规划 Office Web Apps ServerPlan Office Web Apps Server

 

应用于: Office Web Apps ServerApplies to: Office Web Apps Server

摘要:介绍 Office Web Apps Server 要求和先决条件,包括 HTTPS、证书、虚拟化、负载平衡、拓扑和安全性。Summary: Describes Office Web Apps Server requirements and prerequisites, including HTTPS, certificates, virtualization, load balancing, topologies, and security.

目标用户: IT 专业人员Audience: IT Professionals

Office Web Apps Server 在本地环境中提供基于浏览器版本的 Office 应用程序,从而为用户提供了更大的灵活性和协作机会。Office Web Apps Server delivers browser-based versions of Office apps in an on-premises environment, giving users more flexibility and collaboration opportunities. 本文介绍了在组织中安装 Office Web Apps Server 时需要执行的要求和步骤。This article describes the requirements and steps you need to take to install Office Web Apps Server in your organization.

仔细规划以便所有主机(如 SharePoint 2013 和 Lync Server 2013)都可以与 Office Web Apps Server 进行通信,这一点非常重要。It’s important to carefully plan so that all hosts, such as SharePoint 2013 and Lync Server 2013, can communicate with the Office Web Apps Server. 有关配置主机的其他指南,请参阅以下资源:For additional guidance about configuring hosts, see the following resources:

备注

SharePoint 2010 产品不能是 Office Web Apps Server 的主机。SharePoint 2010 Products can’t be a host for Office Web Apps Server. SharePoint Foundation 2010 或 SharePoint Server 2010 不支持 Office Web Apps Server。Office Web Apps Server isn’t supported by SharePoint Foundation 2010 or SharePoint Server 2010. Exchange Server 2013 也不支持 Office Web Apps Server。Office Web Apps Server also isn't supported by Exchange Server 2013.

本文内容:In this article:

  • Office Web Apps Server 的软件、硬件和配置要求Software, hardware, and configuration requirements for Office Web Apps Server

  • 对虚拟化 Office Web Apps Server 的支持Support for virtualizing Office Web Apps Server

  • Office Web Apps Server 的防火墙要求Firewall requirements for Office Web Apps Server

  • Office Web Apps Server 的负载平衡器要求Load balancer requirements for Office Web Apps Server

  • Office Web Apps Server 的 DNS 要求DNS requirements for Office Web Apps Server

  • 规划 Office Web Apps Server 的语言包Planning language packs for Office Web Apps Server

  • Office Web Apps Server 的拓扑规划Topology planning for Office Web Apps Server

  • Office Web Apps Server 的安全性规划Security planning for Office Web Apps Server

  • 规划 Office Web Apps Server 的联机查看器Planning for Online Viewers with Office Web Apps Server

  • 规划 Office Web Apps Server 的更新Planning updates for Office Web Apps Server

Office Web Apps Server 的软件、硬件和配置要求Software, hardware, and configuration requirements for Office Web Apps Server

您可以将 Office Web Apps Server 安装为单个服务器 Office Web Apps Server 场,也可以将其作为多服务器、负载平衡的 Office Web Apps Server 服务器场安装。You can install Office Web Apps Server as a single-server Office Web Apps Server farm, or as a multi-server, load-balanced Office Web Apps Server farm. 您可以使用物理服务器或虚拟机实例,但不能在 Office Web Apps Server 所在的同一台服务器上安装其他服务器应用程序(如 SharePoint 2013 或 SQL Server)。You can use physical servers or virtual machine instances, but you can’t install other server applications (such as SharePoint 2013 or SQL Server) on the same server as Office Web Apps Server.

在包含实际用户数据的环境中,我们始终建议您使用 HTTPS,您必须获取 HTTPS 证书。 如果在服务器场中使用多台服务器,您将必须配置硬件或软件负载平衡解决方案。 您可以在以下各节中了解有关这些方案的详细信息。In environments that contain actual user data, we always recommend that you use HTTPS, for which you’ll have to obtain a certificate. If you’re using multiple servers in your farm, you’ll have to configure a hardware or software load-balancing solution. You can learn more about these scenarios in the following sections.

Office Web Apps Server 的硬件要求Hardware requirements for Office Web Apps Server

Office Web Apps Server 使用与 SharePoint Server 2013 相同的最低硬件要求。Office Web Apps Server uses the same minimum hardware requirements as SharePoint Server 2013. 您可以在硬件要求(web 服务器、应用程序服务器和单台服务器安装)中找到完整的 SharePoint 2013 要求集。You can find the full set of SharePoint 2013 requirements in Hardware requirements—web servers, application servers, and single server installations.

Office Web Apps Server 支持的操作系统Supported operating systems for Office Web Apps Server

您可以在以下操作系统上运行 Office Web Apps Server:You can run Office Web Apps Server on the following operating systems:

  • 安装了Windows server 2008 r2 X64 Edition 更新的 windows Server 2008 R2 Service Pack 1 (SP1) Standard、Enterprise 或 Datacenter 的64位版本The 64-bit edition of Windows Server 2008 R2 Service Pack 1 (SP1) Standard, Enterprise, or Datacenter with the Update for Windows Server 2008 R2 x64 Edition installed

  • Windows Server 2012 Standard 或 Datacenter 的64位版本The 64-bit edition of Windows Server 2012 Standard or Datacenter

  • 64位版本的 Windows Server 2012 R2。The 64-bit edition of Windows Server 2012 R2. 若要使用此操作系统,则必须使用 Office Web Apps Server Service Pack 1 (SP1)。To use this operating system, you must use Office Web Apps Server Service Pack 1 (SP1).

Office Web Apps Server 的域要求Domain requirements for Office Web Apps Server

Office Web Apps Server 服务器场中的所有服务器都必须是域的一部分。All servers in the Office Web Apps Server farm must be part of a domain. 它们可以在同一个域(推荐)中或位于同一个林中的不同域中。They can be in the same domain (recommended) or in domains that are in the same forest. 但是,如果您尝试在域控制器上安装 Office Web Apps Server,则该服务器将不起作用。However, Office Web Apps Server won’t work if you try to install it on a domain controller.

Office Web Apps Server 需要的服务器角色、服务及其他软件Server roles, services, and other software required for Office Web Apps Server

首先,以下是部署 Office Web Apps Server 时不应执行的一些操作。First, here are a few things you should NOT do when deploying Office Web Apps Server.

  • 请勿在运行 Office Web Apps server 的服务器上安装任何其他服务器应用程序Don’t install any other server applications on the server that’s running Office Web Apps Server. 这包括 Exchange Server、SharePoint Server、Lync Server 和 SQL Server。This includes Exchange Server, SharePoint Server, Lync Server, and SQL Server. 如果你的服务器不足,请考虑在你拥有的一台服务器上的虚拟机实例中运行 Office Web Apps Server。If you have a shortage of servers, consider running Office Web Apps Server in a virtual machine instance on one of the servers you have.

  • 不要在端口80、443或809上安装依赖 Web 服务器(IIS)角色的任何服务或角色,因为 Office Web Apps Server 会定期删除这些端口上的 web 应用程序。Don’t install any services or roles that depend on the Web Server (IIS) role on port 80, 443, or 809 because Office Web Apps Server periodically removes web applications on these ports.

  • 不要安装任何版本的 OfficeDon’t install any version of Office. 如果已安装,则需要先卸载它,然后再安装 Office Web Apps Server。If it’s already installed, you’ll need to uninstall it before you install Office Web Apps Server.

  • 不要在域控制器上安装 Office Web Apps ServerDon’t install Office Web Apps Server on a domain controller. 它不会在包含 Active Directory 域服务 (AD DS) 的服务器上运行。It won’t run on a server with Active Directory Domain Services (AD DS).

下面是您需要安装的项。Now for the items you DO need to install. 有关详细信息,请参阅下表。See the following table for details.

重要

Office Web Apps Server 仅可从批量许可服务中心(VLSC)下载。Office Web Apps Server is only available for download from the Volume Licensing Service Center (VLSC). 要下载 Office Web Apps Server,必须具有 Office 专业增强版 2013、Office 标准版 2013 或 Office for Mac 2011 许可证(批量许可协议下)。To download Office Web Apps Server you must have a license, under a Volume Licensing agreement, for Office Professional Plus 2013, Office Standard 2013, or Office for Mac 2011. 下载位于 VLSC 门户的这些 Office 产品下。The download is located under those Office products on the VLSC portal.

Office Web Apps Server 需要的下载、服务器角色和功能Downloads, server roles, and features that are required for Office Web Apps Server

下载、服务器角色或功能Download, server role, or feature 如果在 Windows Server 2008 R2 上安装If you’re installing on Windows Server 2008 R2 如果在 Windows Server 2012 上安装If you’re installing on Windows Server 2012 如果在 Windows Server 2012 R2 上安装If you’re installing on Windows Server 2012 R2

下载:Office Web Apps ServerDownload: Office Web Apps Server

Office Web Apps ServerOffice Web Apps Server

Office Web Apps ServerOffice Web Apps Server

Office Web Apps ServerOffice Web Apps Server

下载:Office Web Apps Server SP1Download: Office Web Apps Server SP1

建议Recommended

建议Recommended

Office Web Apps Server SP1Office Web Apps Server SP1

下载:.NET Framework 的正确版本Download: Correct version of .NET Framework

.NET Framework 4.5.NET Framework 4.5

已安装 .NET framework 4.5.NET framework 4.5 is already installed

.NET Framework 4.5.2.NET Framework 4.5.2

下载:Windows Server 2008 R2 x64 Edition 更新Download: Update for Windows Server 2008 R2 x64 Edition

Windows Server 2008 R2 x64 Edition 更新Update for Windows Server 2008 R2 x64 Edition

不适用Not applicable

不适用Not applicable

下载:Windows PowerShell 3。0Download: Windows PowerShell 3.0

Windows PowerShell 3.0Windows PowerShell 3.0

已安装Already installed

已安装Already installed

服务器角色:Web 服务器(IIS)Server role: Web Server (IIS)

以下是 Web 服务器 (IIS) 服务器角色所需的最少角色服务。Here are the minimum role services required for the Web Server (IIS) server role.

常见的 HTTP 功能Common HTTP Features

  • 静态内容Static Content

  • 默认文档Default Document

应用程序开发Application Development

  • ASP.NETASP.NET

  • .NET 扩展性.NET Extensibility

  • ISAPI 扩展ISAPI Extensions

  • ISAPI 筛选器ISAPI Filters

  • 服务器端包括Server Side Includes

安全性Security

  • Windows 身份验证Windows Authentication

  • 请求筛选Request Filtering

管理工具Management Tools

  • IIS 管理控制台IIS Management Console

推荐以下选项,但它们不是必需的:The following options are recommended but not required:

性能Performance

  • 静态内容压缩Static Content Compression

  • 动态内容压缩Dynamic Content Compression

以下是 Web 服务器 (IIS) 服务器角色所需的最少角色服务。Here are the minimum role services required for the Web Server (IIS) server role.

管理工具Management Tools

  • IIS 管理控制台IIS Management Console

Web 服务器Web Server

  • 常见的 HTTP 功能Common HTTP Features

  • 默认文档Default Document

  • 静态内容Static Content

安全性Security

  • 请求筛选Request Filtering

  • Windows 身份验证Windows Authentication

应用程序开发Application Development

  • .NET Extensibility 4.5.NET Extensibility 4.5

  • ASP.NET 4。5ASP.NET 4.5

  • ISAPI 扩展ISAPI Extensions

  • ISAPI 筛选器ISAPI Filters

  • 服务器端包括Server Side Includes

推荐以下服务,但它们不是必需的:The following services are recommended but not required:

性能Performance

  • 静态内容压缩Static Content Compression

  • 动态内容压缩Dynamic Content Compression

以下是 Web 服务器 (IIS) 服务器角色所需的最少角色服务。Here are the minimum role services required for the Web Server (IIS) server role.

管理工具Management Tools

  • IIS 管理控制台IIS Management Console

Web 服务器Web Server

  • 常见的 HTTP 功能Common HTTP Features

  • 默认文档Default Document

  • 静态内容Static Content

安全性Security

  • 请求筛选Request Filtering

  • Windows 身份验证Windows Authentication

应用程序开发Application Development

  • .NET Extensibility 4.5.NET Extensibility 4.5

  • ASP.NET 4。5ASP.NET 4.5

  • ISAPI 扩展ISAPI Extensions

  • ISAPI 筛选器ISAPI Filters

  • 服务器端包括Server Side Includes

推荐以下服务,但它们不是必需的:The following services are recommended but not required:

性能Performance

  • 静态内容压缩Static Content Compression

  • 动态内容压缩Dynamic Content Compression

功能:墨迹和手写服务Feature: Ink and Handwriting Services

墨迹和手写服务Ink and Handwriting Services

  • 墨迹支持Ink Support

墨迹和手写服务Ink and Handwriting Services

  • 墨迹支持不是必需的。Ink Support is not required.

墨迹和手写服务Ink and Handwriting Services

  • 墨迹支持不是必需的。Ink Support is not required.

对虚拟化 Office Web Apps Server 的支持Support for virtualizing Office Web Apps Server

Office Web Apps Server 在使用 Windows Server Hyper-v 技术进行部署时完全受支持。Office Web Apps Server is fully supported when you deploy it using Windows Server Hyper-V technology. 如果计划虚拟化 Office Web Apps Server,请遵循以下准则:If you plan to virtualize Office Web Apps Server, follow these guidelines:

  • 在其自己的虚拟机实例中安装 Office Web Apps Server。Install Office Web Apps Server in its own virtual machine instance. 请勿在此实例中安装任何其他服务器应用程序,如 SharePoint 2013。Don’t install any other server applications, such as SharePoint 2013, in this instance.

  • 可以在由运行 SharePoint 2013 的服务器托管的虚拟机实例中安装 Office Web Apps Server。It’s okay to install Office Web Apps Server in a virtual machine instance hosted by a server running SharePoint 2013.

  • 对于多服务器 Office Web Apps Server 场,每个实例都应位于单独的虚拟机主机上。For multi-server Office Web Apps Server farms, each instance should be on a separate virtual machine host. 这样一来,Office Web Apps Server 服务器场仍将在其中一个主机出现故障时可用。This way, the Office Web Apps Server farm will still be available if one of the hosts fails.

Office Web Apps Server 的防火墙要求Firewall requirements for Office Web Apps Server

防火墙可能会阻止 web 浏览器、运行 Office Web Apps Server 的服务器和运行 SharePoint 2013 的服务器之间的通信,从而导致出现问题。Firewalls can cause problems by blocking communication between the web browser, the servers that run Office Web Apps Server, and the servers that run SharePoint 2013. 当服务器在网络的不同部分时,这些问题可能会变得更复杂。These problems can be more complicated when the servers are in different parts of a network.

确保运行 Office Web Apps Server 或负载平衡器的服务器上的防火墙不会阻止以下端口:Make sure the following ports aren’t blocked by firewalls on either the server that runs Office Web Apps Server or the load balancer:

  • 用于 HTTPS 流量的端口 443Port 443 for HTTPS traffic

  • 用于 HTTP 流量的端口 80Port 80 for HTTP traffic

  • 端口809用于运行 Office Web Apps Server 的服务器之间的专用通信(如果您正在设置多服务器场)Port 809 for private traffic between the servers that run Office Web Apps Server (if you’re setting up a multi-server farm)

Office Web Apps Server 的负载平衡器要求Load balancer requirements for Office Web Apps Server

当您在两台或多台服务器上运行 Office Web Apps Server 时,我们建议使用负载平衡解决方案。We recommend a load balancing solution when you run Office Web Apps Server on two or more servers. 几乎可以使用任何负载平衡解决方案,包括运行 Web 服务器 (IIS) 角色(用于运行应用程序请求路由 (ARR))的服务器。Just about any load balancing solution will work, including a server that runs the Web Server (IIS) role running Application Request Routing (ARR). 事实上,可以在运行 Office Web Apps Server 的一台服务器上运行 ARR。In fact, you can run ARR on one of the servers that runs Office Web Apps Server. 如果没有负载平衡解决方案,请参考以下有关将 IIS 与 ARR 一起使用的一些资源:If you don’t have a load balancing solution, take a look at these resources for using IIS with ARR:

理想情况下,尝试查找支持以下功能的负载平衡解决方案:Ideally, try to find a load balancing solution that supports the following features:

  • 第 7 层路由Layer 7 routing

  • 启用客户端相关性或前端相关性Enabling client affinity or front-end affinity

  • 启用 SSL 分流Enabling SSL offloading

如果您使用负载平衡器,则需要在负载平衡器上安装证书,如本文的使用 HTTPS 保护 Office Web Apps Server 通信一节所述。If you use a load balancer, you’ll need to install the certificate on the load balancer as described under Securing Office Web Apps Server communications by using HTTPS.

Office Web Apps Server 的 DNS 要求DNS requirements for Office Web Apps Server

在使用 HTTPS 和负载平衡的环境中,必须更新 DNS,以便将证书的完全限定域名(FQDN)解析为运行 Office Web Apps Server 的服务器的 IP 地址或分配给负载平衡器的 IP 地址。对于 Office Web Apps Server 服务器场。In environments that use HTTPS and load balancing, you have to update DNS so that the fully qualified domain name (FQDN) of the certificate resolves to either the IP address of the server that runs Office Web Apps Server or to the IP address assigned to the load balancer for the Office Web Apps Server farm.

规划 Office Web Apps Server 的语言包Planning language packs for Office Web Apps Server

Office Web Apps Server 2013 语言包使用户能够从 SharePoint 2013 文档库中以多种语言查看基于 Web 的 Office 文件、Outlook Web App (作为附件预览)和 Lync 2013 (作为 PowerPoint 广播)。Office Web Apps Server 2013 Language Packs enable users to view web-based Office files in multiple languages from SharePoint 2013 document libraries, Outlook Web App (as attachment previews), and Lync 2013 (as PowerPoint broadcasts). 不过,这取决于主机上配置的语言。But, this depends on the languages that are configured on the host. 若要从主机中以多种语言查看基于 Web 的 Office 文件,必须符合以下条件:To view web-based Office files from hosts in multiple languages, you must have the following in place:

  • 主机(如 SharePoint Server 2013 或 Lync Server 2013)配置为运行其他语言的应用程序。The host (such as SharePoint Server 2013 or Lync Server 2013) is configured to run applications in additional languages. 在主机上安装和配置语言包的过程独立于在 Office Web Apps Server 服务器场上安装语言包。The process of installing and configuring language packs on the host is independent of installing a language pack on the Office Web Apps Server farm.

  • 语言已安装并在 Office Web Apps Server 服务器场中的所有服务器上可用。The languages are installed and are available on all servers in the Office Web Apps Server farm.

下面是下载 Office Web Apps Server 的语言包的位置。Here’s where to download the language packs for Office Web Apps Server.

Office Web Apps Server 的拓扑规划Topology planning for Office Web Apps Server

Office Web Apps Server 拓扑至少包含一个运行 Office Web Apps Server 的物理计算机或虚拟机,以及至少一个主机(例如,运行 Lync Server 2013 或 SharePoint 2013 的服务器)。At a minimum, an Office Web Apps Server topology will include one physical or virtual machine running Office Web Apps Server, and at least one host (for example, a server running Lync Server 2013 or SharePoint 2013). 当然,你需要一个客户端电脑或设备来连接到其中一个主机,并使用 Office Web Apps 功能。And of course, you’ll need a client PC or device to connect to one of the hosts and use the Office Web Apps functionality. 根据您的组织的需要,您可以从最少的拓扑中向 Office Web Apps Server 服务器场添加更多的主机和更多的服务器。From that minimal topology, you can add more hosts and more servers to your Office Web Apps Server farm as required to suit the needs of your organization.

以下是您在 Office Web Apps Server 拓扑变得更复杂时应牢记的建议的列表。The following is a list of recommendations that you should keep in mind as your Office Web Apps Server topology gets more complex.

  • 规划冗余。Plan for redundancy. 如果您使用虚拟机实例,请确保将它们置于不同的虚拟机主机上以实现冗余。If you use virtual machine instances, make sure you put them on separate virtual machine hosts for redundancy. 如果主机上的其他实例运行服务器应用程序是正常的,则不会在与 Office Web Apps Server 相同的实例上运行其他服务器应用程序。It’s okay if other instances on the host run server applications—just don’t run other server applications on the same instance as Office Web Apps Server.

  • 坚持使用一个数据中心。Stick to one data center. Office Web Apps Server 服务器场中的服务器必须位于同一个数据中心。Servers in an Office Web Apps Server farm must be in the same data center. 不要异地分布它们。Don’t distribute them geographically. 通常只需要一个服务器场,除非您有需要具有自己的 Office Web Apps Server 服务器场的隔离网络的安全要求。Generally you need only one farm, unless you have security needs that require an isolated network that has its own Office Web Apps Server farm.

  • 主机越靠近越好。The closer the hosts, the better. Office Web Apps Server 服务器场不必与它所提供的主机位于同一数据中心,但为了进行大量编辑,我们建议您尽可能将 Office Web Apps Server 场放在尽可能接近的主机上。The Office Web Apps Server farm doesn’t have to be in the same data center as the hosts it serves, but for heavy editing usage, we recommend you put the Office Web Apps Server farm as close to the hosts as possible. 对于使用 Office Web 应用主要用于查看 Office 文件的组织而言,这一点并不重要。This is less important for organizations that use Office Web Apps primarily for viewing Office files.

  • 规划您的连接。Plan your connections. 仅将 Office Web Apps Server 服务器场中的所有服务器连接到另一台服务器。Connect all servers in the Office Web Apps Server farm only to one another. 要将它们连接到更广的网络,可以通过反向代理负载平衡器防火墙实现。To connect them to a broader network, do so through a reverse proxy load balancer firewall.

  • 为 HTTP 或 HTTPS 请求配置防火墙。Configure the firewall for HTTP or HTTPS requests. 确保防火墙允许运行 Office Web Apps Server 的服务器启动对主机的 HTTP 或 HTTPS 请求。Make sure the firewall allows servers running Office Web Apps Server to initiate HTTP or HTTPS requests to hosts.

  • 规划传入和传出通信。 在面向 Internet 的部署中,通过 NAT 设备,路由所有传出的通信。在多服务器场中,使用负载平衡器处理所有传入通信。Plan for incoming and outgoing communications. In an Internet-facing deployment, route all outgoing communications through a NAT device. In a multi-server farm, handle all incoming communications with a load balancer.

  • 请确保 Office Web Apps Server 服务器场中的所有服务器都已加入域,并且是同一组织单位(OU)的一部分。Make sure all servers in the Office Web Apps Server farm are joined to a domain and are part of the same organizational unit (OU). 使用new-officewebappsfarm cmdlet 中的FarmOU参数可阻止不在此 OU 中的其他服务器加入服务器场。Use the FarmOU parameter in the New-OfficeWebAppsFarm cmdlet to prevent other servers that are not in this OU from joining the farm.

  • 对所有传入请求使用安全超文本传输协议 (HTTPS)。Use Hypertext Transfer Protocol Secure (HTTPS) for all incoming requests.

  • 如果网络中已经部署了 IPsec,则可以使用它在服务器之间加密流量。If you have IPsec deployed in the network, use it to encrypt traffic among the servers.

  • 规划使用 Internet 的 Office 功能。Plan for Office features that use the Internet. 如果需要诸如剪贴画和翻译服务等功能,并且服务器场中的服务器无法启动到 Internet 的请求,则需要为 Office Web Apps Server 场配置代理服务器。If features such as clip art and translation services are needed, and the servers in the farm can’t initiate requests to the Internet, you’ll need to configure a proxy server for the Office Web Apps Server farm. 这将允许向外部站点发出 HTTP 请求。This will allow HTTP requests to external sites.

Office Web Apps Server 的安全性规划Security planning for Office Web Apps Server

以下信息介绍了 Office Web Apps Server 的安全指南。The following information introduces security guidance for Office Web Apps Server.

使用 HTTPS 保护 Office Web Apps Server 通信Securing Office Web Apps Server communications by using HTTPS

Office Web Apps Server 可以使用 HTTPS 协议与 SharePoint 2013 和 Lync Server 2013 通信。Office Web Apps Server can communicate with SharePoint 2013 and Lync Server 2013 by using the HTTPS protocol. 在生产环境中,强烈建议使用 HTTPS。In production environments, we strongly recommend that you use HTTPS. 您必须安装可分配给运行 Office Web Apps Server (如果使用的是一台服务器)或负载平衡器(如果使用的是运行 Office Web Apps Server 的多台服务器)的服务器的 Internet 服务器证书。You’ll have to install an Internet Server certificate that can be assigned to the server that runs Office Web Apps Server (if you are using a single server) or to the load balancer (if you are using multiple servers that run Office Web Apps Server).

在不包含用户数据的测试环境中,可以使用适用于 SharePoint 2013 的 HTTP 并跳过证书要求。In test environments that contain no user data, you can use HTTP for SharePoint 2013 and skip the certificate requirement. Lync Server 2013 仅支持 HTTPS。Lync Server 2013 supports only HTTPS.

Office Web Apps Server 使用的证书需要满足以下要求:Certificates used by Office Web Apps Server need to meet the following requirements:

  • 证书必须来自受信任的证书颁发机构,并将 Office Web Apps Server 场的完全限定域名(FQDN)包括在 SAN (使用者可选名称)字段中。The certificate must come from a trusted Certificate Authority and include the fully qualified domain name (FQDN) of your Office Web Apps Server farm in the SAN (Subject Alternative Name) field. (如果尝试使用证书时 FQDN 不在 SAN 中,浏览器将显示安全警告或不会处理响应。)(If the FQDN is not in the SAN when you try to use the certificate, the browser will either show security warnings or won’t process the response.)

  • 证书必须具有可导出的私钥。默认情况下,在单服务器场中使用 Internet Information Services (IIS) 管理器管理单元导入证书时,会选择此选项。The certificate must have an exportable private key. On single-server farms, this option is selected by default when you use the Internet Information Services (IIS) Manager snap-in to import the certificate.

  • “友好名称”字段在受信任根证书颁发机构存储中必须是唯一的。如果多个证书共享一个“友好名称”字段,创建服务器场将失败,因为 New-OfficeWebAppsFarm cmdlet 将不知道使用其中哪个证书。The Friendly name field must be unique within the Trusted Root Certificate Authorities store. If you have multiple certificates that share a Friendly Name field, farm creation will fail because the New-OfficeWebAppsFarm cmdlet won’t know which of those certificates to use.

  • Office Web Apps Server 不需要任何特殊的证书属性或扩展。Office Web Apps Server doesn’t require any special certificate properties or extensions. 例如,不需要客户端增强型密钥使用 (EKU) 扩展或服务器 EKU 扩展。For example, Client Enhanced Key Usage (EKU) extensions or Server EKU extensions are not required.

  • 在 Windows Server 2012 或 Windows Server 2012 R2 上,您必须安装 "允许 HTTP 激活" Windows Communication Foundation (WCF)功能。On Windows Server 2012 or Windows Server 2012 R2, you must install the "Allow HTTP Activation" Windows Communication Foundation (WCF) feature.

必须按如下方式导入证书:The certificate must be imported as follows:

  • 对于单服务器场   ,必须在运行 Office Web Apps server 的服务器上直接导入证书。For single-server farms   You must import the certificate directly on the server that runs Office Web Apps Server. 不要手动绑定证书。Don’t bind the certificate manually. 您稍后运行的 New-OfficeWebAppsFarm cmdlet 将为您执行此操作。The New-OfficeWebAppsFarm cmdlet you run later will do this for you. 如果手动绑定证书,则服务器每次重启时都会删除该证书。If you bind the certificate manually, it’ll be deleted every time the server restarts.

  • 对于负载平衡的服务器场   ,如果要卸载 SSL,则必须在硬件负载平衡器上导入证书。For load-balanced farms   If you’re offloading SSL, the certificate must be imported on the hardware load balancer. 如果不卸载 SSL,则需要在 Office Web Apps Server 服务器场中的每台服务器上安装证书。If you’re not offloading SSL, you’ll need to install the certificate on each server in the Office Web Apps Server farm.

备注

否则不要使用自签名证书,不重要的测试环境除外。Don’t use self-signed certificates except in non-critical test environments.

有关证书的详细信息,请参阅 how To 获取 SSL 证书For more information about certificates, see How to Obtain an SSL Certificate.

对硬件负载平衡器使用 SSL 卸载Using SSL offloading for hardware load balancers

设置新的 Office Web Apps Server 场时,默认情况下将 SSL 卸载设置为 Off。When you set up a new Office Web Apps Server farm, SSL offloading is set to Off by default. 如果使用的是硬件负载平衡器,我们建议您将 SSL 卸载设置为 "开",以便服务器场中的每个 Office Web Apps 服务器可以使用 HTTP 与负载平衡器进行通信。If you’re using a hardware load balancer, we recommend you set SSL offloading to On so that each Office Web Apps Server in the farm can communicate with the load balancer by using HTTP. 将 SSL 卸载设置为"打开"还会提供以下好处:Setting SSL offloading to On also provides the following advantages:

  • 简化证书管理Simplified certificates management

  • 提高软相关性Improved soft affinity

  • 改善性能Improved performance

请注意,当您使用 HTTP 时,负载平衡器到运行 Office Web Apps Server 的服务器的流量不会加密,因此您需要确保网络本身是安全的。Note that when you use HTTP, traffic from the load balancer to the servers that run Office Web Apps Server isn’t encrypted, so you need to make sure the network itself is secure. 使用专用子网可帮助保护通信。Use of a private subnet can help protect traffic.

根据 OU 成员身份限制哪些服务器可以加入 Office Web Apps Server 服务器场Restrict which servers can join an Office Web Apps Server farm based on OU membership

您可以通过为这些服务器创建组织单位,然后在创建服务器场时指定 FarmOU 参数,来防止未经授权的服务器加入 Office Web Apps Server 场。You can prevent unauthorized servers from joining an Office Web Apps Server farm by creating an organizational unit for those servers and then specifying the FarmOU parameter when you create the farm. 有关 FarmOU 参数的详细信息,请参阅 New-OfficeWebAppsFarmFor more information about the FarmOU parameter, see New-OfficeWebAppsFarm.

使用允许列表限制 Office Web Apps Server 的主机访问Limit host access for Office Web Apps Server by using the Allow List

允许列表是一项安全功能,可防止不需要的主机连接到 Office Web Apps Server 服务器场,并在未经你同意的情况下将其用于文件操作。The Allow List is a security feature that prevents unwanted hosts from connecting to an Office Web Apps Server farm and using it for file operations without your consent. 通过将包含已批准主机的域添加到允许列表中,可以限制 Office Web Apps Server 允许进行文件操作请求的主机,如文件检索、元数据检索和文件更改。By adding the domains that contain approved hosts to the Allow List, you can limit the hosts to which Office Web Apps Server allows file operations requests, such as file retrieval, metadata retrieval, and file changes.

创建 Office Web Apps Server 服务器场后,可以将域添加到允许列表中。You can add domains to the Allow List after you’ve created the Office Web Apps Server farm. 若要了解如何将域添加到允许列表,请参阅OfficeWebAppsHostTo learn how to add domains to the Allow List, see New-OfficeWebAppsHost.

重要

如果不将域添加到允许列表中,Office Web Apps Server 允许对任何域中的主机执行文件请求。If you do not add domains to the Allow List, Office Web Apps Server allows file requests to hosts in any domain. 如果你的 Office Web Apps Server 服务器场可从 Internet 访问,请勿将此列表留空。Don’t leave this list blank if your Office Web Apps Server farm can be accessed from the Internet. 否则,任何人都可以使用 Office Web Apps Server 服务器场来查看和编辑内容。Otherwise, anyone can use your Office Web Apps Server farm to view and edit content.

规划 Office Web Apps Server 的联机查看器Planning for Online Viewers with Office Web Apps Server

默认情况下,在安装 Office Web Apps Server 后启用联机查看器功能。By default, Online Viewers functionality is enabled after you install Office Web Apps Server. 如果您计划在组织中使用联机查看器,请查看以下指南。Review the following guidelines if you’re planning to use Online Viewers in your organization. 在有些情况下,您可能希望禁用联机查看器中的一些功能。In some cases, you might want to disable some features within Online Viewers. 这些准则是指使用 Windows PowerShell cmdlet new-officewebappsfarmnew-officewebappsfarm设置的参数。These guidelines refer to parameters that are set by using the Windows PowerShell cmdlets New-OfficeWebAppsFarm and Set-OfficeWebAppsFarm.

联机查看器的安全注意事项Security considerations for Online Viewers

打算使用联机查看器通过 Web 浏览器查看的文件必须不需要身份验证。Files that are intended to be viewed through a web browser by using Online Viewers must not require authentication. 换句话说,文件必须可公开使用,因为联机查看器在检索文件时无法执行身份验证。In other words, the files must be available publicly because Online Viewers can’t perform authentication when it is retrieving files. 强烈建议您用于联机查看器的 Office Web Apps Server 服务器场只能访问 intranet 或 Internet,但不能同时访问两者。We strongly recommend that the Office Web Apps Server farm that you use for Online Viewers is only able to access either the intranet or the Internet, but not both. 这是因为 Office Web Apps Server 不区分 intranet 和 Internet Url 的请求。This is because Office Web Apps Server doesn’t differentiate between requests for intranet and Internet URLs. 例如,如果对 Intranet URL 的请求来自 Internet,在将内部文档提供给 Internet 上的某人时,可能会出现安全漏洞。Somebody on the Internet could request an intranet URL, for example, causing a security leak if an internal document is viewed.

出于相同的原因,如果已将 Office Web Apps Server 设置为仅连接到 Internet,强烈建议您在联机查看器中禁用 UNC 支持。For the same reason, if you have set up the Office Web Apps Server to connect only to the Internet, we strongly recommend that you disable UNC support in Online Viewers. 若要禁用 UNC 支持,请使用 Windows PowerShell cmdlet new-officewebappsfarm (针对新服务器场)或new-officewebappsfarm (对于现有服务器场)将 OpenFromUncEnabled 参数设置为 False。To disable UNC support, set the OpenFromUncEnabled parameter to False by using the Windows PowerShell cmdlets New-OfficeWebAppsFarm (for new farms) or Set-OfficeWebAppsFarm (for existing farms).

作为附加安全预防措施,可以将联机查看器限制为查看不超过 10 MB 的 Office 文件。As an additional security precaution, Online Viewers are limited to viewing Office files that are 10 MB or less.

联机查看器的配置选项Configuration options for Online Viewers

您可以使用new-officewebappsfarm中的以下 Windows PowerShell 参数(针对新服务器场)或new-officewebappsfarm (对于现有服务器场)配置联机查看器。You can configure Online Viewers by using the following Windows PowerShell parameters in New-OfficeWebAppsFarm (for new farms) or Set-OfficeWebAppsFarm (for existing farms).

  • Openfromurlenabled 设置   打开或关闭联机查看器。OpenFromUrlEnabled   Turns the Online Viewers on or off. 此参数控制具有 URL 和 UNC 路径的文件的联机查看器。This parameter controls Online Viewers for files that have URL and UNC paths. 默认情况下,当您创建新的 Office Web Apps Server 服务器场时,此参数设置为 False (已禁用)。By default, this parameter is set to False (disabled) when you create a new Office Web Apps Server farm.

  • OpenFromUncEnabled   启用联机查看器(使用 openfromurlenabled 设置设置为 True)时,此参数将打开或关闭联机查看器显示 UNC 路径中的文件的功能。OpenFromUncEnabled   When Online Viewers are turned on (set to True by using OpenFromUrlEnabled), this parameter turns on or off the ability for Online Viewers to display files in UNC paths. 默认情况下,此参数设置为 True,但请确保 OpenFromUrlEnabled 也设置为 True,这样才能允许从 UNC 路径打开文件。By default, this parameter is set to True, but make sure OpenFromUrlEnabled is also set to True before you enable opening files from UNC paths. 如上文所述,如果已将 Office Web Apps Server 设置为连接到 Internet,我们建议您将此参数设置为 False。As described earlier, we recommend you set this parameter to False if you have set up Office Web Apps Server to connect to the Internet.

  • OpenFromUrlThrottlingEnabled   限制某个时间段内任何给定服务器的 "从 URL 打开" 请求的数量。OpenFromUrlThrottlingEnabled   Throttles the number of “open from URL” requests from any given server in a time period. 默认限制值是不可配置的,请确保 Office Web Apps Server 服务器场不会通过发送要在联机查看器中查看的内容请求而导致单个服务器出现不足。The default throttling values, which are not configurable, make sure that an Office Web Apps Server farm does not overwhelm a single server by sending requests for content to be viewed in the Online Viewers.

规划 Office Web Apps Server 的更新Planning updates for Office Web Apps Server

在部署 Office Web Apps Server 之前,您需要确定您的组织将如何管理 Office Web Apps Server 场的软件更新。Before deploying Office Web Apps Server, you need to decide how your organization will manage software updates to your Office Web Apps Server farm. 尽管软件更新有助于提高服务器安全性、性能和可靠性,但如果安装更新不正确,可能会导致 Office Web Apps Server 出现问题。Although software updates help improve server security, performance, and reliability, installing updates incorrectly can cause issues with the Office Web Apps Server.

Office Web Apps Server 不支持使用 Microsoft 自动更新过程应用 Office Web Apps Server 更新。Applying Office Web Apps Server updates by using the Microsoft automatic updates process isn’t supported with Office Web Apps Server. 必须以特定方式应用对 Office Web Apps 服务器的更新,如将软件更新应用到 Office Web Apps server中所述。Updates to an Office Web Apps Server must be applied in a specific way, as described in Apply software updates to Office Web Apps Server. 如果 Office Web Apps Server 更新是自动应用的,则用户可能无法在 Office Web Apps 中查看或编辑文档。If Office Web Apps Server updates are applied automatically, users might be unable to view or edit documents in Office Web Apps. 如果发生这种情况,您必须重新生成 Office Web Apps Server 服务器场。If this happens, you have to rebuild your Office Web Apps Server farm.

我们建议您使用 Windows Server Update Services (WSUS)或使用使用 WSUS 的 Microsoft 终结点配置管理器来管理更新。We recommend that you manage updates by using Windows Server Update Services (WSUS) or by using Microsoft Endpoint Configuration Manager, which uses WSUS. 通过 WSUS,可以完全管理 Office Web Apps Server 场中每个服务器通过 Microsoft Update 发布的更新的分发。WSUS allows you to fully manage the distribution of updates that are released through Microsoft Update for each server in the Office Web Apps Server farm. 通过使用 WSUS,可以决定哪些更新可以自动应用于服务器场,以及必须手动应用哪些更新(如 Office Web Apps Server 更新)。By using WSUS, you can decide which updates can be automatically applied to the server farm and which updates, such as Office Web Apps Server updates, have to be manually applied. 有关 WSUS 的详细信息,请参阅Windows Server Update ServicesFor more information about WSUS, see Windows Server Update Services.

如果不使用 WSUS 或 Microsoft 终结点配置管理器,请在 Office Web Apps Server 服务器场中的每台服务器上将 Microsoft 自动更新设置为自动下载,但通知用户安装If you do not use WSUS or Microsoft Endpoint Configuration Manager, set Microsoft automatic updates on each server in the Office Web Apps Server farm to Automatically download but notify user for install. 当您收到 Office Web Apps Server 更新的通知时,请按照将软件更新应用到 Office Web Apps server中的步骤操作。When you’re notified of an Office Web Apps Server update, follow the steps in Apply software updates to Office Web Apps Server. 要应用 Windows 更新并保持服务器的安全,请在收到更新可用的通知时接受 Windows 更新。To have Windows updates applied and keep your servers secure, accept the Windows updates when you’re notified that updates are available.

另请参阅See also

Office Web Apps Server 内容指南Content roadmap for Office Web Apps Server
Office Web Apps Server 概述Office Web Apps Server overview
部署 Office Web Apps ServerDeploy Office Web Apps Server
将软件更新应用到 Office Web Apps ServerApply software updates to Office Web Apps Server

Office.com (在你的桌面或移动设备上使用 Office Web Apps 获取帮助)Office.com (for help with Office Web Apps on your desktop or mobile device)