SharePoint 2013 的 Microsoft Azure 体系结构Microsoft Azure Architectures for SharePoint 2013

Azure 是用于托管 SharePoint Server 2013 解决方案的绝佳环境。Azure is a good environment for hosting a SharePoint Server 2013 solution. 在大多数情况下,我们建议使用 Microsoft 365,但托管在 Azure 中的 SharePoint Server 场可能是特定解决方案的良好选择。In most cases, we recommend Microsoft 365, but a SharePoint Server farm hosted in Azure can be a good option for specific solutions. 本文介绍如何构建 SharePoint 解决方案,使它们适合 Azure 平台。This article describes how to architect SharePoint solutions so they are a good fit in the Azure platform. 我们将以下面两个特定解决方案为例进行说明:The following two specific solutions are used as examples:

Azure 基础结构服务是用于托管 SharePoint 解决方案的极具吸引力的选项。某些解决方案比其他解决方案更适合此平台。下表显示了建议的解决方案。Azure infrastructure services is a compelling option for hosting SharePoint solutions. Some solutions are a better fit for this platform than others. The following table shows recommended solutions.

解决方案Solution 为何建议将此解决方案用于 AzureWhy this solution is recommended for Azure
开发和测试环境Development and test environments
创建和管理这些环境非常容易。It's easy to create and manage these environments.
将内部部署 SharePoint 服务器场灾难恢复到 AzureDisaster recovery of on-premises SharePoint farms to Azure
承载的辅助数据中心 使用 Azure,而不是在其他地区投资建设辅助数据中心。Hosted secondary datacenter Use Azure instead of investing in a secondary datacenter in a different region.
低成本灾难恢复环境 维护和支付比内部部署灾难恢复环境更少的资源。资源数量取决于您选择的灾难恢复环境:冷备用、温备用或热备用。Lower-cost disaster-recovery environments Maintain and pay for fewer resources than an on-premises disaster recovery environment. The number of resources depends on the disaster recovery environment you choose: cold standby, warm standby, or hot standby.
更有弹性的平台 如果发生灾难,轻松扩展恢复 SharePoint 服务器场以满足负载要求。当您不再需要这些资源时,进行缩放。More elastic platform In the event of a disaster, easily scale-out your recovery SharePoint farm to meet load requirements. Scale in when you no longer need the resources.
请参阅Microsoft Azure 中的 SharePoint Server 2013 灾难恢复See SharePoint Server 2013 Disaster Recovery in Microsoft Azure.
使用 Microsoft 365 中不可用的功能和规模的面向 Internet 的网站Internet-facing sites that use features and scale not available in Microsoft 365
集中精力 构建一个很棒的网站,而不是构建基础结构。Focus your efforts Concentrate on building a great site rather than building infrastructure.
利用 Azure 中的弹性 根据需要通过添加新服务器调整服务器场大小,仅支付您需要的资源。不支持动态计算机分配(自动缩放)。Take advantage of elasticity in Azure Size the farm for the demand by adding new servers, and pay only for resources you need. Dynamic machine allocation is not supported (auto scale).
使用 Azure Active Directory (AD) 利用客户帐户的 Azure AD。Use Azure Active Directory (AD) Take advantage of Azure AD for customer accounts.
添加 Microsoft 365 中不可用的 SharePoint 功能 添加深度报告和 Web 分析。Add SharePoint functionality not available in Microsoft 365 Add deep reporting and web analytics.
请参阅Microsoft Azure 中使用 SharePoint Server 2013 的 Internet 站点See Internet Sites in Microsoft Azure using SharePoint Server 2013.
支持 Microsoft 365 或本地环境的应用场App farms to support Microsoft 365 or on-premises environments
在 Azure 中构建、测试和承载应用程序,以支持内部部署和云环境。Build, test, and host apps in Azure to support both on-premises and cloud environments.
在 Azure 中承载此角色,而无需为内部部署环境购买新硬件。Host this role in Azure instead of buying new hardware for on-premises environments.

对于 Intranet 以及协作解决方案和工作负载,请考虑下列选项:For intranet and collaboration solutions and workloads, consider the following options:

  • 确定 Microsoft 365 是否满足你的业务需求,或者是否属于解决方案的一部分。Determine if Microsoft 365 meets your business requirements or can be part of the solution. Microsoft 365 提供始终保持最新的丰富功能集。Microsoft 365 provides a rich feature set that is always up to date.

  • 如果 Microsoft 365 不满足您的所有业务要求,请考虑 Microsoft 咨询服务和 MCS (SharePoint 2013) 。If Microsoft 365 does not meet all your business requirements, consider a standard implementation of SharePoint 2013 on premises from Microsoft Consulting Services (MCS). 相比自定义体系结构而言,标准体系结构的支持更快速、便宜和简单。A standard architecture can be a quicker, cheaper, and easier solution for you to support than a customized one.

  • 如果标准实现不满足您的业务需求,请考虑使用自定义的内部部署解决方案。If a standard implementation doesn't meet your business requirements, consider a customized on-premises solution.

  • 如果使用云平台对于满足您的业务需求非常重要,请考虑托管在 Azure 中的 SharePoint 2013 的标准或自定义实现。相比其他非纯 Microsoft 公共云平台而言,在 Azure 中支持 SharePoint 解决方案要容易得多。If using a cloud platform is important for your business requirements, consider a standard or customized implementation of SharePoint 2013 hosted in Azure infrastructure services. SharePoint solutions are much easier to support in Azure than other non-native Microsoft public cloud platforms.

设计 Azure 环境之前Before you design the Azure environment

本文以 SharePoint 拓扑为例,您可以将这些设计理念用于任何 SharePoint 服务器场拓扑。在设计 Azure 环境之前,请使用以下拓扑、体系结构、容量和性能指导设计 SharePoint 服务器场:While this article uses example SharePoint topologies, you can use these design concepts with any SharePoint farm topology. Before you design the Azure environment, use the following topology, architecture, capacity, and performance guidance to design the SharePoint farm:

确定 Active Directory 域类型Determine the Active Directory domain type

每个 SharePoint 服务器场依赖于 Active Directory 来提供用于服务器场设置的管理帐户。目前,Azure 中提供 SharePoint 解决方案的两个选项。将在下表中介绍详细信息。Each SharePoint Server farm relies on Active Directory to provide administrative accounts for farm setup. At this time, there are two options for SharePoint solutions in Azure. These are described in the following table.

选项Option 说明Description
专用域Dedicated domain
您可以在 Azure 中部署一个隔离的专用 Active Directory 域以支持您的 SharePoint 服务器场。这是面向公众的 Internet 站点的最佳选择。You can deploy a dedicated and isolated Active Directory domain to Azure to support your SharePoint farm. This is a good choice for public-facing Internet sites.
通过跨界连接扩展本地域Extend the on-premises domain through a cross-premises connection
当您通过跨界连接扩展本地域时,用户通过您的 Intranet 访问 SharePoint 服务器场,就像它托管在本地一样。您可以利用您的本地 Active Directory 和 DNS 实现。When you extend the on-premises domain through a cross-premises connection, users access the SharePoint farm via your intranet as if it were hosted on-premises. You can take advantage of your on-premises Active Directory and DNS implementation.
在 Azure 中构建灾难恢复环境以便从本地服务器场进行故障转移时,将需要跨界连接。A cross-premises connection is required for building a disaster-recovery environment in Azure to fail over to from your on-premises farm.

本文介绍通过跨界连接扩展本地域的设计理念。如果您的解决方案使用专用域,则不需要跨界连接。This article includes design concepts for extending the on-premises domain through a cross-premises connection. If your solution uses a dedicated domain, you don't need a cross-premises connection.

设计虚拟网络Design the virtual network

首先,您在 Azure 中需要有一个虚拟网络,其中包括您将用于放置虚拟机的子网。虚拟网络需要专用 IP 地址空间,其中的某些部分将分配给子网。First you need a virtual network in Azure, which includes subnets on which you will place your virtual machines. The virtual network needs a private IP address space, portions of which you assign to the subnets.

如果要通过(灾难恢复环境所必需的)跨域连接将本地网络扩展到 Azure,则必须选择一个未在组织网络中的任何位置使用的专用地址空间,其中可以包括您的本地环境和其他 Azure 虚拟网络。If you are extending your on-premises network to Azure through a cross-premises connection (required for a disaster recovery environment), you must choose a private address space that is not already in use elsewhere in your organization network, which can include your on-premises environment and other Azure virtual networks.

图 1:本地环境和 Azure 中的虚拟网络。Figure 1: On-premises environment with a virtual network in Azure

SharePoint 解决方案的 Microsoft Azure 虚拟网络设计。Azure 网关的一个子网。虚拟机的一个子网。

在此图中:In this diagram:

  • Azure 中的虚拟网络与本地环境并列。两个环境尚未通过跨界连接(可以是站点到站点 VPN 连接,也可以是 ExpressRoute)进行连接。A virtual network in Azure is illustrated side-by-side to the on-premises environment. The two environments are not yet connected by a cross-premises connection, which can be a site-to-site VPN connection or ExpressRoute.

  • 在这种情况下,虚拟网络仅包括子网,不包括任何其他体系结构元素。一个子网将托管 Azure 网关,其他的子网将托管 SharePoint 场层,还有另外一个子网将托管 Active Directory 和 DNS。At this point, the virtual network just includes the subnets and no other architectural elements. One subnet will host the Azure gateway and other subnets host the tiers of the SharePoint farm, with an additional one for Active Directory and DNS.

添加跨界连接Add cross-premises connectivity

下一个部署步骤将创建跨界连接(如果适用于您的解决方案)。对于跨界连接,Azure 网关驻留在单独的网关子网中,您必须创建和分配地址空间。The next deployment step is to create the cross-premises connection (if this applies to your solution). For cross-premises connections, a Azure gateway resides in a separate gateway subnet, which you must create and assign an address space.

在计划跨界连接时,您将定义并创建 Azure 网关和到本地网关设备的连接。When you plan for a cross-premises connection, you define and create an Azure gateway and connection to an on-premises gateway device.

图 2:使用 Azure 网关和本地网关设备提供本地环境和 Azure 之间的站点到站点连接Figure 2: Using an Azure gateway and an on-premises gateway device to provide site-to-site connectivity between the on-premises environment and Azure

通过跨界连接(可以是站点到站点 VPN 连接,也可以是 ExpressRoute)连接到 Azure 虚拟网络的本地环境。

在此图中:In this diagram:

  • 添加到上图中时,本地环境将通过跨界连接(可以是站点到站点 VPN 连接,也可以是 ExpressRoute)来连接到 Azure 虚拟网络。Adding to the previous diagram, the on-premises environment is connected to the Azure virtual network by a cross-premise connection, which can be a site-to-site VPN connection or ExpressRoute.

  • Azure 网关位于网关子网上。An Azure gateway is on a gateway subnet.

  • 本地环境包括网关设备,如路由器或 VPN 服务器。The on-premises environment includes a gateway device, such as a router or VPN server.

有关规划和创建跨界虚拟网络的其他信息,请参阅将本地网络连接到 Microsoft Azure 虚拟网络For additional information to plan for and create a cross-premises virtual network, see Connect an on-premises network to a Microsoft Azure virtual network.

将 Active Directory 域服务 (AD DS) 和 DNSAdd Active Directory Domain Services (AD DS) and DNS

在 Azure 中进行灾难恢复时,您在混合方案中部署 Windows Server AD 和 DNS,其中 Windows Server AD 部署在本地和 Azure 虚拟机上。For disaster recovery in Azure, you deploy Windows Server AD and DNS in a hybrid scenario where Windows Server AD is deployed both on-premises and on Azure virtual machines.

图 3:混合 Active Directory 域配置Figure 3: Hybrid Active Directory domain configuration

部署到 Azure 虚拟网络和 SharePoint 场子网的 STwo 虚拟机是域控制器和 DNS 服务器的副本

此图在上一张图的基础之上构建,它将两个虚拟机添加到 Windows Server AD 和 DNS 子网。这些虚拟机是域控制器和 DNS 服务器的副本。它们是本地 Windows Server AD 环境的扩展。This diagram builds on the previous diagrams by adding two virtual machines to a Windows Server AD and DNS subnet. These virtual machines are replica domain controllers and DNS servers. They are an extension of the on-premises Windows Server AD environment.

下表为 Azure 中的这些虚拟机提供了配置建议。使用这些建议作为设计您自己的环境的起点,即使是对 Azure 环境不与本地环境通信的专用域也是如此。The following table provides configuration recommendations for these virtual machines in Azure. Use these as a starting point for designing your own environment—even for a dedicated domain where your Azure environment doesn't communicate with your on-premises environment.

Item 配置Configuration
Azure 中的虚拟机大小Virtual machine size in Azure
标准层中的 A1 或 A2 大小A1 or A2 size in the Standard tier
操作系统Operating system
Windows Server 2012 R2Windows Server 2012 R2
Active Directory 角色Active Directory role
指定为全局目录服务器的 AD DS 域控制器。此配置减少了通过跨界连接的输出流量。AD DS domain controller designated as a global catalog server. This configuration reduces egress traffic across the cross-premises connection.
在高更改率(这并不常见)多域环境中,将内部部署域控制器配置为不与 Azure 中的全局目录服务器同步,以减少复制流量。In a multidomain environment with high rates of change (this is not common), configure domain controllers on premises not to sync with the global catalog servers in Azure, to reduce replication traffic.
DNS 角色DNS role
在域控制器上安装和配置 DNS 服务器服务。Install and configure the DNS Server service on the domain controllers.
数据磁盘Data disks
将 Active Directory 数据库、日志和 SYSVOL 放在其他 Azure 数据磁盘上。不要将它们放在操作系统磁盘或 Azure 提供的临时磁盘上。Place the Active Directory database, logs, and SYSVOL on additional Azure data disks. Do not place these on the operating system disk or the temporary disks provided by Azure.
IP 地址IP addresses
使用静态 IP 地址,并在域控制器配置完毕后,将虚拟机网络配置为将这些地址分配到虚拟网络中的虚拟机。Use static IP addresses and configure the virtual network to assign these addresses to the virtual machines in the virtual network after the domain controllers have been configured.

重要

在 Azure 中部署 Active Directory 之前,阅读在 Azure 虚拟机上部署 Windows Server Active Directory 的指南。这些指南将帮助您确定您的解决方案是否需要不同的体系结构或不同的配置设置。Before you deploy Active Directory in Azure, read Guidelines for Deploying Windows Server Active Directory on Azure Virtual Machines. These help you determine if a different architecture or different configuration settings are needed for your solution.

添加 SharePoint 服务器场Add the SharePoint farm

将 SharePoint 服务器场虚拟机置于适当的子网的层级中。Place the virtual machines of the SharePoint farm in tiers on the appropriate subnets.

图 4:SharePoint 虚拟机的位置Figure 4: Placement of SharePoint virtual machines

添加到 SharePoint 场子网内的 Azure 虚拟网络中的数据库服务器和 SharePoint 服务器角色

此图构建在上一张图的基础之上,它将 SharePoint 服务器场服务器角色添加到了相应的层级中。This diagram builds on the previous diagrams by adding the SharePoint farm server roles in their respective tiers.

  • 运行 SQL Server 的两个数据库虚拟机创建数据库层。Two database virtual machines running SQL Server create the database tier.

  • 运行以下每个层级的 SharePoint Server 2013 的两个虚拟机:前端服务器、分布式缓存服务器和后端服务器。Two virtual machines running SharePoint Server 2013 for each of the following tiers: front end servers, distributed cache servers, and back end servers.

设计和优化可用性集和错误域的服务器角色Design and fine tune server roles for availability sets and fault domains

错误域是角色实例在其中运行的硬件分组。同一错误域中的虚拟机可同时由 Azure 基础结构更新。否则它们可能同时发生故障,因为它们共享同一个机架。为避免同一错误域上具有两个虚拟机的风险,可以将您的虚拟机配置为可用性集,这可确保每个虚拟机位于不同的错误域中。如果三个虚拟机均配置为可用性集,Azure 保证位于同一错误域中的虚拟机不超过两个。A fault domain is a grouping of hardware in which role instances run. Virtual machines within the same fault domain can be updated by the Azure infrastructure at the same time. Or, they can fail at the same time because they share the same rack. To avoid the risk of having two virtual machines on the same fault domain, you can configure your virtual machines as an availability set, which ensures that each virtual machine is in a different fault domain. If three virtual machines are configured as an availability set, Azure guarantees that no more than two of the virtual machines are located in the same fault domain.

为 SharePoint 服务器场设计 Azure 体系结构时,将相同的服务器角色配置为可用性集的一部分。这样可以确保您的虚拟机的分布在多个错误域。When you design the Azure architecture for a SharePoint farm, configure identical server roles to be part of an availability set. This ensures that your virtual machines are spread across multiple fault domains.

图 5:使用 Azure 可用性集为 SharePoint 服务器层级提供高可用性Figure 5: Use Azure Availability Sets to provide high availability for the SharePoint farm tiers

SharePoint 2013 解决方案的 Azure 基础结构中的可用性集配置。

此图调用 Azure 基础结构内可用性集的配置。下面每一个角色使用一个单独的可用性集:This diagram calls out the configuration of availability sets within the Azure infrastructure. Each of the following roles share a separate availability set:

  • Active Directory 和 DNSActive Directory and DNS

  • 数据库Database

  • 后端Back end

  • 分布式缓存Distribute cache

  • 前端Front end

SharePoint 服务器场可能需要在 Azure 平台中进行优化。要确保所有组件的高可用性,请确保服务器角色的配置均相同。The SharePoint farm might need to be fine tuned in the Azure platform. To ensure high availability of all components, ensure that the server roles are all configured identically.

下面是一个示例,其中显示了满足特定容量和性能目标的标准 Internet 网站体系结构。此示例显示了以下体系结构模型的特点:SharePoint Server 2013 的 Internet 网站搜索体系结构Here is an example that shows a standard Internet Sites architecture that meets specific capacity and performance goals. This example is featured in the following architecture model: Internet Sites Search Architectures for SharePoint Server 2013.

图 6:三层服务器场的容量和性能目标规划示例Figure 6: Planning example for capacity and performance goals in a three-tier farm

具有能满足特定容量和性能目标的组件分配的标准 SharePoint 2013 Internet 网站体系结构

在此图中:In this diagram:

  • 显示了三层服务器场:Web 服务器、应用程序服务器和数据库服务器。A three-tier farm is represented: web servers, application servers, and database servers.

  • 三个 Web 服务器配置相同,均具有多个组件。The three web servers are configured identically with multiple components.

  • 两个数据库服务器的配置相同。The two database servers are configured identically.

  • 三个应用程序服务器的配置不相同。这些服务器角色需要对 Azure 中的可用性集进行优化。The three application servers are not configured identically. These server roles require fine tuning for availability sets in Azure.

让我们进一步了解一下应用程序服务器层。Let's look closer at the application server tier.

图 7:优化之前的应用程序服务器层Figure 7: Application server tier before fine tuning

调整 Microsoft Azure 可用性集之前的示例 SharePoint Server 2013 应用程序服务器层

在此图中:In this diagram:

  • 三个服务器都包含在应用程序层中。Three servers are included in the application tier.

  • 第一个服务器包含四个组件。The first server includes four components.

  • 第二个服务器包括三个组件。The second server includes three components.

  • 第三个服务器包含两个组件。The third server includes two components.

您可按服务器场的性能和容量目标确定组件数量。要调整 Azure 的此体系结构,我们将在所有三个服务器之间复制这四个组件。这将增加除性能和容量所需组件以外的组件数量。权衡点是当将这三个虚拟机分配至某个可用性集时,此设计确保了 Azure 平台中所有四个组件的高可用性。You determine the number of components by the performance and capacity targets for the farm. To adapt this architecture for Azure, we'll replicate the four components across all three servers. This increases the number of components beyond what is necessary for performance and capacity. The tradeoff is that this design ensures high availability of all four components in the Azure platform when these three virtual machines are assigned to an availability set.

图 8:优化之后的应用程序服务器层Figure 8: Application server tier after fine tuning

调整 Microsoft Azure 可用性集之后的示例 SharePoint Server 2013 应用程序服务器层

此图显示了使用相同的四个组件进行相同配置的所有三个应用程序服务器。This diagram shows all three application servers configured identically with the same four components.

将可用性集添加到 SharePoint 场层后,即完成实现过程。When we add availability sets to the tiers of the SharePoint farm, the implementation is complete.

图 9:Azure 基础结构服务中已完成的 SharePoint 服务器场Figure 9: The completed SharePoint farm in Azure infrastructure services

Azure 基础结构服务中的示例 SharePoint 2013 场,带有虚拟网络、跨界连接、子网、虚拟机和可用性集。

此图显示在 Azure 基础结构服务中实现的 SharePoint 服务器场,以及为每个层级中的服务器提供故障域的可用性集。This diagram shows the SharePoint farm implemented in Azure infrastructure services, with availability sets to provide fault domains for the servers in each tier.

另请参阅See Also

Microsoft 365 解决方案和体系结构中心Microsoft 365 solution and architecture center

Microsoft Azure 中使用 SharePoint Server 2013 的 Internet 站点Internet Sites in Microsoft Azure using SharePoint Server 2013

Microsoft Azure 中的 SharePoint Server 2013 灾难恢复SharePoint Server 2013 Disaster Recovery in Microsoft Azure