计划 Office Online ServerPlan Office Online Server

摘要: 介绍 Office Online Server 要求和先决条件,包括 HTTPS、证书、虚拟化、负载平衡、拓扑和安全性。Summary: Describes Office Online Server requirements and prerequisites, including HTTPS, certificates, virtualization, load balancing, topologies, and security.

目标用户:IT 专业人员Audience: IT Professionals

Office Online Server 提供了本地环境中的 Office 应用程序的基于浏览器的版本,给用户带来更多灵活性和协作机会。本文介绍了在组织中安装 Office Online Server 的要求和所需步骤。Office Online Server delivers browser-based versions of Office apps in an on-premises environment, giving users more flexibility and collaboration opportunities. This article describes the requirements and steps you need to take to install Office Online Server in your organization.

重要的是仔细计划,以使所有主机(如 SharePoint Server 和 Exchange Server)能与 Office Online Server 通信。It's important to carefully plan so that all hosts, such as SharePoint Server and Exchange Server can communicate with Office Online Server.

检查 Office Online Server 版本兼容性列表以确保主机兼容。Check the Office Online Server version compatibility list to ensure that your hosts are compatible.

Office Online Server 的软件、硬件和配置要求Software, hardware, and configuration requirements for Office Online Server

可以安装 Office Online Server 作为单服务器场、多服务器负载平衡场。你可以使用物理服务器或虚拟机。You can install Office Online Server as a single-server farm, or as a multi-server, load-balanced farm. You can use physical servers or virtual machines.

在包含实际用户数据的环境中,我们始终建议使用 HTTPS,你必须获取 HTTPS 证书。如果在场中使用多台服务器,则必须配置硬件或软件负载平衡解决方案。你可以在以下各节中了解有关这些方案的详细信息。In environments that contain actual user data, we always recommend that you use HTTPS, for which you have to obtain a certificate. If you're using multiple servers in your farm, you have to configure a hardware or software load-balancing solution. You can learn more about these scenarios in the following sections.

Office Online Server 的硬件要求Hardware requirements for Office Online Server

Office Online Server 与 SharePoint Server 2016 的最低硬件要求相同。Office Online Server uses the same minimum hardware requirements as SharePoint Server 2016.

Office Online Server 支持的操作系统Supported operating systems for Office Online Server

您可以在以下操作系统上运行 Office Online Server:You can run Office Online Server on the following operating systems:

  • 64 位版本的 Windows Server 2012 R2The 64-bit edition of Windows Server 2012 R2

  • 64 位版本的 Windows Server 2016(要求 Office Online Server 2017 年 4 月或更高版本)。The 64-bit edition of Windows Server 2016 (Office Online Server April 2017 or later required)

备注

Office Online Server 仅支持 Windows Server 2016 的“含桌面体验的服务器”安装选项。SharePoint Server 2016 only supports the "Server with Desktop Experience" installation option of Windows Server 2016. 有关 Windows Server 产品/服务的其他信息,请参阅 Windows Server 半年频道概述For additional information about Windows Server offerings, see Windows Server Semi-annual Channel Overview

备注

Office Online Server 不支持 Windows Server 2019。Office Online Server does not support Windows Server 2019.

Office Online Server 的域要求Domain requirements for Office Online Server

Office Online Server 场中所有服务器都必须是域的一部分。它们可以在同一个域(推荐)中或位于同一个林中的不同域中。All servers in the Office Online Server farm must be part of a domain. They can be in the same domain (recommended) or in domains that are in the same forest.

如果计划使用利用外部数据访问(如数据模型、Power Pivot 或 Power View)的任一 Excel Online 功能,则 Office Online Server 必须驻留在与用户和计划使用基于 Windows 身份验证访问的任一外部数据源所在的相同的 Active Directory 林中。If you plan to use any Excel Online features that utilize external data access (such as Data Models, Power Pivot, or Power View), Office Online Server must reside in the same Active Directory forest as its users as well as any external data sources that you plan to access using Windows-based authentication.

支持计划和升级要求Support schedule and upgrade requirements

Microsoft 每六个月左右发布 Office Online Server 的新内部版本。发布新版本后,不再为上之前的内部版本生成关键更新。我们强烈建议在发布新的内部版本时更新 Office Online Server 场。有关详细信息,请参阅 Office 联机服务器发布计划Microsoft releases a new build of Office Online Server every six months or so. Once a new build has been released, critical updates are no longer produced for the previous build. We highly recommend that you update your Office Online Server farm as new builds are released. For more information, see Office Online Server release schedule.

与其他工作负载和服务的兼容性Compatibility with other workloads and services

以下是安装 Office Online Server 时要注意的几点事项。Here are a few things to be aware of when you install Office Online Server.

  • 请勿在运行 Office Online Server 的服务器上安装任何其他服务器应用程序。包括 Exchange Server、SharePoint Server、Skype for Business Server 和 SQL Server。如果服务器不足,则可以在这些服务器的其中一台的虚拟机上运行 Office Online Server。Don't install any other server applications on the server that's running Office Online Server. This includes Exchange Server, SharePoint Server, Skype for Business Server, and SQL Server. If you have a shortage of servers, consider running Office Online Server in a virtual machine on one of the servers you have.

  • 不要在端口 80、443 或 809 上安装依赖 Web 服务器 (IIS) 角色的任何服务或角色,因为 Office Online Server 会定期删除这些端口上的 Web 应用程序。Don't install any services or roles that depend on the Web Server (IIS) role on port 80, 443, or 809 because Office Online Server periodically removes web applications on these ports.

  • 不要安装任何版本的 Office。如果已经安装,在安装 Office Online Server 之前必须将其卸载。Don't install any version of Office. If it's already installed, you'll need to uninstall it before you install Office Online Server.

  • 不要在域控制器上安装 Office Online Server。它不会在包含 Active Directory 域服务 (AD DS) 的服务器上运行。Don't install Office Online Server on a domain controller. It won't run on a server with Active Directory Domain Services (AD DS).

对虚拟化 Office Online Server 的支持Support for virtualizing Office Online Server

在本地数据中心使用 Windows Server Hyper-V 或其他虚拟化技术部署 Office Online Server 时,它受支持。如果你计划虚拟化 Office Online Server,请遵循以下指南:Office Online Server is supported when you deploy it using Windows Server Hyper-V or other virtualization technology in your on-premises datacenter. If you plan to virtualize Office Online Server, follow these guidelines:

  • 在它自己的虚拟机中安装 Office Online Server。不要在此虚拟机中安装任何其他服务器应用程序,例如 SharePoint Server。Install Office Online Server in its own virtual machine. Don't install any other server applications, such as SharePoint Server, in this virtual machine.

  • 当为多服务器 Office Online Server 场使用 Hyper-V 时,每个虚拟机均应位于单独的虚拟机主机上。这样 Office Online Server 场在其中一台主机出现故障时仍可用。When using Hyper-V for multi-server Office Online Server farms, each virtual machine should be on a separate virtual machine host. This way, the Office Online Server farm will still be available if one of the hosts fails.

Office Online Server 的防火墙要求Firewall requirements for Office Online Server

防火墙可能会通过阻止 Web 浏览器、运行 Office Online Server 的服务器和运行 SharePoint Server 的服务器之间的通信而导致出现问题。当服务器在网络的不同部分时,这些问题可能会变得更复杂。Firewalls can cause problems by blocking communication between the web browser, the servers that run Office Online Server, and the servers that run SharePoint Server. These problems can be more complicated when the servers are in different parts of a network.

确保运行 Office Online Server 的服务器或负载平衡器上的防火墙没有阻止以下端口:Make sure the following ports aren't blocked by firewalls on either the server that runs Office Online Server or the load balancer:

  • 用于 HTTPS 流量的端口 443Port 443 for HTTPS traffic

  • 用于 HTTP 流量的端口 80Port 80 for HTTP traffic

  • 运行 Office Online Server 的服务器之间的专用流量的端口 809(如果您设置了包含多台服务器的服务器场)Port 809 for private traffic between the servers that run Office Online Server (if you're setting up a multi-server farm)

Office Online Server 的负载平衡器要求Load balancer requirements for Office Online Server

在两台或更多台服务器上运行 Office Online Server 时,建议使用负载平衡解决方案。几乎可以使用任何负载平衡解决方案,包括运行 Web 服务器 (IIS) 角色(用于运行应用程序请求路由 (ARR))的服务器。事实上,可以在运 Office Online Server 的服务器之一上运行 ARR。We recommend a load balancing solution when you run Office Online Server on two or more servers. Just about any load balancing solution will work, including a server that runs the Web Server (IIS) role running Application Request Routing (ARR). In fact, you can run ARR on one of the servers that runs Office Online Server.

理想情况下,尝试查找支持以下功能的负载平衡解决方案:Ideally, try to find a load balancing solution that supports the following features:

  • 第 7 层路由Layer 7 routing

  • 启用客户端相关性或前端相关性Enabling client affinity or front-end affinity

如果您使用负载平衡器,则需要在负载平衡器上安装证书,如本文的 使用 HTTPS 保护 Office Online Server 通信。一节所述。If you use a load balancer, you'll need to install the certificate on the load balancer as described under Securing Office Online Server communications by using HTTPS .

Office Online Server 的 DNS 要求DNS requirements for Office Online Server

在使用 HTTPS 和负载平衡的环境中,需要更新 DNS,以便证书的完全限定域名 (FQDN) 解析为运行 Office Online Server 的服务器的 IP 地址或分配给 Office Online Server 服务器场的负载平衡器的 IP 地址。In environments that use HTTPS and load balancing, you have to update DNS so that the fully qualified domain name (FQDN) of the certificate resolves to either the IP address of the server that runs Office Online Server or to the IP address assigned to the load balancer for the Office Online Server farm.

规划 Office Online Server 的语言包Planning language packs for Office Online Server

Office Online Server 语言包使用户能够从 SharePoint Server 文档库、Outlook Web App(作为附件预览)和 Skype for Business Server(作为 PowerPoint 广播)中以多种语言查看基于 Web 的 Office 文件。不过,这取决于主机上配置的语言。若要从主机中以多种语言查看基于 Web 的 Office 文件,必须符合以下条件:Office Online Server Language Packs enable users to view web-based Office files in multiple languages from SharePoint Server document libraries, Outlook Web App (as attachment previews), and Skype for Business Server (as PowerPoint broadcasts). But, this depends on the languages that are configured on the host. To view web-based Office files from hosts in multiple languages, you must have the following in place:

  • 主机(例如 SharePoint Server 或 Exchange Server)配置为以其他语言运行应用程序。在主机上安装和配置语言包的过程独立于在 Office Online Server 场上安装语言包的过程。The host (such as SharePoint Server or Exchange Server) is configured to run applications in additional languages. The process of installing and configuring language packs on the host is independent of installing a language pack on the Office Online Server farm.

  • 安装了语言并且可在 Office Online Server 服务器场中的所有服务器上使用这些语言。The languages are installed and are available on all servers in the Office Online Server farm.

在以下位置可以 下载 Office Web Apps Server 语言包Here's where to download the language packs for Office Web Apps Server.

Office Online Server 的拓扑规划Topology planning for Office Online Server

Office Online Server 拓扑至少会包含一个运行 Office Online Server 的物理或虚拟机,和至少一台主机(例如,运行 Exchange Server 或 SharePoint Server 的服务器)。当然,将需要一台客户端 PC 或者设备连接到其中一台主机并使用该功能。从该最小拓扑中,可以根据需要向 Office Online Server 场添加更多主机和更多服务器,以满足组织的需要。At a minimum, an Office Online Server topology will include one physical or virtual machine running Office Online Server, and at least one host (for example, a server running Exchange Server or SharePoint Server). And of course, you'll need a client PC or device to connect to one of the hosts and use the functionality. From that minimal topology, you can add more hosts and more servers to your Office Online Server farm as required to suit the needs of your organization.

以下是 Office Online Server 拓扑变得更为复杂时您应该考虑的建议。The following is a list of recommendations that you should keep in mind as your Office Online Server topology gets more complex.

  • 规划以实现冗余。 如果使用虚拟机,请确保将它们置于不同的虚拟机主机上以实现冗余。Plan for redundancy. If you use virtual machines, make sure you put them on separate virtual machine hosts for redundancy.

  • 坚持使用一个数据中心。 Office Online Server 场中的服务器必须在同一个数据中心。不要异地分布它们。通常,您只需要一个服务器场,除非您的安全需求要求具有自己的 Office Online Server 场的隔离网络。Stick to one data center. Servers in an Office Online Server farm must be in the same data center. Don't distribute them geographically. Generally you need only one farm, unless you have security needs that require an isolated network that has its own Office Online Server farm.

  • 主机越靠近越好。 Office Online Server 场并不一定要像其服务的主机一样必须在同一个数据中心,但是对于繁重的编辑使用,我们建议您将 Office Online Server 场尽量靠近主机。这对于主要使用 Office Online 查看 Office 文件的组织来说不是很重要。The closer the hosts, the better. The Office Online Server farm doesn't have to be in the same data center as the hosts it serves, but for heavy editing usage, we recommend you put the Office Online Server farm as close to the hosts as possible. This is less important for organizations that use Office Online primarily for viewing Office files.

  • 规划您的连接。 Office Online Server 场中的所有服务器仅相互连接。要将它们连接到更广的网络,可以通过反向代理负载平衡器防火墙实现。Plan your connections. Connect all servers in the Office Online Server farm only to one another. To connect them to a broader network, do so through a reverse proxy load balancer firewall.

  • 为 HTTP 或 HTTPS 请求配置防火墙。 确保防火墙允许服务器运行 Office Online Server,以将 HTTP 或 HTTPS 请求初始化到主机。Configure the firewall for HTTP or HTTPS requests. Make sure the firewall allows servers running Office Online Server to initiate HTTP or HTTPS requests to hosts.

  • 规划传入和传出通信。 在面向 Internet 的部署中,通过 NAT 设备,路由所有传出的通信。在多服务器场中,使用负载平衡器处理所有传入通信。Plan for incoming and outgoing communications. In an Internet-facing deployment, route all outgoing communications through a NAT device. In a multi-server farm, handle all incoming communications with a load balancer.

  • 确保 Office Online Server 场中的所有服务器都加入到一个域中,成为同一组织单位 (OU) 的一部分。在 New-OfficeWebAppsFarm cmdlet 中使用 FarmOU 参数可阻止非此 OU 中的其他服务器加入到场中。Make sure all servers in the Office Online Server farm are joined to a domain and are part of the same organizational unit (OU). Use the FarmOU parameter in the New-OfficeWebAppsFarm cmdlet to prevent other servers that are not in this OU from joining the farm.

  • 对所有传入请求使用安全超文本传输协议 (HTTPS)。Use Hypertext Transfer Protocol Secure (HTTPS) for all incoming requests.

  • 如果网络中已经部署了 IPsec,则可以使用它在服务器之间加密流量。If you have IPsec deployed in the network, use it to encrypt traffic among the servers.

  • 规划使用 Internet 的 Office 功能。 如果需要剪贴画和翻译服务等功能,且场中的服务器无法向 Internet 发出请求,则必须为 Office Online Server 场配置代理服务器。这将允许向外部站点发出 HTTP 请求。Plan for Office features that use the Internet. If features such as clip art and translation services are needed, and the servers in the farm can't initiate requests to the Internet, you'll need to configure a proxy server for the Office Online Server farm. This will allow HTTP requests to external sites.

规划 Excel Online 的外部数据连接Plan Excel Online external data connectivity

Excel Online 包含类似于在 SharePoint Server 2013 中的 Excel Services 上发现的外部数据连接和数据刷新功能。Excel Services 已经从 SharePoint Server 2016 中的 SharePoint 中删除 - 使用 Excel Online 代替。Excel Online includes external data connectivity and data refresh features similar to those found in Excel Services in SharePoint Server 2013. Excel Services has been removed from SharePoint in SharePoint Server 2016 - you use Excel Online instead.

嵌入数据连接的数据刷新适用于标准的 Office Online Server 安装。但是,更多的高级功能包括 Office 数据连接 (ODC) 文件支持和 IT 管理仪表板(SharePoint 中 SQL Server Power Pivot 一部分)要求 Office Online Server 和 SharePoint Server 2016 之间的服务器到服务器身份验证Data refresh for embedded data connections works with a standard Office Online Server installation. However, more advanced features, including Office Data Connection (ODC) file support and the IT Management Dashboard (part of SQL Server Power Pivot for SharePoint) require that you configure server-to-server authentication between Office Online Server and SharePoint Server 2016.

Office Online Server 的安全规划Security planning for Office Online Server

下面的信息介绍 Office Online Server 的安全指南。The following information introduces security guidance for Office Online Server.

使用 HTTPS 保护 Office Online Server 通信。Securing Office Online Server communications by using HTTPS

Office Online Server 可以使用 HTTPS 协议与 SharePoint Server、Skype for Business Server 和 Exchange Server 通信。在生产环境中,强烈建议使用 HTTPS。您必须安装可分配给运行 Office Online Server 的服务器(如果使用单台服务器)或负载平衡器(如果使用多台运行 Office Online Server 的服务器)的 Internet 服务器证书。Office Online Server can communicate with SharePoint Server, Skype for Business Server, and Exchange Server by using the HTTPS protocol. In production environments, we strongly recommend that you use HTTPS. You'll have to install an Internet Server certificate that can be assigned to the server that runs Office Online Server (if you are using a single server) or to the load balancer (if you are using multiple servers that run Office Online Server).

在不包含用户数据的测试环境中,可以对 SharePoint Server 和 Exchange Server 使用 HTTP 并跳过证书要求。Skype for Business Server 仅支持 HTTPS。In test environments that contain no user data, you can use HTTP for SharePoint Server and Exchange Server and skip the certificate requirement. Skype for Business Server supports only HTTPS.

Office Online Server 使用的证书需要符合下列要求:Certificates used by Office Online Server need to meet the following requirements:

  • 证书必须来自受信任的证书颁发机构,并且在"SAN"(使用者可选名称)字段中包括您的 Office Online Server 场的完全限定域名 (FQDN)。(如果 FQDN 不在"SAN"中,则当您尝试使用证书时,浏览器将显示安全警告或不处理响应。)The certificate must come from a trusted Certificate Authority and include the fully qualified domain name (FQDN) of your Office Online Server farm in the SAN (Subject Alternative Name) field. (If the FQDN is not in the SAN when you try to use the certificate, the browser will either show security warnings or won't process the response.)

  • 证书必须具有可导出的私钥。默认情况下,在单服务器场中使用 Internet Information Services (IIS) 管理器管理单元导入证书时,会选择此选项。The certificate must have an exportable private key. On single-server farms, this option is selected by default when you use the Internet Information Services (IIS) Manager snap-in to import the certificate.

  • "友好名称"字段在受信任根证书颁发机构存储中必须是唯一的。如果多个证书共享一个"友好名称"字段,创建服务器场将失败,因为 New-OfficeWebAppsFarm cmdlet 将不知道使用其中哪个证书。The Friendly name field must be unique within the Trusted Root Certificate Authorities store. If you have multiple certificates that share a Friendly Name field, farm creation will fail because the New-OfficeWebAppsFarm cmdlet won't know which of those certificates to use.

  • Office Online Server 不需要任何特殊证书属性或扩展。例如,不需要客户端增强型密钥使用 (EKU) 扩展或服务器 EKU 扩展。Office Online Server doesn't require any special certificate properties or extensions. For example, Client Enhanced Key Usage (EKU) extensions or Server EKU extensions are not required.

  • 必须在 Windows Server 上安装"允许 HTTP 激活"Windows Communication Foundation (WCF) 功能。You must install the "Allow HTTP Activation" Windows Communication Foundation (WCF) feature on Windows Server.

必须按如下方式导入证书:The certificate must be imported as follows:

  • 对于单服务器场 必须在运行 Office Online Server 的服务器上直接导入证书。不要手动绑定证书。您稍后运行的 New-OfficeWebAppsFarm cmdlet 将为您执行此操作。如果手动绑定证书,则服务器每次重启时都会删除该证书。For single-server farms You must import the certificate directly on the server that runs Office Online Server. Don't bind the certificate manually. The New-OfficeWebAppsFarm cmdlet you run later will do this for you. If you bind the certificate manually, it'll be deleted every time the server restarts.

  • 对于负载平衡场 如果卸载 SSL,则必须在硬件负载平衡器上导入证书。如果不卸载 SSL,则必须在 Office Online Server 场中的每个服务器上安装证书。For load-balanced farms If you're offloading SSL, the certificate must be imported on the hardware load balancer. If you're not offloading SSL, you'll need to install the certificate on each server in the Office Online Server farm.

备注

否则不要使用自签名证书,不重要的测试环境除外。Don't use self-signed certificates except in non-critical test environments.

对硬件负载平衡器使用 SSL 卸载Using SSL offloading for hardware load balancers

当设置新的 Office Online Server 场时,默认情况下 SSL 卸载设置为"关闭"。如果您正在使用硬件负载平衡器,我们建议您将 SSL 卸载设置为"打开",以便场中每个 Office Online Server 可以使用 HTTP 与负载平衡器进行通信。将 SSL 卸载设置为"打开"还会提供以下好处:When you set up a new Office Online Server farm, SSL offloading is set to Off by default. If you're using a hardware load balancer, we recommend you set SSL offloading to On so that each Office Online Server in the farm can communicate with the load balancer by using HTTP. Setting SSL offloading to On also provides the following advantages:

  • 简化证书管理Simplified certificates management

  • 提高软相关性Improved soft affinity

  • 改善性能Improved performance

备注

使用 HTTP 时,从负载平衡器到运行 Office Online Server 的服务器的通信不加密,因此你需要确保网络本身是安全的。使用专用子网可帮助保护通信。When you use HTTP, traffic from the load balancer to the servers that run Office Online Server isn't encrypted, so you need to make sure the network itself is secure. Use of a private subnet can help protect traffic.

根据 OU 成员身份限制哪些服务器可以加入 Office Online Server 服务器场Restrict which servers can join an Office Online Server farm based on OU membership

您可以阻止未经授权的服务器加入 Office Online Server 场,方法是为这些服务器创建组织单元,然后在创建服务器场时指定 FarmOU 参数。有关 FarmOU 参数的详细信息,请参阅 New-OfficeWebAppsFarmYou can prevent unauthorized servers from joining an Office Online Server farm by creating an organizational unit for those servers and then specifying the FarmOU parameter when you create the farm. For more information about the FarmOU parameter, see New-OfficeWebAppsFarm.

使用允许列表限制 Office Online Server 的主机访问Limit host access for Office Online Server by using the Allow List

允许列表是阻止不需要的主机未经您的同意连接到 Office Online Server 场并使用它执行文件操作的安全功能。通过将包含已批准主机的域添加到允许列表中,您可以限制为 Office Online Server 允许其执行文件操作请求(例如文件检索、元数据检索和文件更改)的主机。The Allow List is a security feature that prevents unwanted hosts from connecting to an Office Online Server farm and using it for file operations without your consent. By adding the domains that contain approved hosts to the Allow List, you can limit the hosts to which Office Online Server allows file operations requests, such as file retrieval, metadata retrieval, and file changes.

您可以在创建 Office Online Server 场后将域添加到允许列表中。请参阅 New-OfficeWebAppsHost,了解如何将域添加到允许列表中。You can add domains to the Allow List after you've created the Office Online Server farm. To learn how to add domains to the Allow List, see New-OfficeWebAppsHost.

重要

如果您没有将域添加到允许列表中,则 Office Online Server 允许对任何域中的主机的文件请求。如果您的 Office Online Server 服务器场可从 Internet 访问,请不要将此列表留空。否则,任何人均可使用您的 Office Online Server 服务器场来查看和编辑内容。If you do not add domains to the Allow List, Office Online Server allows file requests to hosts in any domain. Don't leave this list blank if your Office Online Server farm can be accessed from the Internet. Otherwise, anyone can use your Office Online Server farm to view and edit content.

规划 Office Online Server 的联机查看器Planning for Online Viewers with Office Online Server

默认情况下,在安装 Office Online Server 后会启用联机查看器功能。如果您计划在组织中使用联机查看器,请查看以下指南。在有些情况下,您可能希望禁用联机查看器中的一些功能。这些指南提到了通过使用 Microsoft PowerShell cmdlet New-OfficeWebAppsFarmSet-OfficeWebAppsFarm 设置的参数。By default, Online Viewers functionality is enabled after you install Office Online Server. Review the following guidelines if you're planning to use Online Viewers in your organization. In some cases, you might want to disable some features within Online Viewers. These guidelines refer to parameters that are set by using the Microsoft PowerShell cmdlets New-OfficeWebAppsFarm and Set-OfficeWebAppsFarm.

联机查看器的安全注意事项Security considerations for Online Viewers

打算使用联机查看器通过 Web 浏览器查看的文件必须不需要身份验证。换句话说,文件必须可公开使用,因为联机查看器在检索文件时无法执行身份验证。强烈建议用于联机查看器的 Office Online Server 场仅能够访问 Intranet 或 Internet,而不是同时能够访问这两者。这是因为 Office Online Server 不区分对 Intranet 和 Internet URL 的请求。例如,如果对 Intranet URL 的请求来自 Internet,在将内部文档提供给 Internet 上的某人时,可能会出现安全漏洞。Files that are intended to be viewed through a web browser by using Online Viewers must not require authentication. In other words, the files must be available publicly because Online Viewers can't perform authentication when it is retrieving files. We strongly recommend that the Office Online Server farm that you use for Online Viewers is only able to access either the intranet or the Internet, but not both. This is because Office Online Server doesn't differentiate between requests for intranet and Internet URLs. Somebody on the Internet could request an intranet URL, for example, causing a security leak if an internal document is viewed.

出于相同原因,如果您将 Office Online Server 设置为仅连接到 Internet,强烈建议禁用联机查看器中的 UNC 支持。若要禁用 UNC 支持,请使用 Microsoft PowerShell cmdlet New-OfficeWebAppsFarm(对于新服务器场)或 Set-OfficeWebAppsFarm(对于现有服务器场)将 OpenFromUncEnabled 参数设置为 False。For the same reason, if you have set up the Office Online Server to connect only to the Internet, we strongly recommend that you disable UNC support in Online Viewers. To disable UNC support, set the OpenFromUncEnabled parameter to False by using the Microsoft PowerShell cmdlets New-OfficeWebAppsFarm (for new farms) or Set-OfficeWebAppsFarm (for existing farms).

作为附加安全预防措施,可以将联机查看器限制为查看不超过 10 MB 的 Office 文件。As an additional security precaution, Online Viewers are limited to viewing Office files that are 10 MB or less.

联机查看器的配置选项Configuration options for Online Viewers

您可以通过在 New-OfficeWebAppsFarm(对于新服务器场)或 Set-OfficeWebAppsFarm(对于现有服务器场)中使用以下 Microsoft PowerShell 参数来配置联机查看器。You can configure Online Viewers by using the following Microsoft PowerShell parameters in New-OfficeWebAppsFarm (for new farms) or Set-OfficeWebAppsFarm (for existing farms).

  • OpenFromUrlEnabled 启用或禁用联机查看器。此参数控制具有 URL 和 UNC 路径的文件的联机查看器。默认情况下,在创建新的 Office Online Server 场时,此参数设置为 False(禁用)。OpenFromUrlEnabled Turns the Online Viewers on or off. This parameter controls Online Viewers for files that have URL and UNC paths. By default, this parameter is set to False (disabled) when you create a new Office Online Server farm.

  • OpenFromUncEnabled 当启用联机查看器(通过使用 OpenFromUrlEnabled 设置为 True)时,此参数可启用或禁用联机查看器显示 UNC 路径中的文件的功能。默认情况下,此参数设置为 True,但请确保 OpenFromUrlEnabled 也设置为 True,这样才能允许从 UNC 路径打开文件。正如前面所述,如果您将 Office Online Server 设置为连接到 Internet,则建议将此参数设置为 False。OpenFromUncEnabled When Online Viewers are turned on (set to True by using OpenFromUrlEnabled), this parameter turns on or off the ability for Online Viewers to display files in UNC paths. By default, this parameter is set to True, but make sure OpenFromUrlEnabled is also set to True before you enable opening files from UNC paths. As described earlier, we recommend you set this parameter to False if you have set up Office Online Server to connect to the Internet.

  • OpenFromUrlThrottlingEnabled 限制在一定时段内来自任何给定服务器的"从 URL 打开文件"请求的次数。默认限制值不可配置,它可确保 Office Online Server 场不会因发送在联机查看器中查看内容的请求而使单台服务器不堪重负。OpenFromUrlThrottlingEnabled Throttles the number of "open from URL" requests from any given server in a time period. The default throttling values, which are not configurable, make sure that an Office Online Server farm does not overwhelm a single server by sending requests for content to be viewed in the Online Viewers.

规划 Office Online Server 的更新Planning updates for Office Online Server

部署 Office Online Server 之前,必须决定您的组织将如何管理 Office Online Server 场的软件更新。虽然软件更新可帮助提高服务器安全性、性能和可靠性,但是不正确的更新安装会导致 Office Online Server 出现问题。Before deploying Office Online Server, you need to decide how your organization will manage software updates to your Office Online Server farm. Although software updates help improve server security, performance, and reliability, installing updates incorrectly can cause issues with the Office Online Server.

Office Online Server 不支持使用 Microsoft 自动更新过程应用 Office Online Server 更新。对 Office Online Server 的更新必须以特定方式应用,如 将软件更新应用到 Office Online Server 中所述。如果自动应用 Office Online Server 更新,则用户可能无法在 Office Online 中查看或编辑文档。如果出现这种情况,必须重新构建 Office Online Server 场。Applying Office Online Server updates by using the Microsoft automatic updates process isn't supported with Office Online Server. Updates to an Office Online Server must be applied in a specific way, as described in Apply software updates to Office Online Server. If Office Online Server updates are applied automatically, users might be unable to view or edit documents in Office Online. If this happens, you have to rebuild your Office Online Server farm.

建议使用 Windows ServerWindows Server 更新服务 (WSUS) 或 System Center配置管理器(使用 WSUS)来管理更新程序。通过 WSUS,可以全权管理通过 Microsoft 更新针对 Office Online Server 场中各服务器发布的更新程序的分发情况。使用 WSUS,可以决定哪些更新程序可自动应用于服务器场,哪些更新程序(如 Office Online Server 更新程序)必须手动应用。有关 WSUS 的详细信息,请参阅 Windows Server 更新服务We recommend that you manage updates by using Windows Server Update Services (WSUS) or by using System Center Configuration Manager, which uses WSUS. WSUS allows you to fully manage the distribution of updates that are released through Microsoft Update for each server in the Office Online Server farm. By using WSUS, you can decide which updates can be automatically applied to the server farm and which updates, such as Office Online Server updates, have to be manually applied. For more information about WSUS, see Windows Server Update Services.

如果不使用 WSUS 或 System Center Configuration Manager,请将 Office Online Server 场中每个服务器上的 Microsoft 自动更新设置为“自动下载但通知用户安装”****。收到 Office Online Server 更新通知时,请按照向 Office Online Server 应用软件更新中的步骤操作。若要应用 Windows 更新并确保服务器安全性,请在收到更新可用通知时接受 Windows 更新。If you do not use WSUS or System Center Configuration Manager, set Microsoft automatic updates on each server in the Office Online Server farm to Automatically download but notify user for install. When you're notified of an Office Online Server update, follow the steps in Apply software updates to Office Online Server. To have Windows updates applied and keep your servers secure, accept the Windows updates when you're notified that updates are available.

2018 年更新中的 ULS 日志更改ULS Logs Changes from 2018 Update

在 Office Online Server 的 2018 年更新中,将会看到对 ULS 日志的格式稍作更改,详细信息如下:The 2018 update of Office Online Server will see a few changes on the format of ULS logs, detailed below:

Column 更改内容Changes
TimestampUtcTimestampUtc
  • 日期格式发生了更改:从 MM/dd/yyyy 更改为 yyyy-MM-dd,以使排序更加自然Date format changed for MM/dd/yyyy to yyyy-MM-dd to make sorting more natural
  • 时间现在始终以 UTC 写入Time is now always written in UTC
  • 列名称从 Timestamp 更改为 TimestampUtcColumn name changed from Timestamp to TimestampUtc
  • Timestamps 不再有指示延续性的尾随“ ”或“*”(请参阅以下消息列)Timestamps no longer have a trailing ' ' or '*' indicating continuations (see Message column below)
进程Process
  • 进程名称不再被截断为 32 个字符Process name is no longer truncated to 32 characters
  • ProxyTraceTag 不再追加发送了设置了代理的跟踪的进程 IDProxyTraceTag no longer appends the process ID that sent the proxied trace
  • IIS W3WP 进程获取追加的 AppPool ID。例如:w3wp.exe#StatusViewer-status-MSOSP80 (0x631C)IIS W3WP processes get the AppPool ID appended. Ex: w3wp.exe#StatusViewer-status-MSOSP80 (0x631C)
ThreadIdThreadId
  • 列名称从 TID 更改为 ThreadIdColumn name changed from TID to ThreadId
区域Area
  • 区域不再被截断为 32 个字符Area is no longer truncated to 32 characters
类别Category
  • 类别不再被截断为 32 个字符Category is no longer truncated to 32 characters
事件 IDEventId
  • 列名称从 EventID 更改为 EventIdColumn name changed from EventID to EventId
级别Level (无更改)(no changes)
消息Message
  • 消息长度已经从 800 个字符扩展到 31000 个字符的大小Message length has been expanded from 800 to 31000 characters in size
  • 超过 31000 个字符的消息将被截断,不会在第二个消息中延续Messages over 31000 characters are truncated, not continued in a second message
  • 因为消息不会延续,所以没有“...”Since messages don't continue, there are no '...'s
相关性Correlation
  • 相关性使用新堆栈,可相应地推送/弹出/快速查看Correlations use a new stack that pushes/pops/peeks appropriately
  • 相关性堆栈不再具有 32 个字符的最大长度Correlation Stack no longer has a max depth of 32
  • 相关性可跨线程和跨 AppDomain 边界跟进任务Correlations can follow Tasks across threads, and cross AppDomain boundaries

另请参阅See also

Office Online Server 概述Office Online Server overview

部署 Office Online ServerDeploy Office Online Server