您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

远程工作:用于远程工作的网络虚拟设备 (NVA) 的注意事项Working remotely: Network Virtual Appliance (NVA) considerations for remote work

备注

本文介绍如何利用网络虚拟设备、Azure、Microsoft 网络和 Azure 合作伙伴生态系统远程进行工作,以及如何缓解因 COVID-19(新冠病毒)危机而面临的网络问题。This article describes how you can leverage Network Virtual Appliances, Azure, Microsoft network, and the Azure partner ecosystem to work remotely and mitigate network issues that you are facing because of COVID-19 crisis.

在 COVID-19 疫情期间,某些 Azure 客户利用 Azure 市场中的第三方网络虚拟设备 (NVA) 为其在家办公的员工提供点到站点 VPN 等关键服务。Some Azure customers utilize third-party Network Virtual Appliances (NVAs) from Azure Marketplace to provide critical services such as Point-to-site VPN for their employees who are working from home during the COVID-19 epidemic. 本文从较高层面概述了有关在 Azure 中利用 NVA 提供远程访问解决方案时需要注意的一些事项的指导。This article outlines some high-level guidance to take into consideration when leveraging NVAs in Azure to provide remote access solutions.

NVA 性能注意事项NVA performance considerations

Azure 市场中的所有主流 NVA 供应商应已提供有关在部署其解决方案时要使用的 VM 大小和实例数目的建议。All major NVA vendors in Azure Marketplace should have recommendations on the VM Size and number of instances to use when deploying their solutions. 尽管几乎所有 NVA 供应商都允许选择可在给定区域中使用的任何大小,但遵循供应商在 Azure VM 实例大小方面的建议非常重要,因为这些 VM 大小建议是供应商在 Azure 中执行性能测试后给出的。While nearly all NVA vendors will let you choose any size that is available to you in a given Region, it's very important that you follow the vendors recommendations for Azure VM instance sizes, as these recommendations are the VM sizes the vendor has done performance testing with in Azure.

注意以下事项Consider the following

  • 容量和并发用户数 - 此数字对于点到站点 VPN 用户尤为重要,因为每个连接的用户将创建一个加密的(IPSec 或 SSL VPN)隧道。Capacity and number of concurrent users - This number is particularly important for Point-to-Site VPN users as each connected user will create one encrypted (IPSec or SSL VPN) tunnel.
  • 聚合吞吐量 - 需要多大的聚合带宽才能为所需数目的用户提供远程访问。Aggregate throughput - What is the aggregate bandwidth you will need to accommodate the number of users you need to which you will need to provide remote access.
  • 所需的 VM 大小 - 始终应使用 NVA 供应商建议的 VM 大小。The VM size you will need - You should always use VM sizes recommended by the NVA vendor. 对于点到站点 VPN,如果你有大量的并发用户连接,则应使用较大的 VM 大小,例如 Dv2 和 DSv2 系列 VM。For point-to-site VPN, if you will have a lot concurrent user connections, you should be using larger VM sizes such as Dv2 and DSv2 series VMs. 这些 VM 往往配备了更多的 vCPU,可以处理更多的并发 VPN 会话。These VMs tend to have more vCPUs and can handle more concurrent VPN sessions. 除了提供更多的虚拟核心以外,Azure 中较大 VM 提供的聚合带宽容量也要高于较小的 VM。In addition to having more virtual cores, larger VM sizes in Azure have more aggregate bandwidth capacity than smaller VM sizes.

    重要提示: 每家供应商以不同的方式利用资源。Important: Each vendor utilizes resources differently. 如果你不确定要使用哪种实例大小来适应预估的用户负载,应直接联系软件供应商,请他们提供建议。If it's not clear what instance sizes you should use to accommodate your estimated user load, you should contact the software vendor directly and ask them for a recommendation.

  • 实例数 - 如果预期会出现大量的用户和连接,纵向扩展 NVA 实例大小可实现的效果存在限制。Number of instances - If you expect to have a large number of users and connections, there are limits to what scaling up your NVA instance sizes can achieve. 请考虑部署多个 VM 实例。Consider deploying multiple VM instances.
  • IPSec VPN 与 SSL VPN - 一般情况下,IPSec VPN 实现的性能要优于 SSL VPN 实现。IPSec VPN vs SSL VPN - In general IPSec VPN implementations perform better than SSL VPN implementations.
  • 许可 - 确保为 NVA 解决方案购买的软件许可证涵盖了 COVID-19 疫情期间可能会出现的流量突增。Licensing - Make sure that the software licenses you have purchased for the NVA solution will cover the sudden growth you may experience during the COVID-19 epidemic. 许多 NVA 许可计划会限制解决方案支持的连接数或带宽。Many NVA licensing programs limit the number of connections or bandwidth the solution is capable of.
  • 加速网络 - 考虑使用一个支持加速网络的 NVA 解决方案。Accelerated Networking - Consider an NVA solution that has support for Accelerated Networking. 使用加速网络可以实现对 VM 的单根 I/O 虚拟化 (SR-IOV),大幅提升其网络性能。Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, greatly improving its networking performance. 这种高性能路径会绕过数据路径中的主机,降低延迟、抖动,以及受支持 VM 类型上的最苛刻网络工作负荷的 CPU 利用率。This high-performance path bypasses the host from the data path, reducing latency, jitter, and CPU utilization for use with the most demanding network workloads on supported VM types. 大多数常规用途实例以及具有两个或更多 vCPU 的计算优化实例都支持加速网络。Accelerated networking is supported on most general purpose and compute-optimized instance sizes with two or more vCPUs.

监视资源Monitoring resources

每种 NVA 解决方案提供自身的工具和资源用于监视其 NVA 的性能。Each NVA solution has its own tools and resources for monitoring the performance of their NVA. 请查阅供应商文档,确保了解性能限制,并在 NVA 接近或达到容量限制时能够检测到这种情况。Consult your vendors documentation to make sure you understand the performance limitations and can detect when your NVA is near or reaching capacity. 除此之外,还可以在 Azure Monitor 网络见解中查看有关网络虚拟设备的基本性能信息,例如:In addition to this you can look at Azure Monitor Network Insights and see basic performance information about your Network Virtual Appliances such as:

  • CPU 使用率CPU Utilization
  • 网络传入Network In
  • 网络传出Network Out
  • 入站流数Inbound Flows
  • 出站流数Outbound Flows

后续步骤Next Steps

大多数主流 NVA 合作伙伴已经围绕在 COVID-19 疫情期间出现流量意外突增时如何进行扩展发布了指导。Most major NVA partners have posted guidance around scaling for sudden, unexpected growth during COVID-19. 下面是一些一些有用的合作伙伴资源链接。Here are a few useful links to partner resources.

Barracuda Enable Work from home while securing your data during COVID-19(在 COVID-19 疫情期间 Barracuda 可以实现在家办公和数据保护)Barracuda Enable Work from home while securing your data during COVID-19

在 Coronavirus 期间检查点安全远程人力Check Point Secure Remote Workforce During Coronavirus

适用于 COVID 的 Cisco AnyConnect 实现和性能/缩放参考-19 准备Cisco AnyConnect Implementation and Performance/Scaling Reference for COVID-19 Preparation

Citrix COVID-19 响应支持中心Citrix COVID-19 Response Support Center

用于解决远程辅助角色大幅增加的 F5 指导F5 Guidance to Address the Dramatic Increase in Remote Workers

适用于客户和合作伙伴的 Fortinet COVID-19 个更新Fortinet COVID-19 Updates for Customers and Partners

Palo Alto Networks COVID-19 答复中心Palo Alto Networks COVID-19 Response Center

Kemp 启用远程工作和 Always-On 应用程序体验,实现业务连续性Kemp Enable Remote Work and Always-On App Experience for Business Continuity