您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

从本地访问你的 CloudSimple 私有云环境和应用程序Accessing your CloudSimple Private Cloud environment and applications from on-premises

可以使用 Azure ExpressRoute 或站点到站点 VPN 将连接从本地网络设置为 CloudSimple。A connection can be set up from on-premises network to CloudSimple using Azure ExpressRoute or Site-to-Site VPN. 使用连接访问你在私有云上运行的 CloudSimple 私有云 vCenter 和任何工作负荷。Access your CloudSimple Private Cloud vCenter and any workloads you run on the Private Cloud using the connection. 你可以使用本地网络中的防火墙控制连接上打开的端口。You can control what ports are opened on the connection using a firewall in your on-premises network. 本文介绍了一些典型的应用程序端口要求。This article discusses some of the typical applications port requirements. 对于任何其他应用程序,请参阅应用程序文档以了解端口要求。For any other applications, refer to the application documentation for port requirements.

访问 vCenter 所需的端口Ports required for accessing vCenter

若要访问私有云 vCenter 和 NSX-T 管理器,必须在本地防火墙上打开下表中定义的端口。To access your Private Cloud vCenter and NSX-T manager, ports defined in the table below must be opened on the on-premises firewall.

PortPort Source 目标Destination 目的Purpose
53 (UDP) 53 (UDP) 本地 DNS 服务器On-premises DNS servers 私有云 DNS 服务器Private Cloud DNS servers 需要将 az.cloudsimple.io 的 dns 查找从本地网络转发到私有云 DNS 服务器。Required for forwarding DNS lookup of az.cloudsimple.io to Private Cloud DNS servers from on-premises network.
53 (UDP) 53 (UDP) 私有云 DNS 服务器Private Cloud DNS servers 本地 DNS 服务器On-premises DNS servers 需要将 DNS 查找从私有云 vCenter 到本地 DNS 服务器的本地域名。Required for forwarding DNS look up of on-premises domain names from Private Cloud vCenter to on-premises DNS servers.
80 (TCP)80 (TCP) 本地网络On-premises network 私有云管理网络Private Cloud management network 需要将 vCenter URL 从 http 重定向到 httpsRequired for redirecting vCenter URL from http to https.
443 (TCP) 443 (TCP) 本地网络On-premises network 私有云管理网络Private Cloud management network 从本地网络访问 vCenter 和 NSX-T 管理器时需要。Required for accessing vCenter and NSX-T manager from on-premises network.
8000 (TCP) 8000 (TCP) 本地网络On-premises network 私有云管理网络Private Cloud management network 对于从本地到私有云的虚拟机是必需的。Required for vMotion of virtual machines from on-premises to Private Cloud.
8000 (TCP) 8000 (TCP) 私有云管理网络Private Cloud management network 本地网络On-premises network 对于从私有云到本地的虚拟机是必需的。Required for vMotion of virtual machines from Private Cloud to on-premises.

使用本地 active directory 作为标识源所需的端口Ports required for using on-premises active directory as an identity source

若要在私有云 vCenter 上将本地 active directory 配置为标识源,必须打开表中定义的端口。To configure on-premises active directory as an identity source on Private Cloud vCenter, ports defined in the table must be opened. 有关配置步骤,请参阅 使用 Azure AD 作为 CloudSimple 私有云上的 vCenter 的标识提供者See Use Azure AD as an identity provider for vCenter on CloudSimple Private Cloud for configuration steps.

PortPort Source 目标Destination 目的Purpose
53 (UDP) 53 (UDP) 私有云 DNS 服务器Private Cloud DNS servers 本地 DNS 服务器On-premises DNS servers 需要将 DNS 查找从私有云 vCenter 到本地 DNS 服务器的本地 active directory 域名。Required for forwarding DNS look up of on-premises active directory domain names from Private Cloud vCenter to on-premises DNS servers.
389 (TCP/UDP)389 (TCP/UDP) 私有云管理网络Private Cloud management network 本地 active directory 域控制器On-premises active directory domain controllers 从私有云 vCenter 服务器到 active directory 域控制器的 LDAP 通信需要进行用户身份验证。Required for LDAP communication from Private Cloud vCenter server to active directory domain controllers for user authentication.
636 (TCP) 636 (TCP) 私有云管理网络Private Cloud management network 本地 active directory 域控制器On-premises active directory domain controllers 需要用于安全 LDAP (LDAPS) 从私有云 vCenter 服务器到 active directory 域控制器的通信,以便进行用户身份验证。Required for secure LDAP (LDAPS) communication from Private Cloud vCenter server to active directory domain controllers for user authentication.
3268 (TCP) 3268 (TCP) 私有云管理网络Private Cloud management network 本地 active directory 全局编录服务器On-premises active directory global catalog servers 需要在多域控制器部署中进行 LDAP 通信。Required for LDAP communication in a multi-domain controller deployments.
3269 (TCP) 3269 (TCP) 私有云管理网络Private Cloud management network 本地 active directory 全局编录服务器On-premises active directory global catalog servers 需要在多域控制器部署中进行 LDAPS 通信。Required for LDAPS communication in a multi-domain controller deployments.

访问工作负荷虚拟机所需的常用端口Common ports required for accessing workload virtual machines

访问工作负荷在私有云上运行的虚拟机需要在本地防火墙上打开端口。Access workload virtual machines running on Private Cloud requires ports to be opened on your on-premises firewall. 下表显示了所需的一些常用端口及其用途。Table below shows some of the common ports required and their purpose. 有关任何特定于应用程序的端口要求,请参阅应用程序文档。For any application specific port requirements, refer to the application documentation.

PortPort Source 目标Destination 目的Purpose
22 (TCP) 22 (TCP) 本地网络On-premises network 私有云工作负荷网络Private Cloud workload network 安全外壳访问私有云上运行的 Linux 虚拟机。Secure shell access to Linux virtual machines running on Private Cloud.
3389 (TCP) 3389 (TCP) 本地网络On-premises network 私有云工作负荷网络Private Cloud workload network 远程桌面到在私有云上运行的 windows 虚拟机。Remote desktop to windows virtual machines running on Private Cloud.
80 (TCP)80 (TCP) 本地网络On-premises network 私有云工作负荷网络Private Cloud workload network 访问在私有云上运行的虚拟机上部署的任何 web 服务器。Access any web servers deployed on virtual machines running on Private Cloud.
443 (TCP) 443 (TCP) 本地网络On-premises network 私有云工作负荷网络Private Cloud workload network 访问在私有云上运行的虚拟机上部署的任何安全 web 服务器。Access any secure web servers deployed on virtual machines running on Private Cloud.
389 (TCP/UDP)389 (TCP/UDP) 私有云工作负荷网络Private Cloud workload network 本地 active directory 网络On-premises active directory network 将 Windows 工作负荷虚拟机加入本地 active directory 域。Join Windows workload virtual machines to on-premises active directory domain.
53 (UDP) 53 (UDP) 私有云工作负荷网络Private Cloud workload network 本地网络On-premises network 为本地 DNS 服务器的工作负荷虚拟机提供 DNS 服务访问。DNS service access for workload virtual machines to on-premises DNS servers.

后续步骤Next steps