Azure Stack 遙測Azure Stack telemetry

Azure Stack 系統資料或遙測會透過「已連線使用者體驗」自動上傳至 Microsoft。Azure Stack system data, or telemetry, is automatically uploaded to Microsoft via the Connected User Experience. 從 Azure Stack 遙測收集的資料主要由 Microsoft 小組用來改善我們的客戶體驗。Data gathered from Azure Stack telemetry is used by Microsoft teams primarily to improve our customer experience. 此資料也用於安全性、健康狀態、品質和效能分析。It's also used for security, health, quality, and performance analysis.

遙測為 Azure Stack 運算子,可以提供寶貴的企業部署深入解析,並提供有助於形塑未來 Azure Stack 版本的資訊。As an Azure Stack operator, telemetry can provide valuable insights into enterprise deployments and gives you a voice that helps shape future versions of Azure Stack.

注意

此外,也可以將 Azure Stack 設定為將使用量資訊轉送至 Azure 進行計費。Azure Stack can also be configured to forward usage info to Azure for billing. 選擇隨用隨付計費方式的多節點 Azure Stack 客戶一定要這麼做。This is required for multi-node Azure Stack customers who choose pay-as-you-use billing. 使用量報告是經由遙測獨立進行控制,而選擇容量模式的多節點客戶或 Azure Stack 開發套件 (ASDK) 的使用者不需使用此功能。Usage reporting is controlled independently from telemetry and isn't required for multi-node customers who choose the capacity model or for Azure Stack Development Kit (ASDK) users. 若為上述案例,可以使用註冊指令碼來關閉使用量報告。For these scenarios, usage reporting can be turned off using the registration script.

Azure Stack 遙測是以「Windows Server 2016 已連線使用者體驗與遙測」 元件為基礎,該元件使用 Windows 事件追蹤 (ETW) 追蹤記錄技術來蒐集和儲存遙測事件和資料。Azure Stack telemetry is based on the Windows Server 2016 Connected User Experience and Telemetr y component, which uses the Event Tracing for Windows (ETW) trace logging technology to gather and store telemetry events and data. Azure Stack 元件會使用相同的記錄技術,發佈使用公用作業系統事件記錄和追蹤 API 蒐集的事件和資料。Azure Stack components use the same logging technology to publish events and data that are gathered by using public operating system event logging and tracing APIs. Azure Stack 元件範例包括網路資源提供者、儲存體資源提供者、監視資源提供者和更新資源提供者。Examples of Azure Stack components include Network Resource Provider, Storage Resource Provider, Monitoring Resource Provider, and Update Resource Provider. 「已連線使用者體驗與遙測」元件使用 SSL 加密資料,並使用憑證關聯透過 HTTPS 將遙測資料傳輸至 Microsoft 資料管理服務。The Connected User Experience and Telemetry component encrypts data using SSL and uses certificate pinning to transmit telemetry data over HTTPS to the Microsoft Data Management service.

注意

若要支援遙測資料流程,必須在您的網路中開放連接埠 443 (HTTPS)。To support telemetry data flow, port 443 (HTTPS) must be open in your network. 「已連線使用者體驗與遙測」元件會連線到 Microsoft 資料管理服務 (位於 https://v10.vortex-win.data.microsoft.com),以及連線到 https://settings-win.data.microsoft.com 下載組態資訊。The Connected User Experience and Telemetry component connects to the Microsoft Data Management service at https://v10.vortex-win.data.microsoft.com and also to https://settings-win.data.microsoft.com to download configuration info.

隱私權考量Privacy considerations

ETW 服務會將遙測資料傳送回到受保護的雲端儲存體。The ETW service routes send telemetry data back to protected cloud storage. 最小權限原則會支配遙測資料的存取權。The principle of least privileged guides access to telemetry data. 只有具備有效商務需求的 Microsoft 人員,才能夠存取遙測資料。Only Microsoft personnel with a valid business need are permitted access to the telemetry data. Microsoft 不會與第三方共用客戶的個人資料,但客戶自行決定或基於 Azure Stack 隱私權聲明中所述的有限用途除外。Microsoft doesn't share our customer's personal data with third parties, except at the customer's discretion or for the limited purposes described in the Azure Stack Privacy Statement. 我們會與 OEM 和夥伴共用商務報告,其中包含匿名的彙總遙測資訊。We do share business reports with OEMs and partners that include aggregated, anonymized telemetry info. 內部 Microsoft 小組 (包括隱私權、法務及資料管理利害關係人) 會進行資料共用決策。Data sharing decisions are made by an internal Microsoft team including privacy, legal, and data management stakeholders.

Microsoft 相信並實踐資訊最小化。Microsoft believes in and practices information minimization. 我們努力只蒐集我們需要的資訊,而且只有在提供服務所需或進行分析時才會加以儲存。We strive to gather only the info that we need, and we store it for only as long as it's needed to provide a service or for analysis. 許多有關 Azure Stack 系統和 Azure 服務運作方式的資訊會在六個月內刪除。Much of the info on how the Azure Stack system and Azure services are functioning is deleted within six months. 摘要或彙總資料會保留更長一段時間。Summarized or aggregated data are kept for a longer period.

我們了解客戶資訊的隱私權和安全性都非常重要。We understand that the privacy and security of our customers' info is important. 我們採用了體貼且完善的方法,透過 Azure Stack 保護客戶隱私權和客戶資料。We've taken a thoughtful and comprehensive approach to customer privacy and the protection of customer data with Azure Stack. IT 系統管理員有控制項可隨時自訂功能和隱私權設定。IT admins have controls to customize features and privacy settings at any time. 我們對於透明度和信任的承諾很清楚:Our commitment to transparency and trust is clear:

  • 我們對客戶公開我們所蒐集的資料類型。We're open with customers about the types of data we gather.
  • 我們會掌控企業客戶—他們可以自訂自己的隱私權設定。We put enterprise customers in control—they can customize their own privacy settings.
  • 我們將客戶隱私權和安全性放在第一位。We put customer privacy and security first.
  • 我們以公開透明的方式使用遙測。We're transparent about how telemetry gets used.
  • 我們使用遙測來改善客戶體驗。We use telemetry to improve customer experiences.

Microsoft 不打算蒐集敏感性資訊,例如信用卡號碼、使用者名稱和密碼、電子郵件地址。Microsoft doesn't intend to gather sensitive info, such as credit card numbers, usernames and passwords, email addresses. 如果我們判斷不小心收到了敏感資訊,我們會予以刪除。If we determine that sensitive info has been inadvertently received, we delete it.

Microsoft 如何使用遙測資料的範例Examples of how Microsoft uses the telemetry data

遙測扮演重要的角色,可協助我們迅速找出並修正客戶部署和組態的重大可靠性問題。Telemetry plays an important role in helping us quickly identify and fix critical reliability issues in our customers' deployments and configurations. 深入解析我們所蒐集的遙測資料,可協助我們快速找出服務或硬體組態的問題。Insights into the telemetry data that we gather help us quickly identify issues with services or hardware configurations. Microsoft 向客戶取得此資料及推動生態系統改善的能力,有助於提高我們的整合式 Azure Stack 解決方案品質。Microsoft's ability to get this data from customers and drive improvements into the ecosystem helps raise the bar for the quality of our integrated Azure Stack solutions.

遙測也可協助 Microsoft 進一步了解客戶如何部署元件、使用功能,以及使用服務來達成業務目標。Telemetry also helps Microsoft to better understand how customers deploy components, use features, and use services to achieve their business goals. 取得該資料的深入解析,可協助您在會直接影響客戶體驗和工作負載的領域中,設定其工程投資的優先順序。Getting insights from that data helps prioritize engineering investments in areas that can directly impact our customers' experiences and workloads.

範例包括:用戶端的容器、儲存體使用量,以及與 Azure Stack 角色相關聯的網路組態。Some examples include customer usage of containers, storage, and networking configurations that are associated with Azure Stack roles. 我們也會使用深入解析來推動某些管理和監視解決方案的改善和智能運用。We also use the insights to drive improvements and intelligence into some of our management and monitoring solutions. 此改善可協助客戶診斷品質問題,並藉由進行較少 Microsoft 支援呼叫來節省金錢。This improvement helps customers diagnose quality issues and save money by making fewer support calls to Microsoft.

管理遙測收集Manage telemetry collection

我們不建議您在組織中關閉遙測,因為遙測可提供推動產品功能和穩定性改進的資料。We don't recommend that you turn off telemetry in your organization as telemetry provides data that drives improved product functionality and stability. 不過,我們承認在某些情況下,這可能是必要的。We do recognize however, that in some scenarios this may be necessary.

在這些情況下,您可以使用部署前的登錄設定或使用部署後的遙測端點,設定傳送給 Microsoft 的遙測層級。In these instances, you can configure the telemetry level sent to Microsoft by using registry settings predeployment or using the Telemetry Endpoints post deployment.

在 Windows 登錄中設定遙測層級Set telemetry level in the Windows registry

在部署 Azure Stack 之前,Windows 登錄編輯程式用於在實體主機電腦上手動設定遙測層級。The Windows Registry Editor is used to manually set the telemetry level on the physical host computer before deploying Azure Stack. 如果管理原則 (例如群組原則) 已經存在,它會覆寫此登錄設定。If a management policy already exists, such as Group Policy, it overrides this registry setting.

在 ASDK 主機上部署 Azure Stack 之前,先開機進入 CloudBuilder.vhdx,然後在已提高權限的 PowerShell 視窗中執行下列指令碼:Before deploying Azure Stack on the ASDK host, boot into the CloudBuilder.vhdx and run the following script in an elevated PowerShell window:

### Get current AllowTelemetry value on DVM Host
(Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" `
-Name AllowTelemetry).AllowTelemetry
### Set & Get updated AllowTelemetry value for ASDK-Host
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" `
-Name "AllowTelemetry" -Value '0' # Set this value to 0,1,2,or3.  
(Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" `
-Name AllowTelemetry).AllowTelemetry

遙測層級會累積,可分類為四個層級 (0-3):The telemetry levels are cumulative and categorized into four levels (0-3):

0 (安全性) :僅限安全性資料。0 (Security): Security data only. 協助保護作業系統安全所需的資訊,包括「已連線使用者體驗與遙測」元件設定和 Windows Defender 相關資料。Info that's required to help keep the operating system secure, including data about the Connected User Experience and Telemetry component settings and Windows Defender. 在此層級不會發出任何 Azure Stack 特定遙測。No Azure Stack specific telemetry is emitted at this level.

1 (基本) :安全性資料,以及基本健康情況和品質資料。1 (Basic): Security data, and basic health and quality data. 基本裝置資訊,包括:品質相關資料、應用程式相容性、應用程式使用量資料,以及來自 [安全性] 層級的資料。Basic device info, including: quality-related data, app compatibility, app usage data, and data from the Security level. 將您的遙測層級設定為 [基本],即可啟用 Azure Stack 遙測。Setting your telemetry level to Basic enables Azure Stack telemetry. 在此層級蒐集的資料包括:The data gathered at this level includes:

  • 基本裝置資訊,有助於讓您了解生態系統中原生和虛擬化 Windows Server 2016 執行個體的類型和組態,其中包括:Basic device info that helps provide an understanding about the types and configurations of native and virtualized Windows Server 2016 instances in the ecosystem, including:
    • 機器屬性,例如 OEM 和型號。Machine attributes, such as the OEM and model.
    • 網路屬性,例如網路介面卡的數目和速度。Networking attributes, such as the number and speed of network adapters.
    • 處理器和記憶體屬性,例如核心數和記憶體大小。Processor and memory attributes, such as the number of cores and memory size.
    • 儲存體屬性,例如磁碟機數目、類型和大小。Storage attributes, such as the number of drives, type, and size.
  • 遙測功能,包括已上傳事件、已卸除事件的百分比,以及最後上傳時間。Telemetry Functionality, including percent of uploaded events, dropped events, and the last upload time.
  • 品質相關資訊,可協助 Microsoft 初步了解 Azure Stack 的執行情況。Quality-related info that helps Microsoft develop a basic understanding of how Azure Stack is performing. 範例是特定硬體組態上的重大警示計數。An example is the count of critical alerts on a particular hardware configuration.
  • 相容性資料 有助於讓您了解系統和 VM 上已安裝哪些資源提供者,並找出潛在的相容性問題。Compatibility data, which helps provide an understanding about which resource providers are installed on a system and VM and identifies potential compatibility problems.

2 (增強) :額外深入解析,包括:作業系統和其他 Azure Stack 服務的使用方式、執行方式、進階可靠性資料,以及來自 [基本] 和 [安全性] 層級的資料。2 (Enhanced): Additional insights, including how the operating system and other Azure Stack services are used, how they perform, advanced reliability data, and data from both the Basic and Security levels.

3 (完整) :找出及協助修正問題所需的全部資料,加上來自 [安全性]、[基本] 和 [增強] 層級的資料。3 (Full): All data necessary to identify and help to fix problems, plus data from the Security, Basic, and Enhanced levels.

注意

預設遙測層級值為 2 (增強)。The default telemetry level value is 2 (enhanced).

關閉 Windows 和 Azure Stack 遙測會停用 SQL 遙測。Turning off Windows and Azure Stack telemetry disables SQL telemetry. 如需有關 Windows Server 遙測設定含意的詳細資訊,請參考 Windows 遙測白皮書For additional info on the implications of the Windows Server telemetry settings, reference the Windows Telemetry Whitepaper.

重要

這些遙測層級只適用於 Microsoft Azure Stack 元件。These telemetry levels only apply to Microsoft Azure Stack components. Azure Stack 硬體夥伴在硬體生命週期主機中執行的非 Microsoft 軟體元件和服務,可能會與這些遙測層級之外的雲端服務通訊。Non-Microsoft software components and services that are running in the Hardware Lifecycle Host from Azure Stack hardware partners may communicate with their cloud services outside of these telemetry levels. 您應該與 Azure Stack 硬體解決方案提供者合作,了解其遙測原則,以及如何選擇加入或退出。You should work with your Azure Stack hardware solution provider to understand their telemetry policy, and how you can opt in or opt out.

在部署後啟用或停用遙測Enable or disable telemetry after deployment

若要在部署之後啟用或停用遙測,您必須能夠存取 ERCS VM 上公開的特殊權限端點 (PEP)。To enable or disable telemetry after deployment, you need to have access to the Privileged End Point (PEP) which is exposed on the ERCS VMs.

  1. 若要啟用:Set-Telemetry -EnableTo Enable: Set-Telemetry -Enable
  2. 若要停用:Set-Telemetry -DisableTo Disable: Set-Telemetry -Disable

參數詳細資料:PARAMETER Detail:

.PARAMETER Enable - 開啟遙測資料上傳.PARAMETER Enable - Turn On telemetry data upload

.PARAMETER Disable - 關閉遙測資料上傳.PARAMETER Disable - Turn Off telemetry data upload

用於啟用遙測的指令碼:Script to enable telemetry:

$ip = "<IP ADDRESS OF THE PEP VM>" # You can also use the machine name instead of IP here.
$pwd= ConvertTo-SecureString "<CLOUD ADMIN PASSWORD>" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ("<DOMAIN NAME>\CloudAdmin", $pwd)
$psSession = New-PSSession -ComputerName $ip -ConfigurationName PrivilegedEndpoint -Credential $cred
Invoke-Command -Session $psSession {Set-Telemetry -Enable}
if($psSession)
{
    Remove-PSSession $psSession
}

用於停用遙測的指令碼:Script to disable telemetry:

$ip = "<IP ADDRESS OF THE PEP VM>" # You can also use the machine name instead of IP here.
$pwd= ConvertTo-SecureString "<CLOUD ADMIN PASSWORD>" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ("<DOMAIN NAME>\CloudAdmin", $pwd)
$psSession = New-PSSession -ComputerName $ip -ConfigurationName PrivilegedEndpoint -Credential $cred
Invoke-Command -Session $psSession {Set-Telemetry -Disable}
if($psSession)
{
    Remove-PSSession $psSession
}

後續步驟Next steps

啟動和停止 ASDKStart and stop the ASDK