您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

虚拟网络 TAPVirtual network TAP

通过 Azure 虚拟网络 TAP(终端接入点),可让你持续将虚拟机网络流量流式传输到网络数据包收集器或分析工具。Azure virtual network TAP (Terminal Access Point) allows you to continuously stream your virtual machine network traffic to a network packet collector or analytics tool. 收集器或分析工具由网络虚拟设备合作伙伴提供。The collector or analytics tool is provided by a network virtual appliance partner. 有关经验证可与虚拟网络 TAP 一起使用的合作伙伴解决方案列表,请参阅合作伙伴解决方案For a list of partner solutions that are validated to work with virtual network TAP, see partner solutions.

重要

虚拟网络点击当前在所有 Azure 区域中都处于预览阶段。Virtual network TAP is currently in preview in all the Azure regions. 若要使用虚拟网络点击,你必须通过使用你的订阅 ID 发送电子邮件到 azurevnettap@microsoft.com 来注册预览。To use virtual network TAP, you must enroll in the preview by sending an email to azurevnettap@microsoft.com with your subscription ID. 注册订阅后,你会收到电子邮件。You will receive an email back once your subscription has been enrolled. 只有在收到确认电子邮件后,才能使用该功能。You aren't able to use the capability until you receive a confirmation email. 此预览版在提供时没有服务级别协议,不应用于生产工作负荷。This preview is provided without a service level agreement and should not be used for production workloads. 某些功能可能不受支持或受到约束,或者不一定在所有 Azure 位置都可用。Certain features may not be supported, may have constrained capabilities, or may not be available in all Azure locations. 有关详细信息,请参阅 Microsoft Azure 预览版的补充使用条款 。See the Supplemental Terms of Use for Microsoft Azure Previews for details.

虚拟网络 TAP 合作伙伴解决方案Virtual network TAP partner solutions

网络数据包中转站Network packet brokers

安全分析、网络/应用程序性能管理Security analytics, network/application performance management

下图显示虚拟网络 TAP 的工作原理。The following picture shows how virtual network TAP works. 可以在网络接口(连接到虚拟网络中部署的虚拟机)上添加 TAP 配置。You can add a TAP configuration on a network interface that is attached to a virtual machine deployed in your virtual network. 目标是与受监视网络接口或对等虚拟网络位于同一虚拟网络中的虚拟网络 IP 地址。The destination is a virtual network IP address in the same virtual network as the monitored network interface or a peered virtual network. 可在 Azure 内部负载均衡器后部署用于虚拟网络分流的收集器解决方案,以实现高可用性。The collector solution for virtual network TAP can be deployed behind an Azure Internal Load balancer for high availability. 若要评估单个解决方案的部署选项,请参阅合作伙伴解决方案To evaluate deployment options for individual solution, see partner solutions.

虚拟网络 TAP 的工作原理

必备组件Prerequisites

创建虚拟网络点击之前,必须先收到在预览版中注册的确认邮件,并使用 Azure 创建一个或多个虚拟机,资源管理器部署模型,以及用于聚合同一 Azure 区域中的点击流量的合作伙伴解决方案。Before you create a virtual network TAP, you must have received a confirmation mail that you are enrolled in the preview, and have one or more virtual machines created using Azure Resource Manager deployment model and a partner solution for aggregating the TAP traffic in the same azure region. 如果在虚拟网络中没有合作伙伴解决方案,请参阅合作伙伴解决方案来部署一个解决方案。If you don't have a partner solution in your virtual network, see partner solutions to deploy one. 你可以使用相同的虚拟网络 TAP 资源来聚合来自相同或不同订阅的多个网络接口的流量。You can use the same virtual network TAP resource to aggregate traffic from multiple network interfaces in the same or different subscriptions. 如果受监视的网络接口位于不同的订阅中,则订阅必须关联到同一 Azure Active Directory 租户。If the monitored network interfaces are in different subscriptions, the subscriptions must be associated to the same Azure Active Directory tenant. 此外,用于聚合 TAP 流量的受监视网络接口和目标终结点可以位于同一区域中的对等虚拟网络中。Additionally, the monitored network interfaces and the destination endpoint for aggregating the TAP traffic can be in peered virtual networks in the same region. 如果你使用的是这种部署模型,请务必在配置虚拟网络 TAP 之前启用虚拟网络对等互连If you are using this deployment model ensure that the virtual network peering is enabled before you configure virtual network TAP.

权限Permissions

用于在网络接口上应用 TAP 配置的帐户,必须被赋予网络参与者角色或分配有下表中必要操作的自定义角色The accounts you use to apply TAP configuration on network interfaces must be assigned to the network contributor role or a custom role that is assigned the necessary actions from the following table:

行动Action 名称Name
Microsoft.Network/virtualNetworkTaps/*Microsoft.Network/virtualNetworkTaps/* 在创建、更新、读取和删除虚拟网络 TAP 资源时需要Required to create, update, read and delete a virtual network TAP resource
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read 在读取将配置 TAP 的网络接口资源时需要Required to read the network interface resource on which the TAP will be configured
Microsoft.Network/tapConfigurations/*Microsoft.Network/tapConfigurations/* 在创建、更新、读取和删除网络接口上的 TAP 配置时需要Required to create, update, read and delete the TAP configuration on a network interface

后续步骤Next steps