將 Azure Stack HCI 連線至 Azure (機器翻譯)Connect Azure Stack HCI to Azure

適用于: Azure Stack HCI v20H2Applies to: Azure Stack HCI v20H2

Azure Stack HCI 會以 Azure 服務的形式傳遞,且必須在安裝後的30天內依據 Azure Online Services 條款進行註冊。Azure Stack HCI is delivered as an Azure service and needs to register within 30 days of installation per the Azure Online Services Terms. 本主題說明如何向 Azure Arc 註冊 Azure Stack HCI 叢集,以進行監視、支援、計費和混合式服務。This topic explains how to register your Azure Stack HCI cluster with Azure Arc for monitoring, support, billing, and hybrid services. 註冊時,會建立 Azure Resource Manager 資源來代表每個內部部署 Azure Stack HCI 叢集,以有效地將 Azure 管理平面延伸至 Azure Stack HCI。Upon registration, an Azure Resource Manager resource is created to represent each on-premises Azure Stack HCI cluster, effectively extending the Azure management plane to Azure Stack HCI. 資訊會定期在 Azure 資源與內部部署叢集之間進行同步處理 (s) 。Information is periodically synced between the Azure resource and the on-premises cluster(s).

重要

您必須向 Azure 註冊,而且在您的註冊開始使用之前,您的叢集都不會受到完整支援。Registering with Azure is required, and your cluster is not fully supported until your registration is active. 如果您在部署時未向 Azure 註冊您的叢集,或您的叢集已註冊但未連線至 Azure 超過30天,系統將不會允許建立或新增 (Vm) 的新虛擬機器。If you do not register your cluster with Azure upon deployment, or if your cluster is registered but has not connected to Azure for more than 30 days, the system will not allow new virtual machines (VMs) to be created or added. 發生這種情況時,您會在嘗試建立 Vm 時看到下列錯誤訊息:When this occurs, you will see the following error message when attempting to create VMs:

設定 ' vmname ' 的虛擬機器角色時發生失敗。作業失敗。開啟 "vmname" 叢集角色時發生錯誤。正在存取的服務會獲得特定連接數目的授權。目前無法再對服務進行連接,因為服務可以接受的連線數目已經過多。There was a failure configuring the virtual machine role for 'vmname'. Job failed. Error opening "vmname" clustered roles. The service being accessed is licensed for a particular number of connections. No more connections can be made to the service at this time because there are already as many connections as the service can accept.

解決方法是允許輸出連線至 Azure,並確定您的叢集已如本主題所述註冊。The solution is to allow outbound connectivity to Azure and make sure your cluster is registered as described in this topic.

註冊的必要條件Prerequisites for registration

除非您已建立 Azure Stack HCI 叢集,否則您將無法向 Azure 註冊。You won't be able to register with Azure until you've created an Azure Stack HCI cluster. 為了支援叢集,叢集節點必須是實體伺服器。In order for the cluster to be supported, the cluster nodes must be physical servers. 虛擬機器可以用於測試,但它們必須支援整合可延伸韌體介面 (UEFI) ,這表示您無法使用 Hyper-v 第1代虛擬機器。Virtual machines can be used for testing, but they must support Unified Extensible Firmware Interface (UEFI), meaning you can't use Hyper-V Generation 1 virtual machines. Azure Arc 註冊是 Azure Stack HCI 作業系統的原生功能,因此不需要註冊任何代理程式。Azure Arc registration is a native capability of the Azure Stack HCI operating system, so there is no agent needed to register.

網際網路存取Internet access

Azure Stack HCI 需要定期連接至 Azure 公用雲端。Azure Stack HCI needs to periodically connect to the Azure public cloud. 如果輸出連線受限於您的外部公司防火牆或 proxy 伺服器,則必須將其設定為允許在有限數目的知名 Azure Ip 上進行埠 443 (HTTPS) 的輸出存取。If outbound connectivity is restricted by your external corporate firewall or proxy server, they must be configured to allow outbound access to port 443 (HTTPS) on a limited number of well-known Azure IPs. 如需如何準備防火牆的相關資訊,請參閱 設定 Azure Stack HCI 的防火牆For information on how to prepare your firewalls, see Configure firewalls for Azure Stack HCI.

注意

註冊程式會嘗試聯絡 PowerShell 資源庫,以確認您擁有最新版本的必要 PowerShell 模組,例如 Az 和 AzureAD。The registration process tries to contact the PowerShell Gallery to verify that you have the latest version of the necessary PowerShell modules such as Az and AzureAD. 雖然 PowerShell 資源庫裝載在 Azure 上,但目前並沒有服務標記。Although the PowerShell Gallery is hosted on Azure, it does not currently have a service tag. 如果您無法從具有連出網際網路存取權的管理電腦執行上述 Cmdlet,建議您下載這些模組,並手動將它們傳輸到您將在其中執行命令的叢集節點 Register-AzStackHCIIf you cannot run the above cmdlet from a management machine that has outbound internet access, we recommend downloading the modules and manually transferring them to a cluster node where you will run the Register-AzStackHCI command. 或者,您也可以 在中斷連線的情況下安裝這些模組Alternatively, you can install the modules in a disconnected scenario.

Azure 訂用帳戶和許可權Azure subscription and permissions

如果您還沒有 Azure 帳戶,請 建立一個If you don’t already have an Azure account, create one.

您可以使用任何類型的現有訂用帳戶:You can use an existing subscription of any type:

  • 適用于學生Visual Studio 訂閱者的免費帳戶與 Azure 點數Free account with Azure credits for students or Visual Studio subscribers
  • 使用信用卡的隨用隨訂用帳戶Pay-as-you-go subscription with credit card
  • 透過 Enterprise 合約 (EA) 取得的訂用帳戶Subscription obtained through an Enterprise Agreement (EA)
  • 透過雲端解決方案提供者 (CSP) 方案取得的訂用帳戶Subscription obtained through the Cloud Solution Provider (CSP) program

註冊叢集的使用者必須具有下列許可權的 Azure 訂用帳戶許可權:The user registering the cluster must have Azure subscription permissions to:

  • 註冊資源提供者Register a resource provider
  • 建立/取得/刪除 Azure 資源和資源群組Create/Get/Delete Azure resources and resource groups

如果您的 Azure 訂用帳戶是透過 EA 或 CSP,最簡單的方式是要求您的 Azure 訂用帳戶管理員將內建的「擁有者」或「參與者」 Azure 角色指派給您的訂用帳戶。If your Azure subscription is through an EA or CSP, the easiest way is to ask your Azure subscription admin to assign a built-in "Owner" or "Contributor" Azure role to your subscription. 不過,某些系統管理員可能會偏好較嚴格的選項。However, some admins may prefer a more restrictive option. 在此情況下,您可以依照下列步驟,建立 Azure Stack HCI 註冊專屬的自訂 Azure 角色:In this case, it's possible to create a custom Azure role specific for Azure Stack HCI registration by following these steps:

  1. 使用下列內容建立名為 customHCIRole.js 的 json 檔案。Create a json file called customHCIRole.json with following content. 請務必變更 為您的 Azure 訂用帳戶識別碼。Make sure to change to your Azure subscription ID. 若要取得您的訂用帳戶識別碼,請造訪 portal.azure.com,流覽至訂用帳戶,並從清單中複製/貼上您的識別碼。To get your subscription ID, visit portal.azure.com, navigate to Subscriptions, and copy/paste your ID from the list.

    {
      "Name": "Azure Stack HCI registration role”,
      "Id": null,
      "IsCustom": true,
      "Description": "Custom Azure role to allow subscription-level access to register Azure Stack HCI",
      "Actions": [
        "Microsoft.Resources/subscriptions/resourceGroups/write",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/subscriptions/resourceGroups/delete",
        "Microsoft.AzureStackHCI/register/action",
        "Microsoft.AzureStackHCI/Unregister/Action",
        "Microsoft.AzureStackHCI/clusters/*"
      ],
      "NotActions": [
      ],
    "AssignableScopes": [
        "/subscriptions/<subscriptionId>"
      ]
    }
    
  2. 建立自訂角色:Create the custom role:

    New-AzRoleDefinition -InputFile <path to customHCIRole.json>
    
  3. 將自訂角色指派給使用者:Assign the custom role to the user:

    $user = get-AzAdUser -DisplayName <userdisplayname>
    $role = Get-AzRoleDefinition -Name "Azure Stack HCI registration role"
    New-AzRoleAssignment -ObjectId $user.Id -RoleDefinitionId $role.Id -Scope /subscriptions/<subscriptionid>
    

Azure Active Directory 權限Azure Active Directory permissions

您也需要適當的 Azure Active Directory 許可權才能完成註冊程式。You'll also need appropriate Azure Active Directory permissions to complete the registration process. 如果您還沒有這些帳戶,請要求您的 Azure AD 系統管理員授與同意,或將許可權委派給您。If you don't already have them, ask your Azure AD administrator to grant consent or delegate the permissions to you. 如需詳細資訊,請參閱 管理 Azure 註冊See Manage Azure registration for more information.

使用 PowerShell 進行註冊Register using PowerShell

使用下列程式,利用管理電腦向 Azure 註冊 Azure Stack HCI 叢集。Use the following procedure to register an Azure Stack HCI cluster with Azure using a management PC.

  1. 在您的管理電腦上安裝必要的 Cmdlet。Install the required cmdlets on your management PC. 如果您要註冊的叢集是從目前正式推出的 (GA) 的 Azure Stack HCI 映射,只要執行下列命令即可。If you are registering a cluster deployed from the current General Availability (GA) image of Azure Stack HCI, simply run the following command. 如果您的叢集是從公開預覽映射部署,請確定您已套用2020年11月23日的預覽更新 (KB4586852) 至叢集中的每部伺服器,然後再嘗試向 Azure 註冊。If your cluster was deployed from the Public Preview image, make sure you have applied the November 23, 2020 Preview Update (KB4586852) to each server in the cluster before attempting to register with Azure.

    Install-Module -Name Az.StackHCI
    

    注意

    • 您可能會看到「您希望 PowerShellGet 立即安裝和匯入 NuGet 提供者嗎?」這類的提示。You may see a prompt such as "Do you want PowerShellGet to install and import the NuGet provider now?" (Y) ,您應該回答 [是]。to which you should answer Yes (Y).
    • 您可能會進一步提示「您確定要從 ' PSGallery ' 安裝模組嗎?」,您應該將其回答是 (Y) 。You may further be prompted "Are you sure you want to install the modules from 'PSGallery'?" to which you should answer Yes (Y).
  2. 使用叢集中的任何伺服器名稱執行註冊。Perform the registration using the name of any server in the cluster. 若要取得您的 Azure 訂用帳戶識別碼,請造訪 portal.azure.com,流覽至訂用帳戶,並從清單中複製/貼上您的識別碼。To get your Azure subscription ID, visit portal.azure.com, navigate to Subscriptions, and copy/paste your ID from the list.

    Register-AzStackHCI  -SubscriptionId "<subscription_ID>" -ComputerName Server1 [–Credential] [-ResourceName] [-ResourceGroupName] [-Region]
    

    此語法會註冊叢集 (其中 Server1 是成員) 、目前的使用者、預設的 Azure 區域和雲端環境,以及使用 Azure 資源和資源群組的智慧型預設名稱,但您可以將參數新增至此命令來指定這些值(如果您想要的話)。This syntax registers the cluster (of which Server1 is a member), as the current user, with the default Azure region and cloud environment, and using smart default names for the Azure resource and resource group, but you can add parameters to this command to specify these values if you want.

    請記住,執行 Cmdlet 的使用者 Register-AzStackHCI 必須有 Azure Active Directory 許可權,否則註冊程式將無法完成; 相反地,它會結束並讓註冊等待系統管理員同意。Remember that the user running the Register-AzStackHCI cmdlet must have Azure Active Directory permissions, or the registration process will not complete; instead, it will exit and leave the registration pending admin consent. 授與許可權之後,只要重新執行 Register-AzStackHCI 即可完成註冊。Once permissions have been granted, simply re-run Register-AzStackHCI to complete registration.

  3. 使用 Azure 進行驗證Authenticate with Azure

    若要完成註冊程式,您必須使用您的 Azure 帳戶驗證 (登入) 。To complete the registration process, you need to authenticate (sign in) using your Azure account. 您的帳戶必須能夠存取上述步驟4中所指定的 Azure 訂用帳戶,才能繼續進行註冊。Your account needs to have access to the Azure subscription that was specified in step 4 above in order for registration to proceed. 複製提供的程式碼,在另一個裝置上流覽至 microsoft.com/devicelogin (例如您的電腦或電話) 、輸入程式碼,然後在該處登入。Copy the code provided, navigate to microsoft.com/devicelogin on another device (like your PC or phone), enter the code, and sign in there. 這與 Microsoft 針對具有有限輸入形式的其他裝置(如 Xbox)所使用的體驗相同。This is the same experience Microsoft uses for other devices with limited input modalities, like Xbox.

當您登入並繼續完成時,註冊工作流程會偵測到。The registration workflow will detect when you've logged in and proceed to completion. 然後,您應該可以在 Azure 入口網站中看到您的叢集。You should then be able to see your cluster in the Azure portal.

後續步驟Next steps

您現在已準備好:You are now ready to: