settings, and click Enable.

启用“更新管理解决方案”

启用该解决方案最多需要 15 分钟,在此期间,请勿关闭浏览器窗口。Enabling the solution can take up to 15 minutes, and during this time you should not close the browser window. 启用该解决方案后,VM 中缺少的更新信息会流向 Log Analytics。After the solution is enabled, information about missing updates on the VM flows to Log Analytics. 这些数据需花费 30 分钟到 6 小时的时间才能用于分析。It can take between 30 minutes and 6 hours for the data to be available for analysis.

查看更新评估View update assessment

启用“更新管理”后,“更新管理”屏幕随即显示。After Update management is enabled, the Update management screen appears. 可在“缺少更新”选项卡上查看缺少的更新列表。You can see a list of missing updates on the Missing updates tab.

查看更新状态

计划更新部署Schedule an update deployment

若要安装更新,请计划一个遵循你的发布时间和服务窗口的部署。To install updates, schedule a deployment that follows your release schedule and service window. 可选择在部署中包括哪种更新类型。You can choose which update types to include in the deployment. 例如,可包括关键或安全更新,排除更新汇总。For example, you can include critical or security updates and exclude update rollups.

单击“更新管理”屏幕顶部的“计划更新部署”,计划用于虚拟机的新的更新部署。Schedule a new Update Deployment for the VM by clicking Schedule update deployment at the top of the Update management screen. 在“新建更新部署”屏幕中,指定以下信息:In the New update deployment screen, specify the following information:

  • 名称- 提供用于标识更新部署的唯一名称。Name - Provide a unique name to identify the update deployment.
  • 更新分类- 选择部署中包含的更新部署的软件类型。Update classification - Select the types of software the update deployment included in the deployment. 分类类型:The classification types are:

    • 关键更新Critical updates
    • 安全更新Security updates
    • 更新汇总Update rollups
    • 功能包Feature packs
    • 服务包Service packs
    • 定义更新Definition updates
    • 工具Tools
    • 更新Updates
  • 计划设置- 可以接受默认的日期和时间,即当前时间后 30 分钟,或指定不同的时间。Schedule settings - You can either accept the default date and time, which is 30 minutes after current time, or specify a different time. 还可以指定部署是发生一次还是设置定期计划。You can also specify whether the deployment occurs once or set up a recurring schedule. 单击“重复周期”下的“重复执行”选项可设置定期计划。Click the Recurring option under Recurrence to set up a recurring schedule.

    更新计划设置屏幕

  • 维护时段(分钟) - 指定要在其中进行更新部署的时间段。Maintenance window (minutes) - Specify the period of time you want the update deployment to occur within. 这有助于确保在定义的服务时段内执行更改。This helps ensure changes are performed within your defined service windows.

完成配置计划后,单击“创建”按钮,然后返回到状态仪表板。After you have completed configuring the schedule, click Create button and you return to the status dashboard. 请注意,“已计划”表显示你创建的部署计划。Notice that the Scheduled table shows the deployment schedule you created.

警告

对于需要重新启动的更新,VM 将自动重启。For updates that require a reboot, the VM is restarted automatically.

查看更新部署结果View results of an update deployment

在计划的部署开始后,可以在“更新管理”屏幕的“更新部署”选项卡上查看该部署的状态。After the scheduled deployment is started, you can see the status for that deployment on the Update deployments tab on the Update management screen. 如果部署当前正在运行,则状态显示为“正在运行”。If it is currently running, it's status shows as In progress. 如果部署已成功完成,则状态会更改为“成功”。After it completes, if successful, it changes to Succeeded. 如果部署中有一个或多个更新失败,则状态为“部分失败”。If there is a failure with one or more updates in the deployment, the status is Partially failed. 单击已完成的更新部署,查看该更新部署的仪表板。Click the completed update deployment to see the dashboard for that update deployment.

特定部署的更新部署状态仪表板

在“更新结果”中,磁贴总结了 VM 上更新和部署结果的总数。In Update results tile is a summary of the total number of updates and deployment results on the VM. 右侧的表格详细列出了每个更新的细目以及安装结果,结果可能是以下值之一:In the table to the right is a detailed breakdown of each update and the installation results, which could be one of the following values:

  • 未尝试 - 由于定义的维护时段时长不足,因而未安装更新。Not attempted - the update was not installed because there was insufficient time available based on the maintenance window duration defined.
  • 成功- 更新成功Succeeded - the update succeeded
  • 失败- 更新失败Failed - the update failed

单击“所有日志”,查看部署创建的所有日志条目。Click All logs to see all log entries that the deployment created.

单击“输出”磁贴,查看负责管理目标虚拟机更新部署的 runbook 的作业流。Click the Output tile to see job stream of the runbook responsible for managing the update deployment on the target VM.

单击“错误”,查看有关部署中的任何错误的详细信息。Click Errors to see detailed information about any errors from the deployment.

高级监视Advanced monitoring

可以使用 Operations Management Suite 以更高级的方法来监视 VM。You can do more advanced monitoring of your VM by using Operations Management Suite. 可以注册 Operations Management Suite 免费试用版(如果尚未注册)。If you haven't already done so, you can sign up for a free trial of Operations Management Suite.

如果有权访问 OMS 门户,可以在“设置”边栏选项卡中找到工作区密钥和工作区标识符。When you have access to the OMS portal, you can find the workspace key and workspace identifier on the Settings blade. 使用 Set-AzureRmVMExtension 命令将 OMS 扩展添加到 VM。Use the Set-AzureRmVMExtension command to add the OMS extension to the VM. 更新以下示例中的变量值以反映 OMS 工作区密钥和工作区 Id。Update the variable values in the below sample to reflect you OMS workspace key and workspace Id.

$omsId = "<Replace with your OMS Id>"
$omsKey = "<Replace with your OMS key>"

Set-AzureRmVMExtension -ResourceGroupName myResourceGroup `
  -ExtensionName "Microsoft.EnterpriseCloud.Monitoring" `
  -VMName myVM `
  -Publisher "Microsoft.EnterpriseCloud.Monitoring" `
  -ExtensionType "MicrosoftMonitoringAgent" `
  -TypeHandlerVersion 1.0 `
  -Settings @{"workspaceId" = $omsId} `
  -ProtectedSettings @{"workspaceKey" = $omsKey} `
  -Location eastus

过几分钟后,应该会在 OMS 工作区中看到新 VM。After a few minutes, you should see the new VM in the OMS workspace.

OMS 边栏选项卡

后续步骤Next steps

在本教程中,已使用 Azure 安全中心配置并查看了 VM。In this tutorial, you configured and reviewed VMs with Azure Security Center. 你已了解如何:You learned how to:

  • 创建虚拟网络Create a virtual network
  • 创建资源组和 VMCreate a resource group and VM
  • 在 VM 上启用启动诊断Enable boot diagnostics on the VM
  • 查看启动诊断View boot diagnostics
  • 查看主机指标View host metrics
  • 安装诊断扩展Install the diagnostics extension
  • 查看 VM 指标View VM metrics
  • 创建警报Create an alert
  • 管理 Windows 更新Manage Windows updates
  • 设置高级监视Set up advanced monitoring

请转到下一教程来了解 Azure 安全中心。Advance to the next tutorial to learn about Azure security center.