部署網路流量Deployment network traffic

瞭解 Azure Stack Hub 部署期間的網路流量,將有助於部署順利完成。Understanding network traffic during Azure Stack Hub deployment will help make the deployment successful. 本文會逐步解說部署程序中的網路流量,讓您對應有的情形有所了解。This article walks you through the network traffic flow during the deployment process so you know what to expect.

下圖顯示部署程序中所涉及的所有元件和連線:This illustration shows all the components and connections involved in the deployment process:

Azure Stack Hub 部署網路拓撲

注意

本文說明已連線部署的需求。This article describes the requirements for a connected deployment. 若要了解其他部署方法,請參閱 Azure Stack Hub 部署連線模型To learn about other deployment methods, see Azure Stack Hub deployment connection models.

部署 VMThe Deployment VM

Azure Stack Hub 解決方案中有一組伺服器,可用來裝載 Azure Stack Hub 元件和額外的伺服器 (稱為「硬體生命週期主機 (HLH)」)。The Azure Stack Hub solution includes a group of servers that are used to host Azure Stack Hub components and an extra server called the Hardware Lifecycle Host (HLH). 此伺服器可用來部署及管理解決方案的生命週期,並在部署期間裝載部署 VM (DVM)。This server is used to deploy and manage the lifecycle of your solution and hosts the Deployment VM (DVM) during deployment.

Azure Stack Hub 解決方案提供者可能會佈建額外的管理 VM。Azure Stack Hub solution providers may provision additional management VMs. 對解決方案提供者佈建的管理 VM 進行任何變更之前,請先確認解決方案提供者。Confirm with the solution provider before making any changes to management VMs from a solution provider.

部署需求Deployment requirements

在開始部署之前,應先確認是否符合可由 OEM 驗證的一些最低需求,以確保部署能順利完成:Before deployment starts, there are some minimum requirements that can be validated by your OEM to ensure deployment completes successfully:

注意

本文重點放在最後三個需求。This article focuses on the last three requirements. 如需前兩個需求的詳細資訊,請參閱上面的連結。For more information on the first two, see the links above.

關於部署網路流量About deployment network traffic

DVM 在設定時所使用的是來自 BMC 網路的 IP,而且 DVM 必須能夠透過網路存取網際網路。The DVM is configured with an IP from the BMC network and requires network access to the internet. 雖然不是所有的 BMC 網路元件都需要外部路由或存取網際網路,但某些利用此網路 IP 的 OEM 特有元件可能有需要。Although not all of the BMC network components require external routing or access to the internet, some OEM-specific components using IPs from this network might also require it.

在部署期間,DVM 會使用訂用帳戶的 Azure 帳戶對 Azure Active Directory (Azure AD) 進行驗證。During deployment, the DVM authenticates against Azure Active Directory (Azure AD) using an Azure account from your subscription. 若要這樣做,DVM 必須透過網際網路存取特定連接埠和 URL 的清單。In order to do so, the DVM requires internet access to a list of specific ports and URLs. DVM 會利用 DNS 伺服器將內部元件所提出的 DNS 要求轉送至外部 URL。The DVM will utilize a DNS server to forward DNS requests made by internal components to external URLs. 內部 DNS 會將這些要求轉送至 DNS 轉寄站位址 (您會在部署之前,對 OEM 提供此位址)。The internal DNS forwards these requests to the DNS forwarder address that you provide to the OEM before deployment. NTP 伺服器也是如此,必須有可靠的時間伺服器才能讓所有 Azure Stack Hub 元件維持一致性和時間同步。The same is true for the NTP server: a reliable Time Server is required to maintain consistency and time synchronization for all Azure Stack Hub components.

DVM 在部署期間只需要對外的網際網路存取權,部署期間不會產生任何對內呼叫。The internet access required by the DVM during deployment is outbound only, no inbound calls are made during deployment. 請注意,DVM 會使用其 IP 作為來源,而且 Azure Stack Hub 不支援 Proxy 設定。Keep in mind that it uses its IP as source and that Azure Stack Hub doesn't support proxy configurations. 因此,如有必要,您必須提供透明 Proxy 或 NAT 才能存取網際網路。Therefore, if necessary, you need to provide a transparent proxy or NAT to access the internet. 在部署期間,某些內部元件會開始使用公用 VIP 的外部網路存取網際網路。During deployment, some internal components will start accessing the internet through the external network using public VIPs. 部署完成之後,Azure 和 Azure Stack Hub 之間全都會使用公用 VIP 透過外部網路來通訊。After deployment completes, all communication between Azure and Azure Stack Hub is made through the external network using public VIPs.

Azure Stack Hub 參數的網路組態中包含存取控制清單 (ACL),用以限制特定網路來源與目的地之間的流量。Network configurations on Azure Stack Hub switches contain access control lists (ACLs) that restrict traffic between certain network sources and destinations. DVM 是唯一沒有存取限制的元件;即使是 HLH 也會受到限制。The DVM is the only component with unrestricted access; even the HLH is restricted. 您可以向 OEM 了解自訂選項,以簡化從您網路進行管理和存取的作業。You can ask your OEM about customization options to ease management and access from your networks. 由於有這些 ACL,請務必避免在部署期間變更 DNS 與 NTP 伺服器位址。Because of these ACLs, it's important to avoid changing the DNS and NTP server addresses at deployment time. 如果這樣做,就必須重新設定解決方案的所有參數。If you do so, you need to reconfigure all of the switches for the solution.

部署完成後,系統元件即可使用外部網路透過 SDN 繼續使用提供的 DNS 和 NTP 伺服器位址。After deployment is completed, the provided DNS and NTP server addresses will continue to be used by the system's components through the SDN using the external network. 例如,如果您在部署完成後檢查 DNS 要求,來源會從 DVM IP 變成公用 VIP。For example, if you check DNS requests after deployment is completed, the source will change from the DVM IP to a public VIP.

後續步驟Next steps

驗證 Azure 註冊Validate Azure registration